Cybercrime Roundup: Using Twitter as a Weapon, Copyright Trolling Porn, and Script Kiddies on the Rise
Using Twitter as a Weapon
On December 15, 2016, Kurt Eichenwald received a tweet from Twitter user @jew_goldstein that a flashing strobe GIF superimposed with the text, “YOU DESERVE A SEIZURE FOR YOUR POSTS.”
Published by The Lawfare Institute
in Cooperation With
Using Twitter as a Weapon
On December 15, 2016, Kurt Eichenwald received a tweet from Twitter user @jew_goldstein that a flashing strobe GIF superimposed with the text, “YOU DESERVE A SEIZURE FOR YOUR POSTS.”
When Eichenwald viewed the tweet, he did in fact have a seizure, which lasted for eight minutes. According to the New York Times, he lost feeling in his left hand and had trouble speaking for several weeks afterwards.
On March 17, John Rayne Rivello was arrested on federal cyberstalking charges related to the tweet.
After Eichenwald and his wife reported the tweet to law enforcement, the Dallas Police Department submitted a search warrant to Twitter. The return contained the subscriber information, including the IP address used to create the account and the phone number associated with the account, as well as direct messages that @jew_goldstein sent to other users about the strobe GIF or Eichenwald (named in the complaint as “Victim#1”).
12/13/2016: “[Victim#1] deserves to have his liver pecked out by a pack of emus”
12/16/2016: “I hope this sends him into a seizure”
12/16/2016 : “Spammed this at [Victim#1] let’s see if he dies”12/16/2016 : “I know he has epilepsy”
12/16/2016 : “If I haven’t been banned yet check my feed when you wake up. @[Victim#1]
The Dallas Police Department then followed the electronic trail. The phone number associated with the account was connected to a prepaid Tracfone that had no subscriber information. However, the metadata provided by the phone’s toll records did reveal that the number was associated with an iPhone.
Dallas police then sent search warrants to Apple for the phone number associated with the Twitter account and the iPhone associated with the phone number. The police were searching for the information that Apple captures when users create an AppleID as well as an iCloud account, Apple’s cloud storage system.
They found what they were looking for. The account was registered to John Rivello—and conveniently, a photo in his iCloud account revealed him posing with his Maryland driver’s license. Rivello’s iCloud account also contained the strobe GIF that induced Eichenwald’s seizure, as well as a screenshot of Eichenwald’s wife’s tweeted response that she was contacting the police. Also in the account was a picture of Eichenwald’s Wikipedia page, which had been altered to include anti-Semitic references and a December 16, 2017 (sic) date of death. Recall that December 15 was the day that @jew_goldstein tweeted the seizure-inducing GIF.
Three days after Rivello was arrested on federal charges in Maryland, the State of Texas, where Eichenwald lives, indicted Rivello on the charge of aggravated assault with a deadly weapon, defining the deadly weapon as “a Tweet and a Graphics Interchange Format (GIF) and an Electronic Device and Hands.” The state attached a hate-crime enhancement, claiming that Rivello targeted Eichenwald primarily because of Rivello’s prejudice against Jews, as defined either by faith or descent. The significance of this enhancement is underscored by the anti-Semitism displayed by some of those who have rallied behind Rivello.
This case is a disturbing example of how virtual actions can cause physical harm. Speaking to the New York Times, Eichenwald’s attorney, Steven Lieberman, said that “[t]his electronic message was no different than a bomb sent in the mail or anthrax sent in an envelope. It triggers a physical effect.” According to Eichenwald’s neurologist as quoted in the complaint, the December 16 seizure put Eichenwald at greater risk for additional seizures. As of April 15th, Eichenwald reported on Twitter that his seizures were still not under control due to Rivello’s GIF.
Rivello’s attorney released a statement that Rivello is a veteran who is suffering from post-traumatic stress disorder. Rivello is reportedly seeking counseling and has apologized to Eichenwald.
However, Eichenwald did not receive just one strobe GIF. On March 17th, he tweeted:
More than 40 ppl sent strobes once they found out they could trigger seizures. Details of their cases are with the FBI. Stop sending them.
— Kurt Eichenwald (@kurteichenwald) March 17, 2017
Copyright Troll John Steele Pleads Guilty
The lengthy courthouse saga of John Steele came to an end on March 6th, 2017, when Steele pled guilty to one count of conspiracy to commit mail fraud and wire fraud and one count of conspiracy to commit money laundering.
Steele, a lawyer and a graduate of the University of Minnesota Law School, was a professional copyright troll, setting up several sham businesses that either acquired the rights to pornographic films or contracted with the rights owners. On several occasions, he hired adult film stars and was directly involved in the filming of the videos.
However, these businesses never promoted nor made arrangements to sell the films in question. Instead, Steele had the videos uploaded to peer-to-peer BitTorrent file sharing sites like The Pirate Bay. Then, Steele and his associates would monitor and log the IP addresses of those who downloaded the files.
Armed with that collection of IP addresses, Steele would then file a lawsuit. Without revealing his connection to or ownership of the film’s copyright—and certainly not his involvement in uploading the film to the BitTorrent file sharing websites—Steele would request subpoena power to discover the identities of the individuals connected to the IP addresses. The court generally granted him this power, usually referred to as early discovery.
After subpoenaing the relevant internet service providers, Steele gained the identities of the individuals who downloaded the film in question. Then, Steele sent them demand letters—making them aware of the stiff penalties attached to copyright infringement (up to $150,000 in statutory damages in addition to attorney’s fees) and offering to settle for just under $3,000, less than the cost of a bare-bones defense.
According to the plea agreement:
[T]he defendants used extortionate tactics to garner quick settlements from individuals who were unaware of the defendant’s role in uploading the movie, and often were either too embarrassed or could not afford to defend themselves. When these individuals did fight back, the defendants dismissed the lawsuits rather than risk their scheme being unearthed.
With slight nuances, Steele repeated this pattern over and over again, filing hundreds of lawsuits in various courts across the country.
When courts limited the number of IP addresses Steele could attach to one lawsuit, he changed tactics. He still asked for subpoena power to discover the individuals associated with specific IP addresses. But instead of bringing the suit based on copyright infringement, Steele claimed that one of his sham businesses had been hacked and that the IP addresses were those of the hackers. Of course, there was no hack, as the business didn’t exist and therefore had no computer systems. The IP addresses for which Steele was requesting early discovery were the same individuals who downloaded the films from the BitTorrent file sharing websites.
In another twist, Steele recruited sham defendants—people who downloaded one of the films, received a demand letter, and agreed to act as a defendant so Steele could go after their (fake) “co-conspirators” in exchange for not paying a settlement.
Eventually, courts began to catch on. A federal court in the Central District of California sanctioned Steele, who granted Ars Technica a 90-minute interview during which he denied the allegations. He also attempted to discredit the judge, whom he felt had used an excessive number of Star Trek references in the sanctions order.
According to the plea agreement—which does have a restitution provision—Steele’s scheme brought in more than $6 million. Paul Hansmeier was charged as a co-defendant in the indictment and the plea agreement claims that he was also responsible for the aforementioned activities.
Andrew Luger, the former U.S. Attorney for the District of Minnesota, succinctly describes the case in a two-minute NBC video clip.
Does Your Mother Know?
According to Josh Goldfoot, the Principal Deputy Chief of the Department of Justice’s Computer Crime and Intellectual Property Section, teenage hackers are on the rise.
During McAfee’s Security Through Innovation Summit, Goldfoot talked about the resurgence:
When I first joined the computer crime prosecution business, you would have these grey haired lawyers who would talk about the 80s and the 90s, when they were prosecuting like 13- and 16-year-olds but that [had] really dropped off. The 16-year-olds are coming back as a threat because it’s so easy now on the other side to acquire this type of stuff.
The level of technical sophistication required to do this work has fallen dramatically to the extent where we have seen juveniles re-enter the picture as a real threat.
According to Cyberscoop, Goldfoot said that the Department is “prioritizing efforts to investigate and prosecute hacking tool creators and dark web marketplace administrators.”
At the same event, FBI Cyber Readiness Section Chief Trent Teyema spoke about recruiting teens through high school STEM programs.
“We’ve been talking with principals for how we can capture that brilliant mind and push them in the right areas so kids don’t get in trouble. It’s like the old don’t do drugs campaign.”