Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.
The case, United States v. Jay Michaud, is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the government’s ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed.
“The government must now choose between disclosure of classified information and dismissal of its indictment,” Annette Hayes, a federal prosecutor, wrote in a court filing on Friday. “Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery.”
Trump likes to compare himself to Reagan, and the comparison isn’t unwarranted: Reagan’s legacy, too, was putting the country massively into debt to pay for an arms race. That Trump’s arms race is not only wasteful but impractical is, like Trump, another 80s throwback: the proposal leans heavily on military hardware that is entirely inappropriate for the wars the US finds itself fighting today, with outlays for warships and fighter jets, despite the fact that Isis, last anyone checked, does not have a navy or air force.
At the RSA security conference last week in San Francisco, IBM’s X-Force Red leader Charles Henderson told a twisted tale of a car he couldn’t get rid of. Despite the fact that he’d sold his old car and gotten a new one, his previous vehicle’s controls were still accessible through the its shoddy app.
Being a hacker, he was very careful when he traded his old car in at the dealership. He wanted to make sure none of his personal information went with it, so he performed factory resets on everything and de-authorized all the accounts connected to the car.
He took great pains to make sure the car was transferred securely.
When he got home with his new vehicle, he noticed the old one was still listed on his app. He waited for it to go away.
He thought it would take a few days to clear out of the connected car system. Days turned into weeks, then months. After two years, he became a car-app hacker to figure out exactly what was going on. Shockingly, as noted in his RSA talk, “four years later, I still have control of the car.” He added, “If I were a criminal, I could’ve stolen the car.”
The makers of the We-Vibe, a line of vibrators that can be paired with an app for remote-controlled use, have reached a $3.75 million class action settlement with users following allegations that the company was collecting data on when and how the sex toy was used.
Standard Innovations, the Canadian manufacturer of the We-Vibe, does not admit any wrongdoing in the settlement finalized Monday.
The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.
According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.
The United States Court of Appeals for the District of Columbia Circuit today held that foreign governments are free to spy on, injure, or even kill Americans in their own homes–so long as they do so by remote control. The decision comes in a case called Kidane v. Ethiopia, which we filed in February 2014.
Our client, who goes by the pseudonym Mr. Kidane, is a U.S. citizen who was born in Ethiopia and has lived here for over 30 years. In 2012 through 2013, his family home computer was attacked by malware that captured and then sent his every keystroke and Skype call to a server controlled by the Ethiopian government, likely in response to his political activity in favor of democratic reforms in Ethiopia. In a stunningly dangerous decision today, the D.C. Circuit ruled that Mr. Kidane had no legal remedy against Ethiopia for this attack, despite the fact that he was wiretapped at home in Maryland. The court held that, because the Ethiopian government hatched its plan in Ethiopia and its agents launched the attack that occurred in Maryland from outside the U.S., a law called the Foreign Sovereign Immunities Act (FSIA) prevented U.S. courts from even hearing the case.
The decision is extremely dangerous for cybersecurity. Under it, you have no recourse under law if a foreign government that hacks into your car and drives it off the road, targets you for a drone strike, or even sends a virus to your pacemaker, as long as the government planned the attack on foreign soil. It flies in the face of the idea that Americans should always be safe in their homes, and that safety should continue even if they speak out against foreign government activity abroad.