Sophos Cloud Optix
The headline of the Craigslist “Casual Encounters” ad:
"Do me!!! - m4m - 28 (JP)."
The translation, for those unfamiliar with internet sex dating truncations: a 28-year-old male – a virgin, the ad went on to say – who “want [sic] it hard” was looking for another male, of any race or age, to sodomize him, first come, first served.
The phone started ringing as my boyfriend, John, and I were grocery shopping on a lovely April afternoon. It continued to ring for over a day.
The ad, together with a handful of others offering unrealistic pay for unskilled labor, was taken out in John’s name, with his phone number, by an acquaintance with a drinking problem.
The phone calls were unnerving, as was the acquaintance’s stubborn denial that he had placed the ads, even after John irrefutably linked him to the cloaked Craigslist email address listed in the ads.
I spent the night researching identity fraud and cyberstalking. We went to the police station to file a report. Although the police hadn’t raised a finger, the calls eventually tapered off.
We got off easy. The damage done to our psyches was trifling, compared to the violence that some have suffered at the hands of cyberstalkers who take out ads soliciting sexual encounters – sometimes violent – in their victims’ names.
It all came back to me when I saw a recent Forbes article on horrific crimes committed by jilted boyfriends, who now have the internet to use as a tool that enables identity fraud and even harassment via crowd-sourcing.
Forbes details two disturbing cases that have led to prosecution: The first is the case of Shawn Sayer, of Maine, who harassed his ex-girlfriend for years after they split up.
Sayer went so far as to crowd-source his revenge – i.e., he took out fake ads in his ex’s name so that unwitting dupes would gang up on her.
Here’s a description of how Sayer managed to keep up his retaliation after his ex moved to a new state, from a court order from Judge Brock Hornby:
After Sayer's former girlfriend changed her name and moved from Maine to Louisiana to escape him, the defendant Sayer, still in Maine, created fictitious internet advertisements and social media profiles using [the victim's] name and other identifying information. The fictitious internet postings included [the victim's] address and invited men to come to her home for sexual encounters.
According to Forbes reporter Kashmir Hill, the ads included the victim’s photo, directions to her house, and a list of sexual acts she would perform when interested individuals showed up. Sayer also posed as his victim in chats and emails.
The Portland Press Herald reported that the first man who showed up on her doorstep as a result of the fraudulent ad groped her in a dark hallway. Fortunately, she escaped by running to a friend’s apartment.
Hill details the fate of another, less fortunate victim who was violently raped after her ex-boyfriend, a former Marine, posted a rape fantasy ad on Craigslist on her behalf.
That tale has multiple victims, one of whom is a 27-year-old Wyoming man who answered the ad, which solicited “a real aggressive man with no concern for women.”
Similarly to Sayer, the spurned ex-boyfriend posed as his victim and corresponded with the Wyoming man, who thought he had the victim’s consent when he went to her home and raped her at knifepoint, leaving her bound on her living room floor.
In that case, both the ex and the man he used to carry out his crimes have been sentenced to 60 years in prison.
What makes these crimes particularly frightening is that the typical advice for avoiding identity theft just doesn’t cut it when you’re dealing with a former lover or friend: i.e., somebody who doesn’t have to phish for your personal identifying information.
My guess is that these crimes are under-reported and substantially under-prosecuted, given the response that I received from the local police when my boyfriend and I filed a report on his harassment.
The officer who took our report didn’t think any of the actions against John – taking out an ad in his name, with his phone number, to solicit homosexual acts – sounded illegal. The officer knew nothing of identity fraud or cyberstalking laws.
Nor did he think anything could be done to stop the harassment. He suggested we go to the local court house in the morning.
Perhaps that’s how many of these cases unfold: clueless local police pass the buck until the victims give up and walk away, impotent, still vulnerable.
When we do hear about a successful prosecution, it’s likely because somewhere along the buck-passing line, somebody knew that there are federal laws against cyberstalking and identity theft, and somebody knew that police departments have computer crime units, as does the FBI.
We can’t rely on every police officer in every local police department to know about federal law or the appropriate channels for reporting computer crimes. We need to become fluent enough with the law ourselves to avoid being stonewalled.
To that end, if you ever have need to educate law enforcement regarding what is and isn’t legal when you’re reporting a cyberstalking or identity theft crime, here are some pertinent US laws and resources. There are many more, so feel free to add them to the comments section:
- The current US Federal Anti-Cyber-Stalking law is found at 47 USC sec. 223.
- The Identity Theft Resource Center has a list of federal laws and contact numbers, along with a host of victim resources.
- The US Department of Justice also has a site that defines identity theft and explains how to avoid being victimized by it.
In choosing to torment his ex-girlfriend, Sayer faced a maximum of 15 years in federal prison. That includes ten years on the cyberstalking charge, five years on the identity theft charge, plus a potential $250,000 fine on each charge, according to a press release from the Maine Assistant US Attorney.
To this day, the man who committed identity fraud on my boyfriend by taking out fraudulent Craigslist ads on his behalf thinks it was all a funny joke.
John and I failed to grasp the humor, but I did come away from the encounter with a few ideas of how victims might be better served:
- Craigslist never responded to our requests that the fraudulent ad poster be barred from posting further ads. Nor did the company respond to my questions about what processes are used to protect victims in these situations. If Craigslist is committed to protecting those who are victimized by fraudulent ads, I call on the company to set up a transparent means of reporting abuse that results in rapid remediation. Craigslist promptly takes down bogus ads but has no apparent means to revoke an abuser’s posting privileges.
- Law enforcement at every level, be it local, state or federal, should receive training in handling cyberstalking, identity theft and other computer-related crimes. We don’t need every police officer to be familiar with the nuances of every federal law, but we should expect them, at the very least, to be able to inform victims of the existence of computer crime units that are conversant in such matters.
Finally, a word of warning about sharing passwords.
The New York Times in January described a new form of intimacy: Sharing passwords to email accounts, Facebook or other social media networks.
Bad idea. If you want to show somebody you trust them, do something like fall over backwards into their arms.
The worst you can get from that will likely be a bruise and a valuable lesson regarding whom you can and can’t trust.
The worst you can get from a malicious ex posing as you online can be orders of magnitude more vicious.
Evil man and police car lights images courtesy of Shutterstock.
That's seriously just wrong! And very scary to think people would go through such extremes and think it funny or deserved. I don't know why – but I'm even surprised there's much of a response to them… guess people are much braver about trusting the internet than I am.
There is no limit to a depraved mind.
This sounds like my experience. The police didn't believe me that I wasn't inviting strangers to call me in the middle of the night to tell me how they would like to rape me. In their tiny little minds, the fact that my phone number was being used meant that I must have given it out. Online business owners were as useless as the author describes.
Hi Adriana, I am a journalist looking to speak to anyone who has suffered as a result of an ex gaining 'revenge' – if you would be interested in speaking to a UK magazine about your horrible experience please email me angela.johnson@pressassociation.com Thank you.
This used to be the type of crime aimed specifically at women, now both sexes are at risk, so with luck something more will be done about it. Traditionally this attitude toward women has been one of acceptance for far too long, and I take no joy in seeing it spread beyond those boundaries, but hope that because it is now an equal opportunity issue it will get more attention and resolution. Anyone caught stalking, harassing, or bullying others needs to be dealt with in a serious manner, regardless of sex.
LA County police no longer are aware of peeping Tom laws from my experience, being as when I called to have them confront lurking rentals wandering around on adjacent balconies, they were dumbfounded as to what could possibly be wrong with this. That is a law that's been around forever, don't expect them to know any new ones!
Seems society is becoming more and more sadistic, arrogant, and classless. If we look the other way and never protest, we deserve to live in it.
A reader sent me more resources. Thanks to Lukas for these:
If I may suggest another resource for people who are victims of stalking: http://www.stalkingawarenessmonth.org/resources
(I saw this resource listed in this article on Ars: http://arstechnica.com/apple/2012/05/how-to-harde… )
It's a whole new ball game…new rules, new opportunities for (sick) players, new ways to lose, big-time. And the alleged "protectors" are just as incompetent at providing protection in this sphere as they are in every other. I'm already only marginally plugged in (no Facebook, no Twitter, no PhartSmone), and tales like these confirm the prudence of such approximate unpluggage.
This article raises some important issues…but I'm not sure that it's good journalistic practice to use the yourself and your boyfriend as part of the story. I think that the impact would have been the same if you had omitted (or made just a very brief passing reference to) your own experience.
Good job on raising the issue though!
As a big fan of Sophos, and a Canadian, it would be great I you included information on this topic for those individuals north of the border. Thanks!
When I joined 'Sophos' I was under the impression that it was a British site! (A postal address in England!)
A lot of the information given is sometimes useful – but at other times is barely intelligible to other than USA members!
Could we have a separate version for the British English-speaking community??
It’s nothing new. People have spread lies, gossip, and rumors long before the Internet. Even in the computer age, before the Internet, people would use FidoNet and BBS’s to perpetrate their evil deeds.
What is new, is people finding out that it is a serious problem. Usually, after the fact.
Education is the key. Unfortunately, as the expression goes something like… “we dont need no edekation eny mor cuz weez gotz gugle”.
Lisa is smart and tuned in. My experience in the net security arena tells me that 90% of people do not know, or comprehend how easy it is to become a target – until they get hit with something or by someone close.
SIDEBAR:
The classic case that apparently occurred early in the days of browsing, is that of a man who I’ll call Joe, wanted revenge against an acquaintance for some reason. Joe surfed around and found a group of pedophiles exchanging photos. Joe placed an ad in the group selling videos to pedophiles. Joe made it look authentic. He even gave a address where people could mail in for a free catalog.
The victim had a lot of explaining to do to the police while he was probably picking up the pieces of his home.
Being a retired police officer and educated in computer science, I have a hard time understanding many of the abuses that occur on-line. The FBI has at times placed links to nothing that indicate child porn, then prosecuted anyone who clicked on them, since the law states something along the lines of 'attempt to download child porn', so there is no legal defense. I know my cats have clicked on all kinds of stuff. I don't support any kind of child related adult business. As a police officer, I would click on it, if nothing as usual, I'd ignore it, otherwise I'd report it with the knowledge that I did see child porn. If these were reported the FBI would be swamped with useless reports. I know we have laws for the 'hacking' of computers not owned by you, but many of the adult sites have "stolen from Facebook", "hacked from a students phone" and other items that are at least illegal, if not totally misleading. Why doesn't the FBI target some of these?
I would also like to add that being an officer on the street, having a few knowing the cyber laws is not sufficient. You are responsible for a 'beat' where you don't usually leave and you take calls in that area. This needs to be all officers, in what we call "AOT" (Advanced Officer Training) and is required by the state to make sure all officers are up to date on laws and their meaning. Training a few would certainly help, but all need to know laws, generally, that's what cops are about.
I keep writing my legislators advocating laws like those created by the Netherlands, a bill of rights so to speak for Internet users. Relieve the ISP's from becoming a legislative enforcer and making the Internet more robust with less data leaks of personal information. Many are still UN-aware of what other can and do do with their personal data, even with fines applied and paid by abusers.
I hope Sophos continues on this path to identify problems with our systems and point out the failure of our legislature to act responsibly with proper laws to protect us. A continuation of this is that when you are compromised by your Social Security Number, I understand it next to impossible to get another SSN from the government.
Another new way to harm and harass, that in most states is not covered by statute, are exes posting intimate photos online without consent.
This happened to me and it is very difficult to find something that covers it closest I’ve found is the tort of Invasion of Privacy, s652d, Publicizing Private Information.
Finding a lawyer knowledgable in this tort has been next to impossible
Photos being exposed to 1,000’s of strangers would never have happened prior to the Internet
Laws need to be written in a speedier fashion to keep up with technology !!!
Another password tip to add to the list: If you break up with somebody, change your passwords!