US ‘Spam King’ Arrested for Hacking 500,000 Facebook accounts

Wall of spam cans
Spam Wall by Freezelight (Flickr)

Sanford Wallace, also know by his nickname “Spam King”, surrendered to FBI agents in Las Vegas on Thursday, he was charged in  San Jose with six counts of fraud with electronic mail, three counts of intentional damage to a protected computer and one count of criminal contempt.

Sanford Wallace had allegedly sent more than 27 million spam messages by compromising the friend lists of 500,000 Facebook accounts and stole personal information between November 2008 and March 2009.

Prosecutors say Wallace found a way to evade Facebook’s spam filter then automated a method to farm friend lists and post messages. Wallace was also believed to have collected email addresses and passwords for Facebook accounts using a deceptive method then sending them to a affiliate website where Wallace was paid for the users he redirected.

Sam O’Rourke updated a October 2009 post about spamming titled “The Fight Goes On“, saying “we applaud the efforts of the U.S. Attorney’s Office and the FBI to bring spammers to justice and will continue to pursue and support both civil and criminal consequences for spammers and others who attempt to harm Facebook or the people who use our service. ”

Facebook has previously won $711 million in damages in 2009 from Sanford Wallace though he previously filed for bankruptcy. MySpace also filed a suit in 2007 after the spammer created 11,000 fake profiles to direct websites to questionable content.


Google Says Patents Used to Tax Android

T-Mobile's G1 phone (HTC Dream), using Google'...
Image via Wikipedia

Google has publicly criticized the use of “bogus patents”, saying that patents are being used to unfairly attack Google’s Android operating system for mobile devices. Google believes the consortium that purchased Nortel’s patents for $4.5 billion including Research In Motion, Apple, Microsoft, Ericsson, EMC and Sony as well as a bid for Novell’s old patents was done “to make sure Google didn’t get them.”

Google’s Chief Legal Officer David Drummond wrote in a Google blog post that patents were being used to wage “a hostile, organized campaign against Android by Microsoft, Oracle, Apple and other companies, waged through bogus patents.” They pointed out that Microsoft demanded a $15 licensing fee for every Android phone produced and that Android manufacturers including Barnes & Noble, HTC, Motorola and Samsung were been targeted.

“Patents were meant to encourage innovation, but lately they are being used as a weapon to stop it” and Google would extend its own patent profile to prevent litigation and to allow Android products to remain competitive.  Drummond continued saying “unless we act, consumers could face rising costs for Android devices — and fewer choices for their next phone.”

Ken Walker, general counsel for Google, also argued that patents were unfairly been used saying “the patent system should reward those who create the most useful innovations for society, not those who stake bogus claims or file dubious lawsuits”, in another Google blog post from April this year.

Meanwhile, Microsoft’s general counsel, Brad Smith, told Twitter followers “Google says we bought Novell patents to keep them from Google. Really? We asked them to bid jointly with us. They said no.”

Alleged LulzSec Member Topiary On Bail

LulzSec member arrested
Based on photograph by Kashklick (Flickr)

Jake Davis, also known as his hacking pseudonym of Topiary, has made an appearance in UK courts and was granted bail with a ban from using the internet and a curfew from 7am to 10pm. Another LulzSec member, Sabu, started a hashtag for Topiary with the fitting #FreeTopiary which became a trending topic.

The alleged PR front on Twitter for the group wrote fake stories and press releases which they say provided “lulz.” One story appeared on the PBS website, which was started after airing a negative WikiLeaks television show, with details of the continued life of Tupac and Biggie and the second appeared on the Sun website with an article that Rupert Murdoch was dead.

A statement released by LulzSec said “Jake Davis brought lulz to the oppressed.” and confirmed that he was from the Shetland Islands saying “from the remote and desolate Shetland islands, Jake’s voice reached millions. Perhaps the success of his message was in its simplicity.” The full message was posted on Pastebin, a popular website for sharing text.

Jake Davis, 18, was arrested late last week as part of an investigation into hacking by The Metropolitan Police Service’s Police Central e-Crime Unit. A full list of e-crime offenses which Jake Davis was charged with has been made available by the MET.

Google Purchases 1030 IBM patents

United States Patent Cover from a real patent ...
Image via Wikipedia

Google has purchased 1030 patents from IBM to bolster its defensive patent holdings. The patents are broad with some details from SEO by the Sea who broke the story.

Last year during August, Google was sued for infringement on seven Java patents in the Android phone operating system by Oracle after acquiring Sun Microsystems in 2009. According to The Seattle Times, HTC is paying Microsoft $5 for each Android phone it produces with HTC open to discussion with Apple after been sued by Apple. A handful of other phone manufacturers of Android also face legal action from Apple and Microsoft.

Google and many other technology companies are playing catch-up to prevent software patent ligation. Kent Walker, general counsel at Google, wrote on the Google blog that “the tech world has recently seen an explosion in patent litigation, often involving low-quality software patents, which threatens to stifle innovation.”

Earlier this year Google lost to a consortium of Apple, EMC, Ericsson, Microsoft, Sony and Research in Motion to buy the patents from the defunct Nortel Networks. The consortium paid $4.5 billion while Google offered to pay $3.14159 billion, the same number as pi. Nortel Networks had a patent profile of more than 6,000 patent and applications for patents. The U.S. Department of Justice has opened an investigation into the deal.

Rumors that Google and Apple are in talks of buying InterDigital, a wireless technology company who say their technology is used in every mobile phone, would further increase Google’s patent profile if successful. The company has “8,800 U.S. and foreign issued patents combined” and “almost 10,000 patent applications in process around the world.”

Last year, IBM received more than 5,000 patents, IBM believes this is due to their annual $6 billion spent on research and development (R&D). IBM said “IBM’s 2010 patent total nearly quadrupled Hewlett-Packard’s and exceeded the combined issuances of Microsoft, Hewlett-Packard, Oracle, EMC, and Google.”

Google Updates Transparency Report With More Information

Google Appliance as shown at RSA Expo 2008 in ...
Image via Wikipedia

Google has updated their Transparency Report with data from July through December 2010 which will include information on percentage of compliance from Google for requests of information removal.

The Transparency Report includes data on content removal requests and user data requests. The United States included a case which through 6 court orders removed 1,110 from Google after ‘continuous defamation against a man and his family.’ Google has complied with 87% of removal requests out of the 1,421 items requested to be removed.

Matt Braithwaite, Transparency Engineering, told readers of the Google Blog that ‘our goal is to provide our users access to information and to protect the privacy of our users,’ by informing the user when possible and checking the accuracy of requests.

The report also includes observations. For example, South Korea had an abnormally high amount of removal requests (32,152) due to RRNs (identification numbers) released on the internet then removed after requests from Korean Information Security Agency.

Apple Awarded Touch Screen Patent

Figure 5B from Apple's iPhone Touch technology patent

Apple has been awarded a patent for touch-screen technologies as seen in the iPhone. The patent, ‘Portable multifunction device, method, and graphical user interface for translating displayed content‘ was first filed in 2007 with some technology writers complaining that the patent is too broad.

The patent includes touchscreen gestures and UI elements used in the touchscreen environment, for example a virtual on-screen click-wheel. PC Mag published a counterpoint that the patent was too broad after criticisms of their original article which was titled as having ‘a huge blow to rival smartphone makers.’

Meanwhile, Samsung has been denied previews of the upcoming iPad 3 and iPhone 5 devices. Samsung made the request to ensure that the final look of their devices were not the same as Apple. Apple had previously asked to see upcoming Samsung devices including new versions of the Samsung Galaxy Tab and Galaxy S according to Engadget.

Teenager Affiliated with LulzSec Arrested

LulzSec member arrested
Based on photograph by Kashklick (Flickr)

Ryan Clearly, a 19-year-old student from Essex, has been arrested after a joint probe from the Scotland Yard and FBI into LulzSec, a hacking group which attacked websites such as Sony, US government websites, PBS and several gaming websites and servers.

Ryan Clearly has been identified by detectives as a ‘major player,’ though LulzSec strongly deny this tweeting that the UK police were ‘desperate to catch’ members and that they had ‘arrested someone who is, at best, mildly associated’ with LulzSec. It is believed that Rylan Clearly was involved in running IRC chat servers for LulzSec.

The personal details of Clearly were released by Anonymous, a decentralized mass-hacker collective, published details about Ryan Clearly on their blog on 12 May 2011 in a post called ‘ Ryan Cleary Exposed!’

LulzSec has also released details of two former members who they said ‘tried to snitch on us.’ The group published  the IRC chat usernames and current names and addresses, LulzSec said that one was involved in ‘involved in the hacking of the game Dues Ex and was/is involved in countless other cybercrimes.’

Google Announces Google Wallet; Ebay and PayPal Sue Google

Mobile phone payments

A new mobile payment system, created by Google, has been unveiled today. Google Wallet will ‘make your phone you wallet’ by using your smartphone to tap a card reader to buy items with an app. Google Wallet now supports PayPass-eligible MasterCard and Google Prepaid cards but will continue to add more payment options as well as adding to the available phones which is now only Nexus S 4G from Google.

Rob von Behren and Jonathan Wall, Google Wallet founders, said ‘we’re building an open commerce ecosystem, and we’re planning to develop APIs that will enable integration with many partners’ in their official blog post. Some companies have already joined the rewards system which allows for payment, special offers and loyalty credit. Foot Locker, Toys ‘R’ Us and Walgreens have already signed up to this program along with twelve other companies.

Data is secured using a pass code and ‘secure element.’ The Secure Element chip is separate from the rest of the phone and only allows certain applications to get access to data stored on the chip. If your phone is stolen Google recommends cancelling cards though ‘Google Wallet PIN and Secure Element protect your payment card information.’

PayPal has also filed a lawsuit with eBay, the owner of PayPal. ‘Spending time in courtrooms is generally not our thing’ though adding ‘the behaviors of people and competitors make legal action the only meaningful way for a company to protect one of its most valuable assets.’ The lawsuit is filed against Google and Osama Bedier and Stephanie Tilenius, two former PayPal employees who now work in similar roles at Google.

Private Data Stolen from Sony PSN, Class Action Imminent

PSN Logo

Kristopher Johns has filed a class action lawsuit against Sony after the theft of private data from the Sony PSN user database. The suit alleges the use of unsecured data procedures and unreasonable delays in bringing the PSN service back online. The lawsuit has been filed in US District Court for the Northern District of California and there has been no response from Sony at this point of time.

In a email sent to PSN users Sony said that “illegal and unauthorized intrusion into our network,” had been discovered “between April 17 and April 19, 2011.” It advises users to check “account statements and to monitor your credit reports.” It is believed that name, address, email address, birthdate, login details, PSN ID as well as purchase history could of been accessed. More information on the outage and details for protecting privacy for the affected customers are available on the frequently asked questions page on the Sony website.

In a blog post, Patrick Seybold; Sr. Director, Corporate Communications & Social Media; said “the personal data table, which is a separate data set, was not encrypted.” It appears that only credit cards details were encrypted in the database. Sony is currently moving data to a new data center to provide better security in the future. A new software update from Sony will force users to change their password.

Anonymous, separate groups of hacktivists who act anonymously under the group name, have said that they were not responsible. The group was believed as a suspect initially as they started Operation Sony after a lawsuit against George Hotz, a hacker of the iPhone and Sony PlayStation (see above video). The operation reportedly took down the PlayStation website and PlayStation Store and advises users to return Sony products. Anonymous have said they ‘are not aiming to attack customers of Sony.’

Virtual Money Crime Under Investigation in Australia

Money Laundering

Australian police forces are investigating online virtual worlds due to concerns over money laundering. NSW Detective Superintendent Commander Colin Dyson said the area was a “growing area of interest,” though didn’t name the games under investigation.

In most virtual environments, such as World of Warcraft, Second Life and selected Facebook games gamers are able to transfer real currencies into virtual money to buy and sell in-game add-ins. Transactions in the online gaming environment makes it difficult to trace and communication is possibly being used by criminals according to Dyson.

In Second Life, the currency is usually 270-250 Linden dollars to one USD. Second Life is known to have its own economy and enables the purchase virtual items such as land, clothing, audio and video and vehicles in the marketplace.