Our valued sponsor

Sword and Shield

How does 'Computer Fraud and Abuse Act' apply to offshore company ?

B

bimbambem

New member
Nov 29, 2019
12
1
3
35
#1
I want to sell data scraping services(fb,linkedin,ig and many more social sites known to aggressively protect their data). Some of this data would be scraped using fake accounts.
I don't live in the US and neither am I a citizen. But my clients will be mostly from the US.

I know that If I would be in US / have a normal US company they could sue me and try to pierce corporate veil with CFAA to go after me personally, with the criminal section of the law. Ouch. Not sure they would win(from my research this is a very grey area, but getting sued by top paid lawyers for years doesn't sound fun).

In the case of non-citizen and let's say Nevis company, what options do they have? Can they still come after me personally with this law or some other? Does this apply internationally at all? Can they just sue me in the US and then try to get whichever country I am in to extradite me?
Any known examples of US companies suing foreign companies and going after owners personally? Wonder how that 's done. I already tried googling the subject but couldn't find much.
 
#2
facebook gone after a NZ company and Chinese for selling fake followers under the CFAA saying as they logged in automatedly which is against TOS thus they had no permission to acess the server thus is unauthorised, i.e. hacking laws apply. Some mental gymnastics, but still. They argued that the US has jurisdictions due to, well just because. NZ folded out of court, not sure what happened to Chinese company

In the case of non-citizen and let's say Nevis company, what options do they have?
Click to expand...
Pay some one in Nevis a $1000 to get your details? Depends how badly they wanted to get you I suppose. But usually it seems they send a cease and desist and don't follow it up.

But who knowa
 
#3
user9823671 said:
facebook gone after a NZ company and Chinese for selling fake followers under the CFAA saying as they logged in automatedly which is against TOS thus they had no permission to acess the server thus is unauthorised, i.e. hacking laws apply. Some mental gymnastics, but still. They argued that the US has jurisdictions due to, well just because. NZ folded out of court, not sure what happened to Chinese company


Pay some one in Nevis a $1000 to get your details? Depends how badly they wanted to get you I suppose. But usually it seems they send a cease and desist and don't follow it up.

But who knowa
Click to expand...

Thanks! I am researching these 2 cases. Huge help.

Btw when I meant "what options do they have?" I didn't mean for uncovering my identity(I assume they have resources to do this quickly) but for going after me personally / criminally.
 
#4
bimbambem said:
I want to sell data scraping services(fb,linkedin,ig and many more social sites known to aggressively protect their data). Some of this data would be scraped using fake accounts.
I don't live in the US and neither am I a citizen. But my clients will be mostly from the US.

I know that If I would be in US / have a normal US company they could sue me and try to pierce corporate veil with CFAA to go after me personally, with the criminal section of the law. Ouch. Not sure they would win(from my research this is a very grey area, but getting sued by top paid lawyers for years doesn't sound fun).

In the case of non-citizen and let's say Nevis company, what options do they have? Can they still come after me personally with this law or some other? Does this apply internationally at all? Can they just sue me in the US and then try to get whichever country I am in to extradite me?
Any known examples of US companies suing foreign companies and going after owners personally? Wonder how that 's done. I already tried googling the subject but couldn't find much.
Click to expand...
Go hide in Russia in some remote siberian region lol. Nobody would be able to touch you there.
 
  • Like
Reactions: khinkali and John Andrews
#6
bimbambem said:
Btw when I meant "what options do they have?" I didn't mean for uncovering my identity(I assume they have resources to do this quickly) but for going after me personally / criminally.
Click to expand...

Disclaimer. This is not legal advice, this may be true / false / something in between. I'd advise you to speak to an actual lawyer for information you make decisions off.

That said, if you have a business that will give you some liability protections. I assume you are not a US citizen? Where are you a citizen of?

What will happen is you get a cease and desist, it will be written by a laywer and an attempt to scare you. I could probably dig out the one I received if you really wanted and I could be bothered to try and find it. It will demand you cease what you are doing, to contact them and provide your customer list, your codebase, you hand over your servers, webdomains and come to an agreement on fines to them or face an escalation. Quite a few companies got the same about the same time, some folded, some ignored it and nothing else happened.

However, in the cases that I mentioned before, reports say that FB then went to a US court and did something (what I don't know the term, injunction? sued? I will try and find the reports and post them up later. As NZ is a country that will pretty much ask how high when the US says jump, the guys there were fucked if they didn't cave. The chinese company can basically ignore them as the Chinese gov isn't going to do anything.
 
#7
 
  • Love
Reactions: bimbambem
#8
bimbambem said:
I want to sell data scraping services(fb,linkedin,ig and many more social sites known to aggressively protect their data). Some of this data would be scraped using fake accounts.
I don't live in the US and neither am I a citizen. But my clients will be mostly from the US.

I know that If I would be in US / have a normal US company they could sue me and try to pierce corporate veil with CFAA to go after me personally, with the criminal section of the law. Ouch. Not sure they would win(from my research this is a very grey area, but getting sued by top paid lawyers for years doesn't sound fun).

In the case of non-citizen and let's say Nevis company, what options do they have? Can they still come after me personally with this law or some other? Does this apply internationally at all? Can they just sue me in the US and then try to get whichever country I am in to extradite me?
Any known examples of US companies suing foreign companies and going after owners personally? Wonder how that 's done. I already tried googling the subject but couldn't find much.
Click to expand...

You found out anything? Any ideas on how to setup a structure to offer any protection?
 
#9
user9823671 said:
You found out anything? Any ideas on how to setup a structure to offer any protection?
Click to expand...
What if you dont open any company, just accept crypto payments? Buy a .ru domain, host website on Russian hosting, pay for hosting using prepaid debit cards. You would be hard to get to really.

People will easily be able to pay you via crypto even if they only have debit cards. They just go to exchange that doesn't need any accounts and KYC, click to buy some Bitcoin, enter your wallet address and buy BTC. Easy
 
  • Like
Reactions: clemens
#10
avalanche said:
What if you dont open any company, just accept crypto payments? Buy a .ru domain, host website on Russian hosting, pay for hosting using prepaid debit cards. You would be hard to get to really.
Click to expand...
That would work, but how will you avoid to leave trailing ligs when you spend the money in the EU - or would you avoid the EU entirely?
 
#11
clemens said:
That would work, but how will you avoid to leave trailing ligs when you spend the money in the EU - or would you avoid the EU entirely?
Click to expand...
You can cash it in some asian shithole where KYC is like a door in the middle of the desert and identities cost around $5. If you have BTC already, its 80% of the story.

It wont be easy ofc (nothing in this life is), but definitely worth it. People with more dangerous sources of income can do the same thing, why wouldnt you be able to?

(also there are crypto exchanges that allow withdrawal of fiat without any KYC lol)
 
Last edited:
  • Like
Reactions: JohnLocke
#15
clemens said:
Did you try it, how much KYC do they require to purchase for 1000$ bitcoins?
Click to expand...
Approx 1 year ago, yes (bought around $2k worth). now I'm using KYC based exchanges for less commissions.
When I was buying it, there was zero KYC needed. Whenever you are using your debit card, it already kinda involves KYC (Visa/Mastercard transaction has all the necessary information).
 
#16
I have used coingate before. There are not as simple as click to buy BTC, enter card details and enter wallet as you make out.

The problem with simple systems as you suggest are you go buy your BTC, then put in a chargeback and get your payment back and the exchange is now out of pocket. Until that problem is overcome there is no instant buy BTC exchanges that will last.

Otherwise, the whole problem of payment processing for high risk businesses is sold. I really wish you were correct, as it would solve so much.

I am very happy to be corrected on this and if you have a list of exchanges that work as you state that are credible and not a fly by night shop, I will investigate them all
 
#17
cckuhqilfownnfctux said:
I think Romania will be ok as they have very vague cybercrime laws (and that's why they have world's best anti-ddos service, hosting everything up to child P**N)
Click to expand...
"Vague cybercrime" isn't really what applies, what would apply in this case is data privacy regulation and in that situation each EU member country has to comply with GDPR regulation.

Facebook is evil but even they are willing to go against you for doing scraping / fake accounts / other stuff:
https://www.ndtv.com/indians-abroad...ning-deceptive-ads-covid-19-fake-news-2209544
 
#18
user9823671 said:
You found out anything? Any ideas on how to setup a structure to offer any protection?
Click to expand...

Anonymous company is easy, payments are the problem. I am trying to find crypto option that could work for my clients.

KJK said:
"Vague cybercrime" isn't really what applies, what would apply in this case is data privacy regulation and in that situation each EU member country has to comply with GDPR regulation.

Facebook is evil but even they are willing to go against you for doing scraping / fake accounts / other stuff:
https://www.ndtv.com/indians-abroad...ning-deceptive-ads-covid-19-fake-news-2209544
Click to expand...

This is an interesting one. So the guy is Indian citizen living in Bangkok, how do they expect to get him to comply with the court decision? It seems at best they win any assets he has within Uncle Sam's reach? Is the strategy to get him to either stop OR break court order so they can go after him criminally?
 
  • Like
Reactions: JohnLocke
#19
I think many of these cases are scare campaigns, FB, Instagram etc and billions of dollars available and they do it just to keep the amount of people from abusing their systems. They are very well aware that they do not get hold of the individual, this is about mass extortion.
 
#20
Admin said:
I think many of these cases are scare campaigns, FB, Instagram etc and billions of dollars available and they do it just to keep the amount of people from abusing their systems. They are very well aware that they do not get hold of the individual, this is about mass extortion.
Click to expand...
They send out cease and desist to nearly everyone, and many fold there and then. But is rare it moves to this stage. I've only seen it for big companies selling fake likes / boosts. Perhaps this guy was a major supplier of cloaking software?

Or just perhaps they could find out the owners details easily
 
You must log in or register to reply here.

Forum Announcement

Latest Threads

Offshore Bank Accounts
The Kingdom Bank
Top Bottom
Back