Tag: sues | Page 4

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents – Krebs on Security

August 25, 2021/in Mobile Security

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. After months of sleuthing, his investigators identified the likely culprits: Two young men in Britain who were both minors at the time of the crime.

A forensic investigation of Schober’s computer found he’d inadvertently downloaded malicious software after clicking a link posted on Reddit for a purported cryptocurrency wallet application called “Electrum Atom.” Investigators determined that the malware was bundled with the benign program, and was designed to lie in wait for users to copy a cryptocurrency address to their computer’s temporary clipboard.

When Schober went to move approximately 16.4 bitcoins from one account to another — by pasting the lengthy payment address he’d just copied — the malware replaced his bitcoin payment address with a different address controlled by the young men.

Schober’s lawsuit lays out how his investigators traced the stolen funds through cryptocurrency exchanges and on to the two youths in the United Kingdom. In addition, they found one of the defendants — just hours after Schober’s bitcoin was stolen — had posted a message to GitHub asking for help accessing the private key corresponding to the public key of the bitcoin address used by the clipboard-stealing malware.

Investigators found the other defendant had the malware code that was bundled with the Electrum Atom application in his Github code library.

Initially, Schober hoped that the parents of the thieving teens would listen to reason, and simply return the money. So he wrote a…

Source…

Facebook sues makers of malicious Chrome extensions for scraping data

January 14, 2021/in Computer Security

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook’s website and from users’ systems without authorization.

The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the “Oink and Stuff” business name.

“They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information,” Jessica Romero, Director of Platform Enforcement and Litigation, said.

“Four of their extensions — Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger — were malicious and contained hidden computer code that functioned like spyware.”

The four extensions are still available for download in Google’s Chrome Web Store and they currently have more than 54,000 users.

Facebook systems’ not compromised

After being installed on the users’ computers, these Chrome extensions also installed malicious code in the background which allowed the defendants to scrape user data from Facebook’s site.

The malicious Chrome add-ons were also used to surreptitiously collect data unrelated to Facebook from the users’ web browsers.

While the users were browsing the Facebook website, the extensions automatically scraped account information including the victims’ name, user ID, gender, relationship status, and age group among others.

Malicious Chrome extensions

Romero added that the defendants did not compromise Facebook’s security systems during their malicious activity but, instead, they only used the extensions installed on users’ devices to scrape data.

“We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession,” Romero concluded.

“This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.”

Legal action against platform abuse

This action is part of a long series of instances where Facebook took legal action against entities attempting to abuse the company’s platform and services.

For…

Source…

Private Prison Company Sues Netflix Over Use Of Logo In ‘Messiah’

June 3, 2020/in Internet Security

When we last talked about the Geo Group, a company making hundreds of millions of dollars running private prisons, one of its executives was attempting to improve the company’s reputation by constantly removing all the dirty from the Wikipedia page about the company. In trying to do this, of course, the company actually amplified the controversies listed on Wikipedia and, having been caught trying to scrub the internet of its own sins, found itself in headlines as a result. At present, the Wikipedia page still lists those controversies, but more on that in a moment.

Because the latest bit of news from Geo Group is that it is suing Netflix over the use of its logo in a fictional prison in Messiah.

The GEO Group, which operates private prisons and detention centers, filed a lawsuit on Wednesday alleging that it had been defamed in two episodes of the Netflix series “Messiah.”

The series depicts a mysterious figure who gains a following by performing miracles in the desert. In the third and fourth episodes, the character is detained at an immigration facility in Texas, which is identified with GEO Group logos.

The suit claims that the show depicts the facility in a defamatory light. The inmates do not have beds, are kept in overcrowded conditions and surrounded by chain-link fences.

In addition to the claim of defamation, the suit also claims that the Netflix shows use of Geo Group’s logos in two of its episodes constitutes trademark infringement. If all of this seems somewhat familiar, it’s because it’s quite similar to the spat between the infamous Pinkerton Consluting & Investigations company and Take Two Interactive over the latter’s Red Dead Redemption 2 game, which portrayed the Pinkertons fictionally in a way that jives with its historical reputation. While in that case the lawsuit was filed by the content producer seeking declaratory judgement that its use of all names and trademarks was protected free speech, it’s still the case that Pinkerton ran away from its threats. I would imagine Geo Group will need to do so as well, as this sort of fictional representation is indeed protected on First Amendment grounds.

As for the defamation claim, well, we’re back to those controversies from the Wikipedia page. Those list overcrowding of its prisons, poor conditions that led to multiple prison riots, and specifically some claims of poor conditions for immigrants awaiting deportation. You know, basically the sort of portrayal the suit itself alleges in Messiah.

“Unlike in ‘Messiah,’ GEO does not house people in overcrowded rooms with chainlink cages at its Facilities, but provides beds, bedding, air conditioning, indoor and outdoor recreational spaces, soccer fields, classrooms, libraries, and other amenities that rebut ‘Messiah’’s defamatory falsehoods,” the complaint states.

The suit includes colorful photographs of libraries, classrooms and recreation facilities at GEO detention centers.

Except that it has a reputation for all of the issues above, no matter how many pretty pictures the company includes in its filing. And trademark and defamation laws, whatever teeth they might have, can’t pierce the First Amendment’s protections on artistic representation in a work of fiction.

Netflix tends to be fairly good about fighting back on these sorts of things. Hopefully they’ll do so in this case as well.

Techdirt.