Tag: email

Lithuanian phishes two big US tech companies

A 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million.

According to the US Department of Justice, Rimasauskas  masqueraded as a prominent Asian hardware manufacturer and tricked employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries.

What is amazing about this rather bog standard phishing scam is how much cash he walked away with and the fact it was the IT industry, which should have known better.

The indictment does not name and shame the companies.  The first company is “multinational technology company, specializing in internet-related services and products, with headquarters in the United States”. The second company is a “multinational corporation providing online social media and networking services”.

Both apparently worked with the same “Asia-based manufacturer of computer hardware,” a supplier that the documents indicate was founded some time in the late ’80s.

Representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money.

Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted — each charge of wire fraud and laundering carries a max sentence of 20 years.


Judge nixes Google email scanning “settlement”

A federal judge  has thrown out a legal settlement which would have only paid lawyers but nothing to consumers who had the contents of their email scanned by Google without their knowledge or permission.

In a six page order, Judge Lucy Koh told Google and class action attorneys the proposed settlement was insufficient. Not just because it failed to clearly tell consumers what the search giant had done.

“This notice is difficult to understand and does not clearly disclose the fact that Google intercepts, scans and analyses the content of emails sent by non-Gmail users to Gmail users for the purpose of creating user profiles of the Gmail users to create targeted advertising for the Gmail users,” Koh wrote.

The case is mostly over whether Google’s email scanning practices amount to illegal wiretaps and a violation of California privacy laws. Google won a related lawsuit several years ago involving Gmail users.  This case is different, however, because it involves people who use other email providers—such as Microsoft, or Yahoo but whose messages are scanned without their permission when they send an email to a Gmail customer.

Google agreed to change the way it scans incoming messages so that it no longer reads emails while they are in transit, but only when they are in someone’s inbox. This is mostly a technicality but the company and the class action lawyers agree it puts Google in the clear as far as wiretap laws and they get a lot of money out it.

Judge Koh said the settlement does not provide an adequate technical explanation of Google’s workaround, which involves scanning in-transit emails for security purposes, and then later parsing them for advertising data.

“It does not disclose that Google will scan the email of non-Gmail users while the emails are in transit for the “dual purpose” of creating user profiles and targeted advertising and for detecting spam and malware,” Koh wrote.

The judge also added that another settlement last year, involving Yahoo’s scanning of emails, did not reflect the facts of the Google case.

Koh wants the case to proceed further and for the class action lawyers to push Google for recent documents about how the email scanning process really works. As the judge notes, the current settlement relies on documents that are three to six years old.

Any future settlement will presumably also have to do more to inform email users about Google’s scanning practices and, possibly, direct some of the settlement money to consumers instead of only the lawyers. Under the deal Koh rejected, Google would have paid $2.2 million to the attorneys, plus up to $140,000 in online ads to publicise the agreement.

Koh’s concerns reflect a sore point among many, including judges, who feel a long string of privacy settlements with big tech companies have done little to compensate consumers or improve privacy.

IBM owns out of hours emails

The Electronic Frontier Foundation (EFF) is furious that IBM has managed to score a patent on out of hours emails.

The EFF said it is bringing light to what it calls a “stupefyingly mundane” patent on e-mail technology which turns Biggish Blue into a spectacular troll.

For years IBM lawyers has argued with the US Patent and Trademark Office over a bizarre and alarming alternative history, in which IBM invented out of office e-mail—in 2010.

US Patent No. 9,547,842, “Out-of-office electronic mail messaging system” was filed in 2010 and granted about six weeks ago.

EFF lawyer Daniel Nazer described the case as the “Stupid Patent of the Month” blog post and cites a Microsoft publicity page that talks about quirky out of office e-mail culture dating back to the 1980s, when Microsoft marketed its Xenix e-mail system.

To be fair an IBM spokesperson said that “IBM has decided to dedicate the patent to the public”. The company notified USPTO today that it will forego its rights to the patent.

But the patent should never have been awarded.

IBM offers one feature that’s even arguably not decades old –  the ability to notify those writing to the out of office user some days before the set vacation dates begin.

It is a  feature, similar to “sending a postcard, not from a vacation, but to let someone know you will go on a vacation,” is a “trivial change to existing systems,” Nazer points out.

Nazer said that here were some major mistakes made during the examination process. The examiner never considered whether the software claims were eligible after the Supreme Court’s Alice v. CLS Bank decision, which came in 2014, and in Nazer’s view, the office “did an abysmal job” of looking at the prior art.

Nazer said the office “never considered any of the many, many, existing real-world systems that pre-dated IBM’s application”.

Needless to say, IBM is not one of those companies who likes the Alice judgement much.  It is lobbying Congress to roll back Alice and allow more types of software patents.

Rather than making trolls go away, it will mean that even more bizarre ones could get the nod by the Patent Office. After all IBM once applied to patent shorter meetings, it did not get anywhere with it, but it is the sort of thing it wants to be paid for.

Techdirt asks court to throw out email defamation suit

Michael Masnick, who founded the Techdirt blog and invented the “Streisand effect.” has asked a court for a defamation lawsuit against him to be thrown out.

Masnick was sued last month by Shiva Ayyadurai, a scientist and entrepreneur who claims to have invented e-mail in 1978 while at a medical college in New Jersey.

In his motion, Masnick claims that Ayyadurai “is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame”.

His suit says: “Defendants believe that because the critical elements of electronic mail were developed long before Ayyadurai’s 1978 computer program, his claim to be the “inventor of e-mail” is false”.

Techdirt’s allegedly defamatory statements are constitutionally protected opinion. “This lawsuit is a misbegotten effort to stifle historical debate, silence criticism, and chill others from continuing to question Ayyadurai’s grandiose claims”, Masnick’s lawyers wrote.

The tricky point of the court case appears to be the fact that Techdirt referred to Ayyadurai as a “fake,” a “liar,” or a “fraud” by putting forth “bogus” claims. Masnick insists that such phrases are “rhetorical hyperbole” meant to express opinions and said that the law provides no redress for harsh name-calling.

Techdirt uses “frequently sarcastic, obviously… humorous” subheadings and “casual and often hyperbolic” tone.

Masnick said that the Ayyadurai repeatedly attacks the conclusion that he is not the ‘inventor of email. But bo matter how fervently plaintiff may insist that he alone “invented email,” the law does not entitle him to recover damages simply because Techdirt has uttered a “subjective characterisation” to the contrary.

Both Ayyadurai and Masnick acknowledge that the MAILBOX program was created at MIT in the 1960s and that Ray Tomlinson created the “@” symbol protocol in 1971.

Ayyadurai calls the ARPANET creations “command-line protocols for transferring text messages” or “primitive electronic communication systems.” In Masnick’s view, Ayyadurai doesn’t dispute the historical facts, but instead “attacks Techdirt’s opinion that because those developments implemented the essential features of ’email’ therefore Ayyadurai’s claimed ‘inventor’ status is unwarranted.”

Techdirt admits that Ayyadurai created a useful software program while he was at UMDNJ and even “applauds it.” Masnick also said Ayyadurai “should be quite proud of what he’s done”.

Techdirt’s “general tenor” reinforces that it is a blog of opinionated commentary. The posts in question were written in first person, “resemble letters and op-ed columns,” and relate to a “heated debate” over the origins of email that dates to at least 2012.

Masnick asked for the lawsuit to be thrown out under California’s anti-SLAPP law. If successful, an anti-SLAPP ruling could result in some of his legal fees being covered.

That motion argues that California law should be followed because Masnick, Techdirt.com, and parent company Floor64 all reside in California and have no connections to Massachusetts, where Ayyadurai lives and filed his lawsuit.

Part of the problem here is that Tech Dirt does not really have the money to be fighting this case, nor can it afford to lose. Ayyadurai has already settled one case in his favour because the magazine in question went bust and had to pay him off.

Microsoft does not have to share foreign email but Google does

POSTMANPATA US judge has decided that while Microsoft does not have to share email stored on its foreign servers with police and spies, Google will still have to.

A US judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States.

US Magistrate Judge Thomas Rueter ruled that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.

The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.

“Though the retrieval of the electronic data by Google from its multiple data centres abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.

Google said that the magistrate had departed from precedent, and it will appeal the decision.

The ruling came less than seven months after the 2nd US Circuit Court of Appeals in New York said Microsoft Vole could not be forced to turn over emails stored on a server in Dublin, Ireland that U.S. investigators sought in a narcotics case.

The case was watched closely by the EU which was spoiling for a reason to shut the US out of the European cloud business.


Snowden knows that Trump was given a hand by Putin

NSA whistleblower Edward Snowden, an analyst with a U.S. defence contractor, is pictured during an interview with the Guardian in his hotel room in Hong KongWhile the FBI, CIA and President Barack Obama all agree that Russia hacked the DNC and asserted its will on the US presidential election they seem to be having difficulty convincing the world.

If you post news about the hack anywhere online you will normally get otherwise sane people parroting the mantra that “there is no proof.”

So far most of the proof has come from private security companies who normally would be accepted without question, but for some reason no one is believing them this time. Official comments from the spooks are short on anything that people call proof.

Donald (Prince of Orange) Trump has done his best to claim that it was not his good chum President Putin. He claims that hacking is hard to prove.
Only it really isn’t. According to a new document leaked by Edward Snowden, the NSA has successfully traced a hack back to Russian intelligence at least once before.

A classified excerpt from page from the NSA’s internal wiki shows that the NSA once verified that Russian journalist Anna Politkovskaya’s email account had been targeted by Russian Federal Intelligence Services a year before her 2006 murder.

The information is classified as “Top Secret Signals Intelligence” which means that the NSA knows Politkovskaya’s email was hacked by Russian operatives because they were able to trace the hack back to Russian intelligence.

The entry itself doesn’t specifically say how this trace was accomplished or provide the evidence — but the existence of the entry shows that the NSA is wholly capable of tracing such hacks back to their source.

While it does not prove that the Russia gamed the US election, it shows that the US intelligence agencies can gather the proof. It also shows that when the proof is found it is classified. The US does not want to risk showing its hand to foreign operators.

This would lead to a strange situation where President Obama, all the spooks and the White House dog all know that Russia gamed the election and can take action against Russia, but the rest of the world will not know why.

When Trump takes office in a couple of weeks he will know too, but it is unlikely he will say anything. After all he owes Putin’s Oligarch mates rather a lot of money.

NHS email system borked by one idiot and 120 pedants

face palmThe NHS’s email system is under pressure after one idiot decided to send an email to everyone.

More than 1.2 million employees are currently trapped in a “reply-all” email hell.

To make matters worse, the email was just a test but it prompted a series of reply-all responses from annoyed recipients going out to all 1 million plus employees of the organisations.

The difficulty is that people cannot resist emailing replies to the thing to tell them to stop emailing, asking what is going on or asking to be removed from the mailing list.
So far there had been at least 120 replies so far — meaning that more than 140 million needless emails have been sent across the NHS’s network by pedants thinking they are doing the right thing.

Apparently, the network is running like an asthmatic ant with a heavy load of shopping.

The NHS Pensions department has resorted to Twitter to warn that if people need to contact it by email please be aware that there may be delays in responding due to an issue currently affecting all NHS mail.

Apple does give user details to coppers

Apple-New-North-Korea1A leaked email shows that Apple’s claims not to help coppers is mostly spin and the outfit behaves pretty much the same as any  other company facing a court order.

An email from Apple’s vice president of Environment, Policy and Social Initiatives, who reports directly to CEO Tim Cook and  which has ended up in WikiLeaks shows that Apple is working with law enforcement.

In the email the Apple executive writes “we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day.”

The email was supplied to Wikileaks by Russian hackers working for Putin’s propaganda arm and was addressed to Clinton campaign chairman John Podesta. As such, it was designed to show Hillary Clinton was soft on encryption, but what it showed was Apple was spinning the encryption thing big time.

Jackson writes that at Apple, “We share law enforcement’s concerns about the threat to citizens… Strong encryption does not eliminate Apple’s ability to give law enforcement meta-data or any of a by number of other very useful categories of data.”

The email also compliments Clinton for her “principled and nuanced stance” on encryption in a December debate against Bernie Sanders.

Clinton had said “maybe the backdoor is the wrong door, and I understand what Apple and others are saying about that. But I also understand, when a law enforcement official charged with the responsibility of preventing attack…well, if we can’t know what someone is planning, we are going to have to rely on the neighbour… I just think there’s got to be a way, and I would hope that our tech companies would work with government to figure that out.”

Hillary Clinton was silly but did nothing illegal

hillary-sillyHillary Clinton was jolly silly when it came to network security, but an FBI investigation said she did nothing wrong.

After all, if they locked Hillary up for being a bit insecure when it came to data, they would probably have to lock up every network manager, or owner of a corporate network in the country.

The FBI Director James Comey rebuked the Democratic U.S. presidential candidate for “extremely careless” handling of classified information.

Republicans, which hoped Hillary would have been jailed for her “crimes” are trying to make the best of it.  House of Representatives Speaker Paul Ryan, the highest- ranking elected U.S. Republican, said in a statement that Comey’s announcement “defies explanation.”  Probably because it was not the explanation he wanted.

He is planning to haul Comey over the coals before the testify before the House Oversight Committee to see if he can squeeze a bit more mileage from the situation as the election arises. The issue then starts to get as dull as trying to find the other scandals that the Republicans try to pin on the Clintons.

However, what is clear is that as far as security is concerned, the Clinton’s cocked up. But it was the sort of cock up that people do when setting up networks.  Silly, risky, but not worth jailing the CEO or the network manager for.

“Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of the classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information,” Comey said.

No reasonable prosecutor would bring charges, he said. Of course the Republicans would cheerfully dig up a few banjo picking red-neck prosecutors from its ranks, it is unlikely they would get anywhere.

The reason is that the courts are not interested in whether or not Clinton lied to anyone, they are interested if she knowingly set up an insecure server and leaked classified information.  The evidence says she didn’t.  She said up a private email network which did not meet the security standards of for government use and a few emails ended up on it. Lots of companies have done the same thing.  A few have been bitten, and some, like Clinton, were lucky to get away with it.

At a rally in Raleigh, North Carolina, on Tuesday night, Trump, the presumptive Republican nominee, said the controversy should disqualify Clinton from being president and that her email system may well have been hacked by US enemies.

However, Trump must be aware that he is on shaky ground with that argument. After all, has he got total confidence that none of his companies have ever been hacked because network security was not up to par? There was a small matter of his voice mails being hacked by anonymous. His presidential campaign website, DonaldJTrump.com, was hacked and press releases replaced.  While Clinton’s site was a bit insecure at least it was not hacked. Is he saying that every company which has set up an insecure network should be jailed?  If that is the case he would have to be carting himself off too.

The issue here, which is being over looked by almost everyone, is the fact that corporates and politicians have a woeful ignorance of computer security. The issue is not trying drag these types into court, but to educate.


Gawker sued over email inventor claims

vashiva_ayyaduraiA bloke who did not invent email is suing Gawker for saying he did not invent email.

Shiva Ayyadurai gained 15 minutes of fame by telling the press he had invented email, at age 14, when he appears to have written an early implementation of email long after others had done it. There have been cases where the press have printed his claims and he managed to get a series into the Huffington Post.

V.A. Shiva Ayyadurai wrote an email software program for the University of Medicine and Dentistry of New Jersey (UMDNJ) in 1978. By all accounts, it was a perfectly decent email system that allowed the UMDNJ staff to send electronic messages. In 1981, Ayyadurai registered the copyright on his program, which was called EMAIL.

As Tech Dirt pointed out email was invented long before 1978 and the copyright is merely on the specific software code, not the idea of email. None of Ayyadurai’s work was even remotely related to what later became the standards of email.

In 2012, Gawker’s Sam Biddle did a long and thorough smackdown of Ayyadurai’s claims and now it appears he is suing.

“As his proof to the court he is quoting the very media he fooled as evidence that he really invented email. The actual lawsuit is a joke,” Tech Dirt wrote. Tech Dirt has also smacked down Ayyadurai’s claims in the past.

Ayyadurai’s evidence appears to rely on debunked reports in Time Magazine, CBS and Wired. His case also claims that because you couldn’t get a patent on software at the time his copyright was basically the same thing. Unfortunately you could patent some software at the time and copyright is nothing like the same thing.

Ayyadurai claims that Gawker’s articles are defamatory.

“The March 2012 Article falsely alleges that: a) Dr. Ayyadurai engaged in “semantic tricks, falsehoods, and a misinformation campaign.” b) Dr. Ayyadurai is engaged in “revisionism” in his claim of invention of email. Another article in 2014 Article also falsely states that “a) Dr. Ayyadurai is a “renowned liar” with respect to his statements that he invented email,b) Dr. Ayyadurai is a “big fake,” and c) Dr. Ayyadurai is engaged in “cyber-lies.””

Curiously the suit claims that he does not have to prove that the article was produced “ without malice” which we would have thought was a pretty important platform in defamation case. Particularly after the court is told that Ayyadurai didn’t invent email.

Ayyadurai claims that the article will “intentionally interfere” with his “prospective economic advantage” caused him “emotional distress” and one for “negligent hiring and retention”.