Former Twitter worker convicted of helping Saudi Arabia spy on dissidents

At least one former Twitter employee is facing prison time for allegedly helping Saudi Arabia spy on critics. Bloombergreports a jury in San Francisco has convicted US resident Ahmad Abouammo of serving as an agent for Saudi Arabia, as well as falsifyi…

US imposes sanctions on cryptocurrency mixer that allegedly laundered over $7 billion

The US is ramping up its efforts to crack down on shady cryptocurrency mixers. The Treasury Department has imposed sanctions on Tornado Cash, a mixer that allegedly helped launder more than $7 billion in stolen crypto funds since its inception in 2019. Like a previous sanctions target, Blender, Tornado Cash is accused of “indiscriminately” helping thieves by hiding transaction details while failing to institute meaningful anti-laundering safeguards. North Korea’s state-sponsored Lazarus Group hackers are believed to have funneled $455 million through the mixer.

The sanctions block transactions with or for the benefit of Tornado Cash-related individuals and entities, whether they’re located in the US or controlled by Americans. Anyone who detects banned activity is required to inform the Treasury’s Offices of Foreign Assets Control.

Tornado Cash runs on the Ethereum blockchain. Officials said the mixer played a role in other large-scale thefts, including the Harmony Bridge heist (where it laundered $96 million) from June and this month’s Nomad attack (involving “at least” $7.8 million).

The government has taken legal action against crypto mixers for years. Federal law enforcement charged an Ohio man in 2020 for running a darknet mixer that helped criminals launder $300 million. The Treasury only started sanctioning mixers when it blocked Blender this May, however. The US now believes criminal-friendly mixers are a national security threat, and hopes efforts like these will curb both terrorism as well as attempts to dodge conventional sanctions.

SEC charges 11 people over ‘textbook’ $300 million crypto Ponzi scheme

It’s a day of the week ending in the letter “y,” which inevitably means there’s news of anothermessysaga in the cryptocurrency world. The Securities and Exchange Commission has charged 11 people who allegedly set up and promoted Forsage, which it said was a crypto Ponzi scheme that pulled in over $300 million from retail investors.

The agency asserts that Forsage enabled millions of people to engage in transactions through smart contracts on the Ethereum, Tron, and Binance blockchains. It alleged that Forsage had essentially been operating as a pyramid scheme for over two years, wherein the main way for investors to make money was by luring other people into the scheme. “Fraudsters cannot circumvent the federal securities laws by focusing their schemes on smart contracts and blockchains,” Carolyn Welshhans, acting chief of the SEC’s Crypto Assets and Cyber Unit, said in a statement.

“Forsage is a textbook pyramid and Ponzi scheme,” the SEC’s complaint reads. “It did not sell or purport to sell any actual, consumable product to bona fide retail customers during the relevant time period and had no apparent source of revenue other than funds received from investors.”

Four of those charged are Forsage’s founders, who were last known to be living in Russia, the Republic of Georgia and Indonesia. The SEC also charged three promoters based in the US, who the founders allegedly recruited to endorse Forsage on its website and social media. Several members of a group called Crypto Crusaders, a group that promoted the scheme, were charged with violating the registration and anti-fraud provisions of federal securities laws as well. Two defendants have agreed to settle the charges without admitting or denying the allegations.

As CNBC notes, Forsage’s founders launched the platform in January 2020. Regulators in the Philippines and Montana tried to shut it down with cease-and-desist actions. The SEC alleged that the defendants continued to promote Forsage while denying claims made against the platform in YouTube videos.

US federal court system attacked by ‘hostile foreign actors’ in 2020 security breach

The US federal courts’ document filing system was attacked by three hostile foreign actors, House Judiciary Committee Chair Jerrold Nadler has told fellow lawmakers. According to Politico, Nadler made the first public disclosure of the cyberattack at a committee hearing on oversight of the Justice Department’s National Security Division (NSD). The attack happened as part of a bigger security breach that led to a “system security failure” way back in 2020. Nadler has admitted during the hearing, however, that the committee only learned about the “startling breadth and scope” of the breach this March. 

Matthew Olsen, the Assistant Attorney General for National Security, has testified at the hearing and said his division is “working very closely with the judicial conference and judges around the country to address this issue.” As you can guess, lawmakers are worried about how many cases were impacted by the breach and how exactly the issue had affected them. “[T]his is a dangerous set of circumstances that has now been publicly announced, and we need to know how many…were dismissed,” committee member Rep. Sheila Jackson Lee told Olsen. When asked if the breach had affected any of the cases the NSD had handled, Olsen said he couldn’t think of any in particular. 

There’s still a lot of information about the breach that’s kept under wraps — Senator Ron Wyden even wrote to the Administrative Office of the US Courts to express concerns about the fact that “the federal judiciary has yet to publicly explain what happened and has refused multiple requests to provide unclassified briefings to Congress.” As Politico notes, though, the US Courts admitted in January 2021 that its Case Management/Electronic Case Files system was breached and even changed its filing procedures for sensitive documents. The publication also points out that this breach wasn’t a part of the massive SolarWinds hacks, which are being blamed on a Russian state-sponsored group known as Nobelium.

Olsen said the Justice Department’s investigators will keep the committee updated about any new developments, so we’ll likely hear more information about the data breach in the future. 

SEC investigates Coinbase, says it may have illegally sold unregistered securities

Coinbase is facing a US Securities and Exchange Commission (SEC) probe into whether it allowed users to trade digital tokens that should have been registered as securities, Bloomberg has reported. Coinbase, involved indirectly in another probe by the SEC and state of New York, recently caught the regulator’s eye after expanding the number of tokens it offers for trading. 

After taking a conservative approach to listing cryptocurrencies, Coinbase now lets Americans trade more than 150 tokens, according to Bloomberg. If any of those are considered to be securities, it would need to register as an exchange with the SEC. A token is considered to be a security if it involves investors putting up funds for a company in order to profit from the work of its leadership.

Last week, the commission accused a former Coinbase employee of violating insider-trading rules by helping his brother and a friend buy dozens of different types of tokens before they were listed on the platform. Coinbase itself wasn’t accused of any wrongdoing, but the SEC said it considered nine of the dozens of digital tokens traded by the men to be securities, including seven listed by the exchange. 

In a response by chief legal officer Paul Grewal, Coinbase said that it “does not list securities on the platform. Period.” As evidence of that, it said that the US Department of Justice “reviewed the same facts [as the SEC] and chose not to file securities fraud charges against those involved.” 

Coinbase has previously complained that there’s no regulatory framework for digital asset securities. As it happened, the company filed a petition for rule making to clarify those rules just before the SEC filed charges. “Instead of crafting tailored rules in an inclusive and transparent way, the SEC is relying on these types of one-off enforcement actions to try to bring all digital assets into its jurisdiction, even those assets that are not securities,” Grewal wrote. 

US and UK joint data access agreement goes into effect on October 3rd

The US and UK have signed a Data Access Agreement that will allow law enforcement agencies in each country to request user internet data from the other, the Department of Justice (DoJ) and UK Home Office said in a joint press release. The agreement was…

Lawsuit accuses Chicago authorities of misusing gunshot detection system in a murder case

A 65-year-old man named Michael Williams spent almost a year in jail over the shooting of a man inside his car before prosecutors asked a judge to dismiss his case due to insufficient evidence. Now, the MacArthur Justice Center has sued the city of Chicago for using ShotSpotter, which it calls an “unreliable” gunshot detection technology, as critical evidence in charging him with first-degree murder. The human rights advocate group out of Northwestern University accuses the city’s cops of relying on the technology and failing to pursue other leads in the investigation.

Williams was arrested in 2021 over the death of Safarian Herring, a young man from the neighborhood, who asked him for a ride in the middle of unrest over police brutality in May that year. According to an AP report from March, the key piece of evidence used for his arrest was a clip of noiseless security video showing a car driving through an intersection. That’s coupled with a loud bang picked up by ShotSpotter’s network of surveillance microphones. ShotSpotter uses a large network of audio sensors distributed through a specific area to pick up the sound of gunfire. The sensors work with each other to triangulate the shot’s location, so perpetrators can’t hide behind walls or other structures to mask their crime.

However, a study conducted by the MacArthur Justice Center in 2021 found that 89 percent of the alerts the system sends law enforcement turn up no evidence of any gun-related crime. “In less than two years, there were more than 40,000 dead-end ShotSpotter deployments,” the report said. The group also pointed out that ShotSpotter alerts “should only be used for initial investigative purposes.” San Francisco’s surveillance technology policy (PDF), for instance, states that its police department must only use ShotSpotter information to find shell casing evidence on the scene and to further analyze the incident.

The lawsuit accuses Chicago’s police department of failing to pursue other leads in investigating Williams, including reports that the victim was shot earlier at a bus stop. Authorities never established what’s supposed to be Williams’ motive, didn’t find a firearm or any kind of physical evidence that proves that Williams shot Herring, the group said.

On its website, ShotSpotter posted a response to “false claims” about its technology, calling reports about its inaccuracy “absolutely false.” The company claims its technology has a 97 percent accuracy rate, including a 0.5 percent false positive rate, and says those numbers were independently confirmed by Edgeworth Analytics, a data science firm in Washington, D.C. It also answers the part of the lawsuit that criticizes Chicago’s decision to place most of it sensors in predominantly Black and Latino neighborhoods, which could lead to potentially dangerous clashes with the police. ShotSpotter said it’s a false narrative that its coverage areas are biased and racially discriminatory and that it works with clients to determine coverage areas based on historical gunfire and homicide data .

As AP reports, the lawsuit is seeking class-action status for any Chicago resident who was stopped because of a ShotSpotter alert. The MacArthur Justice Center is also seeking damages from the city for the mental anguish and loss of income Williams had experienced throughout the whole ordeal, as well as for the legal fees he incurred. Further, the group is asking the court to ban the technology’s use in the city altogether.

US files its first criminal charges over insider trading of cryptocurrency

American authorities are continuing to crack down against insider trading of digital assets. The New York Timesreports that federal prosecutors in New York City have charged three people with wire fraud relating to an insider trading scheme for cryptocurrency, including former Coinbase exchange employee Ishan Wahi. This is the first time officials have levelled charges relating to insider trading of digital currency, according to Southern District of New York attorney Damian Williams.

As with a companion civil case from the Securities and Exchange Commission, prosecutors allege Wahi shared confidential information about future asset listings with his brother Nikhil Wahi and his brother’s friend Sammer Ramani. The data, shared between “at least” June 2021 and April 2022, helped Nikhil and his friend buy assets before the listing boosted their value. The two would then sell their assets for a profit. The purchases of 25 or more assets netted a profit of more than $1.1 million, according to the SEC.

Coinbase started an internal investigation in April in response to a Twitter post about unusual trading activity. Ishan Wahi booked a flight to India right before Coinbase was set to interview him, but he and his brother were arrested in Seattle this morning. Ramani is still at large and believed to be in India, the SEC said.

Wahi’s lawyers maintained their client’s innocence, and said he would “vigorously” defend against the charges. Ramani and the attorney for Wahi’s brother haven’t commented on the charges. Coinbase said it had turned over information to the Justice Department and had fired Wahi as part of a “zero tolerance” policy for this behavior.

This is far from the largest crypto case. Lending firm BlockFi recently paid $100 million to settle securities violations, while Telegram had to return $1.2 billion to investors for its own violations on top of paying $18.5 million. However, the charges are intended more to send a warning. The government wants to make clear that fraud is illegal whether it’s “on the blockchain or on Wall Street,” as Williams explained to The Times. This is as much about discouraging would-be crooks as it is punishment for the defenders.

Jury convicts ex-CIA engineer for leaking the agency’s hacking toolset

Joshua Schulte, the former CIA engineer arrested for what’s being called the biggest theft of classified information in the agency’s history, has been convicted by a federal jury. Schulte was arrested in relation to the large cache of documents that Wikileaks had published throughout 2017. That string of CIA leaks known as “Vault 7” contained information on the tools and techniques the agency used to hack into iPhones and Android phones for overseas spying. It also had details on how the CIA broke into computers and how it turned smart TVs into listening devices. A federal jury has found Schulte guilty on nine counts, including illegally gathering national defense information and then transmitting it.

According to The New York Times, Schulte was arrested after investigators traced the leaks to him. The former CIA engineer worked with a team in a secret building protected by armed guards to create tools, like malware, that were used to target the devices of suspected terrorists. In 2018, he was formally charged with 13 counts that included theft of classified information, obstruction of justice, as well as possessing and sending images and videos with child pornography. He’s still awaiting trial on charges of possessing child pornography, which he allegedly downloaded from 2009 until March 2017. 

Schulte’s original trial back in 2020 was declared a mistrial after jurors couldn’t come to an agreement regarding some of hist most serious charges, illegally gathering and transmitting national defense information included. After that event, the former CIA engineer had decided to represent himself. As part of his closing arguments, he told the jurors that the CIA and the FBI made him a scapegoat for their embarrassing failure, repeating what his side had been saying from the time he was arrested.

While the judge, AP said, was impressed with his closing arguments, they weren’t enough to get the jury on his side. In court, he argued that the government’s case is full of holes and that he didn’t even have motive to leak the CIA’s hacking tools. Prosecutors, however, accused him of being a disgruntled employee who felt that he was disrespected when the agency ignored his complaints about his work environment. As retaliation, he allegedly tried “to burn [the CIA] to the ground.” US Attorney Damian Williams said his actions rendered the “most valuable intelligence-gathering cyber tools used to battle terrorist organizations and other malign influences around the globe” essentially useless. Williams also accused Schulte of trying to leak more classified materials against the government while he was behind bars. 

Schulte will have to face the court again to face charges related to possession of child pornography before a sentencing date can be set. The nine counts he was convicted of, however, are enough to keep him in prison for up to 80 years.

Amazon gave Ring footage to police without customer consent

As of July 1st of this year, Amazon has provided Ring footage to US law enforcement 11 times without user consent or a court order, according to a disclosure shared by Senator Edward Markey on Wednesday. The Massachusetts Democrat sent Amazon a letter last month with questions about the company’s policies related to Ring and its relationships with police. Amazon responded to the letter at the start of July.

The disclosure marks the first time Amazon has shared this kind of information with the public. In its law enforcement guidelines, Ring says it reserves the right to “immediately” respond to police requests in cases where someone could die or suffer serious injury.

“In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay,” wrote Brian Huseman, Amazon’s vice-president of public policy, of the 11 videos. Huseman didn’t say the specific footage Ring shared with police.

In his letter, Markey asked Amazon to agree not to accept financial contributions from police or participate in sting operations. The company did not agree to those restrictions. In the past, Ring has actively courted partnerships with law enforcement and even gone so far as to author statements shared by police.

“It’s simply untrue that Ring gives anyone unfettered access to customer data or video, as we have repeatedly made clear to our customers and others,” a Ring spokesperson told Engadget. “The law authorizes companies like Ring to provide information to government entities if the company believes that an emergency involving danger of death or serious physical injury to any person, such as a kidnapping or an attempted murder, requires disclosure without delay. Ring faithfully applies that legal standard.” 

The news that Amazon shared footage with police without user consent at least 11 times this year is likely to add to the concerns many privacy experts have about the company. In 2021, the Electronic Frontier Foundation reported that the Los Angeles Police Department requested footage from Ring of Black Lives Matter protests captured by residential cameras. 

Markey used the disclosure to call on lawmakers to pass the Facial Recognition and Biometric Technology Moratorium Act, a bill he introduced alongside Senator Jeff Merkley and Representatives Pramila Jayapal and Ayanna Pressley. “As my ongoing investigation into Amazon illustrates, it has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded,” said Markey. “We cannot accept this as inevitable in our country.”