Tag Archives: Crime & Justice

UK man gets 18 years in prison for using AI to generate CSAM

Posted on by

A UK man who used AI to create child sexual abuse material (CSAM) has been sentenced to 18 years in prison, according to The Guardian. Hugh Nelson, 27, created the images by using photographs of real children, which were then manipulated by AI. Nelson was convicted of 16 child sexual abuse offenses back in August, after a lengthy police investigation. This was the first prosecution of its kind in the UK.

Nelson used modeling software called Daz 3D to manufacture the loathsome images. The program has a suite of AI tools, which he used to transform regular photos of children into CSAM. Greater Manchester police said that he sold these images online and was even commissioned in several cases to create specific items of CSAM via photographs of real kids. Police say that Nelson made around $6,500 by selling images online.

He was caught when trying to sell images to an undercover cop in a chatroom. “I’ve done beatings, smotherings, hangings, drownings, beheadings, necro, beast, the list goes on,” Nelson said to the cop to entice a sale. This is according to a transcript of a conversation provided by the prosecution.

It’s worth noting that Daz 3D doesn’t create deepfakes, in which one face is swapped onto another body. Nelson created actual 3D renders by feeding the photos to the AI algorithm.

At sentencing, the judge called the images “harrowing and sickening” and addressed Nelson specifically, saying “there seems to be no limit to the depths of depravity exhibited in the images that you were prepared to create and exhibit to others.” He also said that it was “impossible to know” if children had been abused as a result of the images. Police searches of Nelson’s devices did find a series of text messages in which he encouraged people to sexually abuse children under 13. These suspects and potential victims are allegedly located throughout the world, including the US.

The United States is, of course, not immune from this horrifying trend. A soldier was arrested back in August for allegedly using AI to generate CSAM. A Wisconsin man faces 70 years in prison for allegedly creating over 13,000 AI-generated images depicting CSAM. The world’s leading AI companies have signed a pledge to help stop this type of software from being used to generate child sexual abuse material.

This article originally appeared on Engadget at https://www.engadget.com/ai/uk-man-gets-18-years-in-prison-for-using-ai-to-generate-csam-154037476.html?src=rss

The FBI arrested an Alabama man for allegedly helping hack the SEC’s X account

Posted on by

A 25-year-old Alabama man has been arrested by the FBI for his alleged role in the takeover of the Securities and Exchange Commission's X account earlier this year. The hack resulted in a rogue tweet that falsely claimed bitcoin ETFs had been approved by the regulator, which temporarily juiced bitcoin prices.

Now, the FBI has identified Eric Council Jr. as one of the people allegedly behind the exploit. Council was charged with conspiracy to commit aggravated identity theft and access device fraud, according to the Justice Department. While the SEC had previously confirmed that its X account was compromised via a SIM swap attack, the indictment offers new details about how it was allegedly carried out.

According to the indictment, Council worked with co-conspirators who he coordinated with over SMS and encrypted messaging apps. These unnamed individuals allegedly sent him the personal information of someone, identified only as “C.L,” who had access to the SEC X account. Council then printed a fake ID using the information and used it to buy a new SIM in their name, as well as a new iPhone, according to the DoJ. He then coordinated with the other individuals so they could access the SEC’s X account, change its settings and send the rogue tweet, the indictment says. 

The tweet from @SECGov, which came one day ahead of the SEC’s actual approval of 11 spot bitcoin ETFS, caused bitcoin prices to temporarily spike by more than $1,000. It also raised questions about why the high profile account wasn’t secured with multi-factor authentication at the time of the attack. “Today’s arrest demonstrates our commitment to holding bad actors accountable for undermining the integrity of the financial markets,” SEC Inspector General Jeffrey said in a statement.

The indictment further notes that Council allegedly performed some seemingly incriminating searches on his personal computer. Among his searchers were: "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBl is after you,” “Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account," the indictment says.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-fbi-arrested-an-alabama-man-for-allegedly-helping-hack-the-secs-x-account-193508179.html?src=rss

Two Sudanese brothers accused of launching a dangerous series of DDoS attacks

Posted on by

Newly unsealed grand jury documents revealed that two Sudanese nationals allegedly attempted to launch thousands of distributed denial of services (DDoS) attacks on systems across the world. The documents allege that these hacks aimed to cause serious financial and technical harm to government entities and companies and even physical harm in some cases.

The US Department of Justice (DoJ) unsealed charges against Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer that resulted in federal grand jury indictments. The two are allegedly connected to more than 35,000 DDoS attacks against hundreds of organizations, websites and networks as part of a “hacktivism” scheme as part of the cybercrime group Anonymous Sudan and a for-profit cyberattack service.

Even though Anonymous Sudan claimed to be an activist group, the pair also held some companies and entity’s systems for ransom for rates as high as $1,700 per month.

Both face indictments for their role in the coordinated cyberattacks including one count each of conspiracy to damage protected computers. Ahmed also faces three additional counts of damaging protected computers and could receive a statutory maximum sentence of life in federal prison, according to court records filed last June in the US Central District Court of California.

The brothers’ activities date back to early 2023. The two used a distributed cloud attack tool (DCAT) referred to as “Skynet Botnet” in order to “conduct destructive DDoS attacks and publicly claim credit for them,” according to a DoJ statement. Ahmed posted a message on Anonymous Sudan’s Telegram channel, “The United States must be prepared, it will be a very big attack, like what we did in Israel, we will do in the United States ‘soon.’”

One of the indictments listed 145 “overt acts” on organizations and entities in the US, the European Union, Israel, Sudan and the United Arab Emirates (UAE). The Skynet Botnet attacks attempted to disrupt services and networks in airports, software networks and companies including Cloudflare, X, Paypal and Microsoft that caused outages for Outlook and OneDrive in June of last year. The attacks also targeted state and federal government agencies and websites including the Federal Bureau of Investigation (FBI), the Pentagon and the DoJ and even hospitals including one major attack on Cedars-Sinai Hospital in Los Angeles causing a slowdown of health care services as patients were diverted to other hospitals. The hospital attack led to the hacking charges against Ahmed that carry potential life sentences.

“3 hours+ and still holding,” Ahmed posted on Telegram in February, “they're trying desperately to fix it but to no avail Bomb our hospitals in Gaza, we shut down yours too, eye for eye...”

FBI special agents gathered evidence of the pair’s illegal activities including logs showing that they sold access to Skynet Botnet to more than 100 customers to carry out attacks against various victims who worked with investigators including Cloudflare, Crowdstrike, Digital Ocean, Google, PayPal and others.

Several Amazon Web Services (AWS) clients were among Anonymous Sudan’s victims as part of the hacking-for-hire scheme, according to court records and an AWS statement. AWS security teams worked with FBI cybercrime investigators to track the attacks back to “an array of cloud-based servers," many of which were based in the US. The discovery helped the FBI determine that the Skynet Botnet attacks were coming from a DCAT instead of a botnet that forwarded the DDoS to its victims through cloud-based servers and open proxy resolvers.

Perhaps the group’s most brazen and dangerous attack took place in April of 2023 that targeted Israel’s rocket alert system called Red Alert. The mobile app provides real time updates for missile attacks and security threats. The DDoS attacks attempted to infiltrate some of Red Alert’s Internet domains. Ahmed claimed responsibility for the Red Alert attacks on Telegram along with similar DDoS strikes on Israeli utilities and the Jerusalem Post news website.

“This group’s attacks were callous and brazen — the defendants went so far as to attack hospitals providing emergency and urgent care to patients,” US Attorney Martin Estrada said in a released statement. “My office is committed to safeguarding our nation’s infrastructure and the people who use it, and we will hold cyber criminals accountable for the grave harm they cause.”

Update, October 16, 7:25PM ET: This article was modified after publish to make clear that AWS clients, rather than AWS, were the target of Anonymous Sudan.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/two-sudanese-brothers-accused-of-launching-a-dangerous-series-of-ddos-attacks-215638291.html?src=rss

FTX advisor and Alameda CEO Caroline Ellison gets two years in prison

Posted on by

A US district court judge sentenced Caroline Ellison, the former advisor and ex-girlfriend to the convicted crypto fraudster and FTX founder Sam Bankman-Fried, to two years in prison.

The New York Times reported Ellison’s sentence for her role in the $8 billion in fraud committed by the FTX crypto exchange that sent Bankman-Fried to federal prison for 25 years back in March. Ellison will also have to serve three years of supervised release once she’s finished her prison sentence.

Ellison pled guilty at the end of 2022 to seven counts of fraud just as Bankman-Fried was being extradited to the US from the Bahamas. US Securities and Exchange Commission (SEC) Director of Enforcement Sanjay Wadhwa said following Ellison’s plea that she and Wang “were active participants in a scheme to conceal material information from FTX investors.”

Ellison was also the former chief executive officer of FTX’s sister company Alameda Research. Prosecutors said she diverted FTX customers’ funds onto Alameda’s books to hide risks from their clients. Ellison testified against Bankman-Fried, making her a key witness in his criminal fraud trial.

Prosecutors also got Bankman-Friend’s house arrest and bail revoked when a judge determined the FTX founder tried to hinder Ellison’s testimony last year. Bankman-Fried tried to message FTX’s general counsel on Signal and email in 2023 to influence Ellison’s testimony who was only identified as “Witness-1.”

Nine months later, Bankman-Fried showed a New York Times reporter personal writings from Ellison that prosecutors said were an attempt to damage her reputation especially amongst prospective jurors. The judge agreed both instances merited Bankman-Fried’s arrest and jailing while he awaited trial. Bankman-Fried is currently serving his 25-year sentence in a federal prison in Brooklyn awaiting appeal for his conviction.

Ellison issued a statement before her sentence apologizing for her crimes to the people she and her former firm defrauded. Prosecutors did not issue a recommended sentence and characterized her cooperation with investigators as “exemplary” in a memo to the judge.

“Not a day goes by that I don’t think of the people I hurt,” Ellison said in court. “I am deeply ashamed of what I have done.”

This article originally appeared on Engadget at https://www.engadget.com/big-tech/ftx-advisor-and-alameda-ceo-caroline-ellison-gets-two-years-in-prison-214828333.html?src=rss

FTX advisor and Alameda CEO Caroline Ellison gets two years in prison

Posted on by

A US district court judge sentenced Caroline Ellison, the former advisor and ex-girlfriend to the convicted crypto fraudster and FTX founder Sam Bankman-Fried, to two years in prison.

The New York Times reported Ellison’s sentence for her role in the $8 billion in fraud committed by the FTX crypto exchange that sent Bankman-Fried to federal prison for 25 years back in March. Ellison will also have to serve three years of supervised release once she’s finished her prison sentence.

Ellison pled guilty at the end of 2022 to seven counts of fraud just as Bankman-Fried was being extradited to the US from the Bahamas. US Securities and Exchange Commission (SEC) Director of Enforcement Sanjay Wadhwa said following Ellison’s plea that she and Wang “were active participants in a scheme to conceal material information from FTX investors.”

Ellison was also the former chief executive officer of FTX’s sister company Alameda Research. Prosecutors said she diverted FTX customers’ funds onto Alameda’s books to hide risks from their clients. Ellison testified against Bankman-Fried, making her a key witness in his criminal fraud trial.

Prosecutors also got Bankman-Friend’s house arrest and bail revoked when a judge determined the FTX founder tried to hinder Ellison’s testimony last year. Bankman-Fried tried to message FTX’s general counsel on Signal and email in 2023 to influence Ellison’s testimony who was only identified as “Witness-1.”

Nine months later, Bankman-Fried showed a New York Times reporter personal writings from Ellison that prosecutors said were an attempt to damage her reputation especially amongst prospective jurors. The judge agreed both instances merited Bankman-Fried’s arrest and jailing while he awaited trial. Bankman-Fried is currently serving his 25-year sentence in a federal prison in Brooklyn awaiting appeal for his conviction.

Ellison issued a statement before her sentence apologizing for her crimes to the people she and her former firm defrauded. Prosecutors did not issue a recommended sentence and characterized her cooperation with investigators as “exemplary” in a memo to the judge.

“Not a day goes by that I don’t think of the people I hurt,” Ellison said in court. “I am deeply ashamed of what I have done.”

This article originally appeared on Engadget at https://www.engadget.com/big-tech/ftx-advisor-and-alameda-ceo-caroline-ellison-gets-two-years-in-prison-214828333.html?src=rss

Former MoviePass CEO reportedly pleads guilty to securities fraud

Posted on by

Mitch Lowe, one of two MoviePass leaders indicted by the Justice Department in 2022, has pleaded guilty to securities fraud charges. The former CEO admitted to conspiring to deceive the public and investors about the service’s sustainability. Variety reports that the details of Lowe’s plea agreement haven’t been made public.

Prosecutors claim Lowe knew from the start that the company’s $9.95 “unlimited” plan was a short-term gimmick to attract subscribers and inflate stock. He’s also accused of making false statements in press releases, interviews and SEC filings about MoviePass’ long-term viability.

Those statements included allegedly lying about the company’s ability to become profitable on subscription fees alone and having tech that could generate revenue from customer data. He also claimed MoviePass was profiting from multiple revenue streams despite not having any income beyond subscriptions.

Prosecutors also accused Lowe and Ted Farnsworth, former CEO of MoviePass’ parent company Helios and Matheson, of preventing subscribers from getting what was promised from the “unlimited” subscription. The company settled with the FTC in 2021 over allegations that it intentionally invalidated subscriber passwords to freeze their accounts, blocking their ability to get the movie tickets the service promised. MoviePass and its parent company declared bankruptcy in 2020.

Although no sentencing date has been set, Lowe is free on bond and has a status conference court date scheduled in Miami for March 2025. The 72-year-old former executive faces a maximum of five years in federal prison.

“Mitch is a good man who is looking to move forward with his life,” Lowe’s attorneys, Margot Moss and David Oscar Markus, said in a statement to Variety. “He has accepted responsibility for his actions in this case and will continue to try to make things right.”

Meanwhile, Farnsworth is still in custody. He was initially freed on a $1 million bond that was revoked in August 2023 after the feds accused him of misusing nearly $300,000 in company funds. Farnsworth's former boyfriend, who he met on an escort site, was paid $147,000, and received a Cadillac worth $144,000; after the pair split up, the feds say he falsely accused his ex of stealing the vehicle.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/former-moviepass-ceo-reportedly-pleads-guilty-to-securities-fraud-201131284.html?src=rss

Telegram will allow users to report illegal content in private chats

Posted on by

Telegram has quietly edited its FAQs to remove language stating that it doesn't moderate private and group chats, as reported by CoinDesk. A section with the heading "There's illegal content on Telegram. How do I take it down?" previously stated that content in chats and group chats remains between participants. Now, though, the section says that "all Telegram apps have 'Report' buttons" that will give a way for users to flag illegal content for the app's moderators. Users only have to tap the message on Android, or press and hold it on iOS, and choose the Report option. They can also take note of links to the content they want to report and send an email to the service's takedown email address (abuse@telegram.org). 

The change comes after Telegram chief Pavel Durov published his first public comment following his arrest on his channel. Durov was arrested at an airport in France in late August as part of authorities' investigation into the lack of moderation on the app and its failure to curb criminal activities. He was already released from custody, but he was charged with "complicity in distributing child pornography, illegal drugs and hacking software" on the messaging app, as well as "refusing to cooperate with investigations into illegal activity on the Telegram."

French authorities apparently told Durov that he was arrested because they didn't receive any responses from Telegram about their investigation. That was surprising, the app's founder explained in his post, because Telegram has an official representative in the EU and an email address publicly available for anyone. He also said that French authorities had numerous ways to reach him for assistance and that he even previously helped them establish a Telegram hotline to address threats of terrorism in the country. In addition, he called the French authorities' decision to "charge a CEO with crimes committed by third parties on the platform" they manage a "misguided approach." No innovators will build ever new tools, he said, he they can be held responsible for the potential abuse of those tools. 

Durov also talked about how Telegram defends the basic rights of people, especially in places they're violated. In Russia, for instance, Telegram got banned when the service refused to hand over encryption keys that will allow authorities to spy on users. He said the service takes down "millions of harmful posts and channels every day," publishes transparency reports and maintains direct hotlines with NGOs for urgent moderation requests. 

The CEO admits, however, that Telegram has room for improvement. Its "abrupt increase in user count" to 950 million "caused growing pains" that made it easier for criminals to abuse its platform. Telegram aims to "significantly improve things in this regard" and has already started the process internally. Presumably, this change in its rules is part of the messaging service's efforts to address authorities' accusations that it has failed to prevent criminals from using its app. To note, service reported earlier this year that it has 41 million users in the European Union, but officials believe it lied about its user numbers to avoid being regulated under the Digital Services Act (DSA). 

This article originally appeared on Engadget at https://www.engadget.com/apps/telegram-will-allow-users-report-illegal-content-in-private-chats-130053441.html?src=rss

Telegram CEO Pavel Durov has been charged and released from police custody

Posted on by

Telegram CEO Pavel Durov has been formally charged by French prosecutors and is barred from leaving the country amid their investigation into the Russian billionaire. Durov was officially charged Wednesday with “complicity in distributing child pornography, illegal drugs and hacking software” on the messaging app he founded, as well as “refusing to cooperate with investigations into illegal activity on the Telegram,” The Wall Street Journal reported.

Durov, who was arrested outside of Paris on Saturday, was released from police custody after paying €5 million in bail. He is required to stay in France “under court monitoring” and check in at a police station twice a week while the investigation plays out. That could take months or possibly years, as The WSJ points out.

That means Durov, who is known for frequently moving around and working from other countries, will be stuck in France for the foreseeable future unless the charges against him are dropped. In an earlier statement, Telegram called the charges against its founder “absurd” and said that he should not be responsible for the actions of his app’s users.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/telegram-ceo-pavel-durov-has-been-charged-and-released-from-police-custody-214333241.html?src=rss

Lyft is testing a new rider verification safety measure

Posted on by

Lyft is piloting its own rider verification program, much as Uber did earlier this year. This feature confirms to drivers that the person getting in their vehicle is who they say they are. The program is launching first in Atlanta, Chicago, Denver, Detroit, Houston, Jacksonville, Miami, Phoenix and Seattle.

Lyft will confirm riders' legal names using third-party databases, but has not disclosed which services it is using. If a rider is unable to be verified in one of those unspecified databases, they can also provide a government ID, such as a driver's license, passport or state ID card in order to be verified. Once a rider completes the process, drivers will see a verification badge on that person's profile.

For now, at least, the verification process isn't mandatory, although Lyft's FAQ says that "riders are highly encouraged to participate." If the program works as Lyft is expecting, then drivers may be more inclined to accept requests from verified riders (and unverified riders could see longer wait times.)

Ridesharing poses significant safety risks for drivers. Between 2017 and 2019, Lyft received more than 4,000 reports of sexual assault (though it did not differentiate between those allegedly committed against drivers vs passengers). Driving gig workers also face the risk of carjacking and other violent crimes. The hope is that verification programs like this one could make drivers feel more at ease when letting a stranger into their vehicle. One of Lyft's other recent measures to improve driver safety is the Women+ Connect feature, which was expanded to more cities in February.

This article originally appeared on Engadget at https://www.engadget.com/transportation/lyft-is-testing-a-new-rider-verification-safety-measure-201515898.html?src=rss

Kim Dotcom, roguish face of 2010s online piracy, will finally be extradited to the US

Posted on by

Kim Dotcom, the Megaupload founder and hard-partying face of early 2010s online piracy, is finally headed to the US. Reuters reports that New Zealand’s justice minister signed an extradition order on Thursday to end the entrepreneur’s nearly 13-year legal battle, paving the way for the German-born Dotcom to face charges from the US government.

“I considered all of the information carefully, and have decided that Mr Dotcom should be surrendered to the U.S. to face trial,” Goldsmith said in a statement. The decision came more than six years after a New Zealand court ruled Dotcom could be extradited to the US, paving the way for appeals that culminated in today’s decision.

Kim Dotcom partying, toasting glasses with various others in a club atmosphere. Still from music video.
YouTube / Kim Dotcom

Once the 13th most visited site online, the file-hosting hub Megaupload was a hotbed for pirated content. In early 2012, American authorities charged Dotcom and six others with racketeering, copyright infringement, money laundering and copyright distribution. The US indictment claimed Megaupload cost copyright holders $500 million in damages while making $175 million from ads and premium subscriptions.

The raid on Dotcom’s Auckland mansion was dramatic fare among 2012’s relatively tame headlines. The New York Times reported at the time that when he saw the police, Dotcom barricaded himself inside, activated several electronic locks and waited in a safe room. When officers cut their way inside, they saw Dotcom standing near “a firearm that they said looked like a sawed-off shotgun.”

Kim Dotcom on a comfortable water vehicle.
YouTube / Kim Dotcom

Dotcom (born Kim Schmitz) had several brushes with the law before that. He at least claimed to have spent three months in a Munich jail in 1994 for “breaking into Pentagon computers and observing real-time satellite photos of Saddam Hussein’s palaces.” Soon after, he received a suspended two-year sentence for a scam involving stolen phone card numbers.

In 2001, he was accused in the largest insider-trading case in German history. He reportedly fled Germany to escape those charges, was captured in Thailand, extradited (this week isn’t his first go-round) and convicted in 2002. At some point after that, he moved to New Zealand, holing up in a luxurious mansion.

You can see that mansion — and a taste of his larger-than-life persona — in his music video “Good Life.”

Justice Minister Paul Goldsmith signed the extradition order on Thursday and followed standard practice in giving Dotcom “a short period of time to consider and take advice” on his decision.

Dotcom, never one to mince words, posted a message on X that “the obedient US colony in the South Pacific just decided to extradite me for what users uploaded to Megaupload.”

This article originally appeared on Engadget at https://www.engadget.com/entertainment/kim-dotcom-roguish-face-of-2010s-online-piracy-will-finally-be-extradited-to-the-us-172100627.html?src=rss