[tor-talk] Legal problems: TOR relay & Torrents in .de

Nick Sheppard nshep at attglobal.net
Sat Feb 16 12:44:28 UTC 2013


On 04/02/13 12:33, Hendrik Neumann wrote:
>
> I've been running an exit node from my home network for ca. a year or
> so. Now I've receviced mail from 21st Century Fox's lawyers in Germany
> accusing me of torrenting a movie. Since all I offer via Torrent are
> some old PC-BSD-ISOs and "House on Haunted Hill", I'm pretty sure it
> must have been a user from the TOR network.
>

Hi Hendrik,

Have a look at this article from Thursday's New York Times:

www.nytimes.com/2013/02/14/business/global/europol-takes-down-cybercrime-gang-in-spain.html 


and particularly the last para:

"While the virus generally came with a police warning, the gang is 
believed to have used different versions to deceive more users, 
including one fraudulent message that was designed to look as if it had 
been sent by the Spanish association that defends artists’ copyrights."

I would give some thought to the possibility that there is another 
criminal gang behind your letter, pretending to be Fox in order to get 
your money.  This kind of scareware seems to have appeared only in the 
last year or two.

*********************************************************************
Disclaimer: I am not a lawyer, nor do I have any direct experience of 
this kind of scam.  Do not rely on my advice in a court of law!
*********************************************************************

Having said that, several aspects of this do seem very suspect to me. 
First, the vagueness of the initial accusation.  They could send an 
identical message to any IP address with substantial steady upload traffic.

You write on 11/02/13 19:31 that:

 >
 >FOX is working with a German company, ipoque GmbH, that monitors
 >filesharing platforms. So they've logged my IP (the exit node), the
 >time stamp, the hash of the file in question and got a court order
 >that forced my ISP to handover my personal data to them.
 >

Do you have independent confirmation of this, or does it come only from 
the "Fox" letter?  For what it's worth, a Google search on 'ipoque GmbH 
21st Century Fox' with time set to 'past year' gives no results at all. 
  So if it's a media industry initiative, it's not a well publicised 
one!  And ipoque GmbH are well known for Deep Packet Inspection, so if I 
were concocting a scareware letter, they are the company I'd name.  You 
might consider contacting ipoque GmbH; you could say you suspect their 
name is being used in a scareware extortion scam.  That should get their 
attention.  If they're not actually working with Fox, you can relax (and 
call the police); if they are, that still doesn't necessarily mean your 
particular letter is genuine.

Have "Fox" actually given you the time stamp and hash, or simply told 
you that they have them?  Even if they have given you numbers, they may 
simply be invented; they know that you have no way of checking whether 
the "torrenting" actually happened or not.

If it is genuine, the court order at least must be on public record 
somewhere.  If the letter they sent you does not give details of this 
court order (enough for you - or potentially, your lawyers - to be able 
to verify it for yourself), be very suspicious. It's almost certainly a 
scam, like all those emails "from the Bank" that start "Dear Customer" 
instead of using your name.

> Now they want me to pay €1.0000 (which I don't have due to recent
> health problems and unemployment) and sign some papers.

Second, this immediate demand for money.  In my experience, real lawyers 
work much more slowly than this (after all, they can charge for every 
letter they write).  First one or two demands that you stop what you're 
doing, then a threat of eventual legal action, and so on.  If they want 
to build a case against you that will stand up in court, they would 
usually have to show that you were given fair warning, and then wilfully 
and knowingly persisted in your evil-doing for a substantial time.

**********************************************************************
Repeat disclaimer: I am not a lawyer! This is only my gut-feeling as an 
interested bystander.
***********************************************************************

Was the demand for money in the very first communication you received 
from "Fox"?  If it was, it looks very much like a scam artfully designed 
to bounce you into sending the money without thinking, especially if 
they gave you a tight deadline and threatened drastic consequences on 
non-payment.  What was their suggested payment method?  A payment into 
an account verifiably owned by the real Fox?  Or something more 
gang-friendly?

All in all, if it swims like a duck and quacks like a duck, it probably 
is a duck. Or a scam. Don't be fooled by impressive letterheads and so 
on, they're really easy to forge.  From the article:

“It used the idiom and logo of each specific police service,” [Mr 
Wainwright] said. “Even Europol and my own name have been used to 
defraud citizens.”

Don't give too much weight to the fact that they apparently got your 
address from your ISP (when you wrote "mail from Fox" I'm assuming you 
meant snailmail).  ISPs can be fooled just as easily as individuals.  If 
a "Mr Wainwright from Europol" contacted an ISP and demanded a list of 
subscribers with substantial upload traffic, who would refuse?  Even 
forging a court order would be quite possible (as long as the ISP didn't 
bother to check back with the court).

And there is always the possibility that the gangsters have bribed 
someone in the ISP to give them a list of addresses ("There's no harm in 
it, it's only for marketing, honest ...").  If there are 1000 people on 
the list, and 10% of them fall for the the scam and pay 1000 euros, I'll 
leave you to estimate how much of the profit is available for bribes!

Has your ISP contacted you independently and accused you of misusing 
their service?  If not, be very suspicious.  Ask them if they know about 
this "court order".  Did they verify it with the issuing court?

In short: suspect everything, check everything.  One thing in your 
favour is that the more convincing-looking detail a scareware letter 
contains, the more things there are that you can check.  If the letter 
is on a law firm's letterhead, check that the company exists.  If it 
does, check that the phone numbers and addresses on the letter match 
those of the real company.  Don't bother contacting the address given in 
the letter yourself, that will just connect you to the gangsters.  Of 
course they'll sound convincing, it's their profession!

Like everyone who runs a tor relay, you'll be aware that it'll sometimes 
be used (but you won't know when) by bad guys.  You'll also have 
calculated that the good guys greatly outnumber the bad guys, and that 
on balance tor benefits the good guys.  But never forget that the bad 
guys are always out there, and to them, you're just prey like everyone 
else.

I'm a bit surprised that nobody else in this discussion has raised the 
scam possibility so far.  Am I really the most paranoid person here 
(pauses to adjust tinfoil helmet ...)?

Anyway, best of luck however it turns out,

Nick Sheppard



More information about the tor-talk mailing list