department of justice

huge-telehealth-fraud-indictment-may-wreak-havoc-for-adderall-users,-cdc-warns

Huge telehealth fraud indictment may wreak havoc for Adderall users, CDC warns

adderall, ADHD, CDC, department of justice, Done Global, fentanyl, fraud, health, illicit drugs, overdose, prescription drug, Science, stimulants, telehealth / /

Tragic —

The consequences are dangerous, possibly even deadly, for patients across the US.

Ten milligram tablets of the hyperactivity drug, Adderall, made by Shire Plc, is shown in a Cambridge, Massachusetts pharmacy Thursday, January 19, 2006.

Enlarge / Ten milligram tablets of the hyperactivity drug, Adderall, made by Shire Plc, is shown in a Cambridge, Massachusetts pharmacy Thursday, January 19, 2006.

The Centers for Disease Control and Prevention on Thursday warned that a federal indictment of an allegedly fraudulent telehealth company may lead to a massive, nationwide disruption in access to ADHD medications—namely Adderall, but also other stimulants—and could possibly increase the risk of injuries and overdoses.

“A disruption involving this large telehealth company could impact as many as 30,000 to 50,000 patients ages 18 years and older across all 50 US states,” the CDC wrote in its health alert.

The CDC warning came on the heels of an announcement from the Justice Department Thursday that federal agents had arrested two people in connection with an alleged scheme to illegally distribute Adderall and other stimulants through a subscription-based online telehealth company called Done Global.  The company’s CEO and founder, Ruthia He, was arrested in Los Angeles, and its clinical president, David Brody, was arrested in San Rafael, California.

“As alleged, these defendants exploited the COVID-19 pandemic to develop and carry out a $100 million scheme to defraud taxpayers and provide easy access to Adderall and other stimulants for no legitimate medical purpose,” Attorney General Merrick Garland said in a statement. “Those seeking to profit from addiction by illegally distributing controlled substances over the Internet should know that they cannot hide their crimes and that the Justice Department will hold them accountable.”

Deadly consequences

According to the Justice Department, Done Global generated $100 million in revenue by arranging for the prescription of over 40 million pills of Adderall and other stimulants, which are addictive medications used to treat ADHD (attention-deficit/hyperactivity disorder). Done Global allegedly eased access to the drugs by limiting the information available to prescribers, instructing prescribers to prescribe Adderall and other stimulants even if the patient didn’t qualify, and mandating that the prescribing appointments last no longer than 30 minutes. The company also discouraged prescriber follow-up appointments and added an “auto-refill” feature.

Prosecutors further allege that He and Brody continued with their scheme after becoming aware that patients had overdosed and died.

The CDC cautioned that the disruption from lost access to Done Global prescriptions comes amid a long-standing, nationwide shortage of Adderall and other stimulant medications. For patients with ADHD, the disruption could be harmful. “Untreated ADHD is associated with adverse outcomes, including social and emotional impairment, increased risk of drug or alcohol use disorder, unintentional injuries, such as motor vehicle crashes, and suicide,” the CDC warns. Further, a loss of access could drive some to seek illicit sources of the drugs, which could turn deadly.

“Patients whose care or access to prescription stimulant medications is disrupted, and who seek medication outside of the regulated healthcare system, might significantly increase their risk of overdose due to the prevalence of counterfeit pills in the illegal drug market that could contain unexpected substances, including fentanyl,” the CDC said. Fentanyl is a synthetic opioid that is up to 50 times stronger than heroin and 100 times stronger than morphine.

The Drug Enforcement Administration recently reported that seven out of every 10 pills seized from the illegal drug market contain a potentially lethal dose of illegally made fentanyl, the CDC noted.

This post was updated to clarify that the DEA’s data indicated that 70 percent of illicit pills seized contained “potentially” lethal doses, which was not included in the CDC’s warning.

Huge telehealth fraud indictment may wreak havoc for Adderall users, CDC warns Read More »

judge-mulls-sanctions-over-google’s-“shocking”-destruction-of-internal-chats

Judge mulls sanctions over Google’s “shocking” destruction of internal chats

Antitrust law, department of justice, Google, google monopoly trial, google search ads, Policy, search engines, us v google / /
Kenneth Dintzer, litigator for the US Department of Justice, exits federal court in Washington, DC, on September 20, 2023, during the antitrust trial to determine if Alphabet Inc.'s Google maintains a monopoly in the online search business.

Enlarge / Kenneth Dintzer, litigator for the US Department of Justice, exits federal court in Washington, DC, on September 20, 2023, during the antitrust trial to determine if Alphabet Inc.’s Google maintains a monopoly in the online search business.

Near the end of the second day of closing arguments in the Google monopoly trial, US district judge Amit Mehta weighed whether sanctions were warranted over what the US Department of Justice described as Google’s “routine, regular, and normal destruction” of evidence.

Google was accused of enacting a policy instructing employees to turn chat history off by default when discussing sensitive topics, including Google’s revenue-sharing and mobile application distribution agreements. These agreements, the DOJ and state attorneys general argued, work to maintain Google’s monopoly over search.

According to the DOJ, Google destroyed potentially hundreds of thousands of chat sessions not just during their investigation but also during litigation. Google only stopped the practice after the DOJ discovered the policy. DOJ’s attorney Kenneth Dintzer told Mehta Friday that the DOJ believed the court should “conclude that communicating with history off shows anti-competitive intent to hide information because they knew they were violating antitrust law.”

Mehta at least agreed that “Google’s document retention policy leaves a lot to be desired,” expressing shock and surprise that a large company like Google would ever enact such a policy as best practice.

Google’s attorney Colette Connor told Mehta that the DOJ should have been aware of Google’s policy long before the DOJ challenged the conduct. Google had explicitly disclosed the policy to Texas’ attorney general, who was involved in DOJ’s antitrust suit over both Google’s search and adtech businesses, Connor said.

Connor also argued that Google’s conduct wasn’t sanctionable because there is no evidence that any of the missing chats would’ve shed any new light on the case. Mehta challenged this somewhat, telling Connor, “We just want to know what we don’t know. We don’t know if there was a treasure trove of material that was destroyed.”

During rebuttal, Dintzer told Mehta that Google’s decision to tell Texas about the policy but not the federal government did not satisfy their disclosure obligation under federal rules of civil procedure in the case. That rule says that “only upon finding that the party acted with the intent to deprive another party of the information’s use in the litigation may” the court “presume that the lost information was unfavorable to the party.”

The DOJ has asked the court to make that ruling and issue four orders sanctioning Google. They want the court to order the “presumption that deleted chats were unfavorable,” the “presumption that Google’s proffered justification” for deleting chats “is pretextual” (concealing Google’s true rationale), and the “presumption that Google intended” to delete chats to “maintain its monopoly.” The government also wants a “prohibition on argument by Google that the absence of evidence is evidence of adverse inference,” which would stop Google from arguing that the DOJ is just assuming the deleted chats are unfavorable to Google.

Mehta asked Connor if she would agree that, at “minimum,” it was “negligent” of Google to leave it to employees to preserve chats on sensitive discussions, but Connor disagreed. She argued that “given the typical use of chat,” Google’s history-off policy was “reasonable.”

Connor told Mehta that the DOJ must prove that Google intended to hide evidence for the court to order sanctions.

That intent could be demonstrated another way, Mehta suggested, recalling that “Google has been very deliberate in advising employees about what to say and what not to say” in discussions that could indicate monopolistic behaviors. That included telling employees, “Don’t use the term markets,” Mehta told Connor, asking if that kind of conduct could be interpreted as Google’s intent to hide evidence.

But Connor disagreed again.

“No, we don’t think you can use it as evidence,” Connor said. “It’s not relevant to the claims in this case.”

But during rebuttal, Dintzer argued that there was evidence of its relevance. He said that testimony from Google employees showed that Google’s chat policy “was uniformly used as a way of communicating without creating discoverable information” intentionally to hide the alleged antitrust violations.

Judge mulls sanctions over Google’s “shocking” destruction of internal chats Read More »

apple-deal-could-have-been-“suicide”-for-google,-company-lawyer-says

Apple deal could have been “suicide” for Google, company lawyer says

Antitrust law, Apple, department of justice, Google, google monopoly trial, monopoly, Policy, us v google / /

Woulda coulda shoulda? —

Judge: What should Google have done to avoid the DOJ’s crosshairs?

John Schmidtlein, partner at Williams & Connolly LLP and lead litigator for Alphabet Inc.'s Google, arrives to federal court in Washington, DC, US, on Monday, Oct. 2, 2023.

Enlarge / John Schmidtlein, partner at Williams & Connolly LLP and lead litigator for Alphabet Inc.’s Google, arrives to federal court in Washington, DC, US, on Monday, Oct. 2, 2023.

Halfway through the first day of closing arguments in the Department of Justice’s big antitrust trial against Google, US District Judge Amit Mehta posed the question that likely many Google users have pondered over years of DOJ claims that Google’s market dominance has harmed users.

“What should Google have done to remain outside the crosshairs of the DOJ?” Mehta asked plaintiffs halfway through the first of two full days of closing arguments.

According to the DOJ and state attorneys general suing, Google has diminished search quality everywhere online, primarily by locking rivals out of default positions on devices and in browsers. By paying billions for default placements that the government has argued allowed Google to hoard traffic and profits, Google allegedly made it nearly impossible for rivals to secure enough traffic to compete, ultimately decreasing competition and innovation in search by limiting the number of viable search engines in the market.

The DOJ’s lead litigator, Kenneth Dintzer, told Mehta that what Google should have done was acknowledge that the search giant had an enormous market share and consider its duties more carefully under antitrust law. Instead, Dintzer alleged, Google chose the route of “hiding” and “destroying documents” because it was aware of conflicts with antitrust law.

“What should Google have done?” Dintzer told Mehta. “They should have recognized that by demanding locking down every default that they were opening themselves up to a challenge on the conduct.”

The most controversial default agreement that Google has made is a 21-year deal with Apple that Mehta has described as the “heart” of the government’s case against Google. During the trial, a witness accidentally blurted out Google’s carefully guarded secret of just how highly it values the Apple deal, revealing that Google pays 36 percent of its search advertising revenue from Safari just to remain the default search tool in Apple’s browser. In 2022 alone, trial documents revealed that Google paid Apple $20 billion for the deal, Bloomberg reported.

That’s in stark contrast to the 12 percent of revenue that Android manufacturers get from their default deals with Google. The government wants the court to consider all these default deals to be anti-competitive, with Dintzer suggesting during closing arguments that they are the “centerpiece” of “a lot” of Google’s exclusionary behavior that ultimately allowed Google to become the best search engine today—by “capturing the default and preventing rivals from getting access to those defaults.”

Google’s lawyers have argued that Google succeeds on its merits. Today, lead litigator John Schmidtlein repeatedly pointed out that antitrust law is designed to protect the competitive process, not specific competitors who fail to invest and innovate—as Microsoft did by failing to recognize how crucial mobile search would become.

“Merely getting advantages by winning on quality, they may have an effect on a rival, but the question is, does it have an anti-competitive effect?” Schmidtlein argued, noting that the DOJ hadn’t “shown that absent the agreements, Microsoft would have toppled Google.”

But Dintzer argued that “a mistake by one rival doesn’t mean that Google gets to monopolize this market forever.” When asked to explain why everyone—including some of Google’s rivals—testified that Google won contracts purely because it was the best search engine, Dintzer warned Mehta that the fact that Google’s rivals “may be happy cashing Google’s checks doesn’t tell us anything.”

According to Schmidtlein, Google could have crossed the line with the Apple deal, but it didn’t.

“Google didn’t go on to say to Apple, if you don’t make us the default, no Google search on Apple devices at all,” Schmidtlein argued. “That would be suicide for Google.”

It’s still unclear how Mehta may be leaning in this case, interrogating both sides with care and making it clear that he expects all his biggest questions to be answered after closing arguments conclude Friday evening.

But Mehta did suggest at one point today that it seemed potentially “impossible” for anyone to compete with Google for default placements.

“How would anybody be able to spend billions and billions of dollars to possibly dislodge Google?” Mehta asked. “Is there any real competition for the default spot?”

According to Schmidtlein, that is precisely what “competition on the merits” looks like.

“Google is winning because it’s better, and Apple is deciding Google is better for users,” Schmidtlein argued. “The antitrust laws are not designed to ensure a competitive market. They’re designed to ensure a competitive process.”

Proving the potential anti-competitive effects of Google’s default agreements, particularly the Apple deal, has long been regarded as the most critical point in order to win the government’s case. So it’s no surprise that the attorney representing state attorneys general, Bill Cavanaugh, praised Mehta for asking, “What should Google have done?” According to Cavanaugh, that was the “right question” to pose in this trial.

“What should they have done 10 years ago when there was a recognition” that “we’re monopolists” and “we have substantial control in markets” is ask, “How should we proceed with our contracts?” Cavanaugh argued. “That’s the question that they answered, but they answered it in the wrong way.”

Seemingly if Google’s default contracts posed fewer exclusionary concerns, the government seems to be arguing, there would be more competition and therefore more investment and innovation in search. But as long as Google controls the general search market, the government alleged that users won’t be able to search the web the way that they want.

Google is hoping that Mehta will reject the government’s theories and instead rule that Google has done nothing to stop rivals from improving the search landscape. Early in the day, Mehta told the DOJ that he was “struggling to see” how Google has either stopped innovating or degraded its search engine as a result of lack of competition.

Closing arguments continue on Friday. Mehta is not expected to rule until late summer or early fall.

Apple deal could have been “suicide” for Google, company lawyer says Read More »

email-microsoft-didn’t-want-seen-reveals-rushed-decision-to-invest-in-openai

Email Microsoft didn’t want seen reveals rushed decision to invest in OpenAI

antitrust, Bill Gates, department of justice, Google, google antitrust trial, google monopoly trial, microsoft, openai, Policy, Satya Nadella, us v google / /

I’ve made a huge mistake —

Microsoft CTO made a “mistake” dismissing Google’s AI as a “game-playing stunt.”

Email Microsoft didn’t want seen reveals rushed decision to invest in OpenAI

In mid-June 2019, Microsoft co-founder Bill Gates and CEO Satya Nadella received a rude awakening in an email warning that Google had officially gotten too far ahead on AI and that Microsoft may never catch up without investing in OpenAI.

With the subject line “Thoughts on OpenAI,” the email came from Microsoft’s chief technology officer, Kevin Scott, who is also the company’s executive vice president of AI. In it, Scott said that he was “very, very worried” that he had made “a mistake” by dismissing Google’s initial AI efforts as a “game-playing stunt.”

It turned out, Scott suggested, that instead of goofing around, Google had been building critical AI infrastructure that was already paying off, according to a competitive analysis of Google’s products that Scott said showed that Google was competing even more effectively in search. Scott realized that while Google was already moving on to production for “larger scale, more interesting” AI models, it might take Microsoft “multiple years” before it could even attempt to compete with Google.

As just one example, Scott warned, “their auto-complete in Gmail, which is especially useful in the mobile app, is getting scarily good.”

Microsoft had tried to keep this internal email hidden, but late Tuesday it was made public as part of the US Justice Department’s antitrust trial over Google’s alleged search monopoly. The email was initially sealed because Microsoft argued that it contained confidential business information, but The New York Times intervened to get it unsealed, arguing that Microsoft’s privacy interests did not outweigh the need for public disclosure.

In an order unsealing the email among other documents requested by The Times, US District Judge Amit Mehta allowed to be redacted some of the “sensitive statements in the email concerning Microsoft’s business strategies that weigh against disclosure”—which included basically all of Scott’s “thoughts on OpenAI.” But other statements “should be disclosed because they shed light on Google’s defense concerning relative investments by Google and Microsoft in search,” Mehta wrote.

At the trial, Google sought to convince Mehta that Microsoft, for example, had failed to significantly invest in mobile early on, giving Google a competitive advantage in mobile search that it still enjoys today. Scott’s email seems to suggest that Microsoft was similarly dragging its feet on investing in AI until Scott’s wakeup call.

Nadella’s response to the email was immediate. He promptly forwarded the email to Microsoft’s chief financial officer, Amy Hood, on the same day that he received it. Scott’s “very good email,” Nadella told Hood, explained “why I want us to do this.” By “this,” Nadella presumably meant exploring investment opportunities in OpenAI.

Mere weeks later, Microsoft had invested $1 billion into OpenAI, and there have been billions more invested since through an extended partnership agreement. In 2024, the two companies’ finances appeared so intertwined that the European Union suspected Microsoft was quietly controlling OpenAI and began investigating whether the companies still operate independently. Ultimately, the EU dismissed the probe, deciding that Microsoft’s $13 billion in investments did not amount to an acquisition, Reuters reported.

Officially, Microsoft has said that its OpenAI partnership was formed “to accelerate AI breakthroughs to ensure these benefits are broadly shared with the world”—not to keep up with Google.

But at the Google trial, Nadella testified about the email, saying that partnering with companies like OpenAI ensured that Microsoft could continue innovating in search, as well as in other Microsoft services.

On the stand, Nadella also admitted that he had overhyped AI-powered Bing as potentially shaking up the search market, backing up the DOJ by testifying that in Silicon Valley, Internet search is “the biggest no-fly zone.” Even after partnering with OpenAI, Nadella said that for Microsoft to compete with Google in search, there are “limits to how much artificial intelligence can reshape the market as it exists today.”

During the Google trial, the DOJ argued that Google’s alleged search market dominance had hindered OpenAI’s efforts to innovate, too. “OpenAI’s ChatGPT and other innovations may have been released years ago if Google hadn’t monopolized the search market,” the DOJ argued, according to a Bloomberg report.

Closing arguments in the Google trial start tomorrow, with two days of final remarks scheduled, during which Mehta will have ample opportunity to ask lawyers on both sides the rest of his biggest remaining questions.

It’s somewhat obvious what Google will argue. Google has spent years defending its search business as competing on the merits—essentially arguing that Google dominates search simply because it’s the best search engine.

Yesterday, the US district court also unsealed Google’s proposed legal conclusions, which suggest that Mehta should reject all of the DOJ’s monopoly claims, partly due to the government’s allegedly “fatally flawed” market definitions. Throughout the trial, Google has maintained that the US government has failed to show that Google has a monopoly in any market.

According to Google, even its allegedly anticompetitive default browser agreement with Apple—which Mehta deemed the “heart” of the DOJ’s monopoly case—is not proof of monopoly powers. Rather, Google insisted, default browser agreements benefit competition by providing another avenue through which its rivals can compete.

The DOJ hopes to prove Google wrong, arguing that Google has gone to great lengths to block rivals from default placements and hide evidence of its alleged monopoly—including training employees to avoid using words that monopolists use.

Mehta has not yet disclosed when to expect his ruling, but it could come late this summer or early fall, AP News reported.

If Google loses, the search giant may be forced to change its business practices or potentially even break up its business. Nobody knows what that would entail, but when the trial started, a coalition of 20 civil society and advocacy groups recommended some potentially drastic remedies, including the “separation of various Google products from parent company Alphabet, including breakouts of Google Chrome, Android, Waze, or Google’s artificial intelligence lab Deepmind.”

Email Microsoft didn’t want seen reveals rushed decision to invest in OpenAI Read More »

us-woman-arrested,-accused-of-targeting-young-boys-in-$1.7m-sextortion-scheme

US woman arrested, accused of targeting young boys in $1.7M sextortion scheme

Apple Pay, cash app, child safety, department of justice, fbi, Instagram, Policy, sextortion, Snapchat, teen sextortion / /

Preventing leaks —

FBI has warned of significant spike in teen sextortion in 2024.

US woman arrested, accused of targeting young boys in $1.7M sextortion scheme

A 28-year-old Delaware woman, Hadja Kone, was arrested after cops linked her to an international sextortion scheme targeting thousands of victims—mostly young men and including some minors, the US Department of Justice announced Friday.

Citing a recently unsealed indictment, the DOJ alleged that Kone and co-conspirators “operated an international, financially motivated sextortion and money laundering scheme in which the conspirators engaged in cyberstalking, interstate threats, money laundering, and wire fraud.”

Through the scheme, conspirators allegedly sought to extort about $6 million from “thousands of potential victims,” the DOJ said, and ultimately successfully extorted approximately $1.7 million.

Young men from the United States, Canada, and the United Kingdom fell for the scheme, the DOJ said. They were allegedly targeted by scammers posing as “young, attractive females online,” who initiated conversations by offering to send sexual photographs or video recordings, then invited victims to “web cam” or “live video chat” sessions.

“Unbeknownst to the victims, during the web cam/live video chats,” the DOJ said, the scammers would “surreptitiously” record the victims “as they exposed their genitals and/or engaged in sexual activity.” The scammers then threatened to publish the footage online or else share the footage with “the victims’ friends, family members, significant others, employers, and co-workers,” unless payments were sent, usually via Cash App or Apple Pay.

Much of these funds were allegedly transferred overseas to Kone’s accused co-conspirators, including 22-year-old Siaka Ouattara of the West African country the Ivory Coast. Ouattara was arrested by Ivorian authorities in February, the DOJ said.

“If convicted, Kone and Ouattara each face a maximum penalty of 20 years in prison for each conspiracy count and money laundering count, and a maximum penalty of 20 years in prison for each wire fraud count,” the DOJ said.

The FBI has said that it has been cracking down on sextortion after “a huge increase in the number of cases involving children and teens being threatened and coerced into sending explicit images online.” In 2024, the FBI announced a string of arrests, but none of the schemes so far have been as vast or far-reaching as the scheme that Kone allegedly helped operate.

In January, the FBI issued a warning about the “growing threat” to minors, warning parents that victims are “typically males between the ages of 14 to 17, but any child can become a victim.” Young victims are at risk of self-harm or suicide, the FBI said.

“From October 2021 to March 2023, the FBI and Homeland Security Investigations received over 13,000 reports of online financial sextortion of minors,” the FBI’s announcement said. “The sextortion involved at least 12,600 victims—primarily boys—and led to at least 20 suicides.”

For years, reports have shown that payment apps have been used in sextortion schemes with seemingly little intervention. When it comes to protecting minors, sextortion protections seem sparse, as neither Apple Pay nor Cash App appear to have any specific policies to combat the issue. However, both apps only allow minors over 13 to create accounts with authorized adult supervisors.

Apple and Cash App did not immediately respond to Ars’ request to comment.

Instagram, Snapchat add sextortion protections

Some social media platforms are responding to the spike in sextortion targeting minors.

Last year, Snapchat released a report finding that nearly two-thirds of more than 6,000 teens and young adults in six countries said that “they or their friends have been targeted in online ‘sextortion’ schemes” across many popular social media platforms. As a result of that report and prior research, Snapchat began allowing users to report sextortion specifically.

“Under the reporting menu for ‘Nudity or sexual content,’ a Snapchatter’s first option is to click, ‘They leaked/are threatening to leak my nudes,'” the report said.

Additionally, the DOJ’s announcement of Kone’s arrest came one day after Instagram confirmed that it was “testing new features to help protect young people from sextortion and intimate image abuse, and to make it more difficult for potential scammers and criminals to find and interact with teens.”

One feature will by default blur out sexual images shared over direct message, which Instagram said would protect minors from “scammers who may send nude images to trick people into sending their own images in return.” Instagram will also provide safety tips to anyone receiving a sexual image over DM, “encouraging them to report any threats to share their private images and reminding them that they can say no to anything that makes them feel uncomfortable.”

Perhaps more impactful, Instagram claimed that it was “developing technology to help identify where accounts may potentially be engaging in sextortion scams, based on a range of signals that could indicate sextortion behavior.” Having better signals helps Instagram to make it “harder for potential sextortion accounts to message or interact with people,” the platform said, by hiding those requests. Instagram also by default blocks adults from messaging users under 16 in some countries and under 18 in others.

Instagram said that other tech companies have also started “sharing more signals about sextortion accounts” through Lantern, a program that Meta helped to found with the Tech Coalition to prevent child sexual exploitation. Snapchat also participates in the cross-platform research.

According to the special agent in charge of the FBI’s Norfolk field office, Brian Dugan, “one of the best lines of defense to stopping a crime like this is to educate our most vulnerable on common warning signs, as well as empowering them to come forward if they are ever victimized.”

Both Instagram and Snapchat said they were also increasing sextortion resources available to educate young users.

“We know that sextortion is a risk teens and adults face across a range of platforms, and have developed tools and resources to help combat it,” Snap’s spokesperson told Ars. “We have extra safeguards for teens to protect against unwanted contact, and don’t offer public friend lists, which we know can be used to extort people. We also want to help young people learn the signs of this type of crime, and recently launched in-app resources to raise awareness of how to spot and report it.”

US woman arrested, accused of targeting young boys in $1.7M sextortion scheme Read More »

us-government-agencies-demand-fixable-ice-cream-machines

US government agencies demand fixable ice cream machines

copyright, department of justice, DMCA, DoJ, federal trade commission, ftc, ice cream, kytch, Policy, repair, right to repair, Section 1201, taylor / /

I scream, you scream, we all scream for 1201(c)3 exemptions —

McFlurries are a notable part of petition for commercial and industrial repairs.

Taylor ice cream machine, with churning spindle removed by hand.

Enlarge / Taylor’s C709 Soft Serve Freezer isn’t so much mechanically complicated as it is a software and diagnostic trap for anyone without authorized access.

Many devices have been made difficult or financially nonviable to repair, whether by design or because of a lack of parts, manuals, or specialty tools. Machines that make ice cream, however, seem to have a special place in the hearts of lawmakers. Those machines are often broken and locked down for only the most profitable repairs.

The Federal Trade Commission and the antitrust division of the Department of Justice have asked the US Copyright Office (PDF) to exempt “commercial soft serve machines” from the anti-circumvention rules of Section 1201 of the Digital Millennium Copyright Act (DMCA). The governing bodies also submitted proprietary diagnostic kits, programmable logic controllers, and enterprise IT devices for DMCA exemptions.

“In each case, an exemption would give users more choices for third-party and self-repair and would likely lead to cost savings and a better return on investment in commercial and industrial equipment,” the joint comment states. Those markets would also see greater competition in the repair market, and companies would be prevented from using DMCA laws to enforce monopolies on repair, according to the comment.

The joint comment builds upon a petition filed by repair vendor and advocate iFixit and interest group Public Knowledge, which advocated for broad reforms while keeping a relatable, ingestible example at its center. McDonald’s soft serve ice cream machines, which are famously frequently broken, are supplied by industrial vendor Taylor. Taylor’s C709 Soft Serve Freezer requires lengthy, finicky warm-up and cleaning cycles, produces obtuse error codes, and, perhaps not coincidentally, costs $350 per 15 minutes of service for a Taylor technician to fix. iFixit tore down such a machine, confirming the lengthy process between plugging in and soft serving.

After one company built a Raspberry Pi-powered device, the Kytch, that could provide better diagnostics and insights, Taylor moved to ban franchisees from installing the device, then offered up its own competing product. Kytch has sued Taylor for $900 million in a case that is still pending.

Beyond ice cream, the petitions to the Copyright Office would provide more broad exemptions for industrial and commercial repairs that require some kind of workaround, decryption, or other software tinkering. Going past technological protection measures (TPMs) was made illegal by the 1998 DMCA, which was put in place largely because of the concerns of media firms facing what they considered rampant piracy.

Every three years, the Copyright Office allows for petitions to exempt certain exceptions to DMCA violations (and renew prior exemptions). Repair advocates have won exemptions for farm equipment repair, video game consoles, cars, and certain medical gear. The exemption is often granted for device fixing if a repair person can work past its locks, but not for the distribution of tools that would make such a repair far easier. The esoteric nature of such “release valve” offerings has led groups like the EFF to push for the DMCA’s abolishment.

DMCA exemptions occur on a parallel track to state right-to-repair bills and broader federal action. President Biden issued an executive order that included a push for repair reforms. The FTC has issued studies that call out unnecessary repair restrictions and has taken action against firms like Harley-Davidson, Westinghouse, and grill maker Weber for tying warranties to an authorized repair service.

Disclosure: Kevin Purdy previously worked for iFixit. He has no financial ties to the company.

US government agencies demand fixable ice cream machines Read More »

doj-quietly-removed-russian-malware-from-routers-in-us-homes-and-businesses

DOJ quietly removed Russian malware from routers in US homes and businesses

Biz & IT, china, DDoS, department of justice, DoJ, Fancy Bear, fbi, routers, russia, Security, ubiquiti / /

Fancy Bear —

Feds once again fix up compromised retail routers under court order.

Ethernet cable plugged into a router LAN port

Getty Images

More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department.

That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of “Operation Dying Ember,” according to the FBI’s director. It affected routers running Ubiquiti’s EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to “conceal and otherwise enable a variety of crimes,” the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

Unlike previous attacks by Fancy Bear—that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers—the Ubiquiti intrusion relied on a known malware, Moobot. Once infected by “Non-GRU cybercriminals,” GRU agents installed “bespoke scripts and files” to connect and repurpose the devices, according to the DOJ.

The DOJ also used the Moobot malware to copy and delete the botnet files and data, according to the DOJ, and then changed the routers’ firewall rules to block remote management access. During the court-sanctioned intrusion, the DOJ “enabled temporary collection of non-content routing information” that would “expose GRU attempts to thwart the operation.” This did not “impact the routers’ normal functionality or collect legitimate user content information,” the DOJ claims.

“For the second time in two months, we’ve disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers,” said Deputy Attorney General Lisa Monaco in a press release.

The DOJ states it will notify affected customers to ask them to perform a factory reset, install the latest firmware, and change their default administrative password.

Christopher A. Wray, director of the FBI, expanded on the Fancy Bear operation and international hacking threats generally at the ongoing Munich Security Conference. Russia has recently targeted underwater cables and industrial control systems worldwide, Wray said, according to a New York Times report. And since its invasion of Ukraine, Russia has focused on the US energy sector, Wray said.

The past year has been an active time for attacks on routers and other network infrastructure. TP-Link routers were found infected in May 2023 with malware from a reportedly Chinese-backed group. In September, modified firmware in Cisco routers was discovered as part of a Chinese-backed intrusion into multinational companies, according to US and Japanese authorities. Malware said by the DOJ to be tied to the Chinese government was removed from SOHO routers by the FBI last month in similar fashion to the most recently revealed operation, targeting Cisco and Netgear devices that had mostly reached their end of life and were no longer receiving security patches.

In each case, the routers provided a highly valuable service to the groups; that service was secondary to whatever primary aims later attacks might have. By nesting inside the routers, hackers could send commands from their overseas locations but have the traffic appear to be coming from a far more safe-looking location inside the target country or even inside a company.

Similar inside-the-house access has been sought by international attackers through VPN products, as in the three different Ivanti vulnerabilities discovered recently.

DOJ quietly removed Russian malware from routers in US homes and businesses Read More »