Tag Archives: fbi

Game of Thrones Leaks “Carried Out By Former Iranian Military Hacker”

Post Syndicated from Andy original https://torrentfreak.com/game-of-thrones-leaks-carried-out-by-former-iranian-military-hacker-171122/

Late July it was reported that hackers had stolen proprietary information from media giant HBO.

The haul was said to include confidential details of the then-unreleased fourth episode of the latest Game of Thrones season, plus episodes of Ballers, Barry, Insecure, and Room 104.

“Hi to all mankind,” an email sent to reporters read. “The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!!”

In follow-up correspondence, the hackers claimed to have penetrated HBO’s internal network, gaining access to emails, technical platforms, and other confidential information.

Image released by the hackers

Soon after, HBO chairman and CEO Richard Plepler confirmed a breach at his company, telling employees that there had been a “cyber incident” in which information and programming had been taken.

“Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us. I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests,” he said.

During mid-August, problems persisted, with unreleased shows hitting the Internet. HBO appeared rattled by the ongoing incident, refusing to comment to the media on every new development. Now, however, it appears the tide is turning on HBO’s foe.

In a statement last evening, Joon H. Kim, Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Field Division of the FBI, announced the unsealing of an indictment charging a 29-year-old man with offenses carried out against HBO.

“Behzad Mesri, an Iranian national who had previously hacked computer systems for the Iranian military, allegedly infiltrated HBO’s systems, stole proprietary data, including scripts and plot summaries for unaired episodes of Game of Thrones, and then sought to extort HBO of $6 million in Bitcoins,” Kim said.

“Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice. American ingenuity and creativity is to be cultivated and celebrated — not hacked, stolen, and held for ransom. For hackers who test our resolve in protecting our intellectual property — even those hiding behind keyboards in countries far away — eventually, winter will come.”

According to the Department of Justice, Mesri honed his computer skills working for the Iranian military, conducting cyber attacks against enemy military systems, nuclear software, and Israeli infrastructure. He was also a member of the Turk Black Hat hacking team which defaced hundreds of websites with the online pseudonym “Skote Vahshat”.

The indictment states that Mesri began his campaign against HBO during May 2017, when he conducted “online reconnaissance” of HBO’s networks and employees. Between May and July, he then compromised a number of HBO employee user accounts and used them to access the company’s data and TV shows, copying them to his own machines.

After allegedly obtaining around 1.5 terabytes of HBO’s data, Mesri then began to extort HBO, warning that unless a ransom of $5.5 million wasn’t paid in Bitcoin, the leaking would begin. When the amount wasn’t paid, three days later Mesri told HBO that the amount had now risen to $6m and as an additional punishment, data could be wiped from HBO’s servers.

Subsequently, on or around July 30 and continuing through August 2017, Mesri allegedly carried through with his threats, leaking information and TV shows online and promoting them via emails to members of the press.

As a result of the above, Mesri is charged with one count of wire fraud, which carries a maximum sentence of 20 years in prison, one count of computer hacking (five years), three counts of threatening to impair the confidentiality of information (five years each), and one count of interstate transmission of an extortionate communication (two years). No copyright infringement offenses are mentioned in the indictment.

The big question now is whether the US will ever get their hands on Mesri. The answer to that, at least through any official channels, seems to be a resounding no. There is no extradition treaty between the US and Iran meaning that if Mesri stays put, he’s likely to remain a free man.

Wanted

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Original Torrentz Domain Names Listed For Sale

Post Syndicated from Ernesto original https://torrentfreak.com/original-torrentz-domain-names-listed-for-sale-171119/

Last year, the torrent ecosystem lost two of its biggest sites. First KickassTorrents was taken down following a criminal investigation by the FBI, resulting in indictments against the operators.

A few days later, Torrentz.eu decided to close its doors as well, albeit voluntarily. Without prior warning, all torrent listings were removed from the meta-search engine, which was the third largest torrent site at the time.

The site’s operator kept the website online, but instead of offering links to the usual torrents, its users were left with the following message: “Torrentz will always love you. Farewell.”

Today, more than a year later, not much has changed. Torrentz is still online but the torrent search engine is still not functional. This role was taken over by an unrelated site carrying the name Torrentz2, which has millions of daily visitors itself now.

However, according to a message posted on the original Torrentz site, things may change in the near future. The original Torrentz domain names, including Torrentz.eu, Torrentz.com and Torrentz.in, are for listed sale.

Torrentz for sale

Considering the history of the site and the fact that it still has quite a bit of traffic, this may pique the interest of some online entrepreneurs.

For sentimental Torrentz fans, a sale can go both ways. It could either be used for a new torrent related venture, or someone could scoop it up just to fill it with ads, or even worse.

One thing potential buyers have to be aware of is that the site is still blocked in several countries, including the UK. This, despite the fact that it hasn’t carried any links to infringing content for over a year.

TorrentFreak reached out to the owner of Torrentz to find out why he decided to sell the site now. At the time of writing we haven’t heard back yet, but it’s clear that he’s ready to move on.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

How to read newspapers

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/11/how-to-read-newspapers.html

News articles don’t contain the information you think. Instead, they are written according to a formula, and that formula is as much about distorting/hiding information as it is about revealing it.

A good example is the following. I claimed hate-crimes aren’t increasing. The tweet below tries to disprove me, by citing a news article that claims the opposite:

But the data behind this article tells a very different story than the words.
Every November, the FBI releases its hate-crime statistics for the previous year. They’ve been doing this every year for a long time. When they do so, various news organizations grab the data and write a quick story around it.
By “story” I mean a story. Raw numbers don’t interest people, so the writer instead has to wrap it in a narrative that does interest people. That’s what the writer has done in the above story, leading with the fact that hate crimes have increased.
But is this increase meaningful? What do the numbers actually say?
To answer this, I went to the FBI’s website, the source of this data, and grabbed the numbers for the last 20 years, and graphed them in Excel, producing the following graph:
As you can see, there is no significant rise in hate-crimes. Indeed, the latest numbers are about 20% below the average for the last two decades, despite a tiny increase in the last couple years. Statistically/scientifically, there is no change, but you’ll never read that in a news article, because it’s boring and readers won’t pay attention. You’ll only get a “news story” that weaves a narrative that interests the reader.
So back to the original tweet exchange. The person used the news story to disprove my claim, but going to the underlying data, it only supports my claim that the hate-crimes are going down, not up — the small increases of the past couple years are insignificant to the larger decreases of the last two decades.
So that’s the point of this post: news stories are deceptive. You have to double-check the data they are based upon, and pay less attention to the narrative they weave, and even less attention to the title designed to grab your attention.
Anyway, as a side-note, I’d like to apologize for being human. The snark/sarcasm of the tweet above gives me extra pleasure in proving them wrong :).

How to Recover From Ransomware

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/complete-guide-ransomware/

Here’s the scenario. You’re working on your computer and you notice that it seems slower. Or perhaps you can’t access document or media files that were previously available.

You might be getting error messages from Windows telling you that a file is of an “Unknown file type” or “Windows can’t open this file.”

Windows error message

If you’re on a Mac, you might see the message “No associated application,” or “There is no application set to open the document.”

MacOS error message

Another possibility is that you’re completely locked out of your system. If you’re in an office, you might be looking around and seeing that other people are experiencing the same problem. Some are already locked out, and others are just now wondering what’s going on, just as you are.

Then you see a message confirming your fears.

wana decrypt0r ransomware message

You’ve been infected with ransomware.

You’ll have lots of company this year. The number of ransomware attacks on businesses tripled in the past year, jumping from one attack every two minutes in Q1 to one every 40 seconds by Q3.There were over four times more new ransomware variants in the first quarter of 2017 than in the first quarter of 2016, and damages from ransomware are expected to exceed $5 billion this year.

Growth in Ransomware Variants Since December 2015

Source: Proofpoint Q1 2017 Quarterly Threat Report

This past summer, our local PBS and NPR station in San Francisco, KQED, was debilitated for weeks by a ransomware attack that forced them to go back to working the way they used to prior to computers. Five months have passed since the attack and they’re still recovering and trying to figure out how to prevent it from happening again.

How Does Ransomware Work?

Ransomware typically spreads via spam or phishing emails, but also through websites or drive-by downloads, to infect an endpoint and penetrate the network. Once in place, the ransomware then locks all files it can access using strong encryption. Finally, the malware demands a ransom (typically payable in bitcoins) to decrypt the files and restore full operations to the affected IT systems.

Encrypting ransomware or “cryptoware” is by far the most common recent variety of ransomware. Other types that might be encountered are:

  • Non-encrypting ransomware or lock screens (restricts access to files and data, but does not encrypt them)
  • Ransomware that encrypts the Master Boot Record (MBR) of a drive or Microsoft’s NTFS, which prevents victims’ computers from being booted up in a live OS environment
  • Leakware or extortionware (exfiltrates data that the attackers threaten to release if ransom is not paid)
  • Mobile Device Ransomware (infects cell-phones through “drive-by downloads” or fake apps)

The typical steps in a ransomware attack are:

1
Infection
After it has been delivered to the system via email attachment, phishing email, infected application or other method, the ransomware installs itself on the endpoint and any network devices it can access.
2
Secure Key Exchange
The ransomware contacts the command and control server operated by the cybercriminals behind the attack to generate the cryptographic keys to be used on the local system.
3
Encryption
The ransomware starts encrypting any files it can find on local machines and the network.
4
Extortion
With the encryption work done, the ransomware displays instructions for extortion and ransom payment, threatening destruction of data if payment is not made.
5
Unlocking
Organizations can either pay the ransom and hope for the cybercriminals to actually decrypt the affected files (which in many cases does not happen), or they can attempt recovery by removing infected files and systems from the network and restoring data from clean backups.

Who Gets Attacked?

Ransomware attacks target firms of all sizes — 5% or more of businesses in the top 10 industry sectors have been attacked — and no no size business, from SMBs to enterprises, are immune. Attacks are on the rise in every sector and in every size of business.

Recent attacks, such as WannaCry earlier this year, mainly affected systems outside of the United States. Hundreds of thousands of computers were infected from Taiwan to the United Kingdom, where it crippled the National Health Service.

The US has not been so lucky in other attacks, though. The US ranks the highest in the number of ransomware attacks, followed by Germany and then France. Windows computers are the main targets, but ransomware strains exist for Macintosh and Linux, as well.

The unfortunate truth is that ransomware has become so wide-spread that for most companies it is a certainty that they will be exposed to some degree to a ransomware or malware attack. The best they can do is to be prepared and understand the best ways to minimize the impact of ransomware.

“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” — James Scott, expert in Artificial Intelligence

Phishing emails, malicious email attachments, and visiting compromised websites have been common vehicles of infection (we wrote about protecting against phishing recently), but other methods have become more common in past months. Weaknesses in Microsoft’s Server Message Block (SMB) and Remote Desktop Protocol (RDP) have allowed cryptoworms to spread. Desktop applications — in one case an accounting package — and even Microsoft Office (Microsoft’s Dynamic Data Exchange — DDE) have been the agents of infection.

Recent ransomware strains such as Petya, CryptoLocker, and WannaCry have incorporated worms to spread themselves across networks, earning the nickname, “cryptoworms.”

How to Defeat Ransomware

1
Isolate the Infection
Prevent the infection from spreading by separating all infected computers from each other, shared storage, and the network.
2
Identify the Infection
From messages, evidence on the computer, and identification tools, determine which malware strain you are dealing with.
3
Report
Report to the authorities to support and coordinate measures to counter attacks.
4
Determine Your Options
You have a number of ways to deal with the infection. Determine which approach is best for you.
5
Restore and Refresh
Use safe backups and program and software sources to restore your computer or outfit a new platform.
6
Plan to Prevent Recurrence
Make an assessment of how the infection occurred and what you can do to put measures into place that will prevent it from happening again.

1 — Isolate the Infection

The rate and speed of ransomware detection is critical in combating fast moving attacks before they succeed in spreading across networks and encrypting vital data.

The first thing to do when a computer is suspected of being infected is to isolate it from other computers and storage devices. Disconnect it from the network (both wired and Wi-Fi) and from any external storage devices. Cryptoworms actively seek out connections and other computers, so you want to prevent that happening. You also don’t want the ransomware communicating across the network with its command and control center.

Be aware that there may be more than just one patient zero, meaning that the ransomware may have entered your organization or home through multiple computers, or may be dormant and not yet shown itself on some systems. Treat all connected and networked computers with suspicion and apply measures to ensure that all systems are not infected.

This Week in Tech (TWiT.tv) did a videocast showing what happens when WannaCry is released on an isolated system and encrypts files and trys to spread itself to other computers. It’s a great lesson on how these types of cryptoworms operate.

2 — Identify the Infection

Most often the ransomware will identify itself when it asks for ransom. There are numerous sites that help you identify the ransomware, including ID Ransomware. The No More Ransomware! Project provides the Crypto Sheriff to help identify ransomware.

Identifying the ransomware will help you understand what type of ransomware you have, how it propagates, what types of files it encrypts, and maybe what your options are for removal and disinfection. It also will enable you to report the attack to the authorities, which is recommended.

wanna decryptor 2.0 ransomware message

WannaCry Ransomware Extortion Dialog

3 — Report to the Authorities

You’ll be doing everyone a favor by reporting all ransomware attacks to the authorities. The FBI urges ransomware victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

You can file a report with the FBI at the Internet Crime Complaint Center.

There are other ways to report ransomware, as well.

4 — Determine Your Options

Your options when infected with ransomware are:

  1. Pay the ransom
  2. Try to remove the malware
  3. Wipe the system(s) and reinstall from scratch

It’s generally considered a bad idea to pay the ransom. Paying the ransom encourages more ransomware, and in most cases the unlocking of the encrypted files is not successful.

In a recent survey, more than three-quarters of respondents said their organization is not at all likely to pay the ransom in order to recover their data (77%). Only a small minority said they were willing to pay some ransom (3% of companies have already set up a Bitcoin account in preparation).

Even if you decide to pay, it’s very possible you won’t get back your data.

5 — Restore or Start Fresh

You have the choice of trying to remove the malware from your systems or wiping your systems and reinstalling from safe backups and clean OS and application sources.

Get Rid of the Infection

There are internet sites and software packages that claim to be able to remove ransomware from systems. The No More Ransom! Project is one. Other options can be found, as well.

Whether you can successfully and completely remove an infection is up for debate. A working decryptor doesn’t exist for every known ransomware, and unfortunately it’s true that the newer the ransomware, the more sophisticated it’s likely to be and a perhaps a decryptor has not yet been created.

It’s Best to Wipe All Systems Completely

The surest way of being certain that malware or ransomware has been removed from a system is to do a complete wipe of all storage devices and reinstall everything from scratch. If you’ve been following a sound backup strategy, you should have copies of all your documents, media, and important files right up to the time of the infection.

Be sure to determine as well as you can from file dates and other information what was the date of infection. Consider that an infection might have been dormant in your system for a while before it activated and made significant changes to your system. Identifying and learning about the particular malware that attacked your systems will enable you to understand how that malware operates and what your best strategy should be for restoring your systems.

Backblaze Backup enables you to go back in time and specify the date prior to which you wish to restore files. That date should precede the date your system was infected.

Choose files to restore from earlier date in Backblaze Backup

If you’ve been following a good backup policy with both local and off-site backups, you should be able to use backup copies that you are sure were not connected to your network after the time of attack and hence protected from infection. Backup drives that were completely disconnected should be safe, as are files stored in the cloud, as with Backblaze Backup.

System Restores Are not the Best Strategy for Dealing with Ransomware and Malware

You might be tempted to use a System Restore point to get your system back up and running. System Restore is not a good solution for removing viruses or other malware. Since malicious software is typically buried within all kinds of places on a system, you can’t rely on System Restore being able to root out all parts of the malware. Instead, you should rely on a quality virus scanner that you keep up to date. Also, System Restore does not save old copies of your personal files as part of its snapshot. It also will not delete or replace any of your personal files when you perform a restoration, so don’t count on System Restore as working like a backup. You should always have a good backup procedure in place for all your personal files.

Local backups can be encrypted by ransomware. If your backup solution is local and connected to a computer that gets hit with ransomware, the chances are good your backups will be encrypted along with the rest of your data.

With a good backup solution that is isolated from your local computers, such as Backblaze Backup, you can easily obtain the files you need to get your system working again. You have the flexility to determine which files to restore, from which date you want to restore, and how to obtain the files you need to restore your system.

Choose how to obtain your backup files

You’ll need to reinstall your OS and software applications from the source media or the internet. If you’ve been managing your account and software credentials in a sound manner, you should be able to reactivate accounts for applications that require it.

If you use a password manager, such as 1Password or LastPass, to store your account numbers, usernames, passwords, and other essential information, you can access that information through their web interface or mobile applications. You just need to be sure that you still know your master username and password to obtain access to these programs.

6 — How to Prevent a Ransomware Attack

“Ransomware is at an unprecedented level and requires international investigation.” — European police agency EuroPol

A ransomware attack can be devastating for a home or a business. Valuable and irreplaceable files can be lost and tens or even hundreds of hours of effort can be required to get rid of the infection and get systems working again.

Security experts suggest several precautionary measures for preventing a ransomware attack.

  1. Use anti-virus and anti-malware software or other security policies to block known payloads from launching.
  2. Make frequent, comprehensive backups of all important files and isolate them from local and open networks. Cybersecurity professionals view data backup and recovery (74% in a recent survey) by far as the most effective solution to respond to a successful ransomware attack.
  3. Keep offline backups of data stored in locations inaccessible from any potentially infected computer, such as external storage drives or the cloud, which prevents them from being accessed by the ransomware.
  4. Install the latest security updates issued by software vendors of your OS and applications. Remember to Patch Early and Patch Often to close known vulnerabilities in operating systems, browsers, and web plugins.
  5. Consider deploying security software to protect endpoints, email servers, and network systems from infection.
  6. Exercise cyber hygiene, such as using caution when opening email attachments and links.
  7. Segment your networks to keep critical computers isolated and to prevent the spread of malware in case of attack. Turn off unneeded network shares.
  8. Turn off admin rights for users who don’t require them. Give users the lowest system permissions they need to do their work.
  9. Restrict write permissions on file servers as much as possible.
  10. Educate yourself, your employees, and your family in best practices to keep malware out of your systems. Update everyone on the latest email phishing scams and human engineering aimed at turning victims into abettors.

It’s clear that the best way to respond to a ransomware attack is to avoid having one in the first place. Other than that, making sure your valuable data is backed up and unreachable by ransomware infection will ensure that your downtime and data loss will be minimal or avoided completely.

Have you endured a ransomware attack or have a strategy to avoid becoming a victim? Please let us know in the comments.

The post How to Recover From Ransomware appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Daphne Caruana Galizia’s Murder and the Security of WhatsApp

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/11/daphne_caruana_.html

Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb.

Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were.

One journalist reports:

Part of Daphne’s destroyed smart phone was elevated from the scene.

Investigators say that Caruana Galizia had not taken her laptop with her on that particular trip. If she had done so, the forensic experts would have found evidence on the ground.

Her mobile phone is also being examined, as can be seen from her WhatsApp profile, which has registered activity since the murder. But it is understood that the data is safe.

Sources close to the newsroom said that as part of the investigation her sim card has been cloned. This is done with the help of mobile service providers in similar cases. Asked if her WhatsApp messages or any other messages that were stored in her phone will be retrieved, the source said that since the messaging application is encrypted, the messages cannot be seen. Therefore it is unlikely that any data can be retrieved.

I am less optimistic than that reporter. The FBI is providing “specific assistance.” The article doesn’t explain that, but I would not be surprised if they were helping crack the phone.

It will be interesting to see if WhatsApp’s security survives this. My guess is that it depends on how much of the phone was recovered from the bombed car.

EDITED TO ADD (11/7): The court-appointed IT expert on the case has a criminal record in the UK for theft and forgery.

Osama Bin Laden Compound Was a Piracy Hotbed, CIA Reveals

Post Syndicated from Ernesto original https://torrentfreak.com/osama-bin-laden-compound-was-a-piracy-hotbed-cia-reveals-171103/

The times when pirates were stereotyped as young men in a college dorm are long past us.

Nowadays you can find copyright infringers throughout many cultures and all layers of society.

In the past we’ve discovered ‘pirates’ in the most unusual places, from the FBI, through major record labels and the U.S. Government to the Vatican.

This week we can add another location to the list, Osama Bin Laden’s former Abbottabad compound, where he was captured and killed on 2 May 2011.

The CIA has regularly released documents and information found on the premises. This week it added a massive treasure trove of 470,000 files, providing insight into the interests of one of the most notorious characters in recent history.

“Today’s release of recovered al-Qa‘ida letters, videos, audio files and other materials provides the opportunity for the American people to gain further insights into the plans and workings of this terrorist organization,” CIA Director Pompeo commented.

What caught our eye, however, is the material that the CIA chose not to release. This includes a host of pirated files, some more relevant than others.

For example, the computers contained pirated copies of the movies Antz, Batman Gotham Knight, Cars, Chicken Little, Ice Age: Dawn of the Dinosaurs, Home on the Range and The Three Musketeers. Since these are children-oriented titles, it’s likely they served as entertainment for the kids living in the compound.

There was also other entertainment stored on the hard drives, including the games Final Fantasy VII and Grand Theft Auto: Chinatown Wars, a Game Boy Advance emulator, porn, and anime.

Gizmodo has an overview of some of the weirdest movies, for those who are interested.

Not all content is irrelevant, though. The archive also contains files including the documentary “Where in the World is Osama bin Laden,” “CNN Presents: World’s Most Wanted,” “In the Footsteps of Bin Laden,” and “National Geographic: World’s Worst Venom.”

Or what about “National Geographic: Kung Fu Killers,” which reveals the ten deadliest Kung Fu weapons of all time, including miniature swords disguised as tobacco pipes.

There is, of course, no evidence that Osama Bin Laden watched any of these titles. Just as there’s no proof that he played any games. There were a lot of people in the compound and, while it makes for a good headline, the files are not directly tied to him.

That said, the claim that piracy supports terrorism suddenly gets a whole new meaning…



Credit: Original compound image Sajjad Ali Qureshi

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Kim Dotcom Wins Settlement Over Military-Style Police Raid

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-wins-settlement-military-style-police-raid-171103/

It’s been spoken about thousands of times in the past half-decade but the 2012 raid on Kim Dotcom’s home in New Zealand was extraordinary by any standard.

At the behest of the US Government, 72 police officers – including some from the elite heavily armed Special Tactics Group (STG) – descended on Dotcom’s Coatesville mansion. Two helicopters were used during the raid, footage from which was later released to the public as the scale and nature of the operation became clear.

To be clear, no one in the Dotcom residence had any history of violence. Nevertheless, considerable force was used to attack rooms in the building, all of it aimed at detaining the founder of what was then the world’s most famous file-hosting site. The FBI, it seems, would stop at nothing in pursuit of the man they claimed was the planet’s most notorious copyright infringer.

As the dust settled, it became clear that the overwhelming use of force was not only unprecedented but also completely unnecessary, a point Dotcom himself became intent on pressing home.

The entrepreneur was particularly angry at the treatment received by former wife Mona, who was seven months pregnant with twins at the time. So, in response, the Megaupload founder and his wife sued the police, hoping to hold the authorities to account for their actions.

The case has dragged on for years but this morning came news of a breakthrough. According to information released by Kim Dotcom, the lawsuit has been resolved after a settlement was reached with the police.

“Today, Mona and I are glad to reach a confidential settlement of our case against the New Zealand Police. We have respect for the Police in this country. They work hard and have, with this one exception, treated me and my family with courtesy and respect,” Dotcom said.

“We were shocked at the uncharacteristic handling of my arrest for a non-violent Internet copyright infringement charge brought by the United States, which is not even a crime in New Zealand.”

Dotcom said police could have simply asked to be let in, at which point he could have been arrested. Instead, under pressure from US authorities and “special interests in Hollywood”, they turned the whole event into a massive publicity stunt aimed at pleasing the US.

“The New Zealand Police we know do not carry guns. They try to resolve matters in a non-violent manner, unlike what we see from the United States. We are sad that our officers, good people simply doing their job, were tainted by US priorities and arrogance,” Dotcom said.

“We sued the Police because we believed their military-style raid on a family with children in a non-violent case went far beyond what a civilised community should expect from its police force. New Zealanders deserve and should expect better.”

Kim Dotcom has developed a reputation for fighting back across all aspects of his long-running case, and this particular action was no different. He’d planned to take the case all the way to the High Court but in the end decided that doing so wouldn’t be in the best interests of his family.

Noting that New Zealand has a new government “for the better”, Dotcom said that raking up the past would only serve to further disrupt his family.

“Our children are now settled and integrated safely here into their community and they love it. We do not want to relive past events. We do not want to disrupt our children’s new lives. We do not want to revictimise them. We want them to grow up happy,” he said.

“That is why we chose New Zealand to be our family home in the first place. We are fortunate to live here. Under the totality of the circumstances, we thought settlement was best for our children.”

According to NZ Herald, the Dotcoms aren’t the only ones to have made peace with the police. Other people arrested in 2012, including Dotcom associates Bram van der Kolk and Mathias Ortmann, were paid six-figure sums to settle. The publication speculates that as the main target of the raid, Dotcom’s settlment amount would’ve been more.

But while this matter is now closed, others remain. It was previously determined that Kiwi spy agency the Government Communications Security Bureau (GCSB) unlawfully spied on the Dotcoms over an extended period. Ron Mansfield, New Zealand counsel for the Dotcoms, says that case will continue.

“The GCSB refuses to disclose what it did or the actual private communications it stole. The Dotcoms understandably believe that they are entitled to know this. That action is pending appeal in the Court of Appeal,” he says.

Also before the Court of Appeal is the case to extradite Dotcom and his associates to the United States. That hearing is set for February 2018 but whatever the outcome, a further appeal to the Supreme Court is likely, meaning that Dotcom will remain in New Zealand until 2020, at least.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

FBI Increases Its Anti-Encryption Rhetoric

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/10/fbi_increases_i.html

Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law — or something like that. The EFF’s Kurt Opsahl takes it apart pretty thoroughly.

Last week, FBI Director Christopher Wray said much the same thing.

This is an idea that will not die.

PureVPN Explains How it Helped the FBI Catch a Cyberstalker

Post Syndicated from Andy original https://torrentfreak.com/purevpn-explains-how-it-helped-the-fbi-catch-a-cyberstalker-171016/

Early October, Ryan S. Lin, 24, of Newton, Massachusetts, was arrested on suspicion of conducting “an extensive cyberstalking campaign” against a 24-year-old Massachusetts woman, as well as her family members and friends.

The Department of Justice described Lin’s offenses as a “multi-faceted” computer hacking and cyberstalking campaign. Launched in April 2016 when he began hacking into the victim’s online accounts, Lin allegedly obtained personal photographs and sensitive information about her medical and sexual histories and distributed that information to hundreds of other people.

Details of what information the FBI compiled on Lin can be found in our earlier report but aside from his alleged crimes (which are both significant and repugnant), it was PureVPN’s involvement in the case that caused the most controversy.

In a report compiled by an FBI special agent, it was revealed that the Hong Kong-based company’s logs helped the authorities net the alleged criminal.

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,” the agent’s affidavit reads.

Among many in the privacy community, this revelation was met with disappointment. On the PureVPN website the company claims to carry no logs and on a general basis, it’s expected that so-called “no-logging” VPN providers should provide people with some anonymity, at least as far as their service goes. Now, several days after the furor, the company has responded to its critics.

In a fairly lengthy statement, the company begins by confirming that it definitely doesn’t log what websites a user views or what content he or she downloads.

“PureVPN did not breach its Privacy Policy and certainly did not breach your trust. NO browsing logs, browsing habits or anything else was, or ever will be shared,” the company writes.

However, that’s only half the problem. While it doesn’t log user activity (what sites people visit or content they download), it does log the IP addresses that customers use to access the PureVPN service. These, given the right circumstances, can be matched to external activities thanks to logs carried by other web companies.

PureVPN talks about logs held by Google’s Gmail service to illustrate its point.

“A network log is automatically generated every time a user visits a website. For the sake of this example, let’s say a user logged into their Gmail account. Every time they accessed Gmail, the email provider created a network log,” the company explains.

“If you are using a VPN, Gmail’s network log would contain the IP provided by PureVPN. This is one half of the picture. Now, if someone asks Google who accessed the user’s account, Google would state that whoever was using this IP, accessed the account.

“If the user was connected to PureVPN, it would be a PureVPN IP. The inquirer [in the Lin case, the FBI] would then share timestamps and network logs acquired from Google and ask them to be compared with the network logs maintained by the VPN provider.”

Now, if PureVPN carried no logs – literally no logs – it would not be able to help with this kind of inquiry. That was the case last year when the FBI approached Private Internet Access for information and the company was unable to assist.

However, as is made pretty clear by PureVPN’s explanation, the company does log user IP addresses and timestamps which reveal when a user was logged on to the service. It doesn’t matter that PureVPN doesn’t log what the user allegedly did online, since the third-party service already knows that information to the precise second.

Following the example, GMail knows that a user sent an email at 10:22am on Monday October 16 from a PureVPN IP address. So, if PureVPN is approached by the FBI, the company can confirm that User X was using the same IP address at exactly the same time, and his home IP address was XXX.XX.XXX.XX. Effectively, the combined logs link one IP address to the other and the user is revealed. It’s that simple.

It is for this reason that in TorrentFreak’s annual summary of no-logging VPN providers, the very first question we ask every single company reads as follows:

Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user/users of your service? If so, what information do you hold and for how long?

Clearly, if a company says “yes we log incoming IP addresses and associated timestamps”, any claim to total user anonymity is ended right there and then.

While not completely useless (a logging service will still stop the prying eyes of ISPs and similar surveillance, while also defeating throttling and site-blocking), if you’re a whistle-blower with a job or even your life to protect, this level of protection is entirely inadequate.

The take-home points from this controversy are numerous, but perhaps the most important is for people to read and understand VPN provider logging policies.

Secondly, and just as importantly, VPN providers need to be extremely clear about the information they log. Not tracking browsing or downloading activities is all well and good, but if home IP addresses and timestamps are stored, this needs to be made clear to the customer.

Finally, VPN users should not be evil. There are plenty of good reasons to stay anonymous online but cyberstalking, death threats and ruining people’s lives are not included. Fortunately, the FBI have offline methods for catching this type of offender, and long may that continue.

PureVPN’s blog post is available here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

"Responsible encryption" fallacies

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/10/responsible-encryption-fallacies.html

Deputy Attorney General Rod Rosenstein gave a speech recently calling for “Responsible Encryption” (aka. “Crypto Backdoors”). It’s full of dangerous ideas that need to be debunked.

The importance of law enforcement

The first third of the speech talks about the importance of law enforcement, as if it’s the only thing standing between us and chaos. It cites the 2016 Mirai attacks as an example of the chaos that will only get worse without stricter law enforcement.

But the Mira case demonstrated the opposite, how law enforcement is not needed. They made no arrests in the case. A year later, they still haven’t a clue who did it.

Conversely, we technologists have fixed the major infrastructure issues. Specifically, those affected by the DNS outage have moved to multiple DNS providers, including a high-capacity DNS provider like Google and Amazon who can handle such large attacks easily.

In other words, we the people fixed the major Mirai problem, and law-enforcement didn’t.

Moreover, instead being a solution to cyber threats, law enforcement has become a threat itself. The DNC didn’t have the FBI investigate the attacks from Russia likely because they didn’t want the FBI reading all their files, finding wrongdoing by the DNC. It’s not that they did anything actually wrong, but it’s more like that famous quote from Richelieu “Give me six words written by the most honest of men and I’ll find something to hang him by”. Give all your internal emails over to the FBI and I’m certain they’ll find something to hang you by, if they want.
Or consider the case of Andrew Auernheimer. He found AT&T’s website made public user accounts of the first iPad, so he copied some down and posted them to a news site. AT&T had denied the problem, so making the problem public was the only way to force them to fix it. Such access to the website was legal, because AT&T had made the data public. However, prosecutors disagreed. In order to protect the powerful, they twisted and perverted the law to put Auernheimer in jail.

It’s not that law enforcement is bad, it’s that it’s not the unalloyed good Rosenstein imagines. When law enforcement becomes the thing Rosenstein describes, it means we live in a police state.

Where law enforcement can’t go

Rosenstein repeats the frequent claim in the encryption debate:

Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection

Of course our society has places “impervious to detection”, protected by both legal and natural barriers.

An example of a legal barrier is how spouses can’t be forced to testify against each other. This barrier is impervious.

A better example, though, is how so much of government, intelligence, the military, and law enforcement itself is impervious. If prosecutors could gather evidence everywhere, then why isn’t Rosenstein prosecuting those guilty of CIA torture?

Oh, you say, government is a special exception. If that were the case, then why did Rosenstein dedicate a precious third of his speech discussing the “rule of law” and how it applies to everyone, “protecting people from abuse by the government”. It obviously doesn’t, there’s one rule of government and a different rule for the people, and the rule for government means there’s lots of places law enforcement can’t go to gather evidence.

Likewise, the crypto backdoor Rosenstein is demanding for citizens doesn’t apply to the President, Congress, the NSA, the Army, or Rosenstein himself.

Then there are the natural barriers. The police can’t read your mind. They can only get the evidence that is there, like partial fingerprints, which are far less reliable than full fingerprints. They can’t go backwards in time.

I mention this because encryption is a natural barrier. It’s their job to overcome this barrier if they can, to crack crypto and so forth. It’s not our job to do it for them.

It’s like the camera that increasingly comes with TVs for video conferencing, or the microphone on Alexa-style devices that are always recording. This suddenly creates evidence that the police want our help in gathering, such as having the camera turned on all the time, recording to disk, in case the police later gets a warrant, to peer backward in time what happened in our living rooms. The “nothing is impervious” argument applies here as well. And it’s equally bogus here. By not helping police by not recording our activities, we aren’t somehow breaking some long standing tradit

And this is the scary part. It’s not that we are breaking some ancient tradition that there’s no place the police can’t go (with a warrant). Instead, crypto backdoors breaking the tradition that never before have I been forced to help them eavesdrop on me, even before I’m a suspect, even before any crime has been committed. Sure, laws like CALEA force the phone companies to help the police against wrongdoers — but here Rosenstein is insisting I help the police against myself.

Balance between privacy and public safety

Rosenstein repeats the frequent claim that encryption upsets the balance between privacy/safety:

Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety.

This is laughable, because technology has swung the balance alarmingly in favor of law enforcement. Far from “Going Dark” as his side claims, the problem we are confronted with is “Going Light”, where the police state monitors our every action.

You are surrounded by recording devices. If you walk down the street in town, outdoor surveillance cameras feed police facial recognition systems. If you drive, automated license plate readers can track your route. If you make a phone call or use a credit card, the police get a record of the transaction. If you stay in a hotel, they demand your ID, for law enforcement purposes.

And that’s their stuff, which is nothing compared to your stuff. You are never far from a recording device you own, such as your mobile phone, TV, Alexa/Siri/OkGoogle device, laptop. Modern cars from the last few years increasingly have always-on cell connections and data recorders that record your every action (and location).

Even if you hike out into the country, when you get back, the FBI can subpoena your GPS device to track down your hidden weapon’s cache, or grab the photos from your camera.

And this is all offline. So much of what we do is now online. Of the photographs you own, fewer than 1% are printed out, the rest are on your computer or backed up to the cloud.

Your phone is also a GPS recorder of your exact position all the time, which if the government wins the Carpenter case, they police can grab without a warrant. Tagging all citizens with a recording device of their position is not “balance” but the premise for a novel more dystopic than 1984.

If suspected of a crime, which would you rather the police searched? Your person, houses, papers, and physical effects? Or your mobile phone, computer, email, and online/cloud accounts?

The balance of privacy and safety has swung so far in favor of law enforcement that rather than debating whether they should have crypto backdoors, we should be debating how to add more privacy protections.

“But it’s not conclusive”

Rosenstein defends the “going light” (“Golden Age of Surveillance”) by pointing out it’s not always enough for conviction. Nothing gives a conviction better than a person’s own words admitting to the crime that were captured by surveillance. This other data, while copious, often fails to convince a jury beyond a reasonable doubt.
This is nonsense. Police got along well enough before the digital age, before such widespread messaging. They solved terrorist and child abduction cases just fine in the 1980s. Sure, somebody’s GPS location isn’t by itself enough — until you go there and find all the buried bodies, which leads to a conviction. “Going dark” imagines that somehow, the evidence they’ve been gathering for centuries is going away. It isn’t. It’s still here, and matches up with even more digital evidence.
Conversely, a person’s own words are not as conclusive as you think. There’s always missing context. We quickly get back to the Richelieu “six words” problem, where captured communications are twisted to convict people, with defense lawyers trying to untwist them.

Rosenstein’s claim may be true, that a lot of criminals will go free because the other electronic data isn’t convincing enough. But I’d need to see that claim backed up with hard studies, not thrown out for emotional impact.

Terrorists and child molesters

You can always tell the lack of seriousness of law enforcement when they bring up terrorists and child molesters.
To be fair, sometimes we do need to talk about terrorists. There are things unique to terrorism where me may need to give government explicit powers to address those unique concerns. For example, the NSA buys mobile phone 0day exploits in order to hack terrorist leaders in tribal areas. This is a good thing.
But when terrorists use encryption the same way everyone else does, then it’s not a unique reason to sacrifice our freedoms to give the police extra powers. Either it’s a good idea for all crimes or no crimes — there’s nothing particular about terrorism that makes it an exceptional crime. Dead people are dead. Any rational view of the problem relegates terrorism to be a minor problem. More citizens have died since September 8, 2001 from their own furniture than from terrorism. According to studies, the hot water from the tap is more of a threat to you than terrorists.
Yes, government should do what they can to protect us from terrorists, but no, it’s not so bad of a threat that requires the imposition of a military/police state. When people use terrorism to justify their actions, it’s because they trying to form a military/police state.
A similar argument works with child porn. Here’s the thing: the pervs aren’t exchanging child porn using the services Rosenstein wants to backdoor, like Apple’s Facetime or Facebook’s WhatsApp. Instead, they are exchanging child porn using custom services they build themselves.
Again, I’m (mostly) on the side of the FBI. I support their idea of buying 0day exploits in order to hack the web browsers of visitors to the secret “PlayPen” site. This is something that’s narrow to this problem and doesn’t endanger the innocent. On the other hand, their calls for crypto backdoors endangers the innocent while doing effectively nothing to address child porn.
Terrorists and child molesters are a clichéd, non-serious excuse to appeal to our emotions to give up our rights. We should not give in to such emotions.

Definition of “backdoor”

Rosenstein claims that we shouldn’t call backdoors “backdoors”:

No one calls any of those functions [like key recovery] a “back door.”  In fact, those capabilities are marketed and sought out by many users.

He’s partly right in that we rarely refer to PGP’s key escrow feature as a “backdoor”.

But that’s because the term “backdoor” refers less to how it’s done and more to who is doing it. If I set up a recovery password with Apple, I’m the one doing it to myself, so we don’t call it a backdoor. If it’s the police, spies, hackers, or criminals, then we call it a “backdoor” — even it’s identical technology.

Wikipedia uses the key escrow feature of the 1990s Clipper Chip as a prime example of what everyone means by “backdoor“. By “no one”, Rosenstein is including Wikipedia, which is obviously incorrect.

Though in truth, it’s not going to be the same technology. The needs of law enforcement are different than my personal key escrow/backup needs. In particular, there are unsolvable problems, such as a backdoor that works for the “legitimate” law enforcement in the United States but not for the “illegitimate” police states like Russia and China.

I feel for Rosenstein, because the term “backdoor” does have a pejorative connotation, which can be considered unfair. But that’s like saying the word “murder” is a pejorative term for killing people, or “torture” is a pejorative term for torture. The bad connotation exists because we don’t like government surveillance. I mean, honestly calling this feature “government surveillance feature” is likewise pejorative, and likewise exactly what it is that we are talking about.

Providers

Rosenstein focuses his arguments on “providers”, like Snapchat or Apple. But this isn’t the question.

The question is whether a “provider” like Telegram, a Russian company beyond US law, provides this feature. Or, by extension, whether individuals should be free to install whatever software they want, regardless of provider.

Telegram is a Russian company that provides end-to-end encryption. Anybody can download their software in order to communicate so that American law enforcement can’t eavesdrop. They aren’t going to put in a backdoor for the U.S. If we succeed in putting backdoors in Apple and WhatsApp, all this means is that criminals are going to install Telegram.

If the, for some reason, the US is able to convince all such providers (including Telegram) to install a backdoor, then it still doesn’t solve the problem, as uses can just build their own end-to-end encryption app that has no provider. It’s like email: some use the major providers like GMail, others setup their own email server.

Ultimately, this means that any law mandating “crypto backdoors” is going to target users not providers. Rosenstein tries to make a comparison with what plain-old telephone companies have to do under old laws like CALEA, but that’s not what’s happening here. Instead, for such rules to have any effect, they have to punish users for what they install, not providers.

This continues the argument I made above. Government backdoors is not something that forces Internet services to eavesdrop on us — it forces us to help the government spy on ourselves.
Rosenstein tries to address this by pointing out that it’s still a win if major providers like Apple and Facetime are forced to add backdoors, because they are the most popular, and some terrorists/criminals won’t move to alternate platforms. This is false. People with good intentions, who are unfairly targeted by a police state, the ones where police abuse is rampant, are the ones who use the backdoored products. Those with bad intentions, who know they are guilty, will move to the safe products. Indeed, Telegram is already popular among terrorists because they believe American services are already all backdoored. 
Rosenstein is essentially demanding the innocent get backdoored while the guilty don’t. This seems backwards. This is backwards.

Apple is morally weak

The reason I’m writing this post is because Rosenstein makes a few claims that cannot be ignored. One of them is how he describes Apple’s response to government insistence on weakening encryption doing the opposite, strengthening encryption. He reasons this happens because:

Of course they [Apple] do. They are in the business of selling products and making money. 

We [the DoJ] use a different measure of success. We are in the business of preventing crime and saving lives. 

He swells in importance. His condescending tone ennobles himself while debasing others. But this isn’t how things work. He’s not some white knight above the peasantry, protecting us. He’s a beat cop, a civil servant, who serves us.

A better phrasing would have been:

They are in the business of giving customers what they want.

We are in the business of giving voters what they want.

Both sides are doing the same, giving people what they want. Yes, voters want safety, but they also want privacy. Rosenstein imagines that he’s free to ignore our demands for privacy as long has he’s fulfilling his duty to protect us. He has explicitly rejected what people want, “we use a different measure of success”. He imagines it’s his job to tell us where the balance between privacy and safety lies. That’s not his job, that’s our job. We, the people (and our representatives), make that decision, and it’s his job is to do what he’s told. His measure of success is how well he fulfills our wishes, not how well he satisfies his imagined criteria.

That’s why those of us on this side of the debate doubt the good intentions of those like Rosenstein. He criticizes Apple for wanting to protect our rights/freedoms, and declare they measure success differently.

They are willing to be vile

Rosenstein makes this argument:

Companies are willing to make accommodations when required by the government. Recent media reports suggest that a major American technology company developed a tool to suppress online posts in certain geographic areas in order to embrace a foreign government’s censorship policies. 

Let me translate this for you:

Companies are willing to acquiesce to vile requests made by police-states. Therefore, they should acquiesce to our vile police-state requests.

It’s Rosenstein who is admitting here is that his requests are those of a police-state.

Constitutional Rights

Rosenstein says:

There is no constitutional right to sell warrant-proof encryption.

Maybe. It’s something the courts will have to decide. There are many 1st, 2nd, 3rd, 4th, and 5th Amendment issues here.
The reason we have the Bill of Rights is because of the abuses of the British Government. For example, they quartered troops in our homes, as a way of punishing us, and as a way of forcing us to help in our own oppression. The troops weren’t there to defend us against the French, but to defend us against ourselves, to shoot us if we got out of line.

And that’s what crypto backdoors do. We are forced to be agents of our own oppression. The principles enumerated by Rosenstein apply to a wide range of even additional surveillance. With little change to his speech, it can equally argue why the constant TV video surveillance from 1984 should be made law.

Let’s go back and look at Apple. It is not some base company exploiting consumers for profit. Apple doesn’t have guns, they cannot make people buy their product. If Apple doesn’t provide customers what they want, then customers vote with their feet, and go buy an Android phone. Apple isn’t providing encryption/security in order to make a profit — it’s giving customers what they want in order to stay in business.
Conversely, if we citizens don’t like what the government does, tough luck, they’ve got the guns to enforce their edicts. We can’t easily vote with our feet and walk to another country. A “democracy” is far less democratic than capitalism. Apple is a minority, selling phones to 45% of the population, and that’s fine, the minority get the phones they want. In a Democracy, where citizens vote on the issue, those 45% are screwed, as the 55% impose their will unwanted onto the remainder.

That’s why we have the Bill of Rights, to protect the 49% against abuse by the 51%. Regardless whether the Supreme Court agrees the current Constitution, it is the sort right that might exist regardless of what the Constitution says. 

Obliged to speak the truth

Here is the another part of his speech that I feel cannot be ignored. We have to discuss this:

Those of us who swear to protect the rule of law have a different motivation.  We are obliged to speak the truth.

The truth is that “going dark” threatens to disable law enforcement and enable criminals and terrorists to operate with impunity.

This is not true. Sure, he’s obliged to say the absolute truth, in court. He’s also obliged to be truthful in general about facts in his personal life, such as not lying on his tax return (the sort of thing that can get lawyers disbarred).

But he’s not obliged to tell his spouse his honest opinion whether that new outfit makes them look fat. Likewise, Rosenstein knows his opinion on public policy doesn’t fall into this category. He can say with impunity that either global warming doesn’t exist, or that it’ll cause a biblical deluge within 5 years. Both are factually untrue, but it’s not going to get him fired.

And this particular claim is also exaggerated bunk. While everyone agrees encryption makes law enforcement’s job harder than with backdoors, nobody honestly believes it can “disable” law enforcement. While everyone agrees that encryption helps terrorists, nobody believes it can enable them to act with “impunity”.

I feel bad here. It’s a terrible thing to question your opponent’s character this way. But Rosenstein made this unavoidable when he clearly, with no ambiguity, put his integrity as Deputy Attorney General on the line behind the statement that “going dark threatens to disable law enforcement and enable criminals and terrorists to operate with impunity”. I feel it’s a bald face lie, but you don’t need to take my word for it. Read his own words yourself and judge his integrity.

Conclusion

Rosenstein’s speech includes repeated references to ideas like “oath”, “honor”, and “duty”. It reminds me of Col. Jessup’s speech in the movie “A Few Good Men”.

If you’ll recall, it was rousing speech, “you want me on that wall” and “you use words like honor as a punchline”. Of course, since he was violating his oath and sending two privates to death row in order to avoid being held accountable, it was Jessup himself who was crapping on the concepts of “honor”, “oath”, and “duty”.

And so is Rosenstein. He imagines himself on that wall, doing albeit terrible things, justified by his duty to protect citizens. He imagines that it’s he who is honorable, while the rest of us not, even has he utters bald faced lies to further his own power and authority.

We activists oppose crypto backdoors not because we lack honor, or because we are criminals, or because we support terrorists and child molesters. It’s because we value privacy and government officials who get corrupted by power. It’s not that we fear Trump becoming a dictator, it’s that we fear bureaucrats at Rosenstein’s level becoming drunk on authority — which Rosenstein demonstrably has. His speech is a long train of corrupt ideas pursuing the same object of despotism — a despotism we oppose.

In other words, we oppose crypto backdoors because it’s not a tool of law enforcement, but a tool of despotism.

Roku Shows FBI Warning to Pirate Channel Users

Post Syndicated from Ernesto original https://torrentfreak.com/roku-shows-fbi-warning-to-pirate-channel-users-171009/

In recent years it has become much easier to stream movies and TV-shows over the Internet.

Legal services such as Netflix and HBO are flourishing, but at the same time millions of people are streaming from unauthorized sources, often paired with perfectly legal streaming platforms and devices.

Hollywood insiders have dubbed this trend “Piracy 3.0” and are actively working with stakeholders to address the threat. One of the companies rightsholders are working with is Roku, known for its easy-to-use media players.

Earlier this year a Mexican court ordered retailers to take the Roku media player off the shelves. This legal battle is still ongoing, but it was a clear signal to the company, which now has its own anti-piracy team.

Several third-party “private” channels have been removed from the player in recent weeks as they violate Roku’s terms and conditions. These include the hugely popular streaming channel XTV, which offered access to infringing content.

After its removal, XTV briefly returned as XTV 2, but that didn’t last for long. The infringing channel was soon removed again, this time showing the FBI’s anti-piracy seal followed by a rather ominous message.

“FBI Anti-Piracy Warning: Unauthorized copying is punishable under federal law,” it reads. “Roku has removed this unauthorized service due to repeated claims of copyright infringement.”

FBI Warning (via Cordcuttersnews)

The unusual warning was picked up by Cordcuttersnews and states that Roku itself removed the channel.

To some it may seem that the FBI is cracking down on Roku channels, but this is not the case. The anti-piracy seal and associated warning are often used in cases where the organization is not actively involved, to add extra weight. The FBI supports this, as long as certain standards are met.

A Roku spokesperson confirmed to TorrentFreak that they’re using it on their own accord here.

“We want to send a clear message to Roku customers and to publishers that any publication of pirated content on our platform is a violation of law and our platform rules,” the company says.

“We have recently expanded the messaging that we display to customers that install non-certified channels to alert them to the associated risks, and we display the FBI’s publicly available warning when we remove channels for copyright violations.”

The strong language shows that Roku is taking its efforts to crack down on infringing channels very seriously. A few weeks ago the company started to warn users that pirate channels may be removed without prior notice.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

PureVPN Logs Helped FBI Net Alleged Cyberstalker

Post Syndicated from Andy original https://torrentfreak.com/purevpn-logs-helped-fbi-net-alleged-cyberstalker-171009/

Last Thursday, Ryan S. Lin, 24, of Newton, Massachusetts, was arrested on suspicion of conducting “an extensive cyberstalking campaign” against his former roommate, a 24-year-old Massachusetts woman, as well as her family members and friends.

According to the Department of Justice, Lin’s “multi-faceted campaign of computer hacking and cyberstalking” began in April 2016 when he began hacking into the victim’s online accounts, obtaining personal photographs, sensitive information about her medical and sexual histories, and other private details.

It’s alleged that after obtaining the above material, Lin distributed it to hundreds of others. It’s claimed he created fake online profiles showing the victim’s home address while soliciting sexual activity. This caused men to show up at her home.

“Mr. Lin allegedly carried out a relentless cyber stalking campaign against a young woman in a chilling effort to violate her privacy and threaten those around her,” said Acting United States Attorney William D. Weinreb.

“While using anonymizing services and other online tools to avoid attribution, Mr. Lin harassed the victim, her family, friends, co-workers and roommates, and then targeted local schools and institutions in her community. Mr. Lin will now face the consequences of his crimes.”

While Lin awaits his ultimate fate (he appeared in U.S. District Court in Boston Friday), the allegation he used anonymization tools to hide himself online but still managed to get caught raises a number of questions. An affidavit submitted by Special Agent Jeffrey Williams in support of the criminal complaint against Lin provides most of the answers.

Describing Lin’s actions against the victim as “doxing”, Williams begins by noting that while Lin was the initial aggressor, the fact he made the information so widely available raises the possibility that other people got involved with malicious acts later on. Nevertheless, Lin remains the investigation’s prime suspect.

According to the affidavit, Lin is computer savvy having majored in computer science. He allegedly utilized a number of methods to hide his identity and IP address, including TOR, Virtual Private Network (VPN) services and email providers that “do not maintain logs or other records.”

But if that genuinely is the case, how was Lin caught?

First up, it’s worth noting that plenty of Lin’s aggressive and stalking behaviors towards the victim were demonstrated in a physical sense, offline. In that respect, it appears the authorities already had him as the prime suspect and worked back from there.

In one instance, the FBI examined a computer that had been used by Lin at a former workplace. Although Windows had been reinstalled, the FBI managed to find Google Chrome data which indicated Lin had viewed articles about bomb threats he allegedly made. They were also able to determine he’d accessed the victim’s Gmail account and additional data suggested that he’d used a VPN service.

“Artifacts indicated that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer,” the affidavit reads.

From here the Special Agent’s report reveals that the FBI received cooperation from Hong Kong-based PureVPN.

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,” the agent’s affidavit reads.

Needless to say, while this information will prove useful to the FBI’s prosecution of Lin, it’s also likely to turn into a huge headache for the VPN provider. The company claims zero-logging, which clearly isn’t the case.

“PureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security?” the company’s marketing statement reads.

“That’s why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities.”

PureVPN privacy graphic

However, if one drills down into the PureVPN privacy policy proper, one sees the following:

Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a ‘connection’ and the total bandwidth used during this connection is called ‘bandwidth’. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.

This seems to match what the FBI says – almost. While it says it doesn’t log, PureVPN admits to keeping records of when a user connects to the service and for how long. The FBI clearly states that the service also captures the user’s IP address too. In fact, it appears that PureVPN also logged the IP address belonging to another VPN service (WANSecurity) that was allegedly used by Lin to connect to PureVPN.

That record also helped to complete another circle of evidence. IP addresses used by
Kansas-based WANSecurity and Secure Internet LLC (servers operated by PureVPN) were allegedly used to access Gmail accounts known to be under Lin’s control.

Somewhat ironically, this summer Lin took to Twitter to criticize VPN provider IPVanish (which is not involved in the case) over its no-logging claims.

“There is no such thing as a VPN that doesn’t keep logs,” Lin said. “If they can limit your connections or track bandwidth usage, they keep logs.”

Or, in the case of PureVPN, if they log a connection time and a source IP address, that could be enough to raise the suspicions of the FBI and boost what already appears to be a pretty strong case.

If convicted, Lin faces up to five years in prison and three years of supervised release.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

ShareBeast & AlbumJams Operator Pleads Guilty to Criminal Copyright Infringement

Post Syndicated from Andy original https://torrentfreak.com/sharebeast-albumjams-operator-pleads-guilty-to-criminal-copyright-infringement-170911/

In September 2015, U.S. authorities announced action against a pair of sites involved in music piracy.

ShareBeast.com and AlbumJams.com were allegedly responsible for the distribution of “a massive library” of popular albums and tracks. Both were accused of offering thousands of tracks before their official release dates.

The U.S. Department of Justice (DOJ) placed their now familiar seizure notice on both domains, with the RIAA claiming ShareBeast was the largest illegal file-sharing site operating in the United States. Indeed, the site’s IP addresses at the time indicated at least some hosting taking place in Illinois.

“This is a huge win for the music community and legitimate music services. Sharebeast operated with flagrant disregard for the rights of artists and labels while undermining the legal marketplace,” RIAA Chairman & CEO Cary Sherman commented at the time.

“Millions of users accessed songs from Sharebeast each month without one penny of compensation going to countless artists, songwriters, labels and others who created the music.”

Now, a full two years later, former Sharebeast operator Artur Sargsyan has pleaded guilty to one felony count of criminal copyright infringement, admitting to the unauthorized distribution and reproduction of over 1 billion copies of copyrighted works.

“Through Sharebeast and other related sites, this defendant profited by illegally distributing copyrighted music and albums on a massive scale,” said U. S. Attorney John Horn.

“The collective work of the FBI and our international law enforcement partners have shut down the Sharebeast websites and prevented further economic losses by scores of musicians and artists.”

The Department of Justice says that from 2012 to 2015, 29-year-old Sargsyan used ShareBeast as a pirate music repository, infringing works produced by Ariana Grande, Katy Perry, Beyonce, Kanye West, and Justin Bieber, among others. He linked to that content from Newjams.net and Albumjams.com, two other sites under his control.

The DoJ says that Sargsyan was informed at least 100 times that there was infringing content on ShareBeast but despite the warnings, the content remained available. When those warnings produced no results, the FBI – assisted by law enforcement in the UK and the Netherlands – seized servers used by Sargsyan to distribute the material.

Brad Buckles, EVP, Anti-Piracy at the RIAA, welcomed the guilty plea.

“Sharebeast and its related sites represented the most popular network of infringing music sites operated out of the United States. The network was responsible for providing millions of downloads of popular music files including unauthorized pre-release albums and tracks.This illicit activity was a gut-punch to music creators who were paid nothing by the service,” Buckles said.

“We are incredibly grateful for the government’s commitment to protecting the rights of artists and labels. We especially thank the dedicated agents of the FBI who painstakingly unraveled this criminal enterprise, and U.S. Attorney John Horn and his team for their work and diligence in seeing this case to its successful conclusion.”

Sargsyan, of Glendale, California, will be sentenced December 4 before U.S. District Judge Timothy C. Batten.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Man Leaks New ‘Power’ Episodes Online, Records His Own Face

Post Syndicated from Andy original https://torrentfreak.com/man-leaks-new-power-episodes-online-records-his-own-face-170809/

With the whole world going crazy for Game of Thrones, another TV series has been turning some serious numbers. Produced by Curtis “50 Cent” Jackson, crime drama ‘Power’ has been pulling in around eight million viewers per episode.

After premiering in June 2014, Power is now seven episodes into season four, which is set to reach its climax on August 27. But somewhat typically for the Internet these days, fans won’t necessarily have to wait another three weeks to find out what happens. During the past few hours, the final three episodes of ‘Power’ leaked online.

While that’s something in itself, this leak is possibly the most bizarre to take place in the history of piracy. Having been tipped off that screener episodes were available online, TF went looking for evidence. We found it, but it wasn’t what we expected.

The leaks consist of the three episodes (one complete, the other two missing a few minutes) being played back on an iPhone. A white one. With a broken screen.

Power leaks: Broken iPhone edition

The off-center nature of the image above isn’t typical though and most of the time the main picture is both central and well-defined, with surprisingly clear audio. It’s certainly not going to win any prizes for quality but for the extremely impatient it offers some kind of relief.

The big question, of course, is how these episodes happened to find their way onto that battered iPhone in the first place. Incredibly, the videos themselves provide the answers, with the thoughtful ‘cammer’ explaining in several voice-overs how he gained access to one of STARZ hottest properties.

“This is like the special, this is only for the people that work at STARZ that watch this shit. My man sent me the whole log-in shit. I had to pay that n******r though,” he said.

The log-in referenced by the leaker appears to unlock press access to unreleased content on mediaroom.starz.com. That page has been taken down since, quite possibly due to the leak. Thanks to the video though, we can see how the portal looked on the leaker’s phone.

Unreleased ‘Power’ episodes on the STARZ portal

“That’s the whole series bitch, but I can’t log out though, so I can’t send it to you. The man says don’t log out. So i’m gonna watch these last two episodes and then spoil it for y’all,” the ‘cammer’ said over one of the episodes.

The original claim that theses were screener copies holds up. Throughout all three episodes, an occasional message appears across the bottom of the screen, declaring that the episodes are “for screening purposes only.”

Screener copies, for your eyes only

If the whole situation isn’t bizarre enough so far, the episodes contain quite a bit of complaining from the ‘cammer’, mainly due to his arm aching from holding up the recording phone for such a long time.

Why he didn’t simply place it down on the table isn’t clear. He managed it with the playback phone, which is seen leaning against a large water container throughout, something the ‘cammer’ believes is pretty badass.

“You see, I got my shit propped up like a G,” he said, placing the phone against the water bottle. “Next episode, definitely not holdin’ this shit, so you n*****s gotta relax.”

If this whole scenario isn’t crazy enough, the ‘cammer’ polishes off his virtuoso performance by turning the ‘cam’ phone around and recording his own face for several seconds. To save his embarrassment we won’t publish an image here but needless to say, he is extremely easy to identify, as is his Facebook page, where the content seems to have first appeared.

While there’s clearly no criminal mastermind behind these leaks, dumping unreleased TV shows online can result in a hefty jail sentence, no matter how poorly it’s done. The gentleman involved should hope that STARZ and the FBI are prepared to see the funny side. Fingers crossed….

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Torrentz Shut Down A Year Ago, But The Name Lives On

Post Syndicated from Ernesto original https://torrentfreak.com/torrentz-shut-down-a-year-ago-but-the-name-lives-on-170805/

Last summer, the torrent ecosystem lost two of its biggest stars. First, KickassTorrents was taken down following a criminal investigation by the FBI, resulting in indictments against the site’s operators.

Not long after KAT went offline, Torrentz.eu decided to close its doors as well, albeit voluntarily. Without prior warning, all torrent listings were removed from the meta-search engine, which was the third largest torrent site at the time.

The site’s operator confirmed the shutdown to TorrentFreak. The website itself was still on air but instead of the usual torrents, its users were left with the following message: “Torrentz will always love you. Farewell.”

Torrentz.eu says farewell

torrentz-farewell

A year has passed since and Torrentz.eu is still online, but it remains torrent-less. An official explanation for the drastic action was never given, but it’s likely that legal pressure or the trouble at KAT weighed into the decision.

As we’ve seen with KAT, however, the Torrentz brand is still alive and kicking today. Soon after the original site ceased its regular operation, several ‘copies’ popped up, eager to take its place.

The most successful alternative, in terms of traffic, is the elegantly named Torrentz2.eu. Unlike many others, Torrentz2 has always been upfront with its users and never claimed to be an official resurrection. They just want to do what Torrentz did, or even better.

“We always wanted to operate a site as beautiful as the original torrentz site so recreating it was the only way to do it,” the site’s operator tells TorrentFreak.

Torrentz2 copied the look of Torrentz, but runs its own meta-search engine, indexing even more sites than its famous predecessor. At the time of writing the site covers 61,106,364 torrents from 241,559,021 pages on 80 domains.

“We want to add more sites to our index. There are 80 domains now. There is a really huge list of new torrent sites that we discover and will be added soon.
We are looking for hamsters to power up our servers, we believe that we are very close to finding them,” the operator says.

Torrentz2.eu, alive and kicking

The site hasn’t had any legal pressure yet, the operator says. In the future, they will continue down the same path, which doesn’t deviate much from the original site.

“We are trying to keep the feeling and the features of the original torrentz site. Features that are missing are the user comments and accounts but we are working
on it and will be added very soon.”

The public seems to appreciate the Torrentz alternative as well. The site has millions of active users today, which is pretty close to the original site. So for most people, not that much has changed actually.

In fact, it would not a surprise if many of the current Torrentz2 visitors have no clue that they’re not dealing with the “real” thing.

All in all, we can say that recent history has shown how flexible the torrent ecosystem can be when it comes to sudden site closures. Whether it’s KAT, Torrentz, isoHunt, EZTV, YTS or ExtraTorrents, users are quick to find an alternative and continue torrenting there, or move onto something new entirely.

While that may be a positive note for many torrent fanatics, for the sentimentalists it might be strange that those who worked hard to build certain brands for years are seemingly replaced so easily.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Kim Dotcom Denied Access to Illegally Obtained Spy Recordings

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-denied-access-to-illegally-obtained-spy-recordings-170720/

In the months leading up to the infamous raid on Kim Dotcom’s New Zealand mansion and his now defunct cloud storage site Megaupload, the entrepreneur was under surveillance.

Not only were the MPAA and RIAA amassing information, the governments of the United States and New Zealand were neck-deep in the investigation too, using the FBI and local police to gather information. What soon became evident, however, is that the authorities in New Zealand did so while breaking the rules.

Between 16 December 2011 to 22 March 2012, New Zealand used the Government Communications Security Bureau (GCSB) agency to spy on the private communications of Kim and Mona Dotcom, plus Megaupload co-defendant Bram van der Kolk. This was hugely problematic.

GCSB is an intelligence agency of the New Zealand government responsible for spying on external entities. It is forbidden by law from conducting surveillance on its own citizens or permanent residents in the country. His standing in the country meant that Dotcom should not have been spied on.

“Of course I apologize to Mr Dotcom, and I apologize to New Zealanders,” then New Zealand Prime Minister John Key later said.

Since it was established that New Zealand illegally spied on Dotcom, the Megaupload founder has been trying to find out what information the GCSB gathered about him, then wife Mona, and former colleague Bram van der Kolk. According to Dotcom, there was a total of 87 breaches, all of which the government wants to keep secret.

Since then, Dotcom has been fighting to gain access to the information GCSB illegally obtained, while seeking compensation for the damages caused.

In a ruling handed down this morning, the High Court details its findings in respect of a three-day hearing that took place early April 2017, during which GCSB said the raw, unredacted information should be withheld from Dotcom on national security grounds.

GCSB and the government argued that the public interest in the disclosure of the material is outweighed by the public interest in withholding it, adding that the security and defense of New Zealand would be compromised on the world stage.

For their part, the Dotcoms said that nondisclosure of the unredacted documents breaches their rights under the New Zealand Bill of Rights Act 1990. Given that any damages award is directly linked to the extent and nature of the illegal intrusions into their private lives, access to the documents is paramount.

That being the case, they argued that the public interest in disclosure outweighs any public interest in the information being withheld.

This morning, citing a 2013 Court of Appeal verdict that ruled the GCSB didn’t have to release the raw communications, Justice Murray Gilbert insisted that the recordings will not be released.

“A number of the redactions in the discovered documents are to protect the identity or contact details of personnel who were involved in or associated with the operation or copied into email communications concerning it,” Justice Gilbert wrote.

“It is hard to see how any of this information could be relevant to the relief that should be granted in this proceeding. Again, the public interest in withholding disclosure of this information far outweighs any public interest in its disclosure.”

In a statement, Kim Dotcom expressed his frustrations, noting that the government is doing everything it can to suppress details of the illegal surveillance.

“After being caught, the GCSB has fought to keep what it did, and how, a secret from me and from you, the New Zealand public. Worse, it seeks to hide behind ‘national security’ to keep the truth from us,” Dotcom said.

“To keep this secret, the GCSB applied to the High Court. It filed secret evidence and secret submissions. The GCSB’s lawyers were heard in a ‘closed’ court with the Judge, where they made secret submissions and secret witnesses gave secret evidence.”

Dotcom said neither his lawyers nor the public was allowed to be present during the hearing. And when his legal team could be heard, they were significantly hampered in their work.

“When my lawyers were heard, after that hearing, they had to make submissions as to why information they were not allowed to see, for reasons they were not allowed to know, should be disclosed. They were effectively shooting at a moving target, in the dark, with one hand tied behind their backs,” Dotcom said.

The Megaupload founder suggests there is there is a clear double-standard when he has to be tried in public for his alleged crimes, but when it comes to offenses carried out by the government, the process takes place behind closed doors.

“I will appeal this judgment and ask the Court of Appeal to shine some cleansing sunlight on what happened here. If there is transparency, there is accountability, and we can prevent this happening again,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pirate App Store Operator Jailed for Criminal Copyright Infringement

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-app-store-operator-jailed-for-criminal-copyright-infringement-170710/

Assisted by police in France and the Netherlands, the FBI took down the “pirate” Android stores Appbucket, Applanet and SnappzMarket during the summer of 2012.

The domain seizures were the first ever against “rogue” mobile app marketplaces and followed similar actions against BitTorrent and streaming sites.

During the years that followed several people connected to the Android app sites were arrested and indicted. This is also true for the now 27-year-old Joshua Taylor, a resident of Kentwood, Michigan.

Taylor, who arranged SnappzMarket’s servers, was previously convicted of conspiracy to commit criminal copyright infringement and has now been sentenced (pdf) to 16 months in prison for his role in the operation.

According to the Department of Justice, SnappzMarket distributed more than one million pirated apps with a retail value exceeding $1.7 million.

In a sentencing memorandum, defense attorney John Lovell argued that his client never made any “profits” from his involvement, noting that the co-conspirators played a much more significant role.

“Josh Taylor is 27 years old with no other criminal history. His offense involved procuring storage space for the masterminds of the operation,” Lovell wrote. “SnappzMarket did not pay Josh. Whatever profits were generated by SnappzMarket were split between Sharp and Peterson.”

The court record further reveals that Taylor had a very tough childhood and was plagued by both mental and physical challenges.

According to the testimony from his psychologist Meredith Davis, he didn’t understand that he was committing a felonious act, and lacked the cognitive capacity do so intentionally.

The psychologist stressed that her client deeply regrets what happened and she doesn’t think it’s likely that would run into similar problems in the future.

“He has expressed a great deal of remorse for his involvement in the charged crime. Mr. Taylor possesses a high degree of vigilance to avoid any further contact with the law,” Davis wrote to the court.

Despite these arguments, U.S. District Judge Timothy Batten Sr. found a prison sentence appropriate.

While 16 months is significant, it’s not as much as 46 month prison sentence co-conspirator Scott Walton received earlier. Kody Peterson, another key SnappzMarket operator, only received a one year sentence but he agreed to do undercover work for the FBI.

Gary Edwin Sharp II, the only remaining defendant, previously pleaded guilty and is currently scheduled to be sentenced in November. Like the others, he also faces up to several years in prison.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The Terrible Horrors of ‘Kodi Boxes’ Shock The UK

Post Syndicated from Andy original https://torrentfreak.com/the-terrible-horrors-of-kodi-boxes-shock-the-uk-170702/

In the beginning, we were told that Kodi Boxes are probably going to destroy Hollywood, not to mention companies like Sky and The Premier League. But who cares about the big people in suits drinking champagne from gold swimming pools?

No, what the unwashed masses need to hear are stories that make us realize that these little plastic wonder boxes are going to ruin our miserable lives. Luckily, they’ve been appearing thick and fast this past couple of weeks.

It turns out that Kodi Boxes are not only likely to burn your house down, but they’re also part of a master plan to pick away at the delicate threads holding family life together.

Forget about the piracy, that doesn’t matter. The powers that be need you to understand that Kodi Boxes are Trojan horses of misery that people are willingly bringing in to their own homes. Can you believe people are being so stupid?

According to an article in this week’s The Mirror, for example, kids’ movies spewed out by these evil devices are now being interrupted by adverts for alcohol. Well, it makes a change from seeing Phil Mitchell smashed out of his mind at 8pm on BBC1, doesn’t it?

At the same time, Kodi Boxes are straining relationships between father and son, not to mention subjecting unsuspecting parents to malware threats. They include scams purporting to be from the ‘FBI’ which demand money for using Popcorn Time inside Kodi. The world truly has gone mad.

Of course, if only one person sees this nonsense it’s too much, and The Mirror piece is quite rightly filled with quotes from real people who gave up piracy as a result of their bad experiences. It also has plenty of useful advice from the UK’s leading anti-piracy outfit, as you’d expect.

Intrigued, we decided to carry out our own research among a handful of the millions of maniacs who are still prepared to plug one of these death devices into their UK mains supply. And we were shocked – not by a dodgy power adaptor from China – but by the huge numbers of other problems these Kodi Boxes can foist upon the honest working man.

A user called Neil told us that he’d bought a Kodi Box off eBay after hearing all the hype in the media. His plan was to watch Premier League football without paying a penny. However, instead of scooping up that forbidden 3pm kick-off excitement, all it did was ruin his enjoyment of the beautiful game.

“I’d been out drinking all day with the lads. I was proper, proper smashed. I got home and shoved the thing into the nearest telly to watch Liverpool versus Manchester United and although I felt really sick, couldn’t focus on the screen, and soon fell unconscious, I think the picture wasn’t too bad,” he said.

“I don’t think I saw that wheel thing spinning in the middle of the screen and everything stopping either, which is a big plus for me on a free box. And to top it all, Liverpool beat United 2:1, which was a real bonus.

“However, when discussing the game the next day with my dad who watched the game on Sky with a proper subscription, I was horrified to learn that Manchester United actually won the game 3:0 – against Arsenal! It just goes to show, you get what you pay for. My box is now where it should have been all along – in the bin.”

A man called Rich told us that he’d also heard good things about Kodi Boxes but was really upset after being completely misled by the person who sold him one.

“I used to be a subscriber to Sky’s top package, including those fifty channels nobody watches but they force you to have. I also forked out for all their boxing PPVs that come on at stupid o’clock in the morning, and bought several blu-ray discs each time I got paid. All in all I must’ve spent £140 a month.

“So, when a bloke down the pub who I’ve never met before told me that I could legally get the same stuff for free using a Kodi Box, I immediately believed him. I mean, what reasonable bloke wouldn’t? He had just one left as well, how lucky was that?”

But it didn’t take long for Rich’s enthusiasm to wane. The thought of owning a potential incendiary device filled with content provided by a Russian crime syndicate and funded by Columbian drug barons was too much.

“I watched a couple of films on it without my house burning down, but then I started reading horror stories in the paper about these boxes shoving drinks adverts in our kids’ faces,” he told us.

“Enough was enough. After being lied to by the seller the thought of my kids demanding toys and beer for Christmas was just too much, it just wasn’t worth the risk. So I went straight back to giving Sky over a grand a year and life’s never been better.”

Kodi Box user Peter told us that he could really relate to warnings published in the papers this week that set-top box users had been hit with popups demanding their bank details.

“I was hoping to watch the big fight last weekend but it only came on for a few minutes and then suddenly went off,” he explained. “Then a notice appeared telling me to ring a number with my credit card details. Well, I’d heard about these ransomware attacks and I wasn’t going to fall for that old trick.

“However, imagine my surprise when I realized that I’d accidentally put on my official satellite box instead of Kodi, and the message was actually from my pay-per-view provider. Just goes to show, everybody wants your money these days, and these crooks can rope you in for years, and make it really hard to cancel.”

Another chap called James told us that he never considered getting a Kodi Box until he saw an article in a UK tabloid explaining how Kodi Boxes pose a risk for families with children.

“The article quoted some anti-piracy company. They said that parents don’t realize that Kodi Boxes allow easy access to hardcore pornography. And it’s true, I had no idea,” James said.

“But I live alone, so I wasted no time buying one off eBay. I’m watching it in the shed with a fire extinguisher in the other hand, just to be safe.”

But while James clearly has his hands full, our last user is much less satisfied.

Sue told us that she was assured her Kodi box was a miracle device with endless uses. However, after its addons recently stopped working she decided to test the claim by sliding the failing unit under the leg of a wobbly table. It soon became clear the hardware had been massively oversold.

“They say these boxes can do anything but mine clearly wasn’t fit for purpose. It was way too thick so when I put it under the leg, the table sat at a really steep angle. If anything, it was more unstable than it was before.

“I dread to think what could’ve happened if I’d put a pot of boiling oil on it next to the baby. No wonder health and safety are up in arms.”

Tune in next week when we reveal how Kodi Boxes can cause unsightly hair growth and unwanted pregnancies.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Fighting Leakers at Apple

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/06/fighting_leaker.html

Apple is fighting its own battle against leakers, using people and tactics from the NSA.

According to the hour-long presentation, Apple’s Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some of these investigators have previously worked at U.S. intelligence agencies like the National Security Agency (NSA), law enforcement agencies like the FBI and the U.S. Secret Service, and in the U.S. military.

The information is from an internal briefing, which was leaked.

AWS GovCloud (US) and Amazon Rekognition – A Powerful Public Safety Tool

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/aws-govcloud-us-and-amazon-rekognition-a-powerful-public-safety-tool/

I’ve already told you about Amazon Rekognition and described how it uses deep neural network models to analyze images by detecting objects, scenes, and faces.

Today I am happy to tell you that Rekognition is now available in the AWS GovCloud (US) Region. To learn more, read the Amazon Rekognition FAQ, and the Amazon Rekognition Product Details, review the Amazon Rekognition Customer Use Cases, and then build your app using the information on the Amazon Rekognition for Developers page.

Motorola Solutions for Public Safety
While I have your attention, I would love to tell you how Motorola Solutions is exploring how Rekognition can enhance real-time intelligence for public safety personnel in the field and at the command center.

Motorola Solutions provides over 100,000 public safety and commercial customers in more than 100 countries with software, services, and tools for mobile intelligence and digital evidence management, many powered by images captured using body, dashboard, and stationary cameras. Due to the exceptionally sensitive nature of these images, they must be stored in an environment that meets stringent CJIS (Criminal Justice Information Systems) security standards defined by the FBI.

For several years, researchers at Motorola Solutions have been exploring the use of artificial intelligence. For example, they have built prototype applications that use Rekognition, Lex, and Polly in conjunction with their own software to scan images from a body-worn camera for missing persons and to raise alerts without requiring continuous human attention or interaction. With approximately 100,000 missing people in the US alone, law enforcement agencies need to bring powerful tools to bear. At re:Invent 2016, Dan Law (Chief Data Scientist for Motorola Solutions) described how they use AWS to aid in this effort. Here’s the video (Dan’s section is titled AI for Public Safety):

AWS and CJIS
The applications that Dan described can run in AWS GovCloud (US). This is an isolated cloud built to protect and preserve sensitive IT data while meeting the FBI’s CJIS requirements (and many others). AWS GovCloud (US) resides on US soil and is managed exclusively by US citizens. AWS routinely signs CJIS security agreements with our customers and can either perform or allow background checks on our employees, as needed.

Here are some resources that you can use to learn more about AWS and CJIS:

Jeff;