A new survey offers a chilling, if unsurprising, view of cybersecurity. Many people believe CTOs and CIOs of breached companies should be fired. Many people even have no idea if their Identity has been stolen.
After several years of pressure, #Airbnb in 2018 announced it would remove #settlement #rentals from its platform. So far, Booking.com CEO Gillian Tans has failed to respond to similar requests to end her company's complicity in this #warcrime. It’s up to us to make sure Booking.com and the other #travelbooking companies feel the #international pressure to end complicity with Israel’s illegal and #discriminatory #settlement #policy.
Help us tell Booking.com, Expedia, and Trip Advisor and other travel booking to follow Airbnb's lead to remove settlement homes from their sites immediately. Together, we can end international support for the #occupation and build the #movement that helps win #humanrights in Palestine.
Join Amnesty International Human Rights Watch & people around the world calling on Booking.com, Expedia, TripAdvisor, & others to follow Airbnb's lead De-list Jewish-only Israeli settlements. No more occupation profiteering #stolenHomes Add your name to the petition!
My name is Christian Buettner aka TheFatRat. I'm a musician and YouTuber with over three million subscribers and someone stole my song "The Calling" on YouTube.Recently one of my top videos with over 47 million views was claimed by an unknown company called Ramjets. Even though I provably own the video and the song 100%, YouTube instantly transferred it to the claimant. Which means the video is still running, but Ramjets claims the ad revenue of around 3.000 $ per month. I talked to YouTube to get the video back but they said they don't mediate copyright disputes and I have to resolve the issue with the claimant. I reached out to Ramjets via email but got no response and YouTube refused to give out any other contact information.You can see the full story here: https://youtu.be/z4AeoAWGJBwMy case is no exception. False copyright claims are a common problem on YouTube.Videos get claimed for infringing music rights without using music at all! Yes, it sounds paradox but that's exactly what happens.Content that provably belongs 100% to the creator still gets claimed by anonymous people or companies.Videos get claimed although their use of copyrighted content is clearly fair use. The reasons for these problems are that YouTube:favors claimants over content creators by assuming their claim are correct and threatens creators with strikes.refuses to mediate disputes.does not give out contact information of the claimants to content creators.A vast number of people are loosing their income and their reputation because of YouTubes way to handle claims.This has to stop!Through this petition we demand YouTube to:treat claimants and the content creators equally instead of assuming claims are always correct.remove claims when they are obviously false. For example if:The claimed content is not even in the video. Like claiming music in a video without music.The content clearly belongs 100% to the creator. The claimed content clearly does not belong to the claimant. For example when a noname company claims the trailer of a blockbuster movie.It's clearly fair use of the copyrighted content. For example if a movie is reviewed. penalize false claims through strikes.only accepts claims from validated and credible claimants. give out the contact information in case of doubt. So it's actually possible for the creator to solve the issue with the claimant.Please share this petition as much as you can. Let's stop the content ID abuse and urge YouTube to fix their copyright protection system. Thank you very much! ...
Hong Kong (CNN Business)Samsungʼs latest bendable screen technology has been stolen and sold to two Chinese companies, according to prosecutors in South Korea.
The Suwon District Prosecutorʼs Office charged 11 people on Thursday with stealing tech secrets from Samsung (SSNLF), the office said in a statement.
The prosecutors allege that a Samsung supplier leaked blueprints of Samsungʼs "flexible OLED edge panel 3D lamination" to a company that it had set up. That company then sold the tech secrets to the Chinese firms for nearly $14 million, according to the prosecutors.
They did not name the people or companies involved in the theft.
Samsung Display, a subsidiary of the South Korean conglomerate, said in a statement Friday that it was "surprised and appalled at the results of the investigation by prosecutors."
The findings come at a time of intensifying competition for new tech among rivals.
Prosecutors said Samsung invested six years and some 150 billion won ($130 million) to develop the bendable screen.
As demand for high-end smartphones begins to wane in key markets, companies have been searching for the next big thing to convince consumers to upgrade their devices.
Samsungʼs bendable screen had been hyped as a potential game changer. The company teased the tech at a conference earlier this month, showing images of a new folding smartphone.
Samsung is the worldʼs largest smartphone maker, accounting for about 20% of global market share last quarter, according to research firm Canalys.
Investigators have not been able to track down and question two Chinese individuals believed to be involved in the case, and have asked Interpol to help find and detain them. Of the 11 people indicted, three have been detained.
Star of David is thought to be related to King David of Israel. But, the world is unaware that the David of the Star Of David is God Murugan. This video proves that Star Of David points to David, the Murugan and NOT the King David of ancient #Israel.
I first heard of KitSplit about a year ago and thought it was a great idea. Especially living in New York, everything is so accessible. Browsing through the site and seeing what type of equipment was available, I saw that there were a lot of high-end RED Epic cameras and digital cameras, but there wasn’t a lot of film equipment. I have such a big collection of film photography equipment that I figured why not — I could possibly corner the film camera rental market on KitSplit.
So I listed my Mamiya 7II, Pentax 67II, X-Pan, Leica’s, Linhof’s, and more. I also posted some of my digital equipment as well.
All I needed to sign up for an account was an email address and a copy of my driver license or ID for verification.
My first rental came in quick, someone without any feedback requested to rent my Hasselblad X-Pan for the weekend. At first I was a bit hesitant, so I contacted KitSplit with the online chat and voiced my concerns. They reassured me that all of their active users are 100% vetted for and that my equipment was covered by insurance that the renter paid for, which covers damage and theft.
I remember asking specifically: what if the renter steals the camera or doesn’t return it? They said it would be covered by insurance. (I wish I had a transcript of this chat.)
So I took the plunge to see how things go. The renter picked up the camera and returned it to me on time. He loved the camera so much he even offered to buy it. It was a quick seamless rental. I made $100 with a camera that had just been sitting on the shelf.
Over the next few months, I got a lot of rentals and the side business was going great — I made over $1,200.
Then came one particular day.
A renter I’ll call Dev (who had no feedback) requested to rent my Canon 5DS R camera with my 24-70mm f/2.8L lens and accessories. He needed the camera for the weekend for a shoot. My last 10 rentals went so smoothly that I wasn’t worried at all.
He came by to pick up the camera, and I had a nice long chat with him. He was a photo student at a local academy and said he needed a camera with higher pixel count for a project. After the weekend, I tried contacting him to arrange a time to meet for the return, but his phone was off and my texts were not going through. This is when I started to get a bit worried.
I contacted KitSplit about the situation and they could not get a hold of him either. They even had a private investigator from the NYPD on the case, and he couldn’t find Dev either.
During this process, I learned some interesting information about Dev through KitSplit and the NYPD. They said he was kicked out of school weeks ago for stealing equipment and that there’s also an arrest warrant for him in the State of New York for other thefts.
Based on Dev’s Instagram and Twitter activity, he’s running around New York, Los Angeles, and Mississippi with my camera!
I was told that the vetting process consisted of Blockscore, Sift Science Scoring, and several other “top secret technologies.” But how in the world did this guy pass the vetting process?
Even though my property could not be returned, I was still thinking, “Good thing I’m covered under the company’s insurance.” But I was wrong.
KitSplit then told me that their insurance only covers damage and “stolen” equipment. Meaning, the camera got stolen from the renter. Since Dev rented the camera from me and I handed it to him, it’s considered “Voluntary Parting” and is not covered by insurance.
I had this guy’s info and pictures, so I tried filing a police report for the stolen equipment, but they told me the same thing: it’s not a criminal matter, it’s a civil matter, and my property was technically not stolen.
There was nothing more I could do. I was just really mad at the whole situation. I feel like everyone is to blame, including (and especially) myself. I should have read the fine print better and protected myself. At the same time, I feel like I got taken advantage of and lost roughly $4,500 worth of equipment.
I was told that stolen equipment only happens less than 1% of the time. KitSplit apparently felt awful about the situation and offered me $2,000. It was not the amount that I was hoping for. I spoke to my friends who are lawyers about it, and they said that the contract I signed up for states that KitSplit is not liable at all, so I should take what I can get.
I was 2 months into this whole process, was tired of waiting, and did not want to push my luck any further. I accepted the check and didn’t have to sign any papers or NDAs.
I still use KitSplit today, but not as much as I used to. I am very selective with who rents my equipment and cancel about 50% of my requests now. I have learned some hard lessons through this whole process and I would follow these rules when renting out things in the sharing economy:
Before you rent your equipment through any service:
Have personal insurance that covers renting and voluntary parting.
Do not rent to new users without feedback or online history.
Do a quick Google search of renters — make sure they’re working professionals with legitimate websites or IMDB pages. Was it really smart to rent out my $4,500 Canon 5DS R camera kit for $95? Probably not, but you live and you learn.
Editor’s update: KitSplit co-founder has sent us this statement regarding Peter’s experience:
We take instances of damage, theft, and voluntary parting very seriously at KitSplit. Our vetting system has successfully blocked millions of dollars worth of theft, and our incidence rate is .02% in 2018.
We were dismayed to hear about Peter’s experience. We have zero tolerance for this behavior and promptly blocked the renter from further rentals. As Peter notes, we are working with law enforcement on this matter. We also provided Peter reimbursement for the camera, and are seeking additional reimbursement via collections. We are continually working to improve our vetting system and insurance offerings. In the extremely rare cases when theft or voluntary parting occurs on our platform, it is often covered by insurance, or the gear is recovered by law enforcement officials. You can read more about what we do to make our platform safe here.
We are constantly improving our vetting system to block fraudulent and criminal activity. We are a small team of filmmakers and photographers who understand your camera can be more most prized possession, and we work hard to make KitSplit as safe as possible. We are always open to feedback. Please let us know if you have any suggestions, questions, or would like to discuss further. You can reach us at firstname.lastname@example.org or 917.722.6792.
About the author: Peter H. is a photographer based in New York. The opinions expressed in this article are solely those of the author.
An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network, the company said Friday as it released new details about the… Article word count: 715
An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network, the company said Friday as it released new details about the… Article word count: 715
Facebookʼs headquarters in Menlo Park, Calif. (Josh Edelson/AFP/Getty Images)
An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network, the company said Friday, as it released new details about the scope of an incident that has regulators and law enforcement on high alert.
Through a series of interrelated bugs in Facebook’s programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said. The contact information included a mix of phone numbers and email addresses.
An additional 14 million users were affected more deeply, having additional details taken related to their profiles, such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow.
Facebook said last month that it detected the attack when it noticed an uptick in user activity. An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in.
The bugs that allowed the attack to occur gave hackers the ability to effectively take over Facebook accounts on a widespread basis, Facebook said when it disclosed the breach. The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform’s “View As” feature to gain access to other usersʼ profiles. (The “View As” feature is designed to allow users to view their own profiles as though they are somebody else.)
Facebook said it is cooperating with federal and other authorities on its investigation but said the FBI had advised the company not to discuss who may be behind the attack.
What may have motivated the attackers is still unclear; despite mounting concerns about election security as U.S. officials count down to a highly contested midterm election, Facebook said there was no indication the hack was specifically related to the U.S. electoral process.
“We don’t have a specific indication as to the intention of the hackers,” said Guy Rosen, Facebook’s vice president of product management.
Although the hackers could have used the flaw to steal information belonging to other, third-party apps that use Facebook as a login method, Facebook said Friday that no outside apps appear to have been affected. Neither Instagram nor WhatsApp appears to have been compromised, the company added. Facebook Messenger was also unaffected.
The 29 million affected users, along with 1 million whose security tokens were taken but did not appear to have their data stolen, will be receiving customized messages from Facebook identifying specifically which types of information on their profiles, if any, were involved in the breach. Facebook executives told reporters Friday that the company will also try to reach affected users who have since deleted their Facebook profiles.
Facebook has also established a Web page that will inform users who are logged in whether their accounts were affected.
User messages could have been exposed in one specific use case, officials said. If an affected user had been the administrator of a Facebook page, and the page had received a message from another user, that message may have been compromised, Facebook said.
Facebook’s disclosure puts the company under even greater pressure as policymakers have taken the company to task over its approach to user privacy and data.
“The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack," said Ireland’s Data Protection Commission — the watchdog agency charged with monitoring compliance with the European Union’s new data privacy law. It said it was continuing an investigation into the breach.
The Federal Trade Commission — which Facebook said it is cooperating with — didn’t immediately respond to a request for comment.
The spotlight on tech companies intensified further this week as Google said that half a million accounts on its Google+ social networking service could have had information leaked as a result of a software bug. The admission prompted lawmakers to demand answers from the company and call for an FTC investigation.
The incidents could add momentum to a congressional push for a comprehensive U.S. privacy law covering tech companies, Internet providers and others in the online ecosystem.
An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network, the company said Friday as it released new details about the scope of an incident that has regulators and law enforcement on high alert.
Justin has been using the same. PSN account for 13 years. Then, someone tricked Sony into giving it away. Here's how I tracked it down, and started negotiating for its release. Article word count: 3086
Justin has been using the same. PSN account for 13 years. Then, someone tricked Sony into giving it away. Here's how I tracked it down, and started negotiating for its release. Article word count: 3086
$1,200. That’s how much someone is asking for a PlayStation Network account I’ve been investigating for the past few weeks. “Secure,” the person calls it, claiming the account will “never be touched” by the original owner again. “He wonʼt be getting it back,” they claim. More than a thousand dollars? That’s a little rich for my blood, and so I counteroffer: $700.
“Btc?” they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it’s generally harder, but not impossible, to trace.)
I didn’t purchase the account, of course. But I could—anyone could, if they only knew where to look. This account wasn’t on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help.
Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person—the individual asking for $1,200 but who quickly and without hesitation dropped to $700—did.
“Right now it feels like Sony’s system is protecting the people who stole my account and not me, the legit account owner of that account for almost 12 years,” said Justin, who asked to keep his identity and PSN name anonymous for reasons that’ll become increasingly clear.
Sony did not respond to my multiple requests for comment about this story.
To prove Justin owned the account in question, he forwarded me several PSN receipts with the username attached to the email, and various correspondence with Sony.
Roughly a month after the launch of the PlayStation 3 and PSN, Justin did what a lot of people were doing: registered a username. There was nothing special about the username; it was the same one he’d been using online for years. And for a while, everything was normal. He played games, mostly single-player ones. Eventually, someone tried to gain access to his account, prompting an email from Sony thanking him for calling into customer service, but nothing more came of it. A fluke, surely?
It was not.
Instead, it proved to be the opening shot in a ongoing struggle for Justin. This tug-of-war began in 2015, and escalated in recent weeks, where people would gain access to his PSN account, then he’d wrestle it back. Justin would add new security measures, figuring the digital wall would prove too high, or they’d get bored and move on—and they’d get it again.
The moment Sony added two-factor authentication to PSN, Justin did, too.
“Iʼve had at least one or two instances,” he said, “where they got far enough where the two-factor prevented them, it stopped them. I was like ‘OK, thatʼs what two-factor is supposed to do.’”
Nothing is completely secure on the Internet, but there are steps you can take to make life harder for anyone trying to access your stuff. Two-factor authentication, where after entering a password the user is asked to paste a randomly generated code sent to an email account or device of their choosing, is one of the easiest steps one can take. It means an intruder requires access to your device or multiple accounts. It’s helpful, and it took far too long for Sony to add two-factor authentication to PSN, despite the service’s massive hack in 2011. Microsoft added two-factor to Xbox Live in 2013. It didn’t hit PSN until 2016, five years after the personal details of 77 million users were potentially exposed to hackers.
Two-factor authentication is enough for most people, though increasingly, companies are offering more complex security layers, including dedicated authentication apps. (I use Authy.)
Until this point, what Justin was experiencing was annoying but tolerable. The two-factor notifications told him people were trying to gain access, but all he had to do was change his PSN password. Things changed last month, however, when he was getting ready for school.
“I got a text message on my phone,” he said, “from the two-factor service saying ‘Your two-factor authentication has been deactivated. Please be careful, you donʼt have that protection.’ I wonʼt say Iʼm a security expert, but I like to believe Iʼm security conscious. I knew I was screwed. I tried to log in, but it wouldnʼt let me log in, so I called Sony.”
After proving he was the account owner, control reverted to Justin, but he was confused. Justin told me Sony’s customer service representatives couldn’t explain what happened, but noted they could flag the count as “sensitive or something”—he couldn’t remember the exact phrasing—which would invite extra scrutiny by future representatives.
Justin pressed on. He registered a brand-new email account, one that hadn’t been associated with anything yet, and used the respected password management software LastPass to generate a 30-character password for his PSN account.
“I would go longer but I hate manually typing it in the PS4,” he said.
“Right now it feels like Sony’s system is protecting the people who stole my account and not me, the legit account owner of that account for almost 12 years."
For the email address itself, however, he applied a 100-character, randomly generated password with two-factor authentication. After logging in, the name associated with the account (not the username) had changed. He didn’t take much note of it. Fear-something?
“I changed it all back,” he said, “and I was like ‘OK, this happened before. Itʼs never gotten this far, but it was probably a one-off. Sony said theyʼd keep an eye on it. I have a new email address. I have a new password. Everything should be fine."
Narrator: It wasn’t.
When Justin woke up the next morning, it was like Groundhog Day; another text message saying two-factor had been flipped off. After calling Sony, he learned the damage was more serious: whoever hijacked the account changed the email address it was associated with, punched in a new password, and set up their own form of two-factor for a phone number.
When he tried to regain access through customer service, the said the account was now flagged as “protected.” Protected? This was different than “sensitive,” apparently. Protected turns on automatically, when the information on an account changes enough times to be considered erratic, and isn’t controlled by the representatives. Though the representatives confirmed Justin was the account holder, it was now, as Justin tells it, out of their hands. Another team was supposed to contact him in three days with more information.
During this phone call, something weird happened: someone texted Justin with messages he described “vaguely threatening,” promising to make things “worse” if he didn’t give up the account. (He deleted the text messages before Iʼd gotten in touch, when I asked him to start documenting everything.) If he didn’t give up the account, this person would make things worse at their job at Earthlink. They also made vague allusions to his wife and child.
Here’s the problem: Justin never worked at Earthlink. Earthlink was his old internet service provider during the PlayStation 3 era, and there was an old Earthlink email address attached to a PSN child account he’d made for a reason he couldn’t remember. The hijacker, it seems, used these scant details to infer he worked at Earthlink, and had a family worth threatening.
This was actually comforting to Justin. There was no family to be threatened. Plus, when he’d been thinking through the other ways someone might be getting access to his information—cloning his phone’s SIM card, a hidden keylogger tracking the movements on his keyboard, a fully compromised email account—it was potentially much worse. Had then been true, though, why hadn’t anyone used his credit card? Accessed a website that could do more financial damage than his lowly PSN account?
The fact that two-factor was disabled on Justin’s account is an important, complicating point. In order to disable two-factor, you’d theoretically have to have full access to the account, which also means access to the email (or device) the two-factor code is being forwarded to.
In such a case, wouldn’t the hijacker have access to more information than the misleading details on the PSN account, such as an old email address? Something wasn’t adding up.
Who, then, was disabling two-factor on his account? A key piece of evidence to consider: Sony had told him someone had called about his PSN account a whopping 12 times in the past 48 hours. A few of those were Justin, but the vast majority of calls were someone else.
“I assume heʼs wasting an hour or two [on the phone with Sony], at least?” said Justin. “It takes me half an hour to sort it out, and I have all the information. [laughs]So Iʼm just going off how long it takes me, and I hope it takes him at least as long. I hope heʼs not calling up and getting it done in 10 minutes.”
A potential culprit, then, is social engineering, a now-pervasive technique where someone uses pieces of information to trick someone, usually customer service representatives, into gaining access to another person’s account. This would explain the volume of phone calls. If you don’t succeed with one representative, call back and see if another will be more willing.
Though Sony asked Justin a series of personal questions to re-establish identity—the primary email address on the account, serial number of his first console, first city he logged in from—they also asked for details, like recent purchases, that could be found by punching in the account into any number of websites and seeing what trophies had recently unlocked.
(I asked multiple individuals who recently spoke with Sony’s customer service over similar issues, and several mentioned Sony asking for recent purchases as one of their identity metrics.)
Once you know one piece of information, it’s not difficult to start punching that into Google and find other pieces of information that might be just enough for a more lax representative.
Whatever happened, the end result was the same: When Justin finally heard back from Sony, they didn’t apologize and promise to protect the account. Instead, they said it—an account Justin has had for more than 13 years, with a history of trophies and purchases—was gone. There was nothing he could do, no process to appeal, no way to get any of his games back.
“I couldnʼt get any confirmation on if the person who ‘hacked’ it is locked out, but I sure as shit am,” he said. “From what I can gather I have lost that account and Sony canʼt or wonʼt do jack shit about it. If the person who stole it is also locked out that is one thing, but I couldnʼt get a concrete answer on that piece of info.”
That’s when I went looking for answers, and how I’d end eventually end talking someone down from a $1,200 asking price for Justin’s account to only— only—$700. My first tip came from one of Justin’s friends, who, in a fit of frustration, looked up Justin’s account on PSN, and found someone was actively using it, and had changed a bunch of information on it.
Importantly, it listed an active Twitter account in the “about me” section of the profile, an account that featured a (now deleted) screen bragging about access to Justin’s PSN name:
A reply mentioned another account, who also bragged about nabbing Justin’s PSN name.
When I contacted the first person, who had open direct messages, they pleaded ignorance, and repeatedly claimed it was their account. “What makes you believe the account was stolen?” they asked. Not long after, they locked their account—and deleted the screen shot.
It’s at this point that I contacted a source close to the hacking and piracy community, who pointed me towards a popular message board for sharing, selling, and buying “OG,” aka original, accounts across a variety of platforms, including Fortnite, Snapchat, Steam, Twitter, and, of course, PlayStation Network.
I’m declining to name the message board due to the sensitivity of the information on it.
On the board, there are guides to “secure” a PSN account in case “someone attempts to get the account back,” albeit with the important caveat “there’s no way to secure a PSN 100%.” One of the key suggestions is to quickly change the account to Japanese, which you’ll notice happened with Justin’s account. One of the screen shots listed the language as “Japanese.”
It was easy enough to register an account on this message board. There’s no vetting process. You also don’t have to pay anything to search the database, either. Once I was in, I plugged Justin’s PSN account into the search field and voila. There was a thread selling his username for $1,200.
In the thread, the seller promises the account is “secure.” There’s scattered and disputed discussion about whether the account has been sold before, but the seller claims it hasn’t. Importantly, there’s a discussion over whether the “og owner,”—Justin—could regain access.
“He won’t be getting it back,” argued the seller.
“Are you going to have a pull war with him or what,” asked another user.
“Not really a pull war when he not gonna pull lol” retorted the seller.
Pull war is a reference to the cat-and-mouse game Justin had been playing with this person, or possibly someone else, and Sony’s customer service department. The seller was boasting there’s no way it’ll switch hands, a claim bolstered by what Justin was told by Sony: the account is lost. In this case, though, it’s not “lost” because Sony locked it down, it’s lost because the user apparently had pulled enough tricks to make sure it’s out of Justin’s hands.
The seller even referenced the text message conversations he had with Justin:
Soon after, another user vouches for the seller’s authenticity, but is called out by someone as being a duplicate account for the seller—a violation of the board’s rules. He’s now banned, amid speculation from other users the seller cannot back up claims of securing the account.
“Use your brain a lil bit,” said another user. “There are ways to make sure og owner doesnt get it back. If you dont know then you dont.”
The other user concedes the point.
The seller continues to bump the thread— it’s been on sale for nearly a month—but no one’s biting. That’s when I decided to send a message, asking for proof about the account. He agrees to add me as a friend on PSN, and after registering a new account, I send a request.
A screen shot from a burner PSN account I made.
You’ll notice we’re now friends, as evidenced by the “your friend” note in the corner. The avatar is the same as the one referenced in the screenshot from Twitter a few weeks back.
This is when I decided to negotiate. Nobody had bought the account at $1,200, so maybe he’d go a little lower. Like I mentioned, I picked $700 out of thin air, thinking we’d settle somewhere in the middle, but they immediately agreed to my asking price. No negotiation.
“No one actually pays real money for accounts, so I bet he’s thrilled,” said the hacker who’d tipped me off to the forum in the first place.
I haven’t paid any money for the account, of course. Nor has anyone else.
More than likely, Sony itself is a victim of a clever social engineering scheme, in which a user, or series of users, repeatedly spammed their representatives, until it found someone willing to accept the limited information they did have, and calculated the system would eventually lock the account in their favor. Even a "failed" social engineering attempt can be a success, if the person calling comes away with new information about the account. Every company in the world can fall victim to social engineering, as there are no true fail safes. But Sony’s setup seems especially ripe for it.
Why didn’t the system get flagged as “sensitive” sooner? Why can a user flip off two-factor authentication over the phone? How can an account get abandoned, when it’s still active?
There are ways Sony could have prevented this from happening.
As I mentioned before, Sony did not respond to my request for comment about this story. They didn’t respond to my request for comment in 2017 when I investigated the shady world of PSN account resellers, either. PSN has a long, troubled history of putting their users in compromising situations. There are always exceptions, and no digital security is completely safe, but when someone follows all the rules, shouldn’t the company go above and beyond?
In this case, Sony most definitely did not—at first, anyway.
Though Sony did not officially respond to me, a few days after being alerted to the situation, in which I outlined everything that had happened to Justin’s account, he got a phone call. A week after Sony told Justin he was screwed, he was magically being handed the account.
“Sony promised that there were going to set it up so no reps could make any changes,” he said, “but they are still investigating how this happened.”
Sony did not respond to my request for comment about this new development.
There’s evidence the seller truly did believe they had the account “secured.” There was a new name and address associated with the account, and $15 in credit had been added. The seller even purchased some new games. This was an account someone intended to use, or allow someone else to use, if they’d agreed to an asking price of $1,200. (Or, uh, $700.) It’s also possible the purchases were made to establish a new purchase history, one of the identity metrics Sony’s customer service uses to establish who is the owner of an account.
Justin was also given a specific phone number to call in the future, if he has new problems.
“I have my account all set up now,” he said. “We shall see how well Sony can protect it.”
As for the seller, I called their bluff and asked for evidence they still had the account. They demurred, accused me of trying to waste their time (fact check: true), and asked for their money. Theyʼll have to keep waiting.
Follow Patrick on Twitter. If you have a tip or a story idea, drop him an email: email@example.com.
Have thoughts? Swing by Waypointʼs forums to share them!
At a Kiev nightclub in the spring of 2012, 24-year-old Ivan Turchynov made a fateful drunken boast to some fellow hackers. For years, Turchynov said, he’d been hacking unpublished press releases from business newswires and selling them, via Moscow-based middlemen, to stock traders for a cut of the sizable profits.
Oleksandr Ieremenko, one of the hackers at the club that night, had worked with Turchynov before and decided he wanted in on the scam. With his friend Vadym Iermolovych, he hacked Business Wire, stole Turchynov’s inside access to the site, and pushed the main Moscovite ringleader, known by the screen name eggPLC, to bring them in on the scheme. The hostile takeover meant Turchynov was forced to split his business. Now, there were three hackers in on the game.
Newswires like Business Wire are clearinghouses for corporate information, holding press releases, regulatory announcements, and other market-moving information under strict embargo before sending it out to the world. Over a period of at least five years, three US newswires were hacked using a variety of methods from SQL injections and phishing emails to data-stealing malware and illicitly acquired login credentials. Traders who were active on US stock exchanges drew up shopping lists of company press releases and told the hackers when to expect them to hit the newswires. The hackers would then upload the stolen press releases to foreign servers for the traders to access in exchange for 40 percent of their profits, paid to various offshore bank accounts. Through interviews with sources involved with both the scheme and the investigation, chat logs, and court documents, The Verge has traced the evolution of what law enforcement would later call one of the largest securities fraud cases in US history.
The case exemplifies the way insider trading has been quietly revolutionized by the internet. Traders no longer need someone inside a company to obtain inside information. Instead, they can turn to hackers, who can take their pick of security weaknesses: a large corporation or bank may have good in-house security, but the entities it works with — such as financial institutions, law firms, brokerages, smaller investment advisories, or, in this case, newswires — might not.
As one person involved in the press release scheme pointed out, it doesn’t matter what level of security a company has, “you’ve always got the human factor: that one employee who will click on the phishing email or is happy to exchange their password for money.”
“Just about every organization that compiles financial data that could be useful for traders has, at some point, been hacked,” says Scott Borg, director of the US Cyber Consequences Unit, a nonprofit research institute that does consulting for the US government. “All the bureaus of economic analysis from major countries in the world have almost certainly been hacked.”
For the most part, Borg says, these hacks fly below the radar. They tend to be “sophisticated and targeted,” and companies often refrain from reporting them, whether to avoid liabilities and reputational damage or because they don’t even know what information has been stolen.
In the last eight years, the US Securities and Exchange Commission has added three new teams to enhance its cybercrime detection capabilities and pushed companies to bolster their own security and quickly disclose breaches. The measures have had some success, as evidenced by a recent case involving law firms infiltrated by three Chinese hackers, but it’s a cat and mouse game. Even the SEC isn’t safe: in 2016 the commission was hit. The attack was not made public until the following year, generating accusations of hypocrisy.
The international nature of trading hacks makes enforcement particularly difficult. Shortly before Turchynov was bragging about the scheme, the US Secret Service, whose mission includes protecting the country’s financial infrastructure, started taking an interest in what he was up to.
From the beginning of 2012 onward, the three newswires — Business Wire, PR Newswire, and Marketwired — were endlessly patching holes and uninstalling malware in an effort to block the hackers’ access, court documents show. Askari Foy, a cybersecurity expert formerly with the SEC, explained that it would be standard practice for one of these firms to contact the FBI to launch a criminal investigation, which would give authorities access to their systems for forensic analysis.
After authorities alerted PR Newswire to a potential breach, the wire hired the private cybersecurity firm Stroz Friedberg in March 2012 to investigate further. Turchynov’s malware was detected and uninstalled, according to court documents. He sent a panicked message to the Moscovites on March 27th, presumably referring internal newswire emails he had access to: When you get back here write to me right away, there are several problems. The first and largest is that PR is fucked up. They detected the module and removed all our shit there. They took away that temporary server. I haven’t gone on to the new one yet, I’m waiting. This happened on the 13th [March]. The second problem: your guys were detected. They were trading with very big money and there was a lot of fuss about them, about how it’s not the season and when it was the season they traded. But by May 30th, 2012, thanks in part to their new co-worker Ieremenko, the hackers had regained access to PR Newswire and were back in business.
The US Secret Service decided to send an assistance request to Ukraine’s intelligence services, according to Ukrainian agent Oleksiy Tkachenko and US court documents. Their Ukrainian counterparts set to work following Turchynov about his daily life.
According to a peer who was also contacted by the Ukrainian agents, they noticed that Turchynov socialized with a group of 10 other men in their 20s, including his colleagues Ieremenko and Iermolovych, who had abundant cash and no discernible source of income. Turchynov is said to have owned a house in Koncha-Zaspa, Kiev’s equivalent to Beverly Hills. On social media, he displayed an extravagant gold clock collection, a gun, a luxury car, and pictures of him and his friends in Kiev nightclubs.
In November 2012, the Ukrainians, accompanied by US Secret Service agents now working in tandem with the FBI, carried out raids on nine properties around Kiev tied to the hackers. They confiscated Ieremenko and Turchynov’s laptops, uncovering hundreds of press releases as well as chat logs relating to the scheme. A few months later, US Secret Service Special Agent Alexander Parisella arrived in Ukraine to question Turchynov, Ieremenko, and others at interviews organized by Ukrainian intelligence agents, according to court documents.
From there, the case went cold. Ukraine does not extradite its own citizens, so Special Agent Parisella could do little more than try to get the hackers to talk about the press releases and other stolen payment card data they had found.
None of the hackers were charged in Ukraine, either. Ukrainian law enforcement said they never received the required request from the US to do so, a fact confirmed by a US agent at trial. It seems Ukraine’s intelligence services had something else in mind for Turchynov, the Americans’ key suspect.
“Back then, he paid the mentiy [Russian slang for cops]. Well, not paid. He gave them his collection of clocks worth half a million. He handed over his house. He handed over his Bentley, and then they said, ‘Ok now you are working for us or you’ll go to America’,” said a person in close contact with Turchynov at the time.
From US Special Agent Parisella’s visit onward, Turchynov continued to hack press releases, but now at the behest of elements within Ukraine’s intelligence services, Ukraine’s Cyber Police Chief Serhii Demedyuk told The Verge. The intelligence agents began running a parallel operation to the Moscovite middlemen, using Turchynov’s access and sourcing their own traders, according to Demedyuk.
“That’s what, in fact, happened, and that needs to be admitted,” said Demedyuk of the way Ukrainian intelligence agents allegedly profited from illegal trades.
Ukraine’s intelligence services did not respond to requests for comment about their involvement.
The origins of the trading hack are murky. In court, a government witness identified a man known only as “Valerie” as the “main guy.” Witnesses and documents also identified someone named Roman Vishnevsky as his point of contact with the traders, who, based on a shared Skype name and social contacts, is likely the trader who at age 26 was featured by Forbes Russia for his success. (Vishnevsky has not returned repeated requests for comment.) Neither person has been charged, despite Vishnevsky traveling to the US as recently as November 2017. Online, according to multiple sources who spoke to The Verge, the purported ringleader was known only by the screen name eggPLC.
Demedyuk and others who spoke on the condition of anonymity believe eggPLC is a Moscow-based stock trader originally from St. Petersburg, who since at least 2008 had been hiring hackers to work for him. On a number of dark web forums, where exploits, stolen login data, and personal details are bought and sold, The Verge reviewed instances of eggPLC advertising for hackers to help him access brokerage accounts. According to a person connected to the scheme, he would then use the brokerages to drive share prices up and down while making trades from his own accounts. This variation of the old-school stock scam known as pump and dump was revived in the mid-2000s by traders using hackers to manipulate prices.
Based on what Demedyuk and those with knowledge of the scheme say, it would have been around 2009 that eggPLC recruited Turchynov to hack the newswires. Turchynov would send the stolen press releases to eggPLC and two other Moscow-based middlemen, who would pass them on to traders; the hackers would take a 40 percent cut of profits, and the middlemen took 10 percent. From his inactive ICQ numbers, a messenger service once popular in Russian-language hacking circles, it appears that eggPLC was running a full-fledged business through the dark web. One number he advertised was his personal number; another bore the name “eggPLC support.”
In St. Petersburg, Moscow, Kiev, and the US, the stolen press releases attracted growing groups of traders, some employed at investment companies and others working independently. Friends approached friends, and circles grew.
Two of the traders, the brothers Pavel and Arkadiy Dubovoy, come from one of Ukraine’s most well-known and wealthiest evangelical Baptist families, several members of which got rich privatizing Ukrainian factories in the 1990s. Arkadiy, who owns an ice cream factory in Odesa, immigrated to the Atlanta suburbs in the mid-1990s, thanks to a law offering refugee status to persecuted religious minorities from the Soviet Union. Pavel studied for a while in the US near Arkadiy. But together with a large contingent of the Dubovoy family, they moved to Kiev when their cousin Oleksandr was elected to parliament in 2007.
While living in Ukraine in November 2010, according to court documents, Pavel Dubovoy sent Arkadiy’s partner in the construction business an email containing instructions on how to access the stolen press releases.
After the Christmas holidays, Arkadiy and his business partner, Alexander Garkusha, traveled from their homes in Alpharetta, Georgia, to the Atlanta airport where they met a Philadelphia-based Slavic Baptist pastor and trader named Vitaly Korchevsky.
As a former Morgan Stanley portfolio manager and vice president, Korchevsky had a strong reputation for financial planning advice among the new immigrant community, many of whom arrived with little English and understanding of life in America. Korchevsky was a prominent religious figure in the US-based Slavic Baptist community as well and was often invited to preach around the US and the former Soviet Union.
In the early 2000s, Korchevsky would finish work at Morgan Stanley in New York and make the almost two-hour journey back to South Philadelphia, where he would spend the evening driving around the suburbs visiting Slavic Baptists he hoped to attract to his small evangelical Christian gatherings. He later organized a union of 28 Russian-speaking churches and spent much of his large income to establish his own church in Philadelphia. He also sponsored many of his own congregation to emigrate from the former Soviet Union, as he had done in the late 1980s. They would often live at his house until they found work and housing.
“He was very religious... but when I met him, I saw in him a businessman as well. He is a man of ambitions. He is a man who loves himself and ambitions,” said a Slavic Baptist leader who has known Korchevsky for three decades. “He loves being in a position of a leader... and being a persona that people look up to.”
Arkadiy and Garkusha met Korchevsky to discuss the scheme at an airport restaurant while he had a layover in Atlanta. It was a tough sell at first. The financially astute pastor was unimpressed, saying that the printed releases they were showing him were publicly available. Arkadiy left the meeting thinking it was just another one of his younger brother’s bad ideas. A second meeting was stymied by technical difficulties. It was only on the third attempt, when the group finally got proper access to the server to show Korchevsky, that the pastor declared the scheme was workable.
Arkadiy began opening brokerage accounts. Arkadiy’s English is so limited he would ask others, like his son Igor, to write emails on his behalf, he said. He also claimed in court to have no knowledge of stocks and a limited ability to use computers. Consequently, he gave Korchevsky permission to trade with his money from his accounts and paid him about 10 percent of the profits. Korchevsky, who was setting up a Philadelphia fund at the time, secretly made trades from his own accounts, a move that would later lead to the group being cut off by the middlemen for not paying their full commission.
Arkadiy was also running his own side game. His brother Pavel had introduced him to another former Wall Street trader, Vladislav Khalupsky, who split his time between Odesa and Brooklyn. Arkadiy opened accounts for Khalupsky to trade with. He later testified that he wanted to see who was better: Pastor Korchevsky or Khalupsky. Arkadiy also sent his son Igor to learn how to trade at Khalupsky’s Odesan firm.
The scheme continued to grow in this way, with friends, family, co-workers, and fellow congregants roping one more person into a seemingly foolproof way to get rich. Two managers at Arkadiy’s Ukrainian firms opened accounts, and two of his relatives in Odesa joined as well. (The Dubovoy family is very large, and only five members have been implicated in the case.) A year later, Arkadiy’s accountant and fellow churchgoer Leonid Momotok got involved. Momotok, who had some knowledge of the stock market, opened more accounts to trade with, including one under the name of his brother. The more unrelated the entities and accounts, the harder it is for the regulators to detect and investigate.
For someone like Korchevsky, a registered US investment adviser with over a decade of experience, the stolen press releases were easy money.
On August 3rd, 2011, a press release from Dendreon Pharmaceuticals was uploaded on PR Newswire at 3:34PM and published less than 30 minutes later at 4:01PM, just after the markets closed. The release announced the company’s new drug would not meet its forecasted sales target. At 3:56PM, when it had yet to be published and four minutes before the markets closed, Korchevsky purchased 1,100 put options, a contract giving the ability to sell the stock at a specific price within a specific time period. The next day, Dendreon’s stock fell 67 percent and Korchevsky sold his put options for a profit of more than $2.3 million. Phone records have Korchevsky calling Arkadiy’s office twice before the release was published and twice again after he sold the put options.
There were also times when the traders lost money. Despite a positive release, internet company Verisign’s stock price unexpectedly dropped on April 26th, 2013. Arkadiy’s son Igor Dubovoy emailed Korchevsky: “Arkadiy asked me to sell all the stocks if you do not have Internet can you please let me know if I should do it or if you have the service to do it.” Shortly after, Igor closed out the Dubovoy group’s positions for a loss of $114,038. Igor then sent Korchevsky another email: “I already sold everything and just saw your email not sure if i sold it the way you had it planned.” Korchevsky responded to Igor: “its ok ... not the last day ... it was strange anyway ... got the numbers right ... reaction mixed.”
In Ukraine, Pavel, who held a joint account with his brother Arkadiy, was responsible for paying the hackers their commission. He did so through his British shell company, using account numbers provided by an unidentified individual, likely Roman Vishnevskiy who was mentioned several times at the trial as being the Dubovoy’s point of contact. (Vishnevskiy did not return repeated requests for comment.) In one of several emails from February 2012, confirming payments to Arkadiy, Pavel stated he had paid $95,000 into Turchynov’s Estonian bank account next to which he wrote “the guys.” It was disguised as a payment for building equipment from Arkadiy’s property development company, a common vocation of Soviet Baptists who were often denied access to state-gifted accommodation. The email also included a note that $160,000 had been paid to “Vlad” aka Khalupsky, the Ukrainian-US trader who provided investment advice. Pavel would also email wish lists of expected company announcements to Arkadiy in Georgia and to the hackers via the Moscow ringleaders.
It is not clear how Pavel first became acquainted with Roman, who introduced Pavel to the scheme and worked for its main ringleader, according to testimony. It is also not fully apparent what Pavel does for a living. His politician cousin Oleksandr described him in an interview with The Verge as a “technical specialist” and “freelancer” who also dabbled in property development, though said he was unsure of his trading capabilities.
Reached over the phone in March, Pavel denied being involved in insider trading or in trading generally. “I honestly had very little to do with it. My relatives were much more involved,” said Pavel of the press release scheme and his indictment by the US authorities. “I had absolutely nothing to do with it,” he went on. “I have never had any broker accounts or conducted any trades. I don’t even know how it’s done…I don’t know what is going on in the case…I don’t know why [they have connected me].”
Pavel subsequently declined repeated requests to meet, and didn’t respond to specific questions about the hacking scheme.
In November 2014, almost two years after Agent Parisella’s visit to Kiev, the third hacker, 27-year-old Iermolovych arrived at a luxury resort on the sunny shores of Cancun, Mexico, on vacation from Ukraine’s freezing winter. Just after midnight, as he sat relaxing in the hotel restaurant, a group of Mexican law enforcement officers approached, according to a source with knowledge of the event. The officers told him that he was not welcome in Mexico and that they were taking him to the airport. The Ukrainian consulate had agreed to fly him back to Ukraine, they said. Meanwhile, the police searched the room upstairs, waking his wife and confiscating his laptop. When Iermolovych arrived at the airport in darkness, he was hustled onto the back of a commercial passenger plane and told he would have one stop in Dallas, Texas.
However, as the plane touched down in Dallas, the source said, the passengers in the front four rows stood up and announced they were US Secret Service agents. Iermolovych did not proceed to Ukraine. The Mexicans had handed him over to US law enforcement. There were no extradition proceedings.
Iermolovych was initially charged with selling data from over 300 stolen corporate payment databases based on information found on his laptop in the Kiev 2012 raids. Law enforcement then found evidence of press releases on the laptop the Mexican authorities confiscated. After being transferred to the Hudson County Correctional Facility in New Jersey, the US authorities presented Iermolovych with a choice of serving two to three years or 20, and encouraged him to accept a plea agreement.
Even with one of the hackers in custody, uncovering the entire the network was difficult. Iermolovych denied knowing any of the traders and claimed to have only chatted with the Moscow ringleaders online, according to a source with knowledge of the investigation. Moreover, the traders would access and read the press releases on an offshore server, minimizing traces of evidence.
Experts say getting caught for this type of insider trading often depends on the lengths a trader will go to to avoid detection. Identifying a trader who is using inside information is almost impossible if they keep changing where they’re trading from, even with cooperation from multiple countries, according to Borg, the director of the US Cyber Consequences Unit. Traders can further cover their tracks by establishing credit ratings at brokerages anonymously through cryptocurrencies or shell companies that they then shut down.
The Dubovoy group was somewhat less careful. Since 2010, the SEC’s Analysis and Detection Center has joined Wall Street’s self-regulator, the Financial Industry Regulatory Authority (FINRA), in monitoring the markets for signs of insider trading. Their algorithms are designed to pick up on stock prices fluctuating before major corporate announcements, indicating that those buying or selling have insider knowledge, said Janet Austin, a professor at the University of New Brunswick and author of the book Insider Trading and Market Manipulation: Investigating and Prosecuting Across Borders. The SEC’s Center for Risk and Quantitative Analytics then looks at the entity making the flagged trades to see if they can find links to the company, like a relative or a past employer. If they cannot find any immediate link, they store the data in case the entity does it again. The volume of trades to sort through still makes detection difficult.
FINRA aided the SEC in its investigation of the press release case. Both declined to comment for this story. What likely happened, according to Austin, was that, armed with the knowledge that stolen press releases were being used on the markets, the regulators looked at logs of suspicious trades and gradually discovered that some of the entities were associated.
The Dubovoys used the same brokerage accounts repeatedly, and they owned some of them directly or through immediate family members with shared surnames. Their association could also be easily confirmed through the fact that they were part of the same church community.
In 2014, the middlemen discovered the Dubovoy group was trading from many more accounts than they were declaring. They started threatening Pavel, according to court testimony. Arkadiy made a trip to Ukraine in January 2015 where he even met Valerie, the “main guy.” Roman, their middleman contact, made different proposals as to how the group could make good and regain access: paying $50,000 a day for continued access to the server, or $100,000 a week, plus a $300,000 deposit. (The sums were indicative of how valuable the releases had become on the black market.)
It didn’t work out. Eventually, the group found a new way to get the releases through the husband of Arkadiy’s cousin, Valery Pychnenko who was able to meet the middlemen through his own channels. Pychnenko would send the releases to himself using a nondescript email account, which Igor would access and then forward to Vitaly.
But just as the newswires did not always inform their clients that they were having security problems, the middlemen appear to have chosen not to tell the traders that one of their hackers was arrested.
Nine months after Iermolovych’s arrest, in August 2015, FBI agents led pastor Vitaly Korchevsky, with graying slicked-backed hair, out of his upscale suburban home in Philadelphia. The same day, Arkadiy, Igor, Garkusha, and Momotok were also arrested at their homes in Georgia.
Korchevsky was accused of making $17.5 million in illicit gains, Arkadiy over $11 million, and Igor $249,000. Momotok and Garkusha made approximately $1.3 million and $125,000, respectively.
The news shocked the US Slavic Baptist community and Korchevsky’s fundamentalist congregation, in particular, many of whom refused to believe he was guilty. The persecution Baptists suffered at the hands of the Soviet Union has left many suspicious of the authorities and the media, according to Olena Panych, an academic on post-Soviet Baptists.
His supporters alleged that the case was a US government plot aimed at persecuting the Christian leader. Korchevsky’s defense argued, and US prosecutors have admitted to the court, that they found no press releases on Korchevsky’s computers or evidence that he was in contact with the hackers.
Korchevsky was careful, according to witness testimony. He often traveled to Ukraine to trade and used computers that Arkadiy had paid for. He would also be careful to delete the evidence and leave whatever technical equipment he could behind in Kiev. An FBI forensic specialist testified that they were unable to reconstruct deleted attachments, which they believed were press releases. In the indictments, the prosecutors instead pointed to Korchevsky’s trading patterns, which in many instances mirrored those of other defendants accused of trading on the releases, as well as presenting emails and chats between Korchevsky and other members of the Dubovoy group discussing trades.
Several Slavic Baptist leaders told churchgoers not to discuss the issue publicly and to pray. After his arrest, his supporters created a Pray for Vitaly Korchevsky Facebook page and sometimes prayed outside the courthouse during his hearings.
“I ask you please not to rush to conclusions,” said pastor Konstantin Likhovodov in Portland, Oregon, speaking a week after Korchevsky’s arrest. “He is a god-fearing man. And it even surprises me brothers, that we would so quickly agree with non-believers to the detriment of what we know about our own brother… I am embarrassed to say that there are members of this church who have allowed themselves on the internet...to say he is a wolf in sheep’s clothing. I have a question: What right do you have to judge another? Who do you think you are?”
After initially pleading not guilty, Garkusha, followed by Momotok, Arkadiy, and Igor all plead guilty before the trial. They are currently awaiting sentencing. When a person in the Pray for Vitaly Korchevsky Facebook group posted about them pleading guilty in 2016, the admin responded: How do you know these other guys didn’t get paid off by the govt to lie to the judge? Watch, they will get off with a slap on the wrist, and a few million each. I think you underestimate the governments abilities to create a situation when they need one, and their ability to get whatever they want. I recommend you really search inside yourself and ask yourself who the real criminal is here. Korchevsky’s church has suffered immensely because of the case. After the US government froze his funds, the congregation began pooling its resources to pay for his lawyers. Korchevsky allegedly used some of his trading proceeds to purchase nine properties in the Philadelphia suburbs, a strip mall, and a 9 percent stake in a Georgia apartment complex. At least five of the houses, according to those who know him, were purchased on behalf of new immigrant families who had yet to establish credit ratings: “Yes, it is true actually all of them…I did not buy anything for myself,” wrote Korchevsky via email when asked about some of the properties. Korchevsky did not respond to further questions about his role in the scheme.
“It really shocked people because they did not think that he could do anything wrong because he had done so much good for them,” said a Baptist leader who has known Korchevsky for three decades. “He is really heartbroken because everything that he built has been crushed.”
“If he doesn’t admit the guilt, I almost positively think that it’s church related. He has the image of a man who cannot do that. As long as people think he’s innocent he can continue to be a star,” said the Baptist leader, who believes Korchevsky is guilty.
The only stolen release the US was able to obtain before the arrests in 2015 was one that was screenshotted by Khalupsky on Viber, a mobile application that doesn’t retain data. He emailed the release to his Yahoo account, which the government likely searched. Placed together with the emails and trading windows, the screenshot was a key piece of evidence against the Dubovoy group, the only traders to be criminally indicted. After the arrests, Igor gave the FBI access to an email account containing over 200 releases, which he said he had forwarded to Korchevsky.
Khalupsky, the Wall Street trader who resided in Brooklyn and ran an Odesa trading firm, was detained hiding out in Odesa in February 2017. After placing him under nightly house arrest, Ukrainian authorities granted an American extradition request, as Khalupsky is a US citizen.
The group turned on itself over the course of the proceedings. Khalupsky, like Korchevsky, plead not guilty, claiming he had been mislead by the Dubovoys. Arkadiy, Igor, and Garkusha testified against them at the trial. In turn, Khalupsky’s defense attorneys attacked their credibility by linking them to past cases involving a drug scheme stretching from Panama to Europe and money laundering in Latvia.
A jury found Khalupsky and Korchevsky guilty on all counts on July 6th. Korchevsky’s supporters were twice scolded by the judge for praying outside the courthouse during the trial. As the verdict was read, his family broke down in tears, according to Bloomberg. The pair has yet to be sentenced.
Free on bond, after the verdict, Korchevsky addressed his Philadelphia congregation to thank them for their support. With a smile of a man vindicated, he said he would appeal the verdict: The Lord showed with certainty that they could not present a single piece of evidence that I ever held any information. It doesn’t exist. Of course a story was told that I destroyed the computer, though they found a 17-year-old computer in my house. But God knows and we can express it bravely before him: that there was nothing of the sort. Not a single computer or cell phone was ever destroyed. Two related SEC civil cases were brought against traders at investment and trading companies in Moscow and Kiev as well as individuals in St. Petersburg. They have argued their innocence based on the lack of evidence that they possessed the unpublished releases or had contact with the hackers. Unlike in Korchevsky’s case, where there were dozens of emails to US-based servers and one stolen release, the mainstay of evidence in the SEC civil cases is the trading patterns.
In dozens of instances, the traders and entities named in the civil case would trade within hours, sometimes minutes, of each other, and before a release became public. The traders’ choice of stock would also follow the hackers’ fluctuating access to the newswires.
One defendant in the civil case, David Amaryan, whose company Copperstone Capital won an award for best Russian hedge fund in January 2015, claimed that one of his employees devised an algorithm to pick up early trades occurring on the market and mimic them. The logic being that the early trades were made on the basis of someone else’s insider information. After an uncomfortable round of questioning, during which prosecutors proved to the court that he knew other defendants in the case he had previously denied knowing, Amaryan and his three companies agreed to pay $10 million to the SEC. He neither admitted nor denied wrongdoing as part of the settlement. Similar settlements have been made by other Russian and Ukrainian defendants, including one of Ukraine’s most prominent investment firms. In total, the SEC has recouped $53 million in ill-gotten gains from investment firms, traders, and brokerages.
Iermolovych, the hacker removed from Cancun, is the only defendant to be sentenced so far in the case, in May 2017. He received a 30-month prison sentence.
In all, the case would later be described by the FBI as the largest known computer hacking and securities fraud in the world. The combined total of profits made public by the SEC stands at over $100 million, but that represents only a fraction of the money authorities believe was made off the stolen press releases. Several of the people currently charged, including Pavel, have not had their profits established and therefore aren’t included in the total. Furthermore, during pre-trial, a defense attorney referred to a sealed affidavit saying that the FBI has identified more than 100 individuals who traded on the hacked information. So far, the authorities have only initiated proceedings against 42 entities, including 20 individual traders.
Safe from US hands under Ukrainian law, and likely safe from Ukrainian law because of his connections, Arkadiy’s younger brother Pavel, the person who introduced the group to the releases, is the only one of the criminally charged traders still at large.
Pavel has amassed high-profile ties, especially after his and Arkadiy’s cousin Oleksandr Dubovoy entered Ukrainian politics. The Dubovoy group associates with figures from the Kremlin’s evangelist for healthy living to Russia’s most decorated singer, who was personally congratulated by Putin on his 80th birthday during a party held at the Kremlin. One of their most significant connections is the former deacon of the Dubovoy’s church in Kiev: Oleksandr Turchynov (no relation to the hacker Ivan Turchynov). Oleksandr Turchynov is the former head of intelligence services and one-time acting president, and he currently oversees the police, intelligence services, and army. That makes him one of the most powerful politicians in Ukraine.
Oleksandr Turchynov and the Dubovoys were known among congregants at Word of Life for their shared love of the number seven, says their now former pastor Volodymyr Kunets. Kunets says they chose the number because it signifies completeness in the Bible, the day God rested. Pavel and Oleksandr Dubovoy have cell numbers with at least four sevens, and Oleksandr Turchynov and Oleksandr Dubovoy have customized car license plates with four sevens, said Kunets. (There is no indication that Oleksandr Turchynov was associated with Pavel’s trading scheme, and his representative denied the politician is acquainted with Pavel, but said he is close to Pavel’s cousin Oleksandr Dubovoy.)
Pavel and Oleksandr Dubovoy fell out with their pastor Kunets after they, along with Oleksandr Turchynov, paid millions of dollars to help construct a new church for the Word of Life congregation, located next door to the original church. The trio then de facto took it over from an aggrieved Kunets in July 2017. He had been their pastor for over 10 years.
Speaking in general terms about the community and the case, Panych, the researcher studying post-Soviet Baptists, said that due to scarce finances, churchgoers have learned to accept politicians and wealthy parishioners, preferring to leave it up to God to judge their actions.
“You understand, the church also needs rich people. They donate money. They build prayer houses. But where they get the money, it’s not always clear,” said Panych.
Kunets told The Verge that when news broke of the US case in August 2015, Pavel left for Belarus to stay with relatives, where he remained for around a year before returning under a different passport. Ukraine’s police say that Pavel is living in Ukraine under a fake Russian passport. He seems to be living quite openly since returning. Just before Christmas in 2017, The Verge saw Pavel at a Sunday service, which, according to churchgoers, he has been attending regularly in the past year. He has also traveled abroad, checking in on Facebook in Tehran, Iran, a country where arrest by the waiting FBI is almost impossible.
Ukraine’s police say they have questioned Pavel, yet their American colleagues have not handed over the necessary information to arrest him. Ukraine’s intelligence services say they have no information regarding Pavel.
The press release case received little attention from the Ukrainian media and the Ukrainian evangelical Baptist community, but Pavel cropped up in one of Ukraine’s biggest corruption cases of 2017, which was featured in a BBC Panorama program. Ukraine’s National Anti-Corruption Bureau accused Pavel of attempting to bribe one of their agents to shut down an investigation into his cousin’s Odesan factory and Odesa’s notorious mayor, who the BBC alleged is part of a mafia ring. According to leaked documents from Ukraine’s prosecutor general office, Pavel offered the agent $100,000 to lift a freeze on his cousin’s bank account, an additional $200,000 to be paid once the freeze was lifted and a further $200,000 to close the case entirely.
The drama in Pavel’s life has not stopped there. He was shot at three times in February, according to his cousin Oleksandr Dubovoy. The injuries, said Oleksandr, were sustained during a meeting in a cafe when Pavel attempted to rescue an unknown woman from being beaten by a group of men. Interviewed by phone from a hospital, Pavel said the conflict with Pastor Kunets over the church they had built together had been “exhausted.” He denied involvement in the press release case, though did not respond to further detailed questions.
His cousin Oleksandr Dubovoy explained, when asked, that the group did not see the scheme as a contradiction of their faith: “As much as I have read, listened and heard from his relatives and I know him well too, they, and he, in particular, don’t see it as stealing something.” Pavel was a tool or link who passed on an instrument and didn’t know how it was going to be used, said Oleksandr.
The FBI declined to give an official comment about the press release case or the alleged involvement of the Ukranian intelligence services.
The hacker Turchynov has so far escaped consequences of the scheme collapsing as well. He went on to hack Ukraine’s fiscal services database in 2016 for a different Ukrainian business group, according to Demedyuk, Ukraine’s cyber police chief, and stole information and altered taxes on the group’s behalf. When the police began investigating in January 2017, Turchynov fled through Ukraine’s war-torn eastern territories to Russia, a country out of reach to the US and Ukrainian authorities.
For Ieremenko, the press release indictment signaled the beginning of a rocky new stage in his hacking career. When the US indictments were announced in August 2015, some “not very good people” at Ukraine’s intelligence services together with the hacker Turchynov, used Ieremenko’s ignorance of Ukrainian extradition law to blackmail him, according to Demedyuk. Ieremenko was told if he paid them, he would be safe from extradition, which, legally speaking, he was anyway. Turchynov, acting as the go-between, further toyed with Ieremenko by telling him the blackmail sum was twice as much. Ieremenko paid up. The pair fell out when Ieremenko discovered he had been duped.
Ieremenko’s skills were subsequently sought out by Artemy Radchenko, a slickly dressed ambitious 23-year-old with wayward connections. In October 2015, two months after Ieremenko was indicted by the US for the press releases, they set up Benjamin Capital Group, a UK-registered investment bank in Ukraine’s capital city. According to Ukraine’s cyber police chief and a source with knowledge of the project, Benjamin Capital was set up to look like a legal trading and investment firm. Radchenko attracted investors who were paying for Ieremenko’s proven technical abilities to hack inside information. They hired employees and rented servers and two floors of office space.
On employee forums, workers complained about the company’s management and salary delays. In winter 2017, Ieremenko realized Radchenko had used all the investors’ money as well as their operation’s profits to buy himself apartments abroad and luxury cars, said Demedyuk.
Radchenko continued to keep Ieremenko at the company under threat of violence. Before things began to fall apart, Ieremenko had been struck with the idea of hacking the SEC’s EDGAR filing system and was having some success in his new project, according to Demedyuk and a source familiar with the attempts. EDGAR is used by every company trading on US stock exchanges to file financial reports, which are then published online. When Ieremenko finally decided to leave, Radchenko was enraged.
“Radchenko hired thugs to beat up or, I don’t know, even kill Ieremenko. He has a vendetta. Because from what we know about Radchenko..he’s very aggressive,” said Demedyuk.
In addition to failing to pay his employees, Radchenko made the decisive mistake of not paying his own bodyguards. As the more mainstream business people had walked away from Benjamin Capital, they had been replaced by an unsavory crew, which included Ukrainian organized crime figures. The investors banded together with Radchenko’s own bodyguards and beat him up “pretty well,” according to Demedyuk. They then went after Ieremenko. Instead of punishing Ieremenko, some of the investors made him an offer to move to Russia to work for them while paying off Radchenko’s debt.
Breaches of the SEC, including of its EDGAR filing system, occurred from October 2016 to April 2017, Reuters reported, citing an unnamed source, though the SEC’s statements issued in September mentioned only a 2016 intrusion without elaborating on a timeline. The SEC says it is still investigating what happened.
Update from the maintainers Incident status report from npm Please follow the comment by @platinumazure that gives a little insight into what happened: #39 (comment) It also appears that the same c... Article word count: 43
Update from the maintainers Incident status report from npm Please follow the comment by @platinumazure that gives a little insight into what happened: #39 (comment) It also appears that the same c... Article word count: 43
The driver of a stolen tractor-trailer in Colorado deliberately rammed into vehicles and caused numerous injuries before finally being taken into custody by police, who fired on the rig in an effort to stop the rampage, authorities said Sunday.