Scientific research piracy site hit with $15 million fine

Alexandra Elbakyan.

The operator of a searchable piracy site for scientific research papers has been ordered to pay $15 million as fallout from a US copyright infringement lawsuit brought by one of the world’s leading scientific publishers, New York-based Elsevier.

The award doesn’t mean the six-year-old Sci-Hub site is shuttering, though, despite being ordered to do so. The site has been engaged in a game of domain Whac-a-Mole ever since the case was filed in New York federal court nearly two years ago. And it doesn’t mean that the millions of dollars in damages will get paid, either. The developer of the Pirate Bay-like site for academic research—Alexandra Elbakyan of Russia—has repeatedly said she wouldn’t pay any award. She didn’t participate in the court proceedings, either. US District Judge Robert Sweet issued a default judgement (PDF) against the site this week, but Sci-Hub remains online.

Elsevier markets itself as a leading provider of science, medical, and health “information solutions.” The infringing activity is of its subscription database called “ScienceDirect.” Elsevier claims ScienceDirect is “home to almost one-quarter of the world’s peer-reviewed, full-text scientific, technical, and medical content.”

Read 4 remaining paragraphs | Comments

Obama reportedly ordered implants to be deployed in key Russian networks

In his final days as the 44th president of the United States, Barack Obama authorized a covert hacking operation to implant attack code in sensitive Russian networks. The revelation came in an 8,000-word article The Washington Post published Friday that recounted a secret struggle to punish the Kremlin for tampering with the 2016 election.

According to Friday’s article, the move came some four months after a top-secret Central Intelligence Agency report detailed Russian President Vladimir Putin’s direct involvement in a hacking campaign aimed at disrupting or discrediting the presidential race. Friday’s report also said that intelligence captured Putin’s specific objective that the operation defeat or at least damage Democratic candidate Hillary Clinton and help her Republican rival Donald Trump. The Washington Post said its reports were based on accounts provided by more than three dozen current and former US officials in senior positions in government, most of whom spoke on the condition of anonymity.

In the months that followed the August CIA report, 17 intelligence agencies confirmed with high confidence the Russian interference. After months of discussions with various advisors, Obama enacted a series of responses, including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and expelling 35 Russian diplomats from the US. All of those measures have been known for months. The Post, citing unnamed US officials, said Obama also authorized a covert hacking program that involved the National Security Agency, the CIA, and the US Cyber Command. According to Friday’s report:

Read 1 remaining paragraphs | Comments

Espionage suspect totally thought messages to Chinese intel were deleted

On June 22, Kevin Patrick Mallory was brought before a US federal judge for his first hearing on charges that he sold highly classified documents to a Chinese intelligence agent. These documents, which are considered “National Defense Information,” included at least one Top Secret document and three classified as Secret and were found on a phone Mallory had been provided by his Chinese contacts. Mallory, a 60-year-old former Central Intelligence Agency employee living in Leesburg, Virginia, had thought the documents were in messages that had been deleted automatically from the device. Mallory faces life in prison if convicted.

Mallory, an independent consultant, had previously been an employee of “various government agencies” as well as several defense contractors. An Army veteran, Mallory worked at the State Department from 1987 to 1990. And according to The Washington Post, Mallory was also confirmed to have worked at the CIA, among other places. According to the FBI, Mallory was also an Army reservist during this time and served on active duty for several deployments. For much of his career, he held a Top Secret clearance, which was rescinded when he left government service in 2012.

According to the indictment, at some point during his service at the unnamed agency or at a defense contractor, Mallory—who is fluent in Mandarin—secreted out a collection of documents. Mallory told the FBI that while in China doing consulting work for a state-funded think tank in March and April of this year, he was approached by individuals he then believed to be with China’s intelligence service and was given a phone to communicate with them secretly. During an interview with the FBI on May 24, FBI agent Stephen Green recounted in an affidavit requesting an arrest warrant:

Read 6 remaining paragraphs | Comments

How the CIA infects air-gapped networks

Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected.

More than 150 pages of materials published by WikiLeaks describe a platform code-named Brutal Kangaroo that includes a sprawling collection of components to target computers and networks that aren’t connected to the Internet. Drifting Deadline was a tool that was installed on computers of interest. It, in turn, would infect any USB drive that was connected. When the drive was later plugged into air-gapped machines, the drive would infect them with one or more pieces of malware suited to the mission at hand. A Microsoft representative said none of the exploits described work on supported versions of Windows.

The infected USB drives were at least sometimes able to infect computers even when users didn’t open any files. The so-called EZCheese exploit, which was neutralized by a patch Microsoft appears to have released in 2015, worked anytime a malicious file icon was displayed by the Windows explorer. A later exploit known as Lachesis used the Windows autorun feature to infect computers running Windows 7. Lachesis didn’t require Explorer to display any icons, but the drive of the drive letter the thrumbdrive was mounted on had to be included in a malicious link. The RiverJack exploit, meanwhile, used the Windows library-ms function to infect computers running Windows 7, 8, and 8.1. Riverjack worked only when a library junction was viewed in Explorer.

Read 4 remaining paragraphs | Comments

Pizzagate shooter sentenced to four years in prison

A man who barged into a Washington, DC, pizzeria with an AR-15 rifle to “self-investigate” an Internet conspiracy theory was sentenced to four years in prison today.

District Judge Ketanji Brown Jackson said “the extent of the recklessness” exhibited by 29-year-old Edgar Maddison Welch was “breathtaking,” according to a report by ABC News. Welch pled guilty in March to charges of transporting a firearm across state lines and assault with a dangerous weapon.

Read 6 remaining paragraphs | Comments

Judge rips lawyers in IP rift over viral Facebook childbirth video

A year ago, the US Supreme Court announced guidance to lower courts in determining whether the prevailing party in a copyright lawsuit should be awarded attorney fees. Under US law, the losing side of a copyright suit can be ordered to pay the legal costs to the winners—no matter which side originally brought the case.

The Supreme Court said that the imposition of a fee award against a copyright holder should be denied if the rights holder held an “objectively reasonable” belief that there was infringement—even if the copyright holder loses the lawsuit.

Today, we’re seeing another example in practice on how that ruling is playing out. A New York federal judge on Wednesday ruled that no “reasonable attorney” would have sued news organizations for broadcasting or publishing seconds-long clips from the 45-minute live Facebook video of a childbirth. Hence, the media outlets that were on the receiving end of the lawsuit are entitled to recover what may amount to hundreds of thousands of dollars in legal costs.

Read 8 remaining paragraphs | Comments

Scammer who made 96 million robocalls should pay $120M fine, FCC says

The Federal Communications Commission today said that a scammer named Adrian Abramovich “apparently made 96 million spoofed robocalls during a three-month period” in order to trick people into buying vacation packages. The FCC proposed a fine of $120 million, but it will give the alleged perpetrator a chance to respond to the allegations before issuing a final decision.

The robocalls appeared to come from local numbers, and they told recipients to “press 1” to hear about exclusive vacation deals from well-known hotel chains and travel businesses such as Marriott, Expedia, Hilton, and TripAdvisor, the FCC said.

“Consumers who did press the button were then transferred to foreign call centers where live operators attempted to sell vacation packages often involving timeshares,” the FCC said. “The call centers were not affiliated with the well-known travel and hospitality companies mentioned in the recorded message.”

Read 10 remaining paragraphs | Comments

Trump plans to dismantle Obama-era “Startup Visa”

A regulation from the Obama administration that would have allowed foreign-born entrepreneurs who raise investor cash to build their startups in the US won’t be allowed to go into effect.

The Department of Homeland Security will file an official notice to delay the International Entrepreneur Rule for eight months. The intention is to eliminate the rule entirely, according to sources briefed on the matter who spoke to The Wall Street Journal.

The decision isn’t final, and a DHS spokesperson told the WSJ that the department “cannot speculate” on the outcome of the review.

Read 6 remaining paragraphs | Comments