A couple of big [unnamed] US tech companies were scammed out of $100 million

The Department of Justice just unsealed an indictment against a Lithuanian scammer who managed to trick two American tech companies into wiring him $100 million. The scammer, 48-year-old Evaldas Rimasauskas, did so by masquerading as a prominent Asian hardware manufacturer, according to court documents, and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries. Rimasauskas was first indicted back in December, but the DOJ only unsealed the documents after arresting the man last week.

What makes this remarkable is not Rimasauskas’ particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it’s the amount of money he managed to score and the industry from which he stole it.

The indictment specifically describes the companies in vague terms. The first company is “multinational technology company, specializing in internet-related services and products, with headquarters in the United States,” the documents read. The second company is a “multinational corporation providing online social media and networking services.” Both apparently worked with the same “Asia-based manufacturer of computer hardware,” a supplier that the documents indicate was founded some time in the late ‘80s…

What’s more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money.

Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft…

I can’t believe someone as detail-oriented as this dude appears to be didn’t plan on leaving home and establishing another identity on a planet in a galaxy far, far away. Did he think no one would come looking for the $100 million? At least move someplace without an extradition agreement with the USofA.

Thanks, Barry Ritholtz

French now have the right to ignore company emails on their own time

❝ France employees are getting the legal right to avoid work emails outside working hours…The new law, which has been dubbed the “right to disconnect”, comes into force on 1 January.

Companies with more than 50 workers will be obliged to draw up a charter of good conduct, setting out the hours when staff are not supposed to send or answer emails…

❝ The measure is part of a set of labour laws introduced in May…It was the only one of the laws – which also made it easier for firms to hire and fire employees – that did not generate widespread protest and strikes.

I’ll second that emotion. For most occupations, companies requiring email attention on your own time are folks I wouldn’t recommend working for.

Yes, there are exceptions. That’s not what this is about.

Microsoft wins milestone appeal over US wanting to snoop offshore email

A federal appeals court…said the U.S. government cannot force Microsoft Corp and other companies to turn over customer emails stored on servers outside the United States.

The 3-0 decision by the 2nd U.S. Circuit Court of Appeals in Manhattan is a defeat for the U.S. Department of Justice and a victory for privacy advocates and for technology companies offering cloud computing and other services around the world.

Circuit Judge Susan Carney said communications held by U.S. service providers on servers outside the United States are beyond the reach of domestic search warrants issued under the Stored Communications Act, a 1986 federal law.

“Congress did not intend the SCA’s warrant provisions to apply extraterritorially,” she wrote. “The focus of those provisions is protection of a user’s privacy interests.”

The case has attracted strong interest from the technology and media sectors, amid concern that giving prosecutors expansive power to collect data outside the country could make it harder for U.S. companies to compete there.

Dozens of companies, organizations and individuals filed briefs supporting Microsoft’s appeal, including the U.S. Chamber of Commerce, Amazon.com, Apple, Cisco Systems, CNN, Fox News Network, Gannett and Verizon…

Judge Carney said limiting the reach of warrants serves “the interest of comity” that normally governs cross-border criminal investigations.

She said that comity is also reflected in treaties between the United States and all European Union countries, including Ireland, to assist each other in such probes.

It’s like the stupidity that passes for legal reason over most “religious freedoms”. You decide what you want for an outcome and then search till you can find articles or junk research to suit your convictions. Regardless of logic or science. This is what political lawyers do in so many cases involving privacy and free speech.

Constitutional protections be damned. If they can find some out-of-date regulation that can be torturously interpreted to validate the result they want – Bingo, make it so!

Women are calling Indiana’s Republican governor to talk about their periods


You will obey or go to jail!

For the past week, women have been calling and emailing the office of Indiana Gov. Mike Pence to tell him about their periods. In detail.

“My flow seems abnormally heavy”

“My name is Sue Magina.”

The epic trolling effort comes from members of the Facebook group Periods for Pence, launched after Pence recently signed a new anti-abortion bill into law.

Some of the calls are gross-out moves that mock the overall idea of legislators meddling with women’s health care. Pence thinks he knows better than my gynecologist, the joke goes, so maybe I should start coming to him with my reproductive health issues!…

But there’s also a very specific critique of Indiana’s new law going on here.

The bill signed by Pence (and written by state Rep. Casey Cox, who is now also getting calls) has some pretty shocking provisions. One of them basically forces women to seek funerary services for a fetus — no matter if she has had an abortion or a miscarriage, and no matter how far along the pregnancy was. All fetal tissue has to be cremated or buried, which has never been required in any state law before…

So by telling Pence about their periods, women are simply being good citizens who are being extra careful not to run afoul of the new law. It sounds absolutely absurd, and it is. But it’s also what happens when you take a law as bizarre and medically incoherent as Indiana’s to its logical conclusion…

Notably, the American Civil Liberties Union (ACLU) just filed a lawsuit on behalf of Planned Parenthood to block the new law before it takes effect July 1. The ACLU says the law unconstitutionally invades a woman’s privacy and interferes with her protected decision to have an abortion.

Not that Republicans give a damn about anyone’s privacy, not that the Party of NO thinks any woman has the right to make decisions about her own reproductive system. Paternalist, patriarchal, backwards as any superstitious git’s fear of science – or democracy – today’s Republican Party has devolved into the worst possible example of fear and prejudice masquerading as a political party.

raytomlinson@arpanet.org

Ray Tomlinson, the inventor of email, who popularized @ symbol, has died at age 74. Here is his description of that milestone:

During the summer and autumn of 1971, I was part of a small group of programmers who were developing a time-sharing system called TENEX that ran on Digital PDP-10 computers. We were supporting a larger group working on natural language. Earlier, I had worked on the Network Control Protocol (NCP) for TENEX and network programs such as an experimental file transfer program called CPYNET.

I was making improvements to the local inter-user mail program called SNDMSG. Single-computer electronic mail had existed since at least the early 1960’s and SNDMSG was an example of that. SNDMSG allowed a user to compose, address, and send a message to other users’ mailboxes.

A mailbox was simply a file with a particular name. It’s only special property was its protection which only allowed other users to append to the file. That is, they could write more material onto the end of the mailbox, but they couldn’t read or overwrite what was already there. The idea occurred to me that CPYNET could append material to a mailbox file just as readily as SNDMSG could. SNDMSG could easily incorporate the code from CPYNET and direct messages through a network connection to remote mailboxes in addition to appending messages to local mailbox files.

The missing piece was that the experimental CPYNET protocol had no provision for appending to a file; it could just send and receive files. Adding the missing piece was a no-brainer — just a minor addition to the protocol. I don’t recall the protocol details, but appending to a file was the same as writing to a file except for the mode in which the file was opened.

Next, the CPYNET code was incorporated into SNDMSG. It remained to provide a way to distinguish local mail from network mail. I chose to append an at sign and the host name to the user’s (login) name. I am frequently asked why I chose the at sign, but the at sign just makes sense. The purpose of the at sign (in English) was to indicate a unit price (for example, 10 items @ $1.95). I used the at sign to indicate that the user was “at” some other host rather than being local.

The first message was sent between two machines that were literally side by side. The only physical connection they had (aside from the floor they sat on) was through the ARPANET. I sent a number of test messages to myself from one machine to the other. The test messages were entirely forgettable and I have, therefore, forgotten them. Most likely the first message was QWERTYUIOP or something similar. When I was satisfied that the program seemed to work, I sent a message to the rest of my group explaining how to send messages over the network. The first use of network email announced its own existence.

These first messages were sent in late 1971. The next release of TENEX went out in early 1972 and included the version of SNDMSG with network mail capabilities. The CPYNET protocol was soon replaced with a real file transfer protocol having specific mail handling features. Later, a number of more general mail protocols were developed.

Board your flight – check email – upload paperwork – get billed over $1000!

wifi phone bill

When it comes to offering Wi-Fi in the sky, airlines enjoy a situational monopoly. Still, this takes the cake: a Singapore Airlines passenger stepped off a plane, looked at his phone and discovered this bill for $1,171.46:

As the passenger, Jeremy Gutsche, explains on TrendHunter, the eye-popping total came about as result of ordinary internet use — sending emails, uploading documents and such things. But since the airline’s $28.99 sign-on fee only included a paltry 30 MB of data, the overage charges hit hard.

“I wish I could blame an addiction to Netflix or some intellectual documentary that made me $1200 smarter. However, the Singapore Airlines internet was painfully slow, so videos would be impossible and that means I didn’t get any smarter… except about how to charge a lot of money for stuff. I did learn that,” noted Gutsche…

Meanwhile, the airlines are locked into long-term exclusive contracts with Wi-Fi providers like Gogo, which appears to have settled a recent price-gouging suit but has failed to bring down prices. The hope of future competition doesn’t look great either, as AT&T this week said it would ground plans to build in-flight Wi-Fi.

The article ends with a CYA explanation about startup costs for airplane wifi services. Scant help to consumers who have been shafted.

And a lousy business model – apparently acceptable to some providers.

So, a word of caution. Check what’s included in what you sign up for. You know from the gitgo that airlines aren’t in the business of providing anything at a reasonable cost. They will screw you a bit more for some services than others.

Microsoft confronts the DOJ and Congress over global privacy


Some folks think this is up-to-date

American law enforcement officials cannot get evidence located in other countries without the help of foreign governments. But can an American company be ordered by a court to turn over information stored on computer servers located in another country? The Federal District Court for the Southern District of New York will consider that question this week in a narcotics case in which federal prosecutors want access to a Microsoft email account stored in Ireland.

The case raises difficult questions about the reach of domestic law and the Internet’s global nature. It also points to significant gaps in American laws, which do not address how data stored abroad should be treated. Congress passed the Stored Communications Act, the law at issue in this case, in 1986, when few people could have foreseen cloud computing or imagined that businesses would operate data centers around the world that store messages and documents of Americans and foreigners alike.

I certainly hope you don’t think the lazy bastards we elected would keep up-to-date with changing technology and legal responsibility. Some of these clowns still haven’t figured out civil rights or having a commitment to the whole electorate.

Microsoft is asking the court to quash a warrant issued by a federal magistrate judge in December, contending that it cannot be compelled to turn over information located in its Irish data center because American law does not apply there. It argues that to obtain information stored in Ireland, the Justice Department needs to go through the legal-assistance treaty between that country and the United States. Other companies, including Verizon, AT&T and Apple, and public-interest groups like the Electronic Frontier Foundation have filed briefs supporting Microsoft’s position.

The United States attorney’s office in Manhattan, which is fighting Microsoft, argues that going through foreign governments would be far too cumbersome and would allow criminals to evade American law by storing information about illegal activities on foreign servers.

Not much more detail needed. The crux of the case is privacy protection which can affect all of us.

Steve Terrell gets his first robocall of the 2014 political season


It’s Starting …

Posted on Jul 8, 2014 by Steve Terrell at his blog at the Santa Fe NEW MEXICAN

I checked my personal email a few minutes ago and noticed I’d received a call on my home phone. Here’s what it looked like (transcript courtesy of the robots at Comcast, copied and pasted exactly as it appeared, question marks and all):

“Hi this is Gary I’m very sorry I missed you. I’m a volunteer and I was just calling to let you know about Doctor Mike street(?) he wants to stand up for New Mexico in the US House of Representatives. my(?) … with-the-mexico(?) for fifty five years now and he he understands our state and our district extremely well next week with the scientist engineer physicist-instead(?) the mathematician with the PhD in applied mathematics from MIT. He’s also Maggie here and both his(?) bachelors and Masters from the Mexico State University. Doctor Mike Reed wants to be your representative in Washington but in the meantime he is working to make Mexico a better place with his-own(?) small business. My free there’s-been(?) a contractor and the sub contractor(?) supporting our Air Force national ads for the past twenty five years. Well. Thank you very much for your time and for considering Doctor Mike from-with-your(?) thoughts about the one(?) … bye have a great day.”

Steve Terrell is one of the best political reporters in any local/state/regional scene around the nation. Major newspapers agree with me – say no more. They read his writing to find out what’s going on in New Mexico. So do I – and enjoy an extra chuckle in the process.

I’m not certain which is least competent – whoever drafted this political robocall or the Comcast robots transcribing and emailing the contents to Steve. But, it makes for enjoyable reading albeit mostly incomprehensible.

Slowly, surely, a plan to impede the NSA is taking hold

A year after revelations first emerged from former National Security Agency contractor Edward Snowden about mass Internet surveillance, more e-mail providers are adopting encryption, a simple change that could make it harder for spy agencies to vacuum up huge numbers of communications in transit.

In an analysis released this week, Google said 65 percent of the messages sent by Gmail users are encrypted when delivered, meaning the recipient’s provider also supports the encryption needed to establish a secure connection for transmission of the message…Gmail has more than 425 million accounts worldwide and was an early adopter of e-mail encryption.

Only 50 percent of incoming messages are encrypted, Google says, but that’s up from 27 percent on December 11, 2013. And the numbers could get even better as more providers offer encryption by default to their customers. Charlie Davis, a Comcast spokesman, says the Internet service provider is working on it and plans to “gradually ramp up encryption with Gmail in the coming weeks.”

There are still significant gaps: less than 1 percent of traffic to and from Gmail from Comcast and Verizon is currently encrypted, and fewer than half of e-mails from Hotmail accounts to Gmail are encrypted.

What’s more, messages are protected only in transit—there’s nothing to stop the NSA from reading them if it gains access to an e-mail provider’s servers. Even here, though, the tide may be turning: on Tuesday Google released draft source code of a tool, called End-to-End, that would secure a message from the moment it leaves one browser to the moment it arrives at another—meaning even e-mail providers couldn’t read them as they travel between two people, because they wouldn’t have the keys needed to decrypt those messages…

Embarrassed by Snowden’s revelations, many Silicon Valley giants are advertising increased use of encryption.

Apart from any other consideration, as long as smart coders devise methods for keeping freestyle government snoops out of your life – and a profit can be made from it – then the word will get out.

Whatever the reasoning, netizens will continue to make their own decisions about privacy, voting with their feet if they feel concerned, refusing to opt in if they value privacy more than an extended puberty. That’s still a milieu apart from creeps with unconstitutional authority handed over by elected cowards – looking through the pages of your life.