How does 'Computer Fraud and Abuse Act' apply to offshore company ?

bimbambem · May 25, 2020

I want to sell data scraping services(fb,linkedin,ig and many more social sites known to aggressively protect their data). Some of this data would be scraped using fake accounts.
I don't live in the US and neither am I a citizen. But my clients will be mostly from the US.

I know that If I would be in US / have a normal US company they could sue me and try to pierce corporate veil with CFAA to go after me personally, with the criminal section of the law. Ouch. Not sure they would win(from my research this is a very grey area, but getting sued by top paid lawyers for years doesn't sound fun).

In the case of non-citizen and let's say Nevis company, what options do they have? Can they still come after me personally with this law or some other? Does this apply internationally at all? Can they just sue me in the US and then try to get whichever country I am in to extradite me?
Any known examples of US companies suing foreign companies and going after owners personally? Wonder how that 's done. I already tried googling the subject but couldn't find much.

user9823671 · May 25, 2020

facebook gone after a NZ company and Chinese for selling fake followers under the CFAA saying as they logged in automatedly which is against TOS thus they had no permission to acess the server thus is unauthorised, i.e. hacking laws apply. Some mental gymnastics, but still. They argued that the US has jurisdictions due to, well just because. NZ folded out of court, not sure what happened to Chinese company

In the case of non-citizen and let's say Nevis company, what options do they have?

Pay some one in Nevis a $1000 to get your details? Depends how badly they wanted to get you I suppose. But usually it seems they send a cease and desist and don't follow it up.

But who knowa

bimbambem · May 25, 2020

user9823671 said:
facebook gone after a NZ company and Chinese for selling fake followers under the CFAA saying as they logged in automatedly which is against TOS thus they had no permission to acess the server thus is unauthorised, i.e. hacking laws apply. Some mental gymnastics, but still. They argued that the US has jurisdictions due to, well just because. NZ folded out of court, not sure what happened to Chinese company

Pay some one in Nevis a $1000 to get your details? Depends how badly they wanted to get you I suppose. But usually it seems they send a cease and desist and don't follow it up.

But who knowa

Thanks! I am researching these 2 cases. Huge help.

Btw when I meant "what options do they have?" I didn't mean for uncovering my identity(I assume they have resources to do this quickly) but for going after me personally / criminally.

avalanche · May 25, 2020

bimbambem said:
I want to sell data scraping services(fb,linkedin,ig and many more social sites known to aggressively protect their data). Some of this data would be scraped using fake accounts.
I don't live in the US and neither am I a citizen. But my clients will be mostly from the US.

I know that If I would be in US / have a normal US company they could sue me and try to pierce corporate veil with CFAA to go after me personally, with the criminal section of the law. Ouch. Not sure they would win(from my research this is a very grey area, but getting sued by top paid lawyers for years doesn't sound fun).

In the case of non-citizen and let's say Nevis company, what options do they have? Can they still come after me personally with this law or some other? Does this apply internationally at all? Can they just sue me in the US and then try to get whichever country I am in to extradite me?
Any known examples of US companies suing foreign companies and going after owners personally? Wonder how that 's done. I already tried googling the subject but couldn't find much.

Go hide in Russia in some remote siberian region lol. Nobody would be able to touch you there.

cckuhqilfownnfctux · May 26, 2020

I think Romania will be ok as they have very vague cybercrime laws (and that's why they have world's best anti-ddos service, hosting everything up to child porn)

user9823671 · May 26, 2020

bimbambem said:
Btw when I meant "what options do they have?" I didn't mean for uncovering my identity(I assume they have resources to do this quickly) but for going after me personally / criminally.

Disclaimer. This is not legal advice, this may be true / false / something in between. I'd advise you to speak to an actual lawyer for information you make decisions off.

That said, if you have a business that will give you some liability protections. I assume you are not a US citizen? Where are you a citizen of?

What will happen is you get a cease and desist, it will be written by a laywer and an attempt to scare you. I could probably dig out the one I received if you really wanted and I could be bothered to try and find it. It will demand you cease what you are doing, to contact them and provide your customer list, your codebase, you hand over your servers, webdomains and come to an agreement on fines to them or face an escalation. Quite a few companies got the same about the same time, some folded, some ignored it and nothing else happened.

However, in the cases that I mentioned before, reports say that FB then went to a US court and did something (what I don't know the term, injunction? sued? I will try and find the reports and post them up later. As NZ is a country that will pretty much ask how high when the US says jump, the guys there were fucked if they didn't cave. The chinese company can basically ignore them as the Chinese gov isn't going to do anything.

user9823671 · May 26, 2020

NZ case:

Facebook Sues New Zealand Firm For Selling Fake Likes On Instagram

Facebook has filed a lawsuit in the US against a New Zealand-based company and three individuals that it says have been selling 'fake likes' on Instagram.

www.forbes.com

Facebook sues Instagram bot sellers in New Zealand

The company sold “millions of artificial likes” to Instagram users.

www.theverge.com

Fake 'likes' case: NZ company to pay Facebook $800K

Posse of Upper Hutt social media consultants also banned from the social network.

www.nzherald.co.nz

Facebook reaches settlement with company selling fake Instagram likes

Instagram has been struggling recently from an onslaught of spam comments, fake likes and fake follows. Now Facebook, which owns the service, has won a small victory against the spammers. The social media giant has settled a court case with a New Zealand company which sold fake likes on the...

www.engadget.com

Chinese:

Facebook sues Chinese companies for selling fake accounts

“One more step” past banning billions of fake accounts.

www.theverge.com

Facebook sues over sales of fake accounts, likes and followers

Facebook Inc said on Friday that it filed a lawsuit along with Instagram in U.S. federal court against four companies and three people based in the People's Republic of China for promoting the sale of fake accounts, likes and followers.

www.reuters.com

Facebook sues 3 people, 4 companies in China for pushing sale of fake likes, followers, accounts - National | Globalnews.ca

Facebook, in its lawsuit, said "inauthentic activity has no place on our platform."

globalnews.ca

I have a feeling that was a case against a new jersey based company, but I cannot find anything on that, so maybe not

user9823671 · May 29, 2020

bimbambem said:
I want to sell data scraping services(fb,linkedin,ig and many more social sites known to aggressively protect their data). Some of this data would be scraped using fake accounts.
I don't live in the US and neither am I a citizen. But my clients will be mostly from the US.

I know that If I would be in US / have a normal US company they could sue me and try to pierce corporate veil with CFAA to go after me personally, with the criminal section of the law. Ouch. Not sure they would win(from my research this is a very grey area, but getting sued by top paid lawyers for years doesn't sound fun).

In the case of non-citizen and let's say Nevis company, what options do they have? Can they still come after me personally with this law or some other? Does this apply internationally at all? Can they just sue me in the US and then try to get whichever country I am in to extradite me?
Any known examples of US companies suing foreign companies and going after owners personally? Wonder how that 's done. I already tried googling the subject but couldn't find much.

You found out anything? Any ideas on how to setup a structure to offer any protection?

avalanche · May 29, 2020

user9823671 said:
You found out anything? Any ideas on how to setup a structure to offer any protection?

What if you dont open any company, just accept crypto payments? Buy a .ru domain, host website on Russian hosting, pay for hosting using prepaid debit cards. You would be hard to get to really.

People will easily be able to pay you via crypto even if they only have debit cards. They just go to exchange that doesn't need any accounts and KYC, click to buy some Bitcoin, enter your wallet address and buy BTC. Easy

clemens · May 29, 2020

avalanche said:
What if you dont open any company, just accept crypto payments? Buy a .ru domain, host website on Russian hosting, pay for hosting using prepaid debit cards. You would be hard to get to really.

That would work, but how will you avoid to leave trailing ligs when you spend the money in the EU - or would you avoid the EU entirely?

avalanche · May 29, 2020

clemens said:
That would work, but how will you avoid to leave trailing ligs when you spend the money in the EU - or would you avoid the EU entirely?

You can cash it in some asian shithole where KYC is like a door in the middle of the desert and identities cost around $5. If you have BTC already, its 80% of the story.

It wont be easy ofc (nothing in this life is), but definitely worth it. People with more dangerous sources of income can do the same thing, why wouldnt you be able to?

(also there are crypto exchanges that allow withdrawal of fiat without any KYC lol)

user9823671 · May 29, 2020

avalanche said:
People will easily be able to pay you via crypto even if they only have debit cards. They just go to exchange that doesn't need any accounts and KYC, click to buy some Bitcoin, enter your wallet address and buy BTC. Easy

My experience with getting non-technical people to buy BTC is anything but easy. What exchange lets you buy BTC with a debit card with no KYC?

avalanche · May 30, 2020

user9823671 said:
My experience with getting non-technical people to buy BTC is anything but easy. What exchange lets you buy BTC with a debit card with no KYC?

is that really hard to find? ns2

put wallet address, how much and thats it

Purchase Bitcoin and Altcoins With Credit/Debit Card or Apple Pay - CoinGate

Buy +20 digital assets like Litecoin, NANO, XRP, Tron, BitTorrent Token and more instantly using credit card or debit card. No account registration needed!

buy.coingate.com

clemens · May 30, 2020

avalanche said:
is that really hard to find?
put wallet address, how much and thats it

Purchase Bitcoin and Altcoins With Credit/Debit Card or Apple Pay - CoinGate

Buy +20 digital assets like Litecoin, NANO, XRP, Tron, BitTorrent Token and more instantly using credit card or debit card. No account registration needed!

buy.coingate.com

Did you try it, how much KYC do they require to purchase for 1000$ bitcoins?

avalanche · May 30, 2020

clemens said:
Did you try it, how much KYC do they require to purchase for 1000$ bitcoins?

Approx 1 year ago, yes (bought around $2k worth). now I'm using KYC based exchanges for less commissions.
When I was buying it, there was zero KYC needed. Whenever you are using your debit card, it already kinda involves KYC (Visa/Mastercard transaction has all the necessary information).

user9823671 · May 30, 2020

I have used coingate before. There are not as simple as click to buy BTC, enter card details and enter wallet as you make out.

The problem with simple systems as you suggest are you go buy your BTC, then put in a chargeback and get your payment back and the exchange is now out of pocket. Until that problem is overcome there is no instant buy BTC exchanges that will last.

Otherwise, the whole problem of payment processing for high risk businesses is sold. I really wish you were correct, as it would solve so much.

I am very happy to be corrected on this and if you have a list of exchanges that work as you state that are credible and not a fly by night shop, I will investigate them all

KJK · May 31, 2020

cckuhqilfownnfctux said:
I think Romania will be ok as they have very vague cybercrime laws (and that's why they have world's best anti-ddos service, hosting everything up to child porn)

"Vague cybercrime" isn't really what applies, what would apply in this case is data privacy regulation and in that situation each EU member country has to comply with GDPR regulation.

Facebook is evil but even they are willing to go against you for doing scraping / fake accounts / other stuff:

Facebook Sues Indian Techie For Running Deceptive Ads, COVID-19 Fake News

Facebook has filed a lawsuit against an Indian man for running a software company that pushed deceptive advertisements and misinformation about coronavirus outbreak on social media platforms by bypassing its advertising review process.

www.ndtv.com

bimbambem · Jun 3, 2020

user9823671 said:
You found out anything? Any ideas on how to setup a structure to offer any protection?

Anonymous company is easy, payments are the problem. I am trying to find crypto option that could work for my clients.

KJK said:
"Vague cybercrime" isn't really what applies, what would apply in this case is data privacy regulation and in that situation each EU member country has to comply with GDPR regulation.

Facebook is evil but even they are willing to go against you for doing scraping / fake accounts / other stuff:

Facebook Sues Indian Techie For Running Deceptive Ads, COVID-19 Fake News

Facebook has filed a lawsuit against an Indian man for running a software company that pushed deceptive advertisements and misinformation about coronavirus outbreak on social media platforms by bypassing its advertising review process.

www.ndtv.com

This is an interesting one. So the guy is Indian citizen living in Bangkok, how do they expect to get him to comply with the court decision? It seems at best they win any assets he has within Uncle Sam's reach? Is the strategy to get him to either stop OR break court order so they can go after him criminally?

JohnLocke · Jun 4, 2020

I think many of these cases are scare campaigns, FB, Instagram etc and billions of dollars available and they do it just to keep the amount of people from abusing their systems. They are very well aware that they do not get hold of the individual, this is about mass extortion.

user9823671 · Jun 4, 2020

Admin said:
I think many of these cases are scare campaigns, FB, Instagram etc and billions of dollars available and they do it just to keep the amount of people from abusing their systems. They are very well aware that they do not get hold of the individual, this is about mass extortion.

They send out cease and desist to nearly everyone, and many fold there and then. But is rare it moves to this stage. I've only seen it for big companies selling fake likes / boosts. Perhaps this guy was a major supplier of cloaking software?

Or just perhaps they could find out the owners details easily