LulzSec responds to the FBI’s raid by releasing confidential documents

On June 23, 2011, in Uncategorized, by Jorge Espinosa

This morning LexNimbus reported on an FBI raid which took down numerous legitimate corporate accounts by seizing servers in an attempt to track a single account allegedly belonging to a hacker group called LulzSec.  Tonight LulzSec responded to the raid by releasing a huge number of hacked Arizona police documents on The Pirate’s Bay, a popular hacking site.  The message attached to the file states as follows:

We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.

The documents classified as “law enforcement sensitive”, “not for public distribution”, and “for official use only” are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.

Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust “war on drugs”.

Hackers of the world are uniting and taking direct action against our common oppressors – the government, corporations, police, and militaries of the world.

See you again real soon! ;D

Clearly the FBI still has more hunting to do.  Hopefully their search will not take them to any servers containing our reader’s files.


FBI seizes servers and knocks out service to numerous companies

On June 22, 2011, in Cloud Computing, Law enforcement, United States, by Jorge Espinosa

Your cloud data may be relatively protected from disasters such as floods, storms and earthquakes.  However, it has no protection from the overreaching hand of law enforcement.

Early yesterday morning the FBI raided an Internet hosting facility in Renton, Va., and seized several of its servers.  The facility is owned by DigitalOne, a company based in Switzerland. The raid and seizure seem to be related to the FBI’s search for a wanted hacking organization Lulz Security Group (“LulzSec”).  LulzSec is associated with a series of Internet denial of service attacks against CIA and other government agencies.  At the same time that the Virginia raids were taking place Scotland Yard arrested Ryan Cleary in the United Kingdom for alleged involvement with the organization.

Although the FBI was only interested in one of DigitalOne’s clients whose data was hosted on one of the seized servers and who may have had ties to LulzSec, various servers were seized thereby shutting down access for “tens of clients” who also maintained data on the server.  In an email to a client, published by the New York Times, DigitalOne’s chief executive, Sergej Ostroumow, said that in the “night FBI has taken three enclosures with equipment plugged into them, possibly including your server.  .  .  After FBI.’s unprofessional ‘work’ we can not restart our own servers, that’s why our website is offline and support doesn’t work.”  The New York Times reported that Mr Ostroumow said DigitalOne had provided the FBI with details of how to find servers linked to an IP address they were investigating, but agents also seized unrelated equipment.  The DigitalOne website was still not accesible this morning, a day after the raid.

This seizure is reminiscent of a raid undertaken by the FBI in 2009 where it seized servers belonging to Core IP Networks in Dallas, Texas.  In the 2009 raid the FBI was investigating two companies who had allegedly defrauded AT&T and other telecom companies of service fees.  The seizure of the servers effectively shut down dozens of a companies.  One company in particular, Liquid Motors, a provider of data services for car dealerships was effectively shut down by the raid.  A legal suit for return of the servers filed by Core IP Networks before the U.S. District Court for the Northern District of Texas failed where the Court found that there was probable cause the servers had served as an instrumentality of a crime.



Miami Lakes politicians can also fall afoul of the law by social networking

On May 30, 2011, in Cloud Computing, Social Networking, United States, by Jorge Espinosa

The Miami New Times, a weekly paper local to South Florida, reported today that a resident of the city of Miami Lakes, Florida, has accused two of the city’s councilmen of using Facebook to circumvent Florida’s Sunshine Law.  The Sunshine Law is a Florida state law which requires political communications regarding public matters be  transparent and public.

Councilman Nelson Hernandez is the sponsor of measure to prohibit council members and the mayor from serving on citizen committees.  A week before the council vote on the measure, Hernandez posted sent a request to his Facebook friends, including councilman Richard Pulido, that they contact a swing vote on the council to urge her to vote in support.  Pulido in return posted a comment on Hernandez’s Facebook page indicating that he supported the measure.  This could be construed as a communication regarding an upcoming vote between members of the board which could violate the Florida Sunshine Laws.

According to the article, the resident who reported the allegedly improper communication has asked state public corruption prosecutor Joe Centorino to investigate Hernandez and Pulido.  Considering the number of politicians who presently appear on Facebook, we can expect more such incidents in the future.



PayPal sues Google for hiring away executive in the midst of negotiations

On May 29, 2011, in Cloud Computing, Employees, Litigation, by Jorge Espinosa

There is an old Cuban saying “dime con quien andas y te diré quien eres” which translates to “tell me who you hang out with and I will tell you who you are.”  It seems that these days being identified as an Internet company does not say much good about you.  Just a week after Facebook was found planting stories with bloggers against Google, PayPal has filed suit alleging that Google reneged on a deal by hiring away PayPal’s employees.

PayPal is a well-known on-line payment service.  Google is the internet services behemoth offering services which span everything from search engine, to office suite, to e-mail, to social networking.  PayPal filed suit against Google, a former officer of eBay and a former officer of PayPal before the California Superior Court for San Mateo County (a Court that the cloud blogger has appeared before).

The Complaint alleges misappropriation of trade secrets, breach of contract, interference with a contractual relationship and breach of fiduciary duty.  It tells how Google approached PayPal and negotiated for two years to have PayPal provide payment services for Google mobile devices.  On the eve of signing the deal, Google backed out and hired away the PayPal executive who had been negotiating on behalf of PayPal, Osama Bedier.  According to the complaint, Stephanie Tilenius, a former a former eBay executive and named defendant in this suit solicited Mr. Bevier and induced him to join Google.  After joining Google, Bedier also solicited and tried to lure away other PayPal employees.

According to the complaint:

[F]rom 2008 to 2010, Google and PayPal were negotiating a commercial deal where PayPal would serve as a payment option for mobile app purchases on Google’s Android Market.   During that time PayPal provided Google with an extensive education in mobile payments.  [Defendant] Bedier was the senior PayPal executive accountable for leading the negotiations with Google on Android during this period.  At the very point when the companies where negotiating and finalizing the Android-PayPal deal, Bedier was interviewing for a job at Google – without informing PayPal of this conflicting position.

Supposedly, Google used Mr. Bedier’s knowhow to craft its new mobile wallet mobile payment strategy which Google announced on May 26, 2011, the date the suit was filed.



California to legislate social networking privacy..maybe.

On May 29, 2011, in Social Networking, States, by Jorge Espinosa

Concern for social networking privacy is driving state governments to provide legislation to fill gaps not yet addressed by federal laws.  These regional solutions, rather than creating a safer social networking experience, may simply subject corporations to a minefield of local requirements.california flag

In the latest such proposed law, new proposed legislation is working its way through the California legislative system.  The Social Networking Privacy Act (SB 242), should it become law will provide the following key restrictions:

  • A social networking site may not show publicly any user information other than name and city of the user without the consent of the user.
  • Privacy settings must be set at the time of the account creation.
  • Identifying information must be removed upon request of the user or, if the user is younger than 18, of his or her parents within 48 hours.

The law provides civil penalties of $10,000 per violation.

Well-known social networking companies such as Facebook and Twitter oppose this legislation.  On May 16, 2011, the California Chamber of Commerce joined Facebook, Google, Twitter, Skype, eHarmony,, and Yahoo in signing an open letter to the sponsor of the bill voicing their opposition.

The letter argues that by requiring users to make a broad privacy determination before the use and become familiar with the service, most users will click through rather than making an informed decision.  It challenges that the bill singles out social networking sites from all other online sites and suggests that it will have a chilling effect on California’s e-commerce.  Finally, the group of companies threatens to file challenges to the law under the US and California constitutions, particularly singling out the commerce clause of the US constitution.

This strong opposition has already had an effect as the bill stalled on the senate floor this past Friday, May 27, 2011, by a 16-16 vote.  The vote drew supporters and opponents from both sides of the aisle.  Notwithstanding this initial defeat, the bill’s sponsor, Ellen Corbett (D), will bring it up for a vote again next week.



Facebook’s secret campaign against Google

On May 12, 2011, in Defamation, Social Networking, United States, by Jorge Espinosa

Common sense dictates that you have to read opinions on social networking sites with a critical eye and more than a bit of skepticism. However, this week a we got a rare look beneath the skirt at how social networking sites are used to manipulate opinions by high priced marketing firms.

Rumors circulated the Internet over the past few days that an unknown principal had hired Burson-Marsteller, a top public-relations firm, to plant opinions and blog articles online attacking Google’s respect of privacy.  USAToday learned of the story and disclosed the campaign in an article which speculated as to the identity of the unknown principal.

The plan seems to have unravelled when a blogger approached by Burson rejected their offer and instead disclosed the e-mails describing the plot.  In a May 3 e-mail to  Christopher Soghoian, a blogger and former FTC researcher, Burson’s John Mercurio offered to ghost write a blog story attacking Google’s data collection policies for Soghoian. Mercurio would then help Soghoian get it published as an op-ed piece inThe Washington PostPoliticoThe HillRoll Call and The Huffington Post.

Today the principal behind Burson’s campaign was revealed by Dan Lyons of The Daily Beast.  It was none other than Facebook.  According to the Lyons article a Facebook spokeman confronted with evidence confirmed that Facebook had hired Burson-Marsteller and defended the manipulation of the social blogging for two reasons:

First, because [Facebook] believes Google is doing some things in social networking that raise privacy concerns; second, and perhaps more important, because Facebook resents Google’s attempts to use Facebook data in its own social-networking service.

At least some of the driving passion behind Facebook’s secret campaign seems to be a new Google service which pulls personal information from Facebook and other sources to create circles of friends which can be accessed through one’s gmail account.  The May 3 e-mail describes this new service as follows:

Unfortunately the ink was barely dry on the settlement before Google rolled out its latest tool designed to scrape private data and build deeply personal dossiers on millions of users – in a direct and flagrant violation of its agreement with the FTC.

Interestingly, this news breaks at a time that the blogs and news sources are filled with stories about Facebook’s large number of members who are unsupervised minors.

So what is the reader to make of this?  How many other articles on blogs and on-line news sites are manipulated by marketing firms.  How can you trust any content when the social networking sites themselves are trying to manipulate news.  Only one thing is certain — question what you read, read both sides and double check all sources.


What if your online persona disappeared?

On May 10, 2011, in Social Networking, United States, by Jorge Espinosa

You have invested hours into developing your on-line persona.  Your blog has dozens of links and hundreds of followers.  Your facebook page is tied to hundreds of friends.  Your Twitter account had a thousand followers.  However, how secure are you in your on-line persona?  What rights do you have to this identity?

Before you develop a false sense of permanency in this illusory world — read the terms of service.  You may be very surprised by what few rights you have.  This is what Danah Boyd learned when she woke up to find her Tumblr blog gone and another company using her blog name at the same address.  She says on her new blog:

All are moved to a new URL, breaking everyone’s links to content that I had on the site and giving me no choice in this process. And a company who also uses the name zephoria is now posting at that Tumblr page (and seems to have been for the last two days). Tumblr did not notify me. And while their ToS [Terms of Service] says that they will, it also says that Tumblr “reserves the right to remove any Subscriber Content from the Site, suspend or terminate Subscriber’s right to use the Services at any time…”

Danah suspects that another company claimed a trademark right to the name she used and Tumblr, without giving her notice or a right to dispute the claim, transferred the account.

If your handle and blog name and images and other online content is important to you, consider traditional forms of protection such as trademarks and copyrights.  The more valuable your on-line persona becomes the more you need to consider taking steps to protect it…and….read the terms of service.


Cloud computing: is the cloud green?

On May 9, 2011, in Cloud Computing, Green computing, by Jorge Espinosa

So you are considering moving some of your information functions to the cloud in order to save money, increase scalability and build redundancy.  However, are you also being environmentally responsible?

study commissioned by Microsoft in 2010 estimated that companies could cut energy consumption and carbon emissions by 30 percent by switching over to the cloud.  This claim was based on four basic premises.  First, by provisioning resources to cloud customers as needed, dynamically, the cloud provides for less waste of computing resources.  Second, by serving large number of users on shared resources, loads are more evenly balanced and peaks in consumption are avoided.  Third, servers are used much closer to their capacity.  Finally, advanced data centers avoid the waste of many smaller, older in-house environments.

These results were supported by market research and consulting firm Pike Research which suggested in its own study that by 2020 cloud computing could reduce information systems related energy consumption by 38 percent.

However, everyone is not convinced by these predictions. Greenpeace, the well known environmental organization, updated its 2008 report “Make IT Green: Cloud Computing and its Contribution to Climate Change” and issued a 2010 “Smart 2020” report which challenges some of these optimistic results.  According to Greenpeace’s research, data centers and telecommunications networks — which together are the two key components of cloud computing — are going to triple their overall consumption of energy by 2020, all because of the rise of cloud computing.  By increasing accessibility to portable devices such as smart-phones and tablets, demand for data storage and processing is will lead to more and larger data centers.  Moreover, on the cloud, we are able to run operations which use far more resources than we could ever draw upon just a few years ago.  These data centers generate huge demands for electricity in cooling and processing.

University of Melbourne professor, Rod Tucker, speaking at a green IT virtual conference also identified the transportation of data across the network as an additional source of cloud inefficiency.  Professor Tucker, who served as Director of the university’s Institute for a Broadband-Enabled Society (IBES), conducted research into the energy efficiency of various cloud computing tasks and how they related to traditional, local computing processes.  He determined that the more often and numerous the exchange of data on the network the more energy efficient that local processing becomes by comparison since the transportation of the data along the network requires energy resources.

This is not to say that some data centers are not trying to find ways to be energy efficient.  Web hosting services Fat Cow and ThinkHost, amongst others, brag that their energy is derived 100% from wind generation or solar sources.  However, Greenpeace would contend that by driving demand and increasing network traffic, cloud providers actually outstrip their ability to compensate with energy efficiency.  So what can you do?  Unfortunately most IT decisions are going to be driven by the financial benefits that the cloud brings to corporate IT pocketbooks.  Growth in demand is unavoidable.  Future energy costs and legislation will have to work with public pressure to help induce efficiency and conservation on the cloud.



Does Facebook exploit children? A New York court will decide.

On May 6, 2011, in Uncategorized, by Jorge Espinosa

Scott Nastro, a resident of Brooklyn in New York city has filed a class action suit against social networking giant Facebook on behalf of his minor son.  In JN v. Facebook, Inc., Civ.Action No. 11-cv-2128 (USDENY 2011), Nastro is citing the New York Civil Rights Law, which prohibits the use of a person’s picture for advertising purposes without their permission.  In the case of minors, Nastro says that Facebook must obtain the consent of parents or guardians.

“In the course of using the names and likenesses of Facebook members in advertising, Facebook regularly and frequently includes the names and likenesses of minors without obtaining consent for that use,” reads the complaint.  “Children are a large marketing audience, so that endorsements that include the names and likenesses of other children in advertisements and solicitations generate a great increase in the revenue and profits to Facebook.”   The complaint goes on to state ”Facebook, Inc. appears to be continually seeking new ways to use the names and likenesses of its members, including children, for its own marketing purposes.”

The type of ads that the suit refers to are called social ads.  A Facebook user indicates that he likes a product or service. Facebook then publishes an add on the side of the page which shows the person’s photo and promotes the product.  These types of ads are a major source of income for Facebook.  No special consent is sought from parents when minors choose these ads.

The lawsuit is based on a law found in many states which protects the rights of persons to protect the use of their name or image for commercial purposes.  Typically these right of privacy laws require written consent for use of the image.  In the case of minors, consent is usually required from the parent.

According to the Reuters report a Facebook spokesman responded to the suit in an e-mail “[w]e believe this suit is completely without merit and we will fight it vigorously.”


The end of digital downloading copyright suits?

On May 4, 2011, in Copyright, File sharing, Litigation, Privacy, United States, by Jorge Espinosa

Every month across the United States large media companies or business associations file dozens of lawsuits accusing individuals of copyright infringement based solely on claims that film or music files were downloaded to their IP-address. An IP-address is a unique number associated with a particular online account.  Over the last few years tens of thousands of suits have been filed on similar grounds, many resulting in settlements of thousands of dollars.  Often the individual defendants are forced into such settlements by fear of statutory damages and costs of litigation even where they feel that they were wrongly accused.  As a result, many commentators have referred to these lawsuits as unfair and a legal a shakedown.

A new decision issued on April 29, 2011, by a judge in the Eastern District of Illinois brings into question the future of such suits.  In VPR Internationale v. Does 1-1017, (2:2011-cv-02068) Judge Harold A. Baker denied a Canadian adult film company’s request to subpoena ISPs for the personal information connected to the IP-addresses of their subscribers.  The court reasoned that since IP-addresses do not equal persons, no defendants had been identified in the suit and there was no adversarial process.  Since, under federal rule of civil procedure rule 26(d)(1), no discovery may be conducted before the parties to the suit have conferred absent special leave from the court, the judge reasoned that VPR could not go on an ex-parte fishing expedition.

The Court’s concern clearly went beyond the mere procedural issue.  Judge Baker cited a recent child porn case where the U.S. authorities raided the wrong people, because the real offenders were piggybacking on their Wi-Fi connections. The judge noted that, based on this example, defendants in VPR’s case may have nothing to do with the alleged offense either.  “The infringer might be the subscriber, someone in the subscriber’s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment.”

The fact that the suit involved the downloading of adult content was a significant factor in the case.  Judge Baker noted that “the embarrassment of public exposure might be too great, the legal system too daunting and expensive, for some to ask whether the plaintiff VPR has competent evidence to prove its case.”

Baker concludes by citing another case for the proposition that until at least one defendant is served the Court lacks personal jurisdiction over anyone.  The Court would not support a “fishing expedition” for subscriber information under the circumstances.

VPR responded to the initial denial of the subpoenas by asking for certification of the following question for interlocutory appeal:

Defendants’ identifies are unknown to the  Plaintiff.  Instead, each Defendant is associated with an Internet Protocol (IP) address.  Internet Service Providers (ISPs) know identity and contact information associated with each IP address.  Is the Plaintiff to entitled to discover this information by serving ISPs with subpoenas duces tecum under Fed. R. Civ. P. 45?

The Court refused to certify the question.  We will have to wait to see if other courts follow this decision.