Tag Archives: Crime & Justice

Hack and payback Instagram scammer gets nabbed after bragging about it on a podcast

Posted on by

A guest who appeared on the No Jumper podcast to boast about a hack and payback scheme involving his victims’ social media accounts could face federal charges. Idriss Qibaa, also known as “Dani” and “Unlocked” who authorities allege ran the social media hacking site Unlocked4Life.com, faces two criminal felony counts filed by the US Attorney's Office in Nevada for allegedly violating interstate communications laws for threats he issued in text messages to two victims and members of their families, according to documents obtained by 404 Media.

Investigators filed the sealed complaint against Qibaa on July 25 and issued a warrant the following Monday when also made his first initial appearance in court, according to federal court records.

The criminal complaint states that the FBI received a tip about Qibaa’s alleged extortion scheme on April 1 pointing to an appearance he made on the No Jumper podcast hosted by Adam22, also known as Adam Grandmaison, back in January under his pseudonym “Dani.” Qibaa outlined a financial scheme using over 200 victims’ social media accounts in which he would lock them out of their pages and charge them to regain access.

He also boasted that he made about $600,000 a month from his activities and hired two security guards to follow him.

“You’re making $2 million a month off your Instagram and Telegraph,” Qibaa says on the podcast. “I come and I take it away and make you pay for it back and I make it public and I post it and I expose you.”

Qibaa even said on the podcast episode that he pulled the scheme on celebrities who unknowingly kept paying him to get their social media back. He later noted “I’m very petty” followed by a menacing laugh.

“I’ve talked to stars who have told me that they’ve paid to get it back 20 times over and over and over they just have to keep paying to get it back,” Qibaa says, “and I’m like you realize what’s happening to you right like the same that’s getting you it back is…you’re getting extorted.”

The criminal complaint tells the story of eight victims’ encounters with Qibaa and his services. One identified as “J.T.” operated two Instagram accounts: a cannabis news aggregate account called “theblacklistxyz” and a cannabis merchandising store under “caliplug,” both of which are currently set to private. J.T. reached out to Qibaa asking if he could obtain a username. Qibaa quoted a price back between $4,000-$5,000. J.T. refused to take Qibaa up on the offer and Qibaa responded with threats.

“Qibba told J.T. that J.T. had wasted Qibaa’s time, blocked J.T.’s Instagram pages and demanded $10,000 to reinstate it,” the complaint reads. “J.T. offered Qibaa $8,500 to reinstate the account, an offer Qibaa accepted.”

The complaint asserts that Qibba reached out to J.T. two more times. The first time, Qibba asked if J.T. would promote his Instagram page under the username “unlocked4life” that’s since been taken down. J.T. agreed but when he learned Qibaa had been threatening and extorting other victims, he confronted Qibaa and “Qibaa was irate.”

A few months later, Qibaa apparently increased the scope of his threats to J.T. and members of his family. He sent threats to call the victim’s ex-wife’s lawyer and child protective services on his kids. Screenshots of the victims’ phone show Qibaa allegedly identifying the address and phone number of the victim’s sister. He texted another family member and introduced himself as “The guy that’s gonna murder your drug dealer brother. Tell him Unlocked says hi though. We have your entire family’s info.”

Another victim identified as a journalist and comedian with the initials “E.H.” learned they were a target of Qibaa’s illegal services. Qibaa blocked their Instagram account, the name of which was redacted, at the request of a dentist in California who treated them. E.H. reached out to the Unlocked4Life account and received a reply that read, “Yo its Idriss.” He then told E.H. to pull up the No Jumper podcast episode featuring his interview. Qibaa not only took the victim’s Instagram account access away but also threatened to take their Social Security number and “blast it out” if they didn’t pay him $20,000.

According to the complaint, not even restraining orders could make Qibaa leave his victims alone. One named “R.B.” received a restraining order from Los Angeles County Superior Court in July but “Unblocked” responded, “Cute restraining order..last I checked you’re still gonna die.” Then “UNLOCKED UNCENSORED” posted on Telegram, “$50,000 reward for whoever sleeps BO this week.”

Perhaps the most disturbing threats happened to several victims in which Qibaa claimed he’d happily go to jail if payments weren’t made to him. Screenshots of the text chains show a person named “Dani” and “Daniel” telling his victims, “I will come and shoot you myself,” “I’m going to bury you for this shit” and “D., L., J., T., Children-Main Targets” referring to the victims’ children.

Another text chain shows Qibaa allegedly threatening someone that he would “rather take a life sentence for murdering you then this,” “Idc if I have to shoot you my self [sic]” and “I’ll go to jail happily.” He follows the text with the threat “Here’s the last guy that came to take photos / came near my home” and sends three pictures of an unidentified bearded man, his car and a photo of his badly bruised and bloodied on the ground.”

Adam22 concluded his podcast interview with “Dani” saying he was “very excited to see the fallout from this” and “I respect the hustle even though I can’t justify it on a moral level.”

This article originally appeared on Engadget at https://www.engadget.com/hack-and-payback-instagram-scammer-gets-nabbed-after-bragging-about-it-on-a-podcast-202509349.html?src=rss

The Justice Department sues TikTok for breaking child privacy laws

Posted on by

The US Department of Justice is suing TikTok for violating a child privacy law and violating a 2019 agreement with the Federal Trade Commission for previous privacy violations. The lawsuit stems from an earlier investigation into the company by the Federal Trade Commission, which referred its privacy case to the DoJ earlier this year.

The FTC had been looking into whether TikTok had violated the terms of an earlier privacy settlement with Musical.ly, which was acquired by ByteDance prior to the launch of TikTok. According to the FTC, the investigation found that TikTok had “flagrantly” violated both the 2019 settlement and the Children's Online Privacy Protection Act (COPPA).

In a statement, the Justice Department also cited TikTok’s collection of personal information about children on its platform and its failure to comply with the requests for the information to be deleted.

From 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. The defendants collected and retained a wide variety of personal information from these children without notifying or obtaining consent from their parents. Even for accounts that were created in “Kids Mode” (a pared-back version of TikTok intended for children under 13), the defendants unlawfully collected and retained children’s email addresses and other types of personal information. Further, when parents discovered their children’s accounts and asked the defendants to delete the accounts and information in them, the defendants frequently failed to honor those requests. The defendants also had deficient and ineffectual internal policies and processes for identifying and deleting TikTok accounts created by children.

In a statement, TikTok said it took issue with the allegations, saying it had previously addressed some of the conduct described by the Justice Department. “We disagree with these allegations, many of which relate to past events and practices that are factually inaccurate or have been addressed,” the company said. “We are proud of our efforts to protect children, and we will continue to update and improve the platform. To that end, we offer age-appropriate experiences with stringent safeguards, proactively remove suspected underage users, and have voluntarily launched features such as default screentime limits, Family Pairing, and additional privacy protections for minors.”

The lawsuit comes at a particularly inconvenient time for TikTok, which is set to face off with the Justice Department in federal court next month over a law that aims to force ByteDance to sell the app or face a ban in the United States.

This article originally appeared on Engadget at https://www.engadget.com/the-justice-department-sues-tiktok-for-breaking-child-privacy-laws-190456433.html?src=rss

Police arrest a teenage boy in connection with the MGM Resorts ransomware attack

Posted on by

A teenage boy may be responsible for a ransomware attack that shut down MGM Resorts in Las Vegas last year. The West Midlands Police Department in England confirmed that they arrested an unidentified 17-year-old on Thursday from the town of Walsall who allegedly shut down the resort and casino on the Las Vegas strip last year.

The teenager was arrested on suspicion of blackmail and violating the UK’s Computer Misuse Act. He was released on bail, according to a statement from the police department.

Police officials tracked the teenage suspect as part of a joint investigation with the UK’s National Crime Agency and the FBI. The police department said they recovered evidence at the teenager’s address including “a number of digital devices which will undergo forensic examination.”

The statement also said the teenager was part of a “global cyber online crime group” but did not specify which group. The ALPHV/BlackCat ransomware group announced their responsibility for the MGM Resorts cyber outage. The attack happened on Sep. 12, 2023 allegedly with a simple 10 minute phone call to a Help desk employee using information obtained from LinkedIn. The group has also claimed responsibility for a similar ransomware attack on the beauty brand Esteé Lauder.

"All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk," the organization wrote in a post on X.

MGM Resorts’ system shutdown lasted for nine days and created a massive outage across all of its casinos on the Las Vegas Strip. News later surfaced that other casinos like Caesars were also targeted by a different group but chose to pay the hackers tens of millions of dollars to prevent private company data from being released.

This article originally appeared on Engadget at https://www.engadget.com/police-arrest-a-teenage-boy-in-connection-with-the-mgm-resorts-ransomware-attack-223906246.html?src=rss

Detroit police can no longer use facial recognition results as the sole basis for arrests

Posted on by

The Detroit Police Department has to adopt new rules curbing its reliance on facial recognition technology after the city reached a settlement this week with Robert Williams, a Black man who was wrongfully arrested in 2020 due to a false face match. It’s not an all-out ban on the technology, though, and the court’s jurisdiction to enforce the agreement only extends four years. Under the new restrictions, which the ACLU is calling the strongest such policies for law enforcement in the country, police cannot make arrests based solely on facial recognition results or conduct a lineup based only on facial recognition leads.

Williams was arrested after facial recognition technology flagged his expired driver’s license photo as a possible match for the identity of an alleged shoplifter, which police then used to construct a photo lineup. He was arrested at his home, in front of his family, which he says “completely upended my life.” Detroit PD is known to have made at least two other wrongful arrests based on the results of facial recognition technology (FRT), and in both cases, the victims were Black, the ACLU noted in its announcement of the settlement. Studies have shown that facial recognition is more likely to misidentify people of color.

The new rules stipulate that “[a]n FRT lead, combined with a lineup identification, may never be a sufficient basis for seeking an arrest warrant,” according to a summary of the agreement. There must also be “further independent and reliable evidence linking a suspect to a crime.” Police in Detroit will have to undergo training on the technology that addresses the racial bias in its accuracy rates, and all cases going back to 2017 in which facial recognition was used to obtain an arrest warrant will be audited.

In an op-ed for TIME published today, Williams wrote that the agreement means, essentially, that “DPD can no longer substitute facial recognition for basic investigative police work.”

This article originally appeared on Engadget at https://www.engadget.com/detroit-police-can-no-longer-use-facial-recognition-results-as-the-sole-basis-for-arrests-204454537.html?src=rss

Julian Assange pleads guilty to espionage but defends himself in court

Posted on by

Julian Assange has formally pleaded guilty to violating the Espionage Act at a federal courthouse in Saipan, the capital of Northern Mariana Islands. The WikiLeaks founder was released from prison on June 24 after reaching a plea deal with the US government and quickly boarded a plane at Stansted Airport to make his way to Saipan. While the deal required Assange to plead guilty to "conspiring to unlawfully obtain and disseminate classified information relating to the national defense of the United States," he still defended himself in court. 

According to The Washington Post, Assange argued that he should've been protected by the First Amendment as a journalist. "Working as a journalist, I encouraged my source to provide information that was said to be classified in order to publish that information," he said. "I believe the First Amendment protected that." He also said that he believes the First Amendment and the Espionage Act are in contradiction of each other, but he accepts that his actions were in "violation of an espionage statute" and that it would be "difficult to win such a case given all the circumstances." 

A lawyer for the US government, however, accused him of encouraging personnel with high security clearances to expose classified military information and threaten national security. If you'll recall, WikiLeaks published classified information related to the wars in Afghanistan and Iraq, which was obtained by whistleblower and former Army intelligence officer Chelsea Manning, under his leadership. 

Lawyers from both sides argued about the time Assange served in prison, but around three hours after the proceeding started, Chief Judge Ramona V. Manglona declared that the 62 months he spent in Belmarsh Prison was reasonable and on par with the time served by Manning. Assange will not spend any time in US custody, but he has to leave the US Northern Mariana Islands immediately. The same private jet that flew him from London to Saipan flew him back to Canberra, Australia, because he wasn't allowed to fly commercial, according to his wife Stella Assange. 

This article originally appeared on Engadget at https://www.engadget.com/julian-assange-pleads-guilty-to-espionage-but-defends-himself-in-court-030516412.html?src=rss

Julian Assange has been released from prison in a plea deal with the US

Posted on by

WikiLeaks founder Julian Assange has been released from prison and has agreed to plead guilty to violating the Espionage Act. The WikiLeaks account on X, formerly Twitter, has announced his release after being granted bail by the High Court in London. It also tweeted a video that appears to show Assange boarding a plane at Stansted Airport. The WikiLeaks founder and former editor-in-chief is expected to appear in a courtroom in the US Northern Mariana Islands on June 26 in order to finalize his plea deal with the US government. 

According to a letter from the US Department of Justice obtained by The Washington Post, Assange is specifically pleading guilty to "conspiring to unlawfully obtain and disseminate classified information relating to the national defense of the United States." He will also be returning to Australia, his country of citizenship, right after the proceedings. CBS News reports that Justice Department prosecutors recommended a sentence of 62 months, and seeing as Assange already spent more than five years in a UK prison, he won't be spending any time behind bars in the US. 

Assange was the editor-in-chief of WikiLeaks when the website published US classified information, obtained by whistleblower and former Army intelligence officer Chelsea Manning, about the wars in Afghanistan and Iraq. In 2010, Sweden issued an arrest warrant for Assange over allegations of sexual assault by two women. Swedish authorities dropped their investigation into the rape allegations in 2017. 

Assange sought asylum at the Ecuadorian Embassy in London after losing his appeal against the warrant, and he lived there for seven years until he was evicted. Lenín Moreno, the president of Ecuador at the time, explained that his asylum was "unsustainable and no longer viable" because he displayed "discourteous and aggressive behavior." London's Metropolitan Police Service removed Assange from the embassy and arrested him on behalf of the US under an extradition warrant.

In WikiLeaks' announcement of his release, it said Assange left Belmarsh maximum security prison "after having spent 1,901 days there." The organization said that the "global campaign" by "press freedom campaigners, legislators and leaders from across the political spectrum" enabled "a long period of negotiations with the US Department of Justice" that led to the plea deal. 

This article originally appeared on Engadget at https://www.engadget.com/julian-assange-has-been-released-from-prison-in-a-plea-deal-with-the-us-044226610.html?src=rss

Five men face jail time for running the illegal streaming service Jetflicks

Posted on by

The illegal streaming service Jetflicks once boasted on its website that visitors could watch just about any TV show or movie “Anytime. Anywhere.” Now the five people behind the bootleg streaming service are facing some serious jail time.

A jury found Kristopher Dallman, Douglas Courson, Felipe Garcia, Jared Jaurequi and Peter Huber guilty in a Las Vegas federal court on Friday for conspiracy to commit criminal copyright infringement. Dallmann was also found guilty on two counts of money laundering and three counts of misdemeanor criminal copyright infringement for leading the Jetflicks operation, according to court documents and a US Department of Justice press release.

Jetflicks used computer scripts and software to scour the internet for illegal copies of movies and television shows and posted hundreds of thousands of illegal copies as far back as 2007 from torrent and Usenet sites. The defendants created a catalog of bootleg shows and movies bigger than the combined collections of streaming services including Netflix, Hulu, Vudu and Amazon Prime, according to the Department of Justice.

Users could pay a subscription fee to access the site on pretty much any media streaming device with a web browser. Jetflicks claimed to “offer more than 183,200 television episodes and have more than 37,000 subscribers,” according to the initial indictment filed in the Eastern District of Virginia in 2019.

Dallmann, the leader of the group, and his co-conspirators “made millions of dollars streaming and distributing this catalog of stolen content,” according to the press release.

At one point, operators and employees of Jetflicks were making hundreds of thousands of dollars a year from its subscription service. Dallman wrote in an online chat that his site made $750,000 in one year, according to the indictment.

The Motion Picture Association of America (MPAA) took notice of Jetflicks in 2012 and sent cease and desist letters to the site’s operators. Four years later, the Federal Bureau of Investigation (FBI) started its undercover operation of the site by paying for a six-month subscription. Undercover agents recorded multiple instances of illegal uploads of shows like Shameless, Ray Donovan, The OA and SyFy’s 12 Monkeys alongside charges for accessing them. Then the agents traced those charges back to the defendants’ bank accounts, according to court records.

A sentencing hearing has yet to be scheduled. The Department of Justice says Dallman could face up to 48 years in prison and the four remaining defendants could each face five years in prison.

This article originally appeared on Engadget at https://www.engadget.com/five-men-face-jail-time-for-running-the-illegal-streaming-service-jetflicks-202758485.html?src=rss

Ticketmaster hack could affect 560 million users

Posted on by

Ticketmaster is the victim of a cyber attack, its parent company, Live Nation, confirmed. The information stolen allegedly includes personal information from 560 million individuals, including names, numbers, addresses, and partial payment details. Hacking group ShinyHunters has demanded $500,000 in ransom money to prevent the data's sale and confirmed it held the 1.3TB of stolen data to Hackread.

In a filing with the US Securities and Exchange Commission, Live Nation stated it had "identified unauthorized activity" on May 20 and subsequently started investigating it. On May 27, "a criminal threat actor offered what it alleged to be Company user data for sale via the dark web." 

Live Nation claims to be working to lower the risks posed to its customers and its own business. "As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations," the company added. "We continue to evaluate the risks and our remediation efforts are ongoing."

Ticketmaster has faced previous breaches, including a bot attack during Taylor Swift ticket sales. The company also has a history as a hacker, illegally — and repeatedly — accessing the computer system of its rival, Songkick. Ticketmaster paid a $10 million criminal fine rather than face prosecution. However, the company's former head of Artist Services, Zeeshan Zaidi, pled guilty to conspiring to commit computer intrusions and wire fraud due to his role in the scheme.

This article originally appeared on Engadget at https://www.engadget.com/ticketmaster-hack-could-affect-560-million-users-121600931.html?src=rss

Meta and Activision face lawsuit by families of Uvalde school shooting victims

Posted on by

The families of the shooting victims at Robb Elementary School in Uvalde, Texas have sued Call of Duty publisher Activision and Meta. They alleged that the companies "knowingly exposed the shooter to the weapon [he used], conditioned him to see it as the solution to his problems, and trained him to use it." The plaintiffs also accused the companies of "chewing up alienated teenage boys and spitting out mass shooters." 

In the lawsuit, the plaintiffs explained that the Uvalde shooter played Call of Duty, which featured an assault-style rifle made by gunmaker Daniel Defense. They also mentioned that he frequently visited Instagram, which advertised the gunmaker's products. The lawsuit claimed, as well, that Instagram gives gunmakers "an unsupervised channel to speak directly to minors, in their homes, at school, even in the middle of the night." It argued that the shooter was "a poor and isolated teenager" from small town Texas who only learned about AR-15s and set his sights on it, because he was exposed to the weapon from playing Call of Duty and visiting Instagram. In addition, it accused Meta of being more lenient towards firearms sellers than other users who break its rules. Meta prohibits the buying the selling of weapons and ammunition, but users can violate the policy 10 times before they're banned from its platforms. 

"The truth is that the gun industry and Daniel Defense didn’t act alone. They couldn’t have reached this kid but for Instagram," the plaintiffs' lawyer, Attorney Josh Koskoff, said at a news conference. "They couldn’t expose him to the dopamine loop of virtually killing a person. That's what Call of Duty does." Koskoff's law firm was the same one who reached a $73 million settlement with rifle manufacturer Remington for the families of the Sandy Hook Elementary School shooting victims. 

An Activision spokesperson told The Washington Post and Bloomberg Law that the "Uvalde shooting was horrendous and heartbreaking in every way," and that the company expresses its deepest sympathies to the families, but "millions of people around the world enjoy video games without turning to horrific acts."

This article originally appeared on Engadget at https://www.engadget.com/meta-and-activision-face-lawsuit-by-families-of-uvalde-school-shooting-victims-130025901.html?src=rss

The DOJ makes its first known arrest for AI-generated CSAM

Posted on by

The US Department of Justice arrested a Wisconsin man last week for generating and distributing AI-generated child sexual abuse material (CSAM). As far as we know, this is the first case of its kind as the DOJ looks to establish a judicial precedent that exploitative materials are still illegal even when no children were used to create them. “Put simply, CSAM generated by AI is still CSAM,” Deputy Attorney General Lisa Monaco wrote in a press release.

The DOJ says 42-year-old software engineer Steven Anderegg of Holmen, WI, used a fork of the open-source AI image generator Stable Diffusion to make the images, which he then used to try to lure an underage boy into sexual situations. The latter will likely play a central role in the eventual trial for the four counts of “producing, distributing, and possessing obscene visual depictions of minors engaged in sexually explicit conduct and transferring obscene material to a minor under the age of 16.”

The government says Anderegg’s images showed “nude or partially clothed minors lasciviously displaying or touching their genitals or engaging in sexual intercourse with men.” The DOJ claims he used specific prompts, including negative prompts (extra guidance for the AI model, telling it what not to produce) to spur the generator into making the CSAM.

Cloud-based image generators like Midjourney and DALL-E 3 have safeguards against this type of activity, but Ars Technica reports that Anderegg allegedly used Stable Diffusion 1.5, a variant with fewer boundaries. Stability AI told the publication that fork was produced by Runway ML.

According to the DOJ, Anderegg communicated online with the 15-year-old boy, describing how he used the AI model to create the images. The agency says the accused sent the teen direct messages on Instagram, including several AI images of “minors lasciviously displaying their genitals.” To its credit, Instagram reported the images to the National Center for Missing and Exploited Children (NCMEC), which alerted law enforcement.

Anderegg could face five to 70 years in prison if convicted on all four counts. He’s currently in federal custody before a hearing scheduled for May 22.

The case will challenge the notion some may hold that CSAM’s illegal nature is based exclusively on the children exploited in their creation. Although AI-generated digital CSAM doesn’t involve any live humans (other than the one entering the prompts), it could still normalize and encourage the material, or be used to lure children into predatory situations. This appears to be something the feds want to clarify as the technology rapidly advances and grows in popularity.

“Technology may change, but our commitment to protecting children will not,” Deputy AG Monaco wrote. “The Justice Department will aggressively pursue those who produce and distribute child sexual abuse material—or CSAM—no matter how that material was created. Put simply, CSAM generated by AI is still CSAM, and we will hold accountable those who exploit AI to create obscene, abusive, and increasingly photorealistic images of children.”

This article originally appeared on Engadget at https://www.engadget.com/the-doj-makes-its-first-known-arrest-for-ai-generated-csam-201740996.html?src=rss