New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
How do you know it's not a Nigerian Prince that contacted you by email?
you provide some kind of vpn ,proxy service? You should protect your customers if they pay you their hard earn money.
It's a discussion forum.
The email address matches on the Police department website and it ends in a .gov
Whatever the case was, you shouldn't provide access to your customer's data. But if they request to shutdown the website, make sure they have provide proper documents.
Asking legal question on a low end forums ends with high end fines.
The question is: do the police have proof that the user has already committed a crime or just talk?
Tell them you are willing to cooporate but would like more information about the matter?
State police? No, it won't matter. Unless they go to the feds, who then go through the UK legal system since the two work together. Did they say what the individual did? Do you know? If it's highly illegal, protect yourself instead of some random using your free forum.
LowEndLawyers.
Just don't turn into Julian Asshinge 2.0 in the process.
Disclaimer: I am not a lawyer, but a professional LowEnd researcher.
They haven't said what he has done, but they did provide a username and email address for me to check.
I guess they want you to work your ass off as their free detective to find out what happened?
I'm curious what your forum is based now.
Its nothing to do with the forum, he must have done another crime but they have seen the same username on the forum.
They have replied and said he has been doing hoax "swatting" on multiple people across the US.
Interesting. In my opinion for got it. With how trigger happy police are here you might be saving someones life by helping them find the person.
Of course, everyone will have their own opinion about something like this and protecting someones privacy regardless of what they do.
In my opinion, I don't protect privacy of those who pose threat to the society.
That's just me.
I'm now suspicious, I'm surprised a US police agency would tell you the guy was suspected of swatting, of even that they would contact you directly. They would go through their UK counterparts so you would get an order from a UK court or however it's done there. If you don't have a lawyer and don't want to engage one, an obvious strategy might be to report the incident to your own police, on suspicion that the person claiming to be US police is trying to social engineer you and possibly swat the user.
The pro-privacy thing to do for your user (unless you have a legal obligation otherwise, such as a court order) would be tell him or her about the enquery and ask if they have a lawyer whose contact info you can give. That lawyer can then handle the user's side of things, can file motions to oppose disclosures etc. Otherwise do whatever UK courts (don't know about police authority there) tell you to do. Giving info directly to a foreign agency seems like a weird idea. It must be better to tell them you're more comfortable dealing with your own country's authorities and they should work through those (you could be really helpful and give them contact info for your NCCU: https://en.wikipedia.org/wiki/National_Cyber_Crime_Unit , or contact NCCU yourself...). It looks like NCSC (National Cybercrime Security Centre) reporting should be done through here: https://www.actionfraud.police.uk/
Obviously IANAL etc. After editing this a few times I think in your shoes I'd call the Action Fraud number (0300 123 2040 per the top of the page), tell them what is going on, give them the US "police" contact info but (unless you're convinced it's real) say you think it's shaky, and ask if they can handle it.
It's common for police to contact individuals who can help them with cases. They aren't the CIA after all. It's easier to work with people than go through court processes to get subpoenas and stuff.
@muj
I definitely would consider the (perhaps more than merely theoretical) possibility that someone may be swatting your forum user.
Anyway - if what you're is saying is accurate - it seems like the police are casting a wide net - one might say doing a bit of fishing as far as your forum is concerned.
(Remember, police - in the USA at least - are generally under no obligation to not mislead you or anyone outside of a courtroom in pursuit of their objectives, whatever those may be.)
I want to say that I don't think too many people would fault you for cooperating as much as you see fit from a "don't want no hassle in my castle" perspective - unless you've advertised your forum as being particularly respectful of anonymity concerns.
However ...
is probably the most important question to maybe get something better than low-end advice on.
(Though I'm hopeful that you will get some interesting points to consider from people here who've had actual experience along these lines - if they're willing and/or able to talk about it.)
You might check with organizations such as https://openrightsgroup.org/ (UK) and https://edri.org (worldwide) to get a better handle on the "come back with a warrant" point of view. (In the US, the goto would be the venerable https://eff.org)
Hmm, that sounds a little weird, I'd be very dubious of an email from someone claiming to be the UK police. Is it at least a return address to a legitimate police agency? Is it email? Is there a phone number etc.? MikeA maybe you're right, I've never had to deal with anything like that, but it surprises me.
https://nationalcrimeagency.gov.uk/contact-us/verify-an-nca-officer gives a phone number to verify NCA officers. Maybe OP could ask them to verify the US police request. The immediate concern is whether the request is genuine at all.
Yeah the Police have given a US phone number and address, which they said you can phone to confirm.
Actually, I do think it's rather common. I didn't think it was until @A_Mike said it.
Once, I was contacted by a Toronto police department for some info regarding a fraud. It wasn't about me but some dude who was using stolen CCs around Toronto and its surrounding cities.
They had no warrant whatsoever but kindly asked for any info I had which in fact I had some info.
Long story short, the guy was caught in the end.
I've talked to UK police over email before (as you would expect, trying to stop people running DDoS-for-hire services.) Not uncommon even for them, same for the US.
Ask them to properly file for an MLAT. They will submit the request to the state department, who will work with your local police, who will provide you with a proper warrant/etc.
Doesn't mean it's from the police, somebody could fake the mail.
Anyhow, perhaps they should create a GUI interface using VisualBasic and see if they can track an IP address.
Ask them to get a warrant or subpoena through a Mutual Legal Assistance Treaty.
If you want to seem somewhat cooperative, say that you will preserve this data and present it when you receive a valid subpoena in the UK.
Don't hand over information without a formal subpoena or warrant. The court and legal system exists to ensure that there are reasonable grounds for extracting personal information from third parties. By handing it over, you undermine the legal system.
Charge them with "Premium Support fee"
Not too much, probably around $150.
This is an easy way of getting held in contempt of court and barred from entry to the United States of America if you don't interpret the situation 100% correctly.
That being said, ThePirateBay once sent invoices for every DCMA they received. Wonder if anyone ever paid up.
If the requester is actually a law enforcement officer, they actually trying to get the information fast without using the correct route, via subpoena, going through their counterpart in UK etc. So they most likely pay if they have the budget or desperate.
If not, they will reluctantly use the correct route through warrant/subpoena etc.
If the requester is scammer, then they can choose to either pay or not pay.
Either way, it is a win-win case for @muj
You can't get barred from entry to the US for that action above, because ultimately your defense line is that without proper contact from LEO through subpoena etc. you can't verify that they are indeed who they said they are. It's internet, everyone is sexy young 18 years old girl.
yeah I wouldn't joke around with trying to charge a fee unless you've got a good reason to do so.
(though I wonder what they'd do with a request for $7)
nor would I want to encourage perception of in any way "selling" customer details.