DoJ

tesla-is-under-a-federal-wire-fraud-probe-for-misleading-investors

Tesla is under a federal wire fraud probe for misleading investors

Cars, DoJ, SEC, Tesla / /
A Tesla Model X with Roger the inflatable autopilot (from the movie Airplane!) in the driver's seat

Aurich Lawson | Tesla | Airplane!

There’s more bad news for Tesla. On Monday, we learned that CEO Elon Musk is continuing to slash his way through the company payroll as Tesla went through a fourth round of layoffs in four weeks. Yesterday, we discovered exactly what questions the National Highway Traffic Safety Administration wants answered about the safety of Tesla’s Autopilot driver assist. And today, it emerged that the US Department of Justice is investigating whether or not Tesla committed securities or wire fraud by making misleading statements about Autopilot and its so-called “Full Self-Driving” (FSD) option.

Reuters reported that three people familiar with the matter told it about the investigation. One of the sources also told Reuters that the Securities and Exchange Commission is also investigating Tesla’s claims about its driver assists.

Not the first time

This isn’t the first time Tesla has been accused of securities fraud. In 2018, Musk agreed to a settlement with the SEC over his infamous “funding secured” tweet that sent the company’s share price skyrocketing despite the fact that there was never actually a possibility that he would take the company private. As a result, Musk was required to step down as chairman, and both Musk and Tesla were ordered to pay $20 million in penalties, to be distributed to investors who lost money after being misled by Musk.

(However, a federal jury in 2023 sided with the CEO in a class-action lawsuit brought by investors.)

In another case, several Tesla owners filed a class-action lawsuit against the car company about “grossly exaggerated” range claims, alleging fraud and false advertising. The judge in that case ruled that the customers could not sue Tesla as a class, telling them instead that they had to pursue their cases individually via arbitration. We learned last October that the DOJ was also investigating the matter.

(Authorities in South Korea fined Tesla $2.2 million in January 2023 for misleading customers about range.)

Federal prosecutors first became interested in “whether Tesla misled consumers, investors, and regulators by making unsupported claims about its driver assistance technology’s capabilities” in 2022. Critics have regularly pointed out that even the name “Autopilot” is misleading, and there have been multiple instances of Musk demonstrating the system on camera without keeping his hands on the steering wheel, despite other Tesla literature that states drivers must do so at all times.

The CEO has also regularly claimed that Tesla is far ahead of the rest of the industry in autonomous driving technology, issuing deadlines for full autonomy that, like most of Musk’s deadlines, have come and gone without delivering the product.

Tesla is under a federal wire fraud probe for misleading investors Read More »

us-government-agencies-demand-fixable-ice-cream-machines

US government agencies demand fixable ice cream machines

copyright, department of justice, DMCA, DoJ, federal trade commission, ftc, ice cream, kytch, Policy, repair, right to repair, Section 1201, taylor / /

I scream, you scream, we all scream for 1201(c)3 exemptions —

McFlurries are a notable part of petition for commercial and industrial repairs.

Taylor ice cream machine, with churning spindle removed by hand.

Enlarge / Taylor’s C709 Soft Serve Freezer isn’t so much mechanically complicated as it is a software and diagnostic trap for anyone without authorized access.

Many devices have been made difficult or financially nonviable to repair, whether by design or because of a lack of parts, manuals, or specialty tools. Machines that make ice cream, however, seem to have a special place in the hearts of lawmakers. Those machines are often broken and locked down for only the most profitable repairs.

The Federal Trade Commission and the antitrust division of the Department of Justice have asked the US Copyright Office (PDF) to exempt “commercial soft serve machines” from the anti-circumvention rules of Section 1201 of the Digital Millennium Copyright Act (DMCA). The governing bodies also submitted proprietary diagnostic kits, programmable logic controllers, and enterprise IT devices for DMCA exemptions.

“In each case, an exemption would give users more choices for third-party and self-repair and would likely lead to cost savings and a better return on investment in commercial and industrial equipment,” the joint comment states. Those markets would also see greater competition in the repair market, and companies would be prevented from using DMCA laws to enforce monopolies on repair, according to the comment.

The joint comment builds upon a petition filed by repair vendor and advocate iFixit and interest group Public Knowledge, which advocated for broad reforms while keeping a relatable, ingestible example at its center. McDonald’s soft serve ice cream machines, which are famously frequently broken, are supplied by industrial vendor Taylor. Taylor’s C709 Soft Serve Freezer requires lengthy, finicky warm-up and cleaning cycles, produces obtuse error codes, and, perhaps not coincidentally, costs $350 per 15 minutes of service for a Taylor technician to fix. iFixit tore down such a machine, confirming the lengthy process between plugging in and soft serving.

After one company built a Raspberry Pi-powered device, the Kytch, that could provide better diagnostics and insights, Taylor moved to ban franchisees from installing the device, then offered up its own competing product. Kytch has sued Taylor for $900 million in a case that is still pending.

Beyond ice cream, the petitions to the Copyright Office would provide more broad exemptions for industrial and commercial repairs that require some kind of workaround, decryption, or other software tinkering. Going past technological protection measures (TPMs) was made illegal by the 1998 DMCA, which was put in place largely because of the concerns of media firms facing what they considered rampant piracy.

Every three years, the Copyright Office allows for petitions to exempt certain exceptions to DMCA violations (and renew prior exemptions). Repair advocates have won exemptions for farm equipment repair, video game consoles, cars, and certain medical gear. The exemption is often granted for device fixing if a repair person can work past its locks, but not for the distribution of tools that would make such a repair far easier. The esoteric nature of such “release valve” offerings has led groups like the EFF to push for the DMCA’s abolishment.

DMCA exemptions occur on a parallel track to state right-to-repair bills and broader federal action. President Biden issued an executive order that included a push for repair reforms. The FTC has issued studies that call out unnecessary repair restrictions and has taken action against firms like Harley-Davidson, Westinghouse, and grill maker Weber for tying warranties to an authorized repair service.

Disclosure: Kevin Purdy previously worked for iFixit. He has no financial ties to the company.

US government agencies demand fixable ice cream machines Read More »

doj-quietly-removed-russian-malware-from-routers-in-us-homes-and-businesses

DOJ quietly removed Russian malware from routers in US homes and businesses

Biz & IT, china, DDoS, department of justice, DoJ, Fancy Bear, fbi, routers, russia, Security, ubiquiti / /

Fancy Bear —

Feds once again fix up compromised retail routers under court order.

Ethernet cable plugged into a router LAN port

Getty Images

More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department.

That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of “Operation Dying Ember,” according to the FBI’s director. It affected routers running Ubiquiti’s EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to “conceal and otherwise enable a variety of crimes,” the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

Unlike previous attacks by Fancy Bear—that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers—the Ubiquiti intrusion relied on a known malware, Moobot. Once infected by “Non-GRU cybercriminals,” GRU agents installed “bespoke scripts and files” to connect and repurpose the devices, according to the DOJ.

The DOJ also used the Moobot malware to copy and delete the botnet files and data, according to the DOJ, and then changed the routers’ firewall rules to block remote management access. During the court-sanctioned intrusion, the DOJ “enabled temporary collection of non-content routing information” that would “expose GRU attempts to thwart the operation.” This did not “impact the routers’ normal functionality or collect legitimate user content information,” the DOJ claims.

“For the second time in two months, we’ve disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers,” said Deputy Attorney General Lisa Monaco in a press release.

The DOJ states it will notify affected customers to ask them to perform a factory reset, install the latest firmware, and change their default administrative password.

Christopher A. Wray, director of the FBI, expanded on the Fancy Bear operation and international hacking threats generally at the ongoing Munich Security Conference. Russia has recently targeted underwater cables and industrial control systems worldwide, Wray said, according to a New York Times report. And since its invasion of Ukraine, Russia has focused on the US energy sector, Wray said.

The past year has been an active time for attacks on routers and other network infrastructure. TP-Link routers were found infected in May 2023 with malware from a reportedly Chinese-backed group. In September, modified firmware in Cisco routers was discovered as part of a Chinese-backed intrusion into multinational companies, according to US and Japanese authorities. Malware said by the DOJ to be tied to the Chinese government was removed from SOHO routers by the FBI last month in similar fashion to the most recently revealed operation, targeting Cisco and Netgear devices that had mostly reached their end of life and were no longer receiving security patches.

In each case, the routers provided a highly valuable service to the groups; that service was secondary to whatever primary aims later attacks might have. By nesting inside the routers, hackers could send commands from their overseas locations but have the traffic appear to be coming from a far more safe-looking location inside the target country or even inside a company.

Similar inside-the-house access has been sought by international attackers through VPN products, as in the three different Ivanti vulnerabilities discovered recently.

DOJ quietly removed Russian malware from routers in US homes and businesses Read More »