Warrant Used To Track Users Through Tor Invalidated

When it was revealed that an NIT (network investigative technique) had been used to track people across Tor, people were worried about just how they had got permission to deploy such a far sweeping piece of computer malware. It would now seem that the warrant issued didn’t give as much power as they wanted as a federal judge has now stated that the warrant should be invalidated because of its reach.

The federal judge in question sits in Massachusetts and stated that a magistrate issuing a warrant in Virginia cannot “authorize the search of a defendant’s computer located in Massachusetts”. This was noted in a 39-page opinion in which William Young stated that while it cannot be done, the Department of Justice and Congress could change the law in future. The end result of the opinion is the conclusion stating:

Based on the foregoing analysis, the Court concludes that the NIT Warrant was issued without jurisdiction and thus was void ab initio. It follows that the resulting search was conducted as though there were no warrant at all. Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded.

So ultimately the warrant for the NIT over stretched the bounds, something that has now led to a bunch of evidence being made null and void in a case where even Ahmed Ghappour, a law professor at the University of California, realized that the ” DOJ knew full well that the magistrate lacked authority to issue an out-of-district warrant”.

Feds Tell Court Apple Creates Technology To Thwart iPhone Warrants

The Department of Justice (DOJ) is currently working with the FBI in a legal battle against technology giant Apple. After being told to help unlock an iPhone through a software modification, the company began to argue that they could not be made to bypass their own security features by use of an All Writs Act. The DOJ have now filed fresh claims that specifically say that Apple is creating technology to thwart iPhone warrants.

The Department of Justice filed a brief on Thursday stating that Apple had created technology to render search warrants useless because of a “deliberate marketing decision”. The result of this decision is the current legal battle between the FBI and Apple and the questions being asked in congress regarding privacy vs security.

The brief carries on to that the use of the All Writs Act ensures “that their lawful warrants were not thwarted by third parties like Apple”. The brief continues to say:

Apple deliberately raised technological barriers that now stand between a lawful warrant and an iPhone containing evidence related to the terrorist mass murder of 14 Americans. Apple alone can remove those barriers so that the FBI can search the phone, and it can do so without undue burden. Under those specific circumstances, Apple can be compelled to give aid. That is not lawless tyranny. Rather, it is ordered liberty vindicating the rule of law.

Given that it’s been pointed out by several other people could also hack the iPhone, and while they claim it could be done without undue burden (an argument Apple has used to say that it won’t do it because of the impact it would have on their business), we have already been told that there are hundreds of iPhones in criminal cases which the FBI “could” want to be unlocked. Security experts are already coming out speaking about this latest filing

Security experts are already coming out speaking about this latest information about a topic which seems to escalate with every passing day.

https://twitter.com/JZdziarski/status/708059202107928577?ref_src=twsrc%5Etfw

https://twitter.com/agcrocker/status/708034792026050561?ref_src=twsrc%5Etfw

DOJ Appealing Order Found in Favor of Apple

Apple is everywhere in the news these days. From the rumoured features of their next generation of phones to the courtrooms. In a case that recently came to light in New York, the judge ruled that Apple could not be forced to unlock an iPhone by the All Writs Act. This didn’t sit well with the DOJ who are now appealing the order.

The case in New York features another iPhone, again locked by a passcode. Repeatedly trying different passcode risks the data on the phone, thanks to a security measure put in place that states when you fail to put in the passcode 10 times, it will erase the phone. With so many combinations, the FBI are looking to enlist Apple’s help to type in passcodes through software, without the data being erased.

I say looking to enlist, but the act used (the All Writs Act) has been deemed as some as an order from a judge where no legal precedent is available for the request. A judge in New York recently ruled that Apple couldn’t be forced to remove these settings or extract the data by use of the All Writs Act.

The DOJ don’t seem happy though with this ruling, asking the court to review the decision by the Magistrate Judge, with the hopes that they can get the iPhone unlocked and the continued in a similar fashion to the one currently taking place in California.

Badmouthed the Silk Road Case Judge Online? You Could Be Prosecuted

The conviction of Ross Ulbricht for creating and running the online black marketplace Silk Road has elicited some heated reactions, with many attacking the case’s judge for ignoring Ulbricht’s plea for leniency in favour of making an example out of him in the war against drugs in her sentencing. Now, in the wake of the trial, prosecutors are seeking to prosecute a number of people who made comments online about the judge.

The US Department of Justice is attempting to trace the identities of certain commenters on Libertarian website Reason.com, as revealed by Popehat, a legal blog that published the grand jury subpoena outlining the DoJ intent to find the posters of derogatory comments regarding US District Judge Katherine Forrest.

“Why is the government using its vast power to identify these obnoxious asshats, and not the other tens of thousands who plague the internet?” Ken White, blogger for Popehat wrote. “Because these twerps mouthed off about a judge.”

After Ross Ulbricht’s sentencing, Reason.com published a blog, sympathetic to Ulbricht, calling Silk Road “a revolutionary website that made it easier and safer to buy and sell illegal drugs” and lamenting that Ulbricht’s plea for leniency went ignored. The post garnered over 100 comments, the majority of which were extremely negative toward Judge Forrest.

Prosecutors have taken exception to eight comments in particular, and are seeking “any and all identifying information” related to them. Here are the eight comments that have cause such ire:

  • Agammamon: Its judges like these that should be taken out back and shot.
  • Alan: It’s judges like this that willbe taken out and short. FTFY.
  • croaker: Why waste ammunition? Wood chippers get the message across clearly. Especially if you feed them in feet first.
  • Cloudbuster: Why do it out back? Shoot them out front, on the steps of the courthouse.
  • Rhywun: I hope there is a special place in hell reserved for that horrible woman.
  • Alan: There is.
  • Product Placement: I’d prefer a hellish place on Earth be reserved for her as well.
  • croaker: F**k that. I don’t want to oay [sic] for that c**t’s food, housing, and medical. Send her through the wood chipper.

The subpoena was issued to Reason.com, demanding identifying information related to the above commenters on the grounds of “interstate threats”, a violation of Federal law 18 USC Section 875.

Is this just a case of hyperbolic internet idiots, or should such comments be taken seriously as threats?

Thank you Ars Technica for providing us with this information.

Siezed Megaupload Domains Hijacked By Scam Ads and Malware

Megaupload domains that were seized by the US Department of Justice, as part of its legal action against company founder Kim Dotcom, have now been hijacked by scammers who are using the domain names to distribute malware and host scam adverts. Megaupload.com and Megavideo.com are now active again after the FBI lost control of the main nameserver, a happenstance that Dotcom says the DoJ and FBI should have prevented.

Until recently, the two domains featured a banner informing visitors that sites had been seized as part of a criminal investigation, but now they direct people to a Zero-Click ad feed that pushes malware installers and other malicious materials.

A look at the Whois records, rather suspiciously, show the nameserver as PLEASEDROPTHISHOST15525.CIRFU.BIZ:

While the domains were under the control of the US government, the nameserver showed as CIRFU.NET, referring to the FBI’s Cyber Initiative and Resource Fusion Unit.

Dotcom told TorrentFreak that he believes the domain debacle to be an indictment of the DoJ’s competence, saying, “With U.S. Assistant Attorney Jay Prabhu the DOJ in Virginia employs a guy who doesn’t know the difference between civil & criminal law. And after this recent abuse of our seized Mega domains I wonder how this guy was appointed Chief of the Cybercrime Unit when he can’t even do the basics like safeguard the domains he has seized.”

“Jay Prabhu keeps embarrassing the U.S. government. I would send him back to law school and give him a crash course in ‘how the Internet works’,”

It is within the power of the FBI and DoJ to reclaim the domains with an update of the nameserver but, at last check, the two domains remain under malicious control.

Thank you TorrentFreak for providing us with this information.

Wikipedia Sues the NSA

 

Wikipedia has filed a lawsuit against the US National Security Agency (NSA) over the anti-constitutional nature of its internet mass surveillance program, as revealed by whistleblower and former NSA employee Edward Snowden.

The suit, which also names the US Department of Justice (DoJ) as a defendant, accuses the government organisations of breaching the First and Fifth Amendments of the US Constitution, designed to protect free speech and protection against unreasonable search and seizure, respectively.

“By tapping the backbone of the Internet, the NSA is straining the backbone of democracy,” the Wikimedia Foundation’s Executive Director, Lila Tretikov, wrote in a related blog post. “Wikipedia is founded on the freedoms of expression, inquiry, and information. By violating our users’ privacy, the NSA is threatening the intellectual freedom that is central to people’s ability to create and understand knowledge.”

Wikipedia founder Jimmy Wales also wrote an accompanying op-ed piece for The New York Times, published the same day as the lawsuit was filed. Wales argues that the NSA’s “pervasive surveillance” of Wikipedia visitors is an act that “stifles freedom of expression and the free exchange of knowledge.”

Wales continued, “Whenever someone overseas views or edits a Wikipedia page, it’s likely that the N.S.A. is tracking that activity—including the content of what was read or typed, as well as other information that can be linked to the person’s physical location and possible identity,” Wales and Tretikov wrote. “These activities are sensitive and private: They can reveal everything from a person’s political and religious beliefs to sexual orientation and medical conditions.”

Wikipedia’s lawsuit against the NSA has been filed in partnership with Human Rights Watch and Amnesty International, and are being represented by the American Civil Liberties Union.

Source: National Journal

Three Spammers Accused of Largest Data Breach in History

The US Department of Justice has charged three men with what could be the biggest data breach in the history of the internet. The three spammers are accused of stealing billions of e-mail addresses from the databases of e-mail service providers. Two of the men, Giang Hoang Vu and Viet Quoc Nguyen, are Vietnamese citizens residing in the Netherlands, while the third, David-Manuel Santos Da Silva, is Canadian.

A statement from Assistant Attorney General Caldwell read: “These men… are accused of carrying out the largest data breach of names and email addresses in the history of the Internet. The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers.”

The three men targeted the largest e-mail providers in the world, including Gmail, Yahoo! Mail, and Hotmail. Considering the scope of the operation and the volume of addresses accrued, it is quite likely that someone reading this has had their e-mail address stolen by these spammers. Only addresses were gathered, though: no passwords were compromised during the data breach.

Santos Da Silva is alleged to have laundered money that Hoang Vu and Quoc Nguyen earned through their spamming through his website, marketbay.com. Da Silva and Hoang Vu have been arrested, but Quoc Nguyen remains at large. Huoang Vu has pleaded guilty to computer fraud.

Source: Cyber Kendra

US Law Enforcement Offer $3M Reward for Gameover ZeuS Botnet Suspect

The U.S. Department of Justice and the Department of State’s Transnational Organized Crime Rewards Program is offering a $3 million reward for information that leads to the arrest or conviction of Evgeniy Mikhailovich Bogachev, the man suspected of being the administrator of the devastating  peer-to-peer botnet Gameover ZeuS.

The Gameover ZeuS botnet target banks and other financial establishments, infecting over 1 million computers and stealing more than $100 million. The DOJ managed to disrupt Gameover ZeuS last Summer.

Bogachev has made it to the FBI’s Cyber Most Wanted List and is thought to be still living in his Russian homeland. The DOJ suspect Bogachev of being the leader of a “tightly knit gang” of Russian cybercriminals, developing and operating the Gameover ZeuS and Cryptolocker malwares.

Assistant Attorney General Leslie Caldwell said, “One significant part of the puzzle remains incomplete, as Bogachev remains at large. Although we were able to significantly disrupt the Gameover Zeus and Cryptolocker criminal enterprise, we have not yet brought Bogachev himself to justice.”

Source: Computer World

US Government Pirates Military Software, Pays $50m Settlement

Looks like the US government has become one of the worst pirates around after using thousands of copies of military software without a licence. The company behind the software have said that they recently discovered the software was installed in significantly more machines than they had licensed.

Texas based company, Apptricity, provided the government with the logistics programs that are used by the army and has done so for nearly ten yeras. The Department of Justice basically got caught out over using their software and has since paid a settlement of $50 million to the company, which is around £31 million.

While the Department of Justice hasn’t commented on the subject, you would think they knew better in the first place! Apptricity did originally call for a staggering $224 million, but must be happy with the settlement (since they accepted) and will now use the money to expand their company.

“Apptricity is now incredibly energised to use the settlement resolution as a catalyst for aggressive investment in our team, our solutions and our untapped market opportunities,” said Randy Lieberman, Apptricity’s chief financial officer.

Given the US has been making a push to combat piracy with near brute force in recent years, you would have expect better from them, but at least they were willing to pay for that mistake.

Thank you BBC for providing us with this information.

Image courtesy of BBC.