Log In | Subscribe | | |

Data theft and confidentiality breaches to order

Editorial Staff

Do the terms of access to your company's website contain provisions as to what may be accessed and for what purposes? Do you, for example, point out that domain names and e-mail addresses are terms of art and therefore protected under copyright legislation? Do you say that, as a result, harvesting that data, and other information that may be subject to data protection, is illegal? Do you say that anyone who accesses your website intending to breach the terms of access is unauthorised and that unauthorised access is a criminal offence?

Meet Raj Yadav. He wants you to pay him to do all of those things. If you use him, or his company, then you are conspiring to commit those offences and, even though he's apparently in a jurisdiction where he might be difficult to reach, the chances are you are not. Now: where did your latest mailing list data come from?

The email set out below arrived in our offices today. First we were cross, then astonished and finally amused.

First, Skype is used as a means of communication: hello, Microsoft, NSA and FBI. This guy wants to use US based services to facilitate the commission of a series of criminal offences. He says his Skype ID is nprojectshub. That's one to monitor, then.

Secondly, his domain, webscrapingexpert.com was set up on 2011-05-20 using that domain name provider that is so loved by criminals, GoDaddy.com. Better still, he hides behind their privacy service. The nameserver is at domaincontrol.com , registered by wildwestdomains.com which, some years ago, was perhaps the absolute favourite of American spammers.

The mail says that it was sent by Shinestar Web Solution (one solution, not solution"s") of Motera Ahmedabad, Gujarat 380001 IN
and that it respects our privacy. It invites us to "view our policy" at exct.com - that's another domain that hides behind a private listing. Did we visit it? Absolutely not. Who knows what such a site might do to our computers? It invites us to "manage subscriptions," "update profile" (how the hell does it think we have a profile?) or to unsubscribe. No way, and especially once we found out that it runs its servers on on a Microsoft operating system instead of Linux. Why were we so interested in that? Because the domain name in the e-mail header information is something different: It's "exacttarget.com." ExactTarget.com is registered via MarkMonitor.com, one of the first companies to provide anonymising services for website owners.

What, exactly, is Raj Yadav offering?

Here's his e-mail

From rk@webscrapingexpert.com

Re: Web Scraping and Data Processing

Hello Sir,

We are leading data processing company expert in wide range of web scraping and data processing services. We can extract publicly available data from any site. List of services we offer are as following.

- Online Directory Scraping
- Contact Scraping from Websites
- Email Searching
- Web research and Searching Missing Information - Data Mining and Data Cleaning
- PDF to excel conversion & Data Entry Services
- Product Scraping Services
- Virtual Assistant Services

Is there any work requirement? If any please share with us. We ensure you to provide high quality services.

May i have your Skype id please? My Skype id is nprojectshub

Raj Yadav
Skype: nprojectshub
Phone: +91-997-972-6697
Email: info@webscrapingexpert.com

Our research shows that the 997 area code does not relate to a geographical location. In India, all mobile codes begin with 9,8,7 or 6. It is therefore likely that the number provided is a mobile phone number.

So, do you really want to do business with him or someone like him to build up your mailing lists or, even, to obtain illegal downloads of entire websites? Before you shrug and say "so what," remember that if you commission him or in some way induce him to make unauthorised access to a website, even one that does not require a password to access data, you are conspiring with him to commit a criminal offence. It is not true that any and all data which is publicly available is free and almost all internet data is subject to copyright. Breach of copyright is a discrete offence from that of unauthorised access. So now you are up to two charges.

As for those who profit from his activities, including those providing hosting, domain renewal and e-mail services for a fee, if it is established that it is more likely than not that he is committing criminal offences and making a profit then, depending on the applicable law, those who afford him those services and receive, even as fees for legitimate services, are money launderers.

And that's long before we start to question whether his specific targeting of information might cause problems for those holding data and required to comply with, e.g. GPDR.