Tag Archives: Crime & Justice

Police arrest a teenage boy in connection with the MGM Resorts ransomware attack

Posted on by

A teenage boy may be responsible for a ransomware attack that shut down MGM Resorts in Las Vegas last year. The West Midlands Police Department in England confirmed that they arrested an unidentified 17-year-old on Thursday from the town of Walsall who allegedly shut down the resort and casino on the Las Vegas strip last year.

The teenager was arrested on suspicion of blackmail and violating the UK’s Computer Misuse Act. He was released on bail, according to a statement from the police department.

Police officials tracked the teenage suspect as part of a joint investigation with the UK’s National Crime Agency and the FBI. The police department said they recovered evidence at the teenager’s address including “a number of digital devices which will undergo forensic examination.”

The statement also said the teenager was part of a “global cyber online crime group” but did not specify which group. The ALPHV/BlackCat ransomware group announced their responsibility for the MGM Resorts cyber outage. The attack happened on Sep. 12, 2023 allegedly with a simple 10 minute phone call to a Help desk employee using information obtained from LinkedIn. The group has also claimed responsibility for a similar ransomware attack on the beauty brand Esteé Lauder.

"All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk," the organization wrote in a post on X.

MGM Resorts’ system shutdown lasted for nine days and created a massive outage across all of its casinos on the Las Vegas Strip. News later surfaced that other casinos like Caesars were also targeted by a different group but chose to pay the hackers tens of millions of dollars to prevent private company data from being released.

This article originally appeared on Engadget at https://www.engadget.com/police-arrest-a-teenage-boy-in-connection-with-the-mgm-resorts-ransomware-attack-223906246.html?src=rss

Detroit police can no longer use facial recognition results as the sole basis for arrests

Posted on by

The Detroit Police Department has to adopt new rules curbing its reliance on facial recognition technology after the city reached a settlement this week with Robert Williams, a Black man who was wrongfully arrested in 2020 due to a false face match. It’s not an all-out ban on the technology, though, and the court’s jurisdiction to enforce the agreement only extends four years. Under the new restrictions, which the ACLU is calling the strongest such policies for law enforcement in the country, police cannot make arrests based solely on facial recognition results or conduct a lineup based only on facial recognition leads.

Williams was arrested after facial recognition technology flagged his expired driver’s license photo as a possible match for the identity of an alleged shoplifter, which police then used to construct a photo lineup. He was arrested at his home, in front of his family, which he says “completely upended my life.” Detroit PD is known to have made at least two other wrongful arrests based on the results of facial recognition technology (FRT), and in both cases, the victims were Black, the ACLU noted in its announcement of the settlement. Studies have shown that facial recognition is more likely to misidentify people of color.

The new rules stipulate that “[a]n FRT lead, combined with a lineup identification, may never be a sufficient basis for seeking an arrest warrant,” according to a summary of the agreement. There must also be “further independent and reliable evidence linking a suspect to a crime.” Police in Detroit will have to undergo training on the technology that addresses the racial bias in its accuracy rates, and all cases going back to 2017 in which facial recognition was used to obtain an arrest warrant will be audited.

In an op-ed for TIME published today, Williams wrote that the agreement means, essentially, that “DPD can no longer substitute facial recognition for basic investigative police work.”

This article originally appeared on Engadget at https://www.engadget.com/detroit-police-can-no-longer-use-facial-recognition-results-as-the-sole-basis-for-arrests-204454537.html?src=rss

Julian Assange pleads guilty to espionage but defends himself in court

Posted on by

Julian Assange has formally pleaded guilty to violating the Espionage Act at a federal courthouse in Saipan, the capital of Northern Mariana Islands. The WikiLeaks founder was released from prison on June 24 after reaching a plea deal with the US government and quickly boarded a plane at Stansted Airport to make his way to Saipan. While the deal required Assange to plead guilty to "conspiring to unlawfully obtain and disseminate classified information relating to the national defense of the United States," he still defended himself in court. 

According to The Washington Post, Assange argued that he should've been protected by the First Amendment as a journalist. "Working as a journalist, I encouraged my source to provide information that was said to be classified in order to publish that information," he said. "I believe the First Amendment protected that." He also said that he believes the First Amendment and the Espionage Act are in contradiction of each other, but he accepts that his actions were in "violation of an espionage statute" and that it would be "difficult to win such a case given all the circumstances." 

A lawyer for the US government, however, accused him of encouraging personnel with high security clearances to expose classified military information and threaten national security. If you'll recall, WikiLeaks published classified information related to the wars in Afghanistan and Iraq, which was obtained by whistleblower and former Army intelligence officer Chelsea Manning, under his leadership. 

Lawyers from both sides argued about the time Assange served in prison, but around three hours after the proceeding started, Chief Judge Ramona V. Manglona declared that the 62 months he spent in Belmarsh Prison was reasonable and on par with the time served by Manning. Assange will not spend any time in US custody, but he has to leave the US Northern Mariana Islands immediately. The same private jet that flew him from London to Saipan flew him back to Canberra, Australia, because he wasn't allowed to fly commercial, according to his wife Stella Assange. 

This article originally appeared on Engadget at https://www.engadget.com/julian-assange-pleads-guilty-to-espionage-but-defends-himself-in-court-030516412.html?src=rss

Julian Assange has been released from prison in a plea deal with the US

Posted on by

WikiLeaks founder Julian Assange has been released from prison and has agreed to plead guilty to violating the Espionage Act. The WikiLeaks account on X, formerly Twitter, has announced his release after being granted bail by the High Court in London. It also tweeted a video that appears to show Assange boarding a plane at Stansted Airport. The WikiLeaks founder and former editor-in-chief is expected to appear in a courtroom in the US Northern Mariana Islands on June 26 in order to finalize his plea deal with the US government. 

According to a letter from the US Department of Justice obtained by The Washington Post, Assange is specifically pleading guilty to "conspiring to unlawfully obtain and disseminate classified information relating to the national defense of the United States." He will also be returning to Australia, his country of citizenship, right after the proceedings. CBS News reports that Justice Department prosecutors recommended a sentence of 62 months, and seeing as Assange already spent more than five years in a UK prison, he won't be spending any time behind bars in the US. 

Assange was the editor-in-chief of WikiLeaks when the website published US classified information, obtained by whistleblower and former Army intelligence officer Chelsea Manning, about the wars in Afghanistan and Iraq. In 2010, Sweden issued an arrest warrant for Assange over allegations of sexual assault by two women. Swedish authorities dropped their investigation into the rape allegations in 2017. 

Assange sought asylum at the Ecuadorian Embassy in London after losing his appeal against the warrant, and he lived there for seven years until he was evicted. Lenín Moreno, the president of Ecuador at the time, explained that his asylum was "unsustainable and no longer viable" because he displayed "discourteous and aggressive behavior." London's Metropolitan Police Service removed Assange from the embassy and arrested him on behalf of the US under an extradition warrant.

In WikiLeaks' announcement of his release, it said Assange left Belmarsh maximum security prison "after having spent 1,901 days there." The organization said that the "global campaign" by "press freedom campaigners, legislators and leaders from across the political spectrum" enabled "a long period of negotiations with the US Department of Justice" that led to the plea deal. 

This article originally appeared on Engadget at https://www.engadget.com/julian-assange-has-been-released-from-prison-in-a-plea-deal-with-the-us-044226610.html?src=rss

Five men face jail time for running the illegal streaming service Jetflicks

Posted on by

The illegal streaming service Jetflicks once boasted on its website that visitors could watch just about any TV show or movie “Anytime. Anywhere.” Now the five people behind the bootleg streaming service are facing some serious jail time.

A jury found Kristopher Dallman, Douglas Courson, Felipe Garcia, Jared Jaurequi and Peter Huber guilty in a Las Vegas federal court on Friday for conspiracy to commit criminal copyright infringement. Dallmann was also found guilty on two counts of money laundering and three counts of misdemeanor criminal copyright infringement for leading the Jetflicks operation, according to court documents and a US Department of Justice press release.

Jetflicks used computer scripts and software to scour the internet for illegal copies of movies and television shows and posted hundreds of thousands of illegal copies as far back as 2007 from torrent and Usenet sites. The defendants created a catalog of bootleg shows and movies bigger than the combined collections of streaming services including Netflix, Hulu, Vudu and Amazon Prime, according to the Department of Justice.

Users could pay a subscription fee to access the site on pretty much any media streaming device with a web browser. Jetflicks claimed to “offer more than 183,200 television episodes and have more than 37,000 subscribers,” according to the initial indictment filed in the Eastern District of Virginia in 2019.

Dallmann, the leader of the group, and his co-conspirators “made millions of dollars streaming and distributing this catalog of stolen content,” according to the press release.

At one point, operators and employees of Jetflicks were making hundreds of thousands of dollars a year from its subscription service. Dallman wrote in an online chat that his site made $750,000 in one year, according to the indictment.

The Motion Picture Association of America (MPAA) took notice of Jetflicks in 2012 and sent cease and desist letters to the site’s operators. Four years later, the Federal Bureau of Investigation (FBI) started its undercover operation of the site by paying for a six-month subscription. Undercover agents recorded multiple instances of illegal uploads of shows like Shameless, Ray Donovan, The OA and SyFy’s 12 Monkeys alongside charges for accessing them. Then the agents traced those charges back to the defendants’ bank accounts, according to court records.

A sentencing hearing has yet to be scheduled. The Department of Justice says Dallman could face up to 48 years in prison and the four remaining defendants could each face five years in prison.

This article originally appeared on Engadget at https://www.engadget.com/five-men-face-jail-time-for-running-the-illegal-streaming-service-jetflicks-202758485.html?src=rss

Ticketmaster hack could affect 560 million users

Posted on by

Ticketmaster is the victim of a cyber attack, its parent company, Live Nation, confirmed. The information stolen allegedly includes personal information from 560 million individuals, including names, numbers, addresses, and partial payment details. Hacking group ShinyHunters has demanded $500,000 in ransom money to prevent the data's sale and confirmed it held the 1.3TB of stolen data to Hackread.

In a filing with the US Securities and Exchange Commission, Live Nation stated it had "identified unauthorized activity" on May 20 and subsequently started investigating it. On May 27, "a criminal threat actor offered what it alleged to be Company user data for sale via the dark web." 

Live Nation claims to be working to lower the risks posed to its customers and its own business. "As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations," the company added. "We continue to evaluate the risks and our remediation efforts are ongoing."

Ticketmaster has faced previous breaches, including a bot attack during Taylor Swift ticket sales. The company also has a history as a hacker, illegally — and repeatedly — accessing the computer system of its rival, Songkick. Ticketmaster paid a $10 million criminal fine rather than face prosecution. However, the company's former head of Artist Services, Zeeshan Zaidi, pled guilty to conspiring to commit computer intrusions and wire fraud due to his role in the scheme.

This article originally appeared on Engadget at https://www.engadget.com/ticketmaster-hack-could-affect-560-million-users-121600931.html?src=rss

Meta and Activision face lawsuit by families of Uvalde school shooting victims

Posted on by

The families of the shooting victims at Robb Elementary School in Uvalde, Texas have sued Call of Duty publisher Activision and Meta. They alleged that the companies "knowingly exposed the shooter to the weapon [he used], conditioned him to see it as the solution to his problems, and trained him to use it." The plaintiffs also accused the companies of "chewing up alienated teenage boys and spitting out mass shooters." 

In the lawsuit, the plaintiffs explained that the Uvalde shooter played Call of Duty, which featured an assault-style rifle made by gunmaker Daniel Defense. They also mentioned that he frequently visited Instagram, which advertised the gunmaker's products. The lawsuit claimed, as well, that Instagram gives gunmakers "an unsupervised channel to speak directly to minors, in their homes, at school, even in the middle of the night." It argued that the shooter was "a poor and isolated teenager" from small town Texas who only learned about AR-15s and set his sights on it, because he was exposed to the weapon from playing Call of Duty and visiting Instagram. In addition, it accused Meta of being more lenient towards firearms sellers than other users who break its rules. Meta prohibits the buying the selling of weapons and ammunition, but users can violate the policy 10 times before they're banned from its platforms. 

"The truth is that the gun industry and Daniel Defense didn’t act alone. They couldn’t have reached this kid but for Instagram," the plaintiffs' lawyer, Attorney Josh Koskoff, said at a news conference. "They couldn’t expose him to the dopamine loop of virtually killing a person. That's what Call of Duty does." Koskoff's law firm was the same one who reached a $73 million settlement with rifle manufacturer Remington for the families of the Sandy Hook Elementary School shooting victims. 

An Activision spokesperson told The Washington Post and Bloomberg Law that the "Uvalde shooting was horrendous and heartbreaking in every way," and that the company expresses its deepest sympathies to the families, but "millions of people around the world enjoy video games without turning to horrific acts."

This article originally appeared on Engadget at https://www.engadget.com/meta-and-activision-face-lawsuit-by-families-of-uvalde-school-shooting-victims-130025901.html?src=rss

The DOJ makes its first known arrest for AI-generated CSAM

Posted on by

The US Department of Justice arrested a Wisconsin man last week for generating and distributing AI-generated child sexual abuse material (CSAM). As far as we know, this is the first case of its kind as the DOJ looks to establish a judicial precedent that exploitative materials are still illegal even when no children were used to create them. “Put simply, CSAM generated by AI is still CSAM,” Deputy Attorney General Lisa Monaco wrote in a press release.

The DOJ says 42-year-old software engineer Steven Anderegg of Holmen, WI, used a fork of the open-source AI image generator Stable Diffusion to make the images, which he then used to try to lure an underage boy into sexual situations. The latter will likely play a central role in the eventual trial for the four counts of “producing, distributing, and possessing obscene visual depictions of minors engaged in sexually explicit conduct and transferring obscene material to a minor under the age of 16.”

The government says Anderegg’s images showed “nude or partially clothed minors lasciviously displaying or touching their genitals or engaging in sexual intercourse with men.” The DOJ claims he used specific prompts, including negative prompts (extra guidance for the AI model, telling it what not to produce) to spur the generator into making the CSAM.

Cloud-based image generators like Midjourney and DALL-E 3 have safeguards against this type of activity, but Ars Technica reports that Anderegg allegedly used Stable Diffusion 1.5, a variant with fewer boundaries. Stability AI told the publication that fork was produced by Runway ML.

According to the DOJ, Anderegg communicated online with the 15-year-old boy, describing how he used the AI model to create the images. The agency says the accused sent the teen direct messages on Instagram, including several AI images of “minors lasciviously displaying their genitals.” To its credit, Instagram reported the images to the National Center for Missing and Exploited Children (NCMEC), which alerted law enforcement.

Anderegg could face five to 70 years in prison if convicted on all four counts. He’s currently in federal custody before a hearing scheduled for May 22.

The case will challenge the notion some may hold that CSAM’s illegal nature is based exclusively on the children exploited in their creation. Although AI-generated digital CSAM doesn’t involve any live humans (other than the one entering the prompts), it could still normalize and encourage the material, or be used to lure children into predatory situations. This appears to be something the feds want to clarify as the technology rapidly advances and grows in popularity.

“Technology may change, but our commitment to protecting children will not,” Deputy AG Monaco wrote. “The Justice Department will aggressively pursue those who produce and distribute child sexual abuse material—or CSAM—no matter how that material was created. Put simply, CSAM generated by AI is still CSAM, and we will hold accountable those who exploit AI to create obscene, abusive, and increasingly photorealistic images of children.”

This article originally appeared on Engadget at https://www.engadget.com/the-doj-makes-its-first-known-arrest-for-ai-generated-csam-201740996.html?src=rss

Block reportedly greenlit transactions involving terrorist groups and sanctioned nations

Posted on by

Block appears to be squarely in the government’s sights. Prosecutors from the Southern District of New York are reportedly probing extensive compliance lapses at the parent company of Square and Cash App. NBC News says a former Block employee has handed over documents to federal authorities, painting a picture of how the company failed to gather required risk-assessment information from customers and subsequently processed illegal transactions.

The documents allegedly show that Block greenlit multiple crypto transactions involving known terrorist organizations. Furthermore, Square reportedly processed thousands of transfers involving nations under economic sanctions. “From the ground up, everything in the compliance section was flawed,” the whistleblower allegedly told NBC News. “It is led by people who should not be in charge of a regulated compliance program.”

Most transactions allegedly involved credit cards, dollar transfers or Bitcoin and weren’t reported to the government as mandated by law. In addition, Block reportedly refused to “correct company processes” when notified of the breaches.

The investigation follows a separate report from NBC News in February highlighting two different whistleblowers who flagged the same issues at Block. They cited “questionable Cash App transactions with entities under sanction by the Treasury Department’s Office of Foreign Assets Control, operations known to sell personal information and credit card data for illegal purposes, and offshore gambling sites barred to U.S. citizens.”

The practice allegedly spanned multiple years. NBC News says it reviewed around 100 pages of documents from the whistleblower involving people or organizations in countries under US sanctions, including Russia, Iran, Venezuela and Cuba. Some of them were reportedly from as recent as 2023.

Graphic from finance company Block showing Jack Dorsey's face on a cube.
Block

The whistleblower claims Block’s management was aware of the alleged offenses. “It’s my understanding from the documents that compliance lapses were known to Block leadership and the board in recent years,” Edward Siedle, a former SEC attorney representing the whistleblower, told NBC News.

The whistleblower says that, besides senior management, Block’s board was told about the compliance issues. Coincidentally or not, several board members made unexpected exits recently, including former US treasury secretary Lawrence Summers, who resigned in February, and Sharon Rothstein, who had been on the board since 2022. Block told NBC News that they were leaving to devote more time to other activities and that their exits weren’t “a result of any disagreements with the company on any matter relating to the company’s operations, policies or practices.”

Federal authorities have taken a greater interest in modern financial platforms in recent years after at least some of them had become something of a Wild West. Of course, FTX’s fraudulent practices and subsequent collapse led to a seismic decline in the cryptocurrency industry. Although it isn’t clear if the feds have gotten involved, Elon Musk’s X (the husk of what was once Dorsey’s Twitter) reportedly violated US sanctions by accepting blue-check subscription payments from terrorist organizations.

This article originally appeared on Engadget at https://www.engadget.com/block-reportedly-greenlit-transactions-involving-terrorist-groups-and-sanctioned-nations-181222712.html?src=rss

Binance founder Changpeng Zhao sentenced to four months in prison

Posted on by

A federal judge has sentenced Binance founder Changpeng Zhao (often known as “CZ”) to four months in prison, as first reported by The New York Times. Prosecutors had recommended three years. Zhao pleaded guilty in November to violating the Bank Secrecy Act by failing to set up an anti-money-laundering program.

The DOJ accused Zhao of allowing criminal activity to flourish on the crypto exchange. “Binance turned a blind eye to its legal obligations in the pursuit of profit. Its willful failures allowed money to flow to terrorists, cybercriminals, and child abusers through its platform,” Treasury Secretary Janet Yellen said in November.

The government accused Binance of refusing to comply with American sanctions and failing to report suspicious transactions related to drugs and child sexual abuse materials. Prosecutors said in court that Zhao had told Binance employees it was “better to ask for forgiveness than permission” while bragging that if Binance had obeyed the law, it wouldn’t be “as big as we are today.”

Under the plea deal’s terms, Binance agreed to forfeit $2.5 billion and pay a $1.8 billion fine. Zhao personally paid $50 million as part of the settlement.

Although the charges differed, Zhao’s sentence is dramatically shorter than the 25 years fellow crypto figurehead Sam Bankman-Fried received in March. SBF, as he’s often known, was convicted on seven counts of fraud and conspiracy for his role at the helm of the crypto platform FTX.

Zhao played an integral role in Bankman-Fried’s downfall — and the crypto industry’s broader decline in the last 18 months. The Binance founder tweeted in November 2022 that his company would liquidate its holdings in FTX’s de facto token. He said “recent revelations that have came[sic] to light” while citing “ethical concerns” and “regulatory risks.” The posts not only crushed FTX but the crypto world at large. (They likely helped attract the government’s attention as well.) When FTX’s wells dried up following the platform’s rapid collapse, Zhao briefly agreed to buy the company but quickly backed out.

Prosecutors said Zhao’s crime carried a standard federal sentence of 12 to 18 months but argued for a three-year term, describing his crimes as being “on an unprecedented scale.” But Judge Richard A. Jones saw it differently, sentencing him to a measly one-twelfth of the government’s suggested term.

“This wasn’t a mistake — it wasn’t a regulatory oops,” Kevin Mosley, a DOJ lawyer, reportedly said in court on Tuesday. “Breaking U.S. law was not incidental to his plan to make as much money as possible. Violating the law was integral to that endeavor.”

This article originally appeared on Engadget at https://www.engadget.com/binance-founder-changpeng-zhao-sentenced-to-four-months-in-prison-205550299.html?src=rss