Threat Level Privacy, Crime and Security Online

Shoplifting Couple Jailed for eBay Toy Sales

screen-shot-2010-03-23-at-33134-pm

A California couple that bragged on national television about shoplifting toys — which included Lego and Star Wars-themed toys — have been sentenced to more than a year in prison each after being busted selling the hot goods on eBay.

Matthew and Laura Eaton were indicted in September, more than a year after they appeared on the Dr. Phil show bragging about their escapades. They told viewers they earned about $3,500 per week selling the goods they pilfered from outlets surrounding their suburban San Diego home.

Continue Reading “Shoplifting Couple Jailed for eBay Toy Sales” »

Tags: , ,

Lawmakers Eyeing National ID Card

Lawmakers are proposing a national identification card — what they’re calling “high-tech, fraud-proof Social Security cards” — that would be required for all employees in the United States.

The proposal by Sen. Charles Schumer (D-New York) and Sen. Lindsay Graham (R-South Carolina) comes as the states are grappling to produce another national identification card at the behest of the Department of Homeland Security. Virtually none of the states are in compliance with this Real ID program — adopted in 2005 — requiring state motor vehicle bureaus to obtain and internally scan and store personal information like Social Security cards and birth certificates for a national database.

Graham, left, and Schumer, are calling for national ID cards to combat illegal immigration.

Graham, left, and Schumer, are calling for national ID cards to combat illegal immigration.
Photo: AP

Now comes a bid for a second card.

Continue Reading “Lawmakers Eyeing National ID Card” »

Tags: , , , ,

Gonzalez Accomplice Gets Probation for Selling Browser Exploit

ieA computer security professional who sold Internet Explorer exploit code to credit card hacker Albert Gonzalez was sentenced Tuesday in Boston to three years probation and a $10,000 fine.

Jeremy Jethro, 29, was paid $60,000 by Gonzalez for a zero-day exploit against Microsoft’s browser, “the purpose and function of which was to … enable the conspirators to unlawfully gain access to, and redirect, individual’s computers,” according to court records.

Gonzalez led a team of hackers who gained unauthorized access to company networks and stole more than 90 million credit and debit card numbers, though it’s not clear what role, if any, the $60,000 zero-day played in the attacks. Jethro’s attorney, Stacey Richman, told Threat Level the exploit was a dud.

“The exploit never worked,” she said. “None of them worked. There was a question of potentially two [exploits] and neither of them worked.”

Jethro pleaded guilty to a misdemeanor conspiracy charge for providing the malware. Under Tuesday’s sentence, Jethro will be confined at home, under electronic monitoring, for the first six months of his three-year-long probation.

Richman said Jethro did not know Gonzalez’s intended use for the exploit. She also said the judge took into consideration her client’s life change in 2006 when he turned to Christianity and “renounced any aspect of any wrongful behavior.”

She said Jethro, who is currently working in the computer industry “had spent the years since then entirely in a very proper manner.”

He’s the third person to be sentenced for conspiring with Gonzalez in criminal activity. Last December, Stephen Watt, a former coder for Morgan Stanley, was sentenced to two years in prison for providing a sniffer to Gonzalez that helped him siphon card data from TJX’s corporate network. Watt was also ordered to pay restitution to TJX in the amount of $171.5 million.

Earlier this month, Humza Zaman, a former network security manager at Barclays Bank, was sentenced to 46 months in prison and fined $75,000 for serving as a money courier for Gonzalez. He was charged with laundering between $600,000 and $800,000 for Gonzalez.

Gonzalez is scheduled to be sentenced this week in Boston for his role in the hacks of TJX, Dave & Busters, Hannaford Brothers, 7-Eleven and Heartland Payment Systems. He faces a sentence of between 17 and 25 years. Prosecutors are asking for the latter.

18:30:  This article was updated to add comment from Richman, and to correct an error.  Jethro’s charge did not link him to Gonzalez’s credit card thefts.

Image: BlubrNL/Flickr

See Also:

Tags: , , , ,

Russia Arrests Alleged Mastermind of RBS WorldPay Hack

Russian authorities have nabbed the man accused of masterminding a coordinated global ATM heist of $9.5 million from Atlanta-based card processing company RBS WorldPay.

Viktor Pleshchuk, 28, of St. Petersburg, was arrested by the Russian Federal Security Service, or FSB, according to the Sunday Mail, which broke the story last week in the United Kingdom.

The Financial Times confirmed the arrest this week, adding that Pleshchuk was among “several suspects” arrested. The paper didn’t name the other suspects or say when any of them were arrested. The arrests are being touted by some as signaling a new era of cooperation between Russian and U.S. authorities.

Pleshchuk was indicted in the United States last November with Sergei Tsurikov, 25, of Tallinn, Estonia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth person identified only as “Hacker 3.” The government described the caper as “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

The hack involved reverse-engineering PINs for payroll debit card accounts — the holy grail of bank card hacking.
Continue Reading “Russia Arrests Alleged Mastermind of RBS WorldPay Hack” »

Tags: ,

Secret Service Paid TJX Hacker $75,000 a Year

albert2_crop_small

Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government.

Watt told Threat Level that Gonzalez was paid in cash, which is generally done to protect someone’s status as a confidential informant. The Secret Service said it would not comment on payments made to informants. Gonzalez’s attorney did not respond to a call for comment.

“It’s a significant amount of money to pay an informant but it’s not an outrageous amount to pay if the guy was working full time and delivering good results,” says former federal prosecutor Mark Rasch. “It’s probably the only thing he was doing — other than hacking into TJX and making millions of dollars.”


Gonzalez’s salary highlights how entwined he was with the government at the time he participated in the largest identity theft crimes in U.S. history. Gonzalez, 28, is set for sentencing this week on three indictments covering nearly every headline-making bank-card theft in recent years, including intrusions at TJX, Office Max, Hannaford Brothers, 7-Eleven and Heartland Payment Systems (which alone exposed magstripe data on 130 million credit and debit cards). The hacker’s plea agreements contemplate a total prison term of between 17 and 25 years.

Rasch says Gonzalez’s $75,000 is nothing compared to the million-dollar payouts some undercover informants get for high-risk, high-value cases such as Mafia investigations. But Gonzalez’s payments dwarf the meager handouts given previous computer crime informants.

Continue Reading “Secret Service Paid TJX Hacker $75,000 a Year” »

Tags: , , , ,

Rich Get Richer in ‘Hot News’ Stock-Tip Fight

screen-shot-2010-03-19-at-124716-pmA well-known financial news aggregator is being ordered by a federal judge to delay publication of prominent financial analysts’ buy and sell recommendations to allow the well-to-do the first crack at capitalizing on that trading research.

The 3-year-old litigation, brought by Barclays Capital, Merrill Lynch, Morgan Stanley and others, rests on the so-called “hot news” doctrine the Supreme Court first recognized in a 1918 case concerning the unauthorized and immediate republication of wire service reports.

A New York federal judge said Theflyonthewall.com breached the doctrine, which allows suits for re-reporting time sensitive “hot news.” Research that Theflyonthewall.com re-posted or alluded to on its site was designated for the banks’ clients that earn the firms not less than $50,000 to $100,000 in trading commissions yearly, U.S. District Judge Denise Cote ruled.

Continue Reading “Rich Get Richer in ‘Hot News’ Stock-Tip Fight” »

Tags: , , ,

Unprecedented 25-Year Sentence Sought for TJX Hacker

Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night.

“[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest and most costly series of identity thefts in the nation’s history,” wrote Boston-based Assistant U.S. Attorney Stephen Heymann. “He knowingly victimized a group of people whose population exceeded that of many major cities and some states.”

The government also disputed a defense claim that Gonzalez suffers from Asperger’s disorder, a mild form of autism that was grounds for a slightly reduced sentence in a previous hacking prosecution.

Gonzalez, 28, is set for sentencing next week on three indictments covering virtually every headline-making bank-card theft in recent years, including intrusions at TJX, DSW Shoe Warehouse, Office Max, Hannaford Brothers, 7-Eleven, and Heartland Payment Systems, which alone exposed magstripe data on 130 million credit and debit cards. He performed the intrusions while an informant for the Secret Service.


The hacker’s plea agreements contemplate a total prison term of between 17 and 25 years.

In December, Gonzalez’s lawyer, Martin Weinberg, argued for the low end of the sentencing range, pointing out that Gonzalez cooperated with the government against his U.S. co-conspirators and two Eastern European hackers known as “Grigg” and “Annex.” Weinberg also argued that Gonzalez was driven by a psychological obsession with computers, submitting a report by a defense-paid psychiatrist that found the hacker’s behavior consistent with Asperger’s disorder.

Over defense objections, a federal judge allowed a government-paid psychiatrist to also examine the hacker, and that expert came to a different conclusion, noting that Gonzalez appears to have no problems forging social and romantic relationships.

“I found considerable evidence of Mr. Gonzalez’s substance abuse and probable antisocial personality disorder,” wrote Dr. Mark Mills, in a report (.pdf) also filed Thursday. “I found no evidence of Asperger’s disorder or internet addiction.”

Heymann added that Gonzalez’s leadership role also belies the Asperger’s claim. “Those with Asperger’s are almost by definition not leaders,” he wrote. “Instead they are followers, often perceived as peripheral, isolated and strange.”

Continue Reading “Unprecedented 25-Year Sentence Sought for TJX Hacker” »

Tags: , ,

Accusations Fly in Viacom, YouTube Copyright Fight

screen-shot-2010-03-18-at-22531-pmGoogle deliberately weakened its copyright compliance standards after it acquired YouTube in 2006 so it “would profit from illegal downloads,” Google co-founder Sergey Brin once said, according to a Friday filing by Viacom in its infringement suit against the company.

YouTube, in its own Friday filing and in a blog post, said it was legally immune to copyright infringement claims -– even if it knowingly hosted copyrighted works on its video-sharing site. One reason was that Viacom — which owns MTV, BET, Paramount and other media concerns — had a marketing practice of secretly uploading its own videos to YouTube, some of the same works at issue in the case.

“Viacom alone has uploaded thousands of videos to YouTube to market hundreds of its programs and movies, including many that are works in suit,” Google wrote. “Given the broad scope of marketing, YouTube could not be charged with knowledge of infringement (.pdf) merely because it came across a video that was clearly from a professionally produced television show or movie.”

Google added that, “Both before and well into this litigation, Viacom’s own monitoring agent, BayTSP, identified as ‘infringing’ many videos that had in fact been posted to YouTube with Viacom’s permission.” Google added that “the only way that YouTube knew which clips Viacom actually wanted to remove at any given time was from the takedown notices it received.”

screen-shot-2010-03-18-at-22724-pm1Each company’s filing, which ask a New York judge to rule in their favor before trial, was guided by thousands of documents the parties turned over to one another as part of the discovery stage of the 3-year-old litigation. Viacom is seeking $1 billion in damages in a case testing the depths of immunities under the Digital Millennium Copyright Act.

Viacom claims YouTube has lost the so-called “safe harbor” protection of the Digital Millennium Copyright Act. The DMCA, adopted in 1998, provides internet service providers like YouTube immunity from infringement lawsuits if, among other things, they promptly remove copyrighted content at the request of the rightsholder.

Continue Reading “Accusations Fly in Viacom, YouTube Copyright Fight” »

Tags: , , ,

Court: Cyberbullying Threats Are Not Protected Speech

748443511_e3b89339d2

A California appeals court ruled this week that threatening posts made by readers of a website are not protected free speech, allowing a case charging the posters with hate crimes and defamation to proceed.

The case raises fundamental questions about cyberbullying and the line between online speech and hate crimes.

In her dissenting opinion, Judge Frances Rothschild said the appellate court ruling “alters the legal landscape to the severe detriment of First Amendment rights.”

The case involves a teen identified as “D.C.” in court documents, who launched a website in 2005 when he was 15 to promote his pursuit of an acting and singing career. According to court documents, the student has recorded an album and played a leading role (.pdf) in an unnamed feature film, using the pseudonym “Danny Alexander.”

Fellow students at his private high school, Harvard-Westlake School in Los Angeles, posted derogatory comments on his site, mocking his perceived sexual orientation and making hostile statements that threatened him with bodily harm, such as “Faggot, I’m going to kill you,” and “I want to rip out your fucking heart and feed it to you.”

Continue Reading “Court: Cyberbullying Threats Are Not Protected Speech” »

Tags: , ,

Court Slaps Prosecutor Who Threatened Child-Porn Charges Over ‘Sexting’

Teen_on_cell_phone

A Pennsylvania appellate court upheld a preliminary injunction on Wednesday barring local prosecutors from filing felony child-porn charges against a teenage girl who took a partially nude photo of herself with her cellphone.

The court said prosecutors were using the threat of charges as retaliation against the teen for exercising her constitutional right to refuse a voluntary reeducation program favored by the district attorney. The court also determined it was likely the girl and her parents will succeed in a civil rights lawsuit they’ve filed against the district attorney’s office.

Last year, District Attorney George P. Skumanick, Jr., threatened to charge three teenage girls with felony child-porn violations over digital photos they took of themselves.

The American Civil Liberties Union of Pennsylvania filed a federal lawsuit against Skumanick on behalf of the girls and their parents accusing Skumanick of violating the girls’ civil rights. The suit said they had a constitutionally protected right to appear in the pictures and that the threat to prosecute the minors was “unprecedented and stands anti-child-pornography laws on their head.”

The ACLU won a preliminary injunction in the U.S. District Court in Pennsylvania barring the prosecutor from bringing criminal charges against the three girls, which the court granted.  Skumanick appealed.

The case dates back to October 2008, when officials of the Tunkhannock School District in Wyoming County, Pennsylvania, discovered that male students were trading photos on their phones of female students in various states of undress. Officials confiscated the phones and turned them over to District Attorney Skumanick.

Skumanick told an assembly of students that possessing inappropriate images of minors could get them prosecuted under state child-porn laws and, if convicted, they would face a possible seven-year sentence and a felony record. Under a state law, they would also have to register as a sex offender for 10 years and have their name and photo posted on the state-s sex-offender website.

The prosecutor also sent a letter to about 16 students — three boys and 13 girls — who either appeared in the images or were found in possession of them. In a meeting with the students and their parents, he said he would file felony charges against the students unless they agreed to six months of probation, among other terms. He gave the parents 48 hours to agree.

The parents of three girls refused to sign. Skumanick then threatened to charge the girls with producing child pornography unless their parents agreed to the probation and sent the teenagers to a five-week, 10-hour education program. The program was designed in part by the district attorney’s office to discuss why what they did was wrong and what it means to be a girl in today’s society. The girls would also have to submit to drug testing.

When one parent asked Skumanick how his daughter, who appeared in a picture wearing a bathing suit, could be charged with child porn, Skumanick responded that she was posing “provocatively,” according to court documents.

The parents of three teenaged girls balked at the threats and filed the original suit against Skumanick.

While the decision was on appeal, Skumanick determined that he would not bring criminal charges against two of the teens, so the injunction upheld this week applies only to one girl, identified as “Nancy Doe” in court documents. The girl had photographed herself outside a shower with a towel wrapped around her waist and her breasts bared.

Continue Reading “Court Slaps Prosecutor Who Threatened Child-Porn Charges Over ‘Sexting’” »

Tags:
« OLDER POSTS
See more Threat Level