Cybercrime does not pay, but...

The article describes how dutch law enforcement succeeded in bringing a cybercriminal to trial where he (B.) is convicted and will have to serve 15 months in jail.

So far, so good. My question in this matter is about the area I highlighted, which states that he could not be convicted for breaking into a website by performing a SQL injection attack, stealing a 1000 creditcard numbers, although he admitted being guilty in court, because the evidence was collected wrongfully and therefore was not admissed.

What went wrong in a succesfull case?

verwijst naar:

"Bij het verhoor en in de rechtszaal erkende hij schuld, maar de politie heeft het bewijs niet wettig in handen gekregen. Daarom is hij gedeeltelijk vrijgesproken."
- Cybercrimineel krijgt 15 maanden cel | nu.nl/internet | Het laatste nieuws het eerst op nu.nl (bekijken via Google Sidewiki)

Awareness

As I travelled on the train to Amsterdam this morning I witnessed an interesting telephone conversation. A lady obviously had some issues with her declarations, so she called her office. She identified herself very clearly and asked if the person on the other side could check her email for her. Yes, she gave her password and in the meantime opened her notebook, which was professionally tagged showing the international company she worked for.

After repeating her company creditcard number out loud, bad line I guess, she also spelled out the names and email adresses of her assistant and manager.

So much for information security awareness...


- Posted using BlogPress from my iPhone