Tag: money laundering
It agreed to pay back $586m, retrain its staff, and submit to three years of independent oversight. "Western Union owes a responsibility to American consumers to guard against fraud, but instead the company looked the other way, and its system facilitated scammers and rip-offs," said FTC Chairwoman Edith Ramirez. "The agreements we are announcing today will ensure Western Union changes the way it conducts its business and provides more than a half billion dollars for refunds to consumers who were harmed by the company's unlawful behavior." The amount of the, effectively, nine-figure fine is certainly larger than the usual slap on the wrist that US regulators hand out. Last year, Western Union banked a net income of $837.8m, so the forfeit accounts for over eight months of profits – although considering that the complaint [PDF] states that the company has been carrying on in this way for at least eight years, Western Union is still in black from its activities. The FTC complaint states that Western Union must have been aware that they were carrying fraudulent transfers on their network and did nothing to stop them, or to rein in rogue agents in its employ.
In doing so, it violated banking secrecy laws and FTC reporting requirements. The government stated that Western Union agents were used in a number of scams, including internet fraud and online gambling.
It says that some of the funds identified came from scammers who took over social media accounts to declare they have been mugged and asking friends to send funds via Western Union to help. It also highlighted large numbers of transactions designed to send just under $10,000 overseas.
If someone sends more than that abroad it must be reported, so scammers do multiple smaller transactions that Western Union must have known were dodgy, the complaint claims. "As a major player in the money transmittal business, Western Union had an obligation to its customers to ensure they offered honest services, which include upholding the Bank Secrecy Act, as well as other US laws," said Chief Richard Weber of Internal Revenue Service–Criminal Investigation (IRS-CI). "Western Union's blatant disregard of their anti-money laundering compliance responsibilities was criminal and significant.
IRS-CI special agents – working with their investigative agency partners – uncovered the massive financial fraud and is proud to be part of this historic criminal resolution." ® Sponsored: Customer Identity and Access Management
eProseed will participate as a Supporting Partner in the 11th MENA Regulatory Summit on February 5th & 6th in Dubai, United Arab Emirates.
The summit will cover the main topical challenges faced by the regulatory authorities and the GRC community, a debate in which eProseed has a pivotal role to play as the publisher of FSIP, a comprehensive financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.
The 11th MENA Regulatory Summit will take place in Dubai, UAE, in association with the Dubai Financial Services Authority (DFSA) and under the patronage of H.E.
Sultan bin Saeed Al Mansouri, the UAE Minister of Economy.
Formerly known as the GCC Regulators' Summit, the event has been renamed in an effort to ensure the utmost involvement of the governance, risk and compliance (GRC) community across the MENA (Middle East and North Africa) region, and to expand the dialogue to neighboring countries that share the same topical risk challenges and regulatory outlook.
"With increasing demands from many international regulatory bodies, financial supervisory authorities are required to monitor the compliance of their financial institutions against numerous new national and international requirements.
In the MENA region, the recent macroeconomic developments have also triggered an unprecedented demand for collection of high precision data at high frequency from all financial institutions to support a better risk based supervision", comments Geoffroy de Lamalle, Chief Executive Officer of eProseed.
MENA: an increasing role in global compliance and combating financial crime
The 11th MENA Regulatory Summit will be attended and supported by regional and international regulators, financial services professionals, law practitioners, advisors and market players.
The participants will highlight the recent macroeconomic developments in the MENA region including the US election, Brexit aftermath, regional regulatory responses to the financial crisis, the digital revolution in financial services, block chain technology, and crowd funding.
The speakers will set the landscape for international anti-financial crime trends, FATF perspective on terrorist financing and emergent types of financial crimes, and the dangers of withdrawal of correspondent banking relationships. Panelists will also discuss trade-based money laundering and trade finance activities, compliance culture, business conduct, business ethics, and compliance conflicts.
eProseed, the Solution Provider for Financial Supervision
Leveraging the proven expertise in developing and implementing end-to-end business solutions based on Oracle's world-class software technology stack and a close collaboration with major Financial Institutions and Regulators, eProseed has developed eProseed Financial Supervision Insight Platform (FSIP), an end-to-end financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.
"In essence, eProseed FSIP is a comprehensive, highly agile, and plug-and-play financial supervision solution, enabling efficient and pro-active collection of high precision data at high frequency from all financial institutions, as well as automating and integrating all regulatory and supervisory functions in one single software solution", says Geoffroy de Lamalle.
eProseed is an ICT services provider and a software publisher. Honored with 8 Oracle ACE Directors and 14 Oracle Excellence Awards in the last 7 years, eProseed is an Oracle Platinum Partner with in-depth expertise in Oracle Database, Oracle Fusion Middleware and Oracle Engineered Systems.
eProseed’s portfolio of business applications and business accelerators is built on state-of-the-art, reliable technologies and sound knowledge of today’s challenges, developed and maintained with the highest standards in mind.
Comprehensive training and support are provided by eProseed’s experts for both applications and underlying technologies.
Headquartered in Luxembourg, in the heart of Europe, eProseed has offices in Beirut (LB), Brussels (BE), Dubai (AE), London (UK), New York (USA), Porto (PT), Riyadh (SAU), Sydney (AU), and Utrecht (NL).
The case was dropped in May 2016 after the fisherman gave the buoy back. Among others, we had plenty of laser strike cases to cover.
There were guilty verdicts and sentencing in the red-light camera scandal that consumed Chicago.
The Federal Trade Commission settled its lawsuit with Butterfly Labs, a failed startup that mined Bitcoins.
A man in Sacramento, California, pleaded guilty to one count of unlawful manufacture of a firearm and one count of dealing firearms—he was using a CNC mill to help people make anonymous, untraceable AR-15s. While we do our best to cover a wide variety of civil and criminal cases, there are five that stand out to us in 2017.
These cases range from privacy and encryption, to government-sanctioned hacking, to the future of drone law in America. Drone's up, don't shoot Case: Boggs v. MeridethStatus: Pending in US District Court for the Western District of Kentucky In 2016, we reported on another drone shooting incident (seriously folks, don’t do it!) in Virginia.
A 65-year-old named Jennifer Youngman used her 20-gauge shotgun to take out what many locals believe was a drone flying over her neighbor, Robert Duvall’s, adjacent property. Yes, that Robert Duvall. “The man is a national treasure and they should leave him the fuck alone,” she told Ars. Youngman touched on a concept that many Americans likely feel in their gut but has not been borne out in the legal system: property owners should be able to use force to keep unwanted drones out of their airspace.
But here’s the thing: for now, American law does not recognize the concept of aerial trespass. At this rate, that recognition will likely take years. Meanwhile, drones get more and more sophisticated and less expensive, and they have even spawned an entire anti-drone industry. Legal scholars have increasingly wondered about the drone situation.
After all, banning all aircraft would be impractical.
So what is the appropriate limit? The best case law on the issue dates back to 1946, long before inexpensive consumer drones were feasible.
That year, the Supreme Court ruled in a case known as United States v.
Causby that Americans could assert property rights up to 83 feet in the air. In that case, US military aircraft were flying above a North Carolina farm, which disturbed the farmer's sleep and upset his chickens.
As such, the court found that Farmer Causby was owed compensation. However, the same decision also specifically mentioned a "minimum safe altitude of flight" at 500 feet—leaving the zone between 83 and 500 feet as a legal gray area. "The landowner owns at least as much of the space above the ground as he can occupy or use in connection with the land," the court concluded. In 2015, a Kentucky man shot down a drone that he believed was flying above his property.
The shooter in that case, William Merideth, was cleared of local charges, including wanton endangerment. By January 2016, the Kentucky drone's pilot, David Boggs, filed a lawsuit asking a federal court in Louisville to make a legal determination as to whether his drone’s flight constituted trespassing.
Boggs asked the court to rule that there was no trespass and that he is therefore entitled to damages of $1,500 for his destroyed drone. Although the two sides have traded court filings for months, the docket has not been updated since June 2016, when Boggs’ attorneys pointed to a recent case out of Connecticut that found in favor of the Federal Aviation Administration’s regulation of drones. As Boggs’ legal team wrote: The Haughwout pleadings are directly relevant to the subject matter jurisdiction issue currently before the court.
The current dispute turns on whether a controversy has arisen that cannot be resolved without the Court addressing a critical federal question—the balance between the protection of private property rights versus the safe navigation of federal airspace.
The Haughwout dispute places this critical question in the context of an administrative investigation.
It highlights, as argued by Mr.
Boggs—and now the FAA—that questions involving the regulation of the flight of unmanned aircraft should be resolved by Federal courts. US District Judge David J. Hale has yet to schedule any hearings on the matter. Flood of torrents Case: United States v.
VaulinStatus: Pending in the US District Court for the Northern District of Illinois In July 2016, federal authorities arrested the alleged founder of KickassTorrents (KAT).
The arrest was part of what is probably the largest federal criminal complaint in an intellectual property case since Megaupload, which was shuttered in early 2012. (That site’s founder, Kim Dotcom, has successfully beat back efforts to extradite him from New Zealand to the United States. He was ordered extradited a year ago, but that court decision is now on appeal.) In the case of KAT, Ukranian Artem Vaulin, 30, was formally charged with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement.
Vaulin was arrested in Poland, where he remains in custody pending a possible extradition to the United States. Like The Pirate Bay, KAT does not host individual infringing files but rather provides torrent and magnet links so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users. According to the 50-page affidavit, Vaulin and KAT’s claims that they respected the Digital Millennium Copyright Act were hogwash.
The affidavit was authored by Jared Der-Yeghiayan, who is a special agent with Homeland Securities Investigations and was also a key witness in the trial of Silk Road founder Ross Ulbricht. Vaulin has since retained Dotcom’s lawyer, Ira Rothken, who has made similar arguments in court filings on behalf of his more famous client. Namely, that there is no such thing as secondary criminal copyright infringement, and while some files uploaded to KAT may have violated copyright, that does not make Vaulin a criminal. Rothken has not yet been able to directly correspond with or even meet his Ukrainian client (and has to do so only through Polish counsel). Nevertheless, he filed a motion to dismiss in October 2016.
The government responded weeks later, and Rothken filed another response on November 18. Prosecutors, for their part, said that the Rothken-Vaulin theory was ludicrous: “For the defendant to claim immunity from prosecution because he earned money by directing users to download infringing content from other users is much like a drug broker claiming immunity because he never touched the drugs.” The two sides met before US District Judge John Z. Lee for a status conference on December 20, 2016. Judge Lee has not yet ruled on the motion to dismiss. Hoarder vs. Hacker Case: United States v. MartinStatus: Pending in the US District Court for the District of Maryland While everyone knows about Edward Snowden and the shockwaves he sent through the intelligence community in 2013, fewer people know the name Harold “Hal” Martin. Martin, like Snowden, was a contractor for the National Security Agency at Booz Allen Hamilton and held a top-secret clearance.
In August, he was arrested and criminally charged with “unauthorized removal and retention of classified materials by a government employee or contractor.” Prosecutors alleged that Martin had a substantial amount of materials that should never have left government custody. Unlike Snowden, it’s unclear whether Martin is simply a “hoarder” (as his own lawyer argued) or whether he was someone who meant to sell, divulge, or disclose classified NSA material. (Recent years have seen several unsolved leaks of classified material, including a source that provided intelligence materials that were published by the German magazine Der Spiegel.
In August 2016, there was the “Shadow Brokers” dump of NSA exploits. Neither leak has been definitively attributed.) Two months later, when news of his arrest became public, Martin was immediately fired and stripped of his clearance.
An October 20 filing states that Martin also took home “six full bankers’ boxes” worth of paper documents, many of which were marked “Secret” or “Top Secret.” The documents are dated from 1996 to 2016. “The weight of the evidence against the Defendant is overwhelming,” the government plainly stated in its filing, which continued: For example, the search of the Defendant’s car revealed a printed email chain marked as “Top Secret” and containing highly sensitive information.
The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA’s classified computer infrastructure and detailed descriptions of classified technical operations.
The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations. The docket in Martin’s case has not advanced since October 31.
For now, he remains in custody. No further hearings have been scheduled. You say NIT, I say malware Case: United States v.
CroghanStatus: Appeal pending in 8th US Circuit Court of Appeals On December 1, a change to a section of the Federal Rule of Criminal Procedure went into effect. Under the revised Rule 41, any magistrate judge is now allowed to issue warrants authorizing government-sanctioned hacking anywhere in the country. Prior to that, magistrates could only sign off on warrants within their own federal district. As Ars has reported previously, for more than two years now, the Department of Justice has pushed to change Rule 41 in the name of thwarting online criminal behavior enabled by tools like Tor. The rule change might have gone unnoticed if not for over 100 child porn cases.
The cases are currently being prosecuted nationwide against suspects accused of accessing a Tor-hidden website called Playpen. Many of those cases have progressed “normally,” or at least as “normally” as child porn cases can progress.
But some suspects have challenged the use of what the government calls a “network investigative technique” (NIT), which security experts have dubbed as malware. As Ars reported before, investigators in early 2015 used the NIT to force Playpen users to cough up their actual IP address, which made tracking them trivial.
In another related case prosecuted out of New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen's 150,000 members and the malware's capabilities. As a way to ensnare users, the FBI took control of Playpen. Playpen users came to the site with their Tor-enabled digital shields down, revealing their true IP addresses.
The FBI was able to identify and arrest nearly 200 child porn suspects.
After 13 days, the FBI shut Playpen down. However, nearly 1,000 IP addresses were revealed as a result of the NIT’s deployment, which suggests that even more charges could be filed. Beau Croghan, a man in Iowa, was one of those hit by this NIT. He’s accused of downloading child porn via Playpen. However, this past year, his case was just one of three in which a judge ruled to suppress the evidence due to a defective warrant. In 2016, federal judges in Massachusetts and Oklahoma made similar rulings and similarly tossed the relevant evidence.
Thirteen other judges, meanwhile, have found that, while the warrants to search the defendants' computers via the hacking tool were invalid, they did not take the extra step of ordering suppression of the evidence.
The corresponding judges in the remainder of the cases have yet to rule on the warrant question. In Croghan’s case, however, US District Judge Robert Pratt seemed to have a clear understanding as to how the NIT worked. He rebuked the government’s arguments. Judge Pratt wrote: Here, by contrast, law enforcement caused an NIT to be deployed directly onto Defendants’ home computers, which then caused those computers to relay specific information stored on those computers to the Government without Defendants’ consent or knowledge.
There is a significant difference between obtaining an IP address from a third party and obtaining it directly from a defendant’s computer. In November, the government appealed the ruling up to the 8th Circuit, arguing that the district court had gotten it wrong: ordering suppression of the evidence was going too far. As prosecutors argued in their November 22 filing: The facts of this case fall comfortably within this body of law and mandate the same result.
Assuming that the NIT Warrant was void because the magistrate judge lacked territorial authority to issue it, and further assuming that the FBI’s use of the NIT thereby amounted to an unconstitutional warrantless search or was somehow prejudicial, suppression is not warranted because the agents acted in objectively reasonable reliance on the subsequently invalidated warrant and were not culpable for the magistrate judge’s purported error. Croghan’s attorneys have been ordered to file their response by January 12, 2017. Hands off Case: United States of America v.
In the matter of a Warrant to Microsoft, Inc.Status: Appeal pending en banc in 2nd US Circuit Court of Appeals It’s a case that’s being watched closely by many in the privacy community and the tech industry: Apple, the American Civil Liberties Union, BSA The Software Alliance, AT&T, Rackspace, Amazon, and others have joined in as amici. The question before the court was simple: does the Stored Communications Act, an American law that allows domestically held data to be handed over to the government, apply abroad? In other words: can the government order an American company (Microsoft) to give up data held overseas (in this case, in Ireland)? In July 2016, the 2nd Circuit said no. The case dates back to December 2013, when authorities obtained an SCA warrant, which was signed by a judge, as part of a drug investigation.
The authorities served it upon Microsoft, but when the company refused to comply, a lower court held the company in contempt. Microsoft challenged that, too.
The 2nd Circuit has vacated the contempt of court order, writing: The SCA warrant in this case may not lawfully be used to compel Microsoft to produce to the government the contents of a customer’s e‐mail account stored exclusively in Ireland.
Because Microsoft has otherwise complied with the Warrant, it has no remaining lawful obligation to produce materials to the government. What the government hopes would be revealed by acquiring the e-mail is not publicly known.
The authorities have also not revealed whether the e-mail account owner is American or if that person has been charged with a crime related to the drug investigation. On October 13, the government filed its en banc appeal before a full panel of judges at the 2nd Circuit, which has not formally decided to hear the case. As prosecutors wrote in that filing: There is no infringement of the customer’s privacy interest in his email content based on where Microsoft, at any given moment, chooses to store that content. Rather, the privacy intrusion occurs only when Microsoft turns over the content to the Government, which occurs in the United States.
The majority’s conclusion that the intrusion instead occurs where Microsoft “accessed” or “seized” the email content, Op. 39, is plainly wrong, because Microsoft could “access” or “seize” the email content on its own volition at any time and move it into the United States, or to China or Russia, or anywhere it chose, and the content would remain under Microsoft’s custody and control and the subscriber could not be heard to complain, unless and until the content were disclosed to the Government or another party.
This point is amply demonstrated by the concession of both Microsoft and the majority that Microsoft would have to comply with the Warrant if it had chosen (without consulting the subscriber) to move the target email account into the United States, even mere moments before the Warrant was served. Microsoft has not yet filed its response.
Several companies in Australia were among victims robbed by the cyber-bandits' software nasty. Intelligence from the banking industry led cops to identify several fraudulent transfers from customers of the Commonwealth Bank of Australia to British bank accounts.
A number of those dodgy payments involved a system using a single public IP address – which was traced back to Skowron's home address. Just over two years ago, on December 9, 2014, detectives seized electronic devices from Skowron's property, including computers and phones.
Forensic analysis of the nabbed gear found messages confirming the man's involvement in arranging for fraudulent payments to be siphoned through various "money mule" bank accounts. Investigators also linked Skowron to two separate cyber attacks against UK construction companies, although he was not convicted of any hacking offenses.
The building firms reportedly fell victim to man-in-the-middle attacks back in April 2014, when employees unwittingly downloaded malware onto their employers' systems, allowing fraudsters to swipe those businesses' online banking passwords. This information was used to log into the victims' bank accounts and make fraudulent transfers into accounts owned or controlled by the criminal network. The two construction companies lost about £500k as a result of these malware infections, and officers identified that approximately £39,000 of that stolen cash had been transferred into a bank account Skowron had opened himself just nine days before the fraud took place.
After further probing, Skowron was collared and charged in June 2016. Detective Constable Jody Stanger, who led the case, said: "Skowron played a significant part in a wider criminal network that was responsible for several high-value frauds using malware. "The proceeds of this fraud were then laundered through an organised money mule network," Stanger continued. "This conviction and sentence is the culmination of a long and complex investigation and shows that we will relentlessly pursue criminals involved in serious and organised crime online." ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub
The charges were first reported by the Minneapolis Star-Tribune. The two lawyers were charges Wednesday with an 18-count indictment (PDF), describing allegations of fraud, perjury, and money laundering perpetrated between 2011 and 2014. "In order to carry out the scheme, the defendants used sham entities to obtain copyrights to pornographic movies—some of which they filmed themselves—and then uploaded those movies to file-sharing websites in order to lure people to download the movies," the indictment reads. Prenda Law sued hundreds of people for copyright infringement, accusing them of illegally downloading pornographic movies.
In 2013, US District Judge Otis Wright sanctioned the firm, along with Steele and Hansmeier, saying they had perpetrated a fraud on the court. Wright also referred the case to criminal investigators. Wright's damning order set off a domino effect, with Prenda and its affiliated lawyers facing a long series of judicial sanctions and fee orders in courts around the country.
Steele and Hansmeier fought many of the sanctions, but earlier this year, panels of appellate judges at both the 7th Circuit and 9th Circuit ruled against them, and said they must pay for hundreds of thousands of dollars in attorneys' fees to defense lawyers who fought their claims. State Bar investigators took action as well, filing complaints that ended this year with both lawyers having their licenses to practice law suspended. Hansmeier, who built a new legal practice suing small businesses over violations of the Americans With Disabilities Act, filed for bankruptcy last year. Forgery and identity theft The basic scheme worked like this: Prenda Law, or one of several attorneys who worked with the firm, would file a copyright lawsuit over illegal downloads against a "John Doe" defendant they knew only by an IP address.
Then they'd use the discovery process to find out subscriber names from the various ISPs around the country. Once they got it, they’d send out letters and phone calls demanding a settlement payment, typically around $3,000 to $5,000, warning the defendant that if they didn't pay quickly, they would face public allegations over downloading porn. While mass-copyright lawsuits over mainstream media have been a decidedly mixed bag, Prenda's fast-and-loose porn litigation campaign worked well, at least for a few years.
In one interview, John Steele said he’d raked in $15 million.
That might have been an exaggeration.
A spreadsheet revealed in court showed that Prenda made $1.9 million in 2012 alone, and it isn’t clear that included all the accounts. Once a few of those defendants dug in, lawyered up, and investigated Prenda, the lawsuits started to look questionable.
Some key documents in Prenda lawsuits were signed by Steele's former housekeeper, Alan Cooper—but Cooper denied it, saying his signature had been forged.
As for the porn movies that were the subject of the lawsuits, they weren't exactly big hits.
In fact, forensic analysts found that they may have been uploaded to Pirate Bay by Prenda lawyers themselves, as a kind of "honeypot" that could produce the profitable lawsuits they wanted. This is a developing story, and we'll update this post as more information becomes available.
The president elect—who has repeatedly expressed admiration for dictators like Vladimir Putin and Kim Jong Un—will have at his disposal the surveillance resources to dig up dirt on political adversaries, journalists critical of his administration, or activists. With great power comes great responsibility “[Trump] is someone who displays a kind of personal vindictiveness that makes Nixon look Christlike,” Julian Sanchez, a privacy-focused research fellow for the Cato Institute, told Wired. “There’s every reason to be worried about those instincts and how they’d lead him to attempt to abuse this surveillance power.” Others are mollified with false belief that the NSA’s surveillance powers have been curtailed by law since Snowden’s revelations.
But former NSA counsel Susan Hennessey told Wired that the agency’s regulations don’t protect it from a president set on abusing its capabilities. “No one should kid themselves about the idea that in the wrong hands, it couldn’t do quite a bit that’s very scary,” she said. The fate of current NSA Director Admiral Mike Rogers remains uncertain, and Trump has yet to pick a director of national intelligence—although he is reportedly considering Carly Fiorina for the position.
But here’s what we do know about the team Trump has picked to fill key security positions. National Security Adviser: Mike Flynn As National Security Adviser, Flynn will attend daily intelligence briefings and act as a gatekeeper to President Trump on a wide range of issues. He will also oversee the National Security Council, a White House department of about 400 people involved in making policy recommendations. Past national security advisers include a long list of shrewd, strategic thinkers, from Henry Kissinger and Zbigniew Brzezinski to Colin Powell, Condoleezza Rice, and current adviser Susan Rice.
By contrast, Trump’s pick has falsely claimed that Democrats are trying to impose Sharia law in the United States and has become perhaps best known as the man behind the infamous ”Pizzagate” conspiracy theory, after tweeting a link to a baseless story connecting Clinton’s campaign to a sex cult and human trafficking. “U decide - NYPD Blows Whistle on New Hillary Emails: Money Laundering, Sex Crimes w Children, etc...MUST READ!” Flynn shrilled. “If the national security adviser is going to be the direct conduit between the president and the national security world, of course it’s a concern that that adviser is being taken in by conspiracy theories and fake news,” Tom Nichols, a professor at the U.S. Naval War College, told Fortune. Whoever has the president’s ear on international affairs, Nichols said, should have “a firm grip on what’s true and what’s false.” Retired Gen.
Barry McCaffrey recently told MSNBC that some of Flynn’s tweets “border on demented.” Powell, a retired four-star general who served under three Republican presidents, slammed Flynn in personal emails as a “right-wing nutty” and “a jerk.” And Daniel W.
Drezner, a professor of international politics at the Fletcher School of Law and Diplomacy at Tufts University, concluded in a column for The Washington Post that Flynn “should be kept as far away from power as humanly possible.” After leading the cheers of “lock her up” at the Republican Convention, it has come to light that Flynn—who was fired as director of the Defense Intelligence Agency, the Pentagon’s top spy organization— was investigated by the Pentagon for inappropriately sharing classified information. Flynn’s appointment is not subject to Senate confirmation. However, Democratic senators are asking the Obama administration to review his security clearance since he “reportedly has a record of mishandling classified intelligence.” CIA Director: Mike Pompeo Trump’s choice to lead the CIA is a fierce advocate for expanding surveillance at home and abroad, and he’s called for “the traitor Edward Snowden” to be executed. While sitting on the House Intelligence Committee, Pompeo fought Congressional efforts to rein in the NSA’s bulk collection of American’s data.
Instead, in an editorial earlier this year he advocated for “a fundamental upgrade to America’s surveillance capabilities.” Pompeo laid out a road map for expanding those powers, including re-establishing the collection of all metadata; combining it with financial and lifestyle information on American citizens in a searchable database; and removing legal and bureaucratic impediments to surveillance. The Freedom, Security & Technology Project at the Center for Democracy and Technology blasted Pompeo for his desire to give government the power to collect “the 21st-century equivalent of a dossier” on all Americans through the collection of digital data. “If there is one thing that everyone across the political spectrum believes, it’s the fundamental American value that government has no business peering into your private life without at least some indication that you’ve done something wrong,” Gabe Rottman, deputy director of the digital advocacy group, told Politico. “This would be exactly that.” The ACLU also slammed Pompeo, saying his position on digital spying raises “serious civil liberties concerns about privacy and due process.” The organization has vowed to fight his appointment. “These positions and others merit serious public scrutiny through a confirmation process,” ACLU Executive Director Anthony Romero said in a statement. “His positions on mass surveillance have been rejected by federal courts and have been the subject of several lawsuits filed by the ACLU.” In Congress, Pompeo was not one of those calling for mandated backdoors into encrypted communications, saying it would “do little good.” But he warned that using encryption for personal communication “may itself be a red flag,” which suggests that merely using “good security practices could invite government scrutiny under his watch,” The Atlantic reported. Attorney General: Jeff Sessions Civil liberties advocates have called Trump’s pick for Attorney General “a catastrophe for privacy” and “a nightmare scenario.” While serving as the Senator from Alabama, Sessions tried to add an amendment to the Email Privacy Act, a bill reforming electronic privacy law that passed in the Republican-controlled House. His amendment would have required technology companies like Google and Microsoft to turn over communications without any oversight by a court if the government said it was an emergency. “Never mind that companies already routinely hand over user data without being compelled in legitimate emergencies,” Wired wrote. “When it comes to surveillance powers, he’s more catholic than the Pope,” said Cato Institute fellow Julian Sanchez. “He wants to grant more authorities with fewer limitations than even the law enforcement or intelligence communities are asking for.” Indeed, a former homicide detective called Sessions’ emergency exception amendment “unwise and unsafe” in an editorial for The Hill. As a senator, Sessions also repeatedly worked to block NSA privacy reforms. “Sessions pushed for spying powers beyond even those supported by his Republican congressional colleagues and intelligence agents,” Wired wrote. “He fought reform of the Foreign Intelligence Surveillance Act in 2012 and against the USA Freedom Act that in 2015 placed new limits the NSA’s spying powers after the revelations of Edward Snowden—a law that passed a Republican House and Senate and was even endorsed by NSA director Michael Rogers.” Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute, told Wired that Sessions was a dangerous choice for the role of enforcing legal limits on intelligence agencies like the NSA. “Unless Congress picks up the mantle of aggressive oversight of the intelligence community, we’re looking at a situation that makes the Hoover era looks like child’s play,” Green said. Eternal vigilance is the price of liberty In light of these developments, it might be a good time to revisit Snowden’s words with The Guardian: The greatest fear I have regarding the outcome for America of these disclosures [about government surveillance] is that nothing will change. People will know the lengths that government is going to grant themselves powers, unilaterally, to create greater control over American society and global society.
But they won’t be willing to take the risks necessary to stand up and fight to change things, to force their representatives to actually take a stand in their interests. And it’s only going to get worse. Until eventually there will be a time where policies will change—because the only things that [currently] restricts the surveillance state is policy…A new leader will be elected, they’ll flip the switch, say that because of the crisis, because of the dangers that we face in the world, we need more authority, we need more power.
And there will be nothing the people can do at that point to oppose it.
And it’ll be turnkey tyranny.
Department of Justice said it turned the tables on the criminals, "by targeting not just individual actors, but the entire Avalanche infrastructure." The complex network of computer servers was used by criminals in several countries for money laundering operations and to deliver more than two dozen iterations of malicious software, capable of stealing sensitive personal information. “The takedown of Avalanche was unprecedented in its scope, scale, reach and cooperation among 40 countries,” said Acting U.S.
Attorney Soo C.
Song of the Western District of Pennsylvania. “This is the first time that we have aimed to and achieved the destruction of a criminal cyber infrastructure while disrupting all of the malware systems that relied upon it to do harm.” The statement from the Justice Department said the Avalanche network had been operating since at least 2010 and was believed to serve clients operating as many as half a million infected computers throughout the world each day. Financial damage from its operation is estimated to be in the hundreds of millions of dollars globally. The U.S.
Attorney's Office of the Western District of Pennsylvania, the FBI and the Criminal Division's Computer Crime and Intellectual Property Section (CCIPS) conducted the operation in close cooperation with the Public Prosecutor's Office Verden; the Luneburg Police of Germany; Europol; and Eurojust, located in The Hague, Netherlands; as well as investigators and prosecutors from more than 40 jurisdictions, including India, Singapore, Taiwan and Ukraine. Other partners included the Department of Homeland Security's U.S.-Computer Emergency Readiness Team (US-CERT), the Shadowserver Foundation, Fraunhofer Institute for Communication, Registry of Last Resort, ICANN and domain registries from around the world. The Criminal Division's Office of International Affairs also provided significant assistance, the statement said.
They could be used for launching malware infection campaigns, funneling funds from phishing scams, and controlling more than 500,000 infected PCs a day, police estimate.
They also spammed out a million emails carrying viruses every week. "The volume of fraudulent activity made possible by Avalanche was incredible.
But the scale of the global law enforcement response was unprecedented, as 20 strains of malware and 800,000 domains were targeted on one day," said Mike Hulett, of the NCA's National Cyber Crime Unit. "Unfortunately, taking down Avalanche doesn't clean computers already infected with malware, so while the criminals are scrabbling around inevitably trying to rebuild their operations, computer users should use this window to install anti-virus software and make sure they're protected." The raids on Wednesday seized 39 servers and took another 221 offline.
Thirty-seven premises were searched, and 830,000 malicious domains were shut down. Police found 20 different malware families on the network, including goznym, marcher, matsnu, urlzone, xswkit, and pandabanker. The Avalanche operation started in 2012, when German police investigating a large ransomware outbreak found evidence that the source of their woes was the rogue network.
The way Avalanche was set up made it very difficult to map and penetrate due to a technique called double fast flux. Fast flux is a common criminal technique designed to stymie police investigations by swapping the IP address attached to a domain regularly, sometimes every few minutes, between different servers. Avalanche augmented this by making sure that both the domain location and the name server queried for this location changed, making it doubly hard for investigators to locate and identify criminal operations. To combat this, investigators in the EU and US used a technique called sinkholing, where data traffic from infected machines is redirected through servers controlled by the police and analyzed. Police around the world sifted through 130TB of data to find the information needed to identify the Avalanche architecture. "Avalanche has been a highly significant operation involving international law enforcement, prosecutors and industry resources to tackle the global nature of cybercrime," said Europol Director Rob Wainwright. "The complex trans-national nature of cyber investigations requires international cooperation between public and private organisations at an unprecedented level to successfully impact on top-level cybercriminals.
Avalanche has shown that through this cooperation, we can collectively make the internet a safer place for our businesses and citizens." ® Sponsored: Customer Identity and Access Management
Avalanche has spread malware and ransomware since 2009.
After spending four years analyzing more than 130 TB of data, authorities in the US and Europe announced Thursday that they are beginning to dismantle an international cybercrime syndicate that spread malware and caused hundreds of millions of dollars in damages.
The operation against the syndicate, known as Avalanche, has already resulted in arrests and searches in the US, Germany, and other countries, and Europol said that more than 220 of Avalanche's servers have been taken offline.
Avalanche operates as a botnet—a collection of infected Internet-connected devices that can be directed to attack pretty much any target. In this case, the targets were mostly banks and other financial institutions, with an estimated $6.4 million in damages in cyberattacks on online banking systems in Germany alone, according to Europol.
The earliest Avalanche attacks began in 2009, and various criminal groups have since used the network to send more than one million emails with damaging attachments or links every week, Europol said. Avalanche was also blamed for an early ransomware attack in Germany in 2012, which compromised millions of computers.
It is unclear if Avalanche contributed to the growing number of ransomware attacks in the US this year, including one in February against a Hollywood, Calif., hospital that paid $17,000 to unlock its files.
In addition to malware and ransomware, the Avalanche network also hosted several money laundering campaigns, according to a joint statement from the FBI and the US Justice Department. The US authorities are concentrating their efforts on victims of malware attacks in western Pennsylvania, though the agencies did not offer specific details, instead promising to reveal more information next week.