Matthew Decker is the former chief information officer for Penn State University’s Applied Research Laboratory. As of October, he’s also $250,000 richer.
In his Penn State position, Decker was well placed to see that the university was not implementing all of the cybersecurity controls that were required by its various contracts with NASA and the Department of Defense (DoD). It did not, for instance, use an external cloud services provider that met the DoD’s security guidelines, and it fudged some of the self-submitted “scores” it made to the government about Penn State’s IT security.
So Decker sued the school under the False Claims Act, which lets private individuals bring cases against organizations on behalf of the government if they come across evidence of wrongdoing related to government contracts. In many of these cases, the government later “intervenes” to assist with the case (as it did here), but whether it does so or not, whistleblowers stand to collect a percentage of any fines if they win.
This now happens in IT with some regularity. In November, Dell, Dell Federal Systems, and Iron Bow Technologies settled with the government for $4.3 million over claims that they “violated the False Claims Act by submitting and causing the submission of non-competitive bids to the Army and thereby overcharging the Army under the Army Desktop and Mobile Computing 3 (ADMC-3) contract.”
But once again, this wasn’t something the government uncovered on its own; a whistleblower named Brent Lillard, who was an executive at another company in the industry, brought the initial complaint. For his work, Lillard just made $345,000.
In early December, Gen Digital (formerly Symantec) paid a much larger fee—$55.1 million—after losing a trial in 2022. Gen Digital/Symantec was found liable for charging the government higher prices than it charged to companies.
Once again, the issue was brought to light by a whistleblower, Lori Morsell, who oversaw the contract for Gen Digital/Symantec. Morsell’s award has not yet been determined by the court, but given the amount of the payout, it should be substantial.
False Claims Act goes digital
Due to the complexity of investigating—or even finding out about—technical failures and False Claims Act cases from the outside of an organization, the government has increasingly relied on whistleblowers to kick-start these sorts of IT cases.
“Had Intel disclosed the defect, including through advertising, press releases, the Product packaging, or the initial setup process, Plaintiff and class members would not have purchased a Product, or would have paid substantially less for it,” Vanvalkenburgh’s complaint said.
According to Tom’s Hardware, “Intel’s 13th Generation Raptor Lake processors have a return rate four times higher than that of the previous generation,” and “14th Generation Raptor Lake Refresh chips also have return rates thrice as high as the 12th Generation Alder Lake processors.” But instead of alerting the public to the defects, Vanvalkenburgh’s complaint alleged, Intel continued touting the processors as providing the ultimate desktop experience for serious gamers and people with “the most demanding of multitasking workloads” seeking speed, efficiency, and reliability.
Vanvalkenburgh alleged that Intel misled customers because Intel wanted to protect its brand and seek unjust enrichment. According to his complaint, Intel knows “consumers are willing to pay more for a reliable processor that runs stably, without failing or crashing frequently.” By failing to alert customers to known defects, Intel’s alleged deceptions increased demand for its CPUs, spiking sales into the millions, while its customers paid hundreds for processors and allegedly “sustained an economic injury.”
“Reasonable consumers do not expect that the Products will crash and fail at high rates, or that running the Products will damage the Products themselves,” Vanvalkenburgh’s complaint said, noting that a patch Intel later provided failed to fix the issue.
Vanvalkenburgh is hoping a jury will agree that Intel deceived customers and order an injunction preventing any future misconduct like misleading advertising or failure to disclose defective products.
If the class action is certified, Intel could owe extensive damages, potentially paying hundreds of millions in a loss. Because Vanvalkenburgh alleged that “Intel’s fraudulent concealment was malicious, oppressive, deliberate, intended to defraud” him, he’s seeking “an assessment of punitive damages in an amount sufficient to deter such conduct.” That’s on top of requests for maximum statutory damages for allegedly unfair and deceptive practices and disgorgement for alleged unjust enrichment.
Multiple clients and employees told investigators that Fadanelli also said she is a registered nurse, which is false. Though she is a registered aesthetician, aestheticians are not permitted to administer injections or prescription drugs.
Investigators set up an undercover operation where an agent went in for a consultation, and Fadanelli provided a quote for a $450 Botox treatment. Investigators also obtained videos and images of Fadanelli performing injections. And the evidence points to those injections being counterfeit, prosecutors allege. Sales records from the spa indicate that Fadanelli performed 1,631 “Botox” injections, 95 “Sculptra” injections, and 990 injections of unspecified “filler,” all totaling over $933,000. But sales records from the manufacturers of the brand name drugs failed to turn up any record of Fadanelli or anyone else from her spa ever purchasing legitimate versions of the drugs.
Despite the mounting evidence against her, Fadanelli reportedly stuck to her story, denying that she ever told anyone she was a nurse and denying ever administering any injections. “When agents asked Fadanelli if she would like to retract or modify that claim if she knew there was evidence showing that she was in fact administering such products, she reiterated that she does not administer injections.”
Ars has reached to Fadanelli’s spa for comment and will update this story if we get a response. According to the affidavit, clients who received the allegedly bogus injections complained of bumps, tingling, and poor appearances, but no infections or other adverse health outcomes.
In a press release announcing her arrest, Acting United States Attorney for Massachusetts Joshua Levy said: “For years, Ms. Fadanelli allegedly put unsuspecting patients at risk by representing herself to be a nurse and then administering thousands of illegal, counterfeit injections. … The type of deception alleged here is illegal, reckless, and potentially life-threatening.”
For a charge of illegal importation, Fadanelli faces up to 20 years in prison and a $250,000 fine. For each of two charges of knowingly selling or dispensing a counterfeit drug or counterfeit device, she faces up to 10 years in prison and a fine of $250,000.
Real bands struggle to remove fake albums from their Spotify pages.
Psych rock band Gong found out about a fake album on their Spotify page while on tour. Credit: via Gong
This fall, thousands of fake albums were added to Spotify, with some appearing on real artist pages, where they’re positioned to lure unsuspecting listeners into streaming by posing as new releases from favorite bands.
An Ars reader flagged the issue after finding a fake album on the Spotify page of an UK psych rock band called Gong. The Gong fan knew that the band had begun touring again after a surprise new release last year, but the “latest release” listed by Spotify wasn’t that album. Instead, at the top of Gong’s page was a fake self-titled album supposedly released in 2024.
The real fan detected the fake instantly, and not just because the generic electronic music sounded nothing like Gong’s experimental sounds. The album’s cover also gave the scheme away, using a generic font and neon stock image that invoked none of the trippy imagery that characterized Gong’s typical album covers.
Ars confirmed with Gong member Dave Sturt that the self-titled item was an obvious fake on Monday. At that time, Sturt said the band was working to get the junk album removed from its page, but as of Tuesday morning, that album remained online, along with hundreds of other albums uploaded by a fake label that former Spotify data “alchemist” Glenn McDonald flagged in a social media post that Spotify seemingly ignored.
Hey @Spotify, you got thousands of junk albums with real artist names from “Ancient Lake Records”, “Beat Street Music” and “Gupta Music” today.
On his site, McDonald gathered the junk album data by label, noting that Beat Street Music, which has no web presence but released the fake Gong album, uploaded 240 junk albums on Friday alone. Similarly, Ancient Lake Records uploaded 471 albums on Friday. And Gupta Music added 483 just a few days prior, along with 600 junk albums from Future Jazz Records uploaded between September 30 and October 8.
These junk albums don’t appear to be specifically targeting popular artists, McDonald told Ars. Rather, generic music is uploaded under a wide range of one-word artist names. However, by using that tactic, some of these fake albums appeared on real artist pages, such as Gong, experimental rock band Swans, and English rock bands Asia and Yes. And that oversight is on Spotify, McDonald suggested.
“Given the scale of output and the randomness of the names, my guess is that the owners of this stuff might not even have intended it to end up on existing artist profiles,” McDonald told Ars. “If they just submitted stuff with artist names, not IDs, then it’s the streaming service’s problem to match those names to profiles, and thus the streaming service’s fault for not figuring out that these are not by the real Yes, Asia, Gong, Swans, etc.”
McDonald told Ars that “the labels should have been a pretty obvious clue in this case” that the album uploads weren’t genuine releases.
“If I still worked there, I would also have immediately scoured the input databases for more releases with the same patterns,” McDonald told Ars. “The stuff I found from those few labels might be only a tiny fraction of the crap.”
A spokesperson told Ars that Spotify is investigating the junk albums that McDonald flagged. It may take time for all albums to be removed from artists’ pages.
“We are aware of the issue, have relocated the content in question, and are considering our further options against the providing licensor,” Spotify’s spokesperson said. “When we identify or are alerted to attempts by bad actors to game the system, we take action that may include removing stream counts and withholding royalties. Spotify invests heavily in automated and manual reviews to prevent, detect, and mitigate the impact of bad actors attempting to collect unearned royalties.”
Spotify seems to turn blind eye to fake albums
McDonald helped Spotify crunch streaming data for a decade before leaving the company in March. He documented his experience in his 2024 book You Have Not Yet Heard Your Favourite Song, which discusses how Spotify deals with streaming fraud.
According to McDonald, “streaming music fraud is not, to be brutally honest, the most glamorous or profitable form of villainy” because “streaming rewards accumulate in tiny micro-transactions.” The only way to get rich is to scale the shady streaming by becoming a business—it seems possible due to similarities in thousands of fake album designs that all the labels McDonald flagged could be under one licensor—but even then, “the larger the scale, the easier it is to detect,” McDonald suggested.
“Abuse at any productive scale almost always ends up revealing itself to somebody,” McDonald wrote, noting that “if the money can find you, so can consequences.”
McDonald told Ars that when he worked at Spotify, he “maintained some dashboards to watch for this sort of thing before the releases went live.” But with so much fraud seemingly going undetected now, McDonald guesses that maybe Spotify “didn’t keep those tools running” after he left.
In his book, McDonald noted that this kind of fraud impacting real artists is often detected by fans, like the Gong fan who reached out to Ars. On Reddit, a fan of dubstep artist Cyclops and soul band Maze criticized Spotify for doing nothing about the same batch of fraudulent uploads that McDonald flagged, despite multiple fan reports.
“If dubious junk shows up on real artist pages, people notice,” McDonald wrote.
In his book, McDonald suggested that the odds of profiting from music streaming fraud have seemingly gotten worse because of authorities cracking down on bad actors and streaming services strengthening fraud prevention teams as generative AI makes streaming music fraud easier than ever.
But even with stronger fraud prevention tools, Spotify seemingly does not immediately respond even when junk albums are flagged directly by artists with tens of thousands of monthly listeners, like Gong. And Spotify also does not seem to bother to trace reported fakes the way McDonald might have to rapidly detect even broader patterns of abuse impacting bands with millions of monthly listeners like Yes or Asia.
Spotify currently seems much quicker to act to detect fake listeners—at times removing music by artists who later prove they committed no fraud, Variety reported in April. To deter that threat, the streaming music service recently started charging “distributors $10 for every track that it has detected accruing significant numbers of artificial streams,” Variety reported. Perhaps eventually, Spotify will crack down just as hard on fake albums.
For now, artists can use a form to report when their music is “mixed up with another artist,” a Spotify support page says.
But there’s no obvious way to flag fake albums on the platform. Sturt told Ars that Gong became aware of the issue on their Spotify page in the middle of a US tour, thanks to “wonderful fans.” He said that Spotify should make it easier for bands to report bogus albums, telling Ars, “it’s hard enough in this industry to get our music heard without Spotify allowing this sort of thing to happen.” As Gong prepares for a new release in 2025, the band recommended that fans consult its site for official information rather than trusting Spotify.
Ashley is a senior policy reporter for Ars Technica, dedicated to tracking social impacts of emerging policies and new technologies. She is a Chicago-based journalist with 20 years of experience.
Enlarge/ Residents line up for COVID-19 testing on November 30, 2020 in Chicago.
The co-owner of a Chicago-based lab has pleaded guilty for his role in a COVID testing scam that raked in millions—which he used to buy stocks, cryptocurrency, and several luxury cars while still squirreling away over $6 million in his personal bank account.
Zishan Alvi, 45, of Inverness, Illinois, co-owned LabElite, which federal prosecutors say billed the federal government for COVID-19 tests that were either never performed or were performed with purposefully inadequate components to render them futile. Customers who sought testing from LabElite—sometimes for clearance to travel or have contact with vulnerable people—received either no results or results indicating they were negative for the deadly virus.
The scam, which ran from around February 2021 to about February 2022, made over $83 million total in fraudulent payments from the federal government’s Health Resources and Services Administration (HRSA), which covered the cost of COVID-19 testing for people without insurance during the height of the pandemic. Local media coverage indicated that people who sought testing at LabElite were discouraged from providing health insurance information.
The list included five vehicles: a 2021 Mercedes-Benz, a 2021 Land Rover Range Rover HSE, a 2021 Lamborghini Urus, A 2021 Bentley, and a 2022 Tesla X. There was also about $810,000 in an E*Trade account, approximately $500,000 in a Fidelity Investments account, and $245,814 in a Coinbase account. Last, there was $6,825,089 in Alvi’s personal bank account.
On Monday, the Department of Justice announced a deal in which Alvi pleaded guilty to one count of wire fraud, taking responsibility for $14 million worth of fraudulent HRSA claims. He now faces up to 20 years in prison and will be sentenced on February 7, 2025.
Enlarge/ Caroline Ellison, former chief executive officer of Alameda Research LLC, was sentenced Tuesday for helping Sam Bankman-Fried cover up FTX’s fraudulent misuse of customer funds.
Addressing the judge at sentencing, Ellison started out by explaining “how sorry I am” for concealing FTX’s lies, Bloomberg reported live from the hearing.
“I participated in a criminal conspiracy that ultimately stole billions of dollars from people who entrusted their money with us,” Ellison reportedly said while sniffling. “The human brain is truly bad at understanding big numbers,” she added, and “not a day goes by” that she doesn’t “think about all of the people I hurt.”
Assistant US Attorney Danielle Sassoon followed Ellison, remarking that the government recommended a lighter sentence because it was important for the court to “distinguish between the mastermind and the willing accomplice.” (Bankman-Fried got 25 years.)
US District Judge Lewis Kaplan noted that he is allowed to show Ellison leniency for providing “substantial assistance to the government.” He then confirmed that he always considered the maximum sentence she faced of 110 years to be “absurd,” considering that Ellison had no inconsistencies in her testimony and fully cooperated with the government throughout their FTX probe.
“I’ve seen a lot of cooperators in 30 years,” Kaplan said. “I’ve never seen one quite like Ms. Ellison.”
However, although Ellison was brave to tell the truth about her crimes, Ellison is “by no means free of culpability,” Kaplan said. He called Bankman-Fried her “Kryptonite” because the FTX co-founder so easily exploited such a “very strong person.” Noting that nobody gets a “get out of jail free card,” he sentenced Ellison to two years and required her to forfeit about $11 billion, Bloomberg reported.
The judge said that Ellison “can serve the sentence at a minimum-security facility,” Bloomberg reported.
Ellison was key to SBF’s quick conviction
Ellison could have faced a maximum sentence of 110 years, for misleading customers and investors as the former CEO of the cryptocurrency trading firm linked to the FTX exchange, Alameda Research. But after delivering devastatingly detailed testimony key to exposing Bankman-Fried’s many lies, the probation office had recommended a sentence of time served with three years of supervised release.
Kaplan’s sentence went further, making it likely that other co-conspirators who cooperated with the government probe will also face jail time.
Both Ellison and the US government had requested substantial leniency due to her “critical” cooperation that allowed the US to convict Bankman-Fried in record time for such a complex criminal case.
Partly because Ellison was romantically involved with Bankman-Fried and partly because she “drafted some of the most incriminating documents in the case,” US attorney Damian Williams wrote in a letter to Kaplan, she was considered “crucial to the Government’s successful prosecution of Samuel Bankman-Fried for one of the largest financial frauds in history,” Williams wrote.
Williams explained that Ellison went above and beyond to help the government probe Bankman-Fried’s fraud. Starting about a month after FTX declared bankruptcy, Ellison began cooperating with the US government’s investigation. She met about 20 times with prosecutors, digging through thousands of documents to identify and interpret key evidence that convicted her former boss and boyfriend.
“Parsing Alameda Research’s poor internal records was complicated by vague titles and unlabeled calculations on any documents reflecting misuse of customer funds,” Ellison’s sentencing memo said. Without her three-day testimony at trial, the jury would likely not have understood “Alameda’s intentionally cryptic records,” Williams wrote. Additionally, because Bankman-Fried systematically destroyed evidence, she was one of the few witnesses able to contradict Bankman-Fried’s lies by providing a timeline for how Bankman-Fried’s scheme unfolded—and she was willing to find the receipts to back it all up.
“As Alameda’s nominal CEO and Bankman-Fried’s former girlfriend, Ellison was uniquely positioned to explain not only the what and how of Bankman-Fried’s crimes, but also the why,” Williams wrote. “Ellison’s testimony was critical to indict and convict Bankman-Fried, and to understanding both the timeline of the fraud schemes, and the various layers of wrongdoing.”
Further, where Bankman-Fried tried to claim that he was “well-meaning but hapless” in causing FTX’s collapse, Ellison admitted her guilt before law enforcement ever got involved, then continually “expressed genuine shame and remorse” for the harms she caused, Williams wrote.
A lighter sentence, Ellison’s sentencing memo suggested, “would incentivize people involved in a fraud to do what Caroline did: publicly disclose a fraud, immediately accept responsibility, and cooperate immediately with civil and criminal authorities.”
Williams praised Ellison as exceptionally forthcoming, even alerting the government to criminal activity that they didn’t even know about yet. He also credited her for persevering as a truth-teller “despite harsh media and public scrutiny and Bankman-Fried’s efforts to publicly weaponize her personal writings to discredit and intimidate her.”
“The Government cannot think of another cooperating witness in recent history who has received a greater level of attention and harassment,” Williams wrote.
In her sentencing memo, Ellison’s lawyers asked for no prison time, insisting that Ellison had been punished enough. Not only will she recover “nothing” from the FTX bankruptcy proceedings that she’s helping to settle, but she also is banned from working in the only industries she’s ever worked in, unlikely to ever repeat her crimes in finance and cryptocurrency sectors. She also is banned from running any public company and “has been rendered effectively unemployable in the near term by the notoriety arising from this case.”
“The reputational harm is not likely to abate any time soon,” Ellison’s sentencing memo said. “These personal, financial, and career consequences constitute substantial forms of punishment that reduce the need for the Court to order her incarceration.”
Kaplan clearly disagreed, ordering her to serve 24 months and forfeit $11 billion.
Enlarge/ An urn with ashes and a numbered cremation stone that is placed in the coffin of the deceased before the cremation.
A Colorado judge has ordered a couple to pay more than $950 million for allegedly giving grieving families urns full of fake ashes and running a bug-infested funeral home facility where 190 improperly stored bodies were found in various states of decay.
The judgment was issued in a civil class-action lawsuit against Jon and Carie Hallford, who owned the Return to Nature Funeral Home in Penrose, Colorado. It is the first high-profile case against the couple to return a ruling.
The bodies and the extent of the couple’s alleged fraud were discovered late last year after area residents reported a putrid stench emanating from the Penrose facility. The discovery sparked a massive investigation that came to include local, state, and federal investigators and responders. The FBI deployed a team of agents trained to respond to mass casualty events, such as airline crashes.
In addition to the class-action suit, the Hallfords face hundreds of state and federal criminal charges over their allegedly fraudulent funeral services. Specifically, the couple faces 286 charges at the state level, including felony charges of abuse of a corpse, theft, money laundering, and forgery, according to the Colorado Springs Gazette.
Further, federal prosecutors also accuse the couple of lying to the US Small Business Administration to obtain nearly $900,000 in COVID relief funds. The false information provided included “misrepresenting the fact that Jon Hallford owed back child support,” the DOJ noted. And the couple allegedly used the ill-gotten business funds to pay for vacations, cosmetic surgery, and jewelry, among other personal expenses, according to unsealed court documents. If convicted on the federal counts, they could both face around seven years in prison.
Last month, the Gazette reported that state authorities offered the Hallfords a plea deal, in which they would plead guilty to 190 counts of abuse of a corpse, Jon would then serve a mandatory sentence of 20 years in prison, and Carie would serve between 15 and 20 years. Affected family members were reportedly upset by the offer, saying they were not informed of the proposed deal ahead of time and did not feel it reflected the egregiousness of the alleged crimes. It’s unclear if the Hallfords have or will take the deal.
As for the nearly $1 billion payout in the class-action case, the judgment is largely symbolic with the expectation that the Hallfords do not have such money.
“I’m never going to get a dime from them, so, I don’t know, it’s a little frustrating,” Crystina Page told the Associated Press. Page paid the Hallfords to cremate her son’s remains in 2019 and received an urn they claimed held his ashes. She carried the urn around the country until his body was discovered in the Penrose location amid the investigation late last year.
On top of the financial disappointment, affected families did not get the opportunity to face the Hallfords in court as they had hoped. Both Hallfords refused to cooperate with the case or show up for hearings.
Jon Hallford is currently in custody pending the outcome of his federal case. Carie Hallford is out on a $100,000 bond.
Just before the Fourth of July holiday, Elon Musk moved to dismiss a lawsuit alleging that he intentionally misled Twitter investors in 2022 by failing to disclose his growing stake in Twitter while tweeting about potentially starting his own social network in the weeks ahead of announcing his plan to buy Twitter.
Allegedly, Musk devised this fraudulent scheme to reduce the Twitter purchase price by $200 million, a proposed class action filed by an Oklahoma Firefighters pension fund on behalf of all Twitter investors allegedly harmed claimed. But in another court filing this week, Musk insisted that “all indications”—including those referenced in the firefighters’ complaint—”point to mistake,” not fraud.
According to Musk, evidence showed that he simply misunderstood the Securities Exchange Act when he delayed filing a Rule 13 disclosure of his nearly 10 percent ownership stake in Twitter in March 2022. Musk argued that he believed he was required to disclose this stake at the end of the year, rather than within 10 days after the month in which he amassed a 5 percent stake. He said that previously he’d only filed Rule 13 disclosures as the owner of a company—not as someone suddenly acquiring 5 percent stake.
Musk claimed that as soon as his understanding of the law was corrected—on April 1, when he’d already missed the deadline by about seven days—he promptly stopped trading and filed the disclosure on the next trading day.
“Such prompt and corrective disclosure—within seven trading days of the purported deadline—is not the stuff of a fraudulent scheme to manipulate the market,” Musk’s court filing said.
As Musk sees it, the firefighters’ suit “makes no sense” because it basically alleged that Musk always intended to disclose the supposedly fraudulent scheme, which in the context of his extraordinary wealth, barely saved him any meaningful amount of money when purchasing Twitter.
The idea that Musk “engaged in intentional securities fraud in order to save $200 million is illogical in light of Musk’s eventual $44 billion purchase of Twitter,” Musk’s court filing said. “It defies logic that Musk would commit fraud to save less than 0.5 percent of Twitter’s total purchase price, and 0.1 percent of his net worth, all while knowing that there would be ‘an inevitable day of reckoning’ when he would disclose the truth—which was always his intent.”
It’s much more likely, Musk argued, that “Musk’s acknowledgement of his tardiness is that he was expressly acknowledging a mistake, not publicly conceding a purportedly days-old fraudulent scheme.”
Arguing that all firefighters showed was “enough to adequately plead a material omission and misstatement”—which he said would not be an actionable claim under the Securities Exchange Act—Musk has asked for the lawsuit to be dismissed with prejudice. At most, Musk is guilty of neglect, his court filing said, not deception. Allegedly Musk never “had any intention of avoiding reporting requirements,” his court filing said.
The firefighters pension fund has until August 12 to defend its claims and keep the suit alive, Musk’s court filing noted. In their complaint, the fighterfighteres had asked the court to award damages covering losses, plus interest, for all Twitter shareholders determined to be “cheated out of the true value of their securities” by Musk’s alleged scheme.
Ars could not immediately reach lawyers for Musk or the firefighters pension fund for comment.
Hoau-Yan Wang, 67, a medical professor at the City University of New York, was a paid collaborator with the Austin, Texas-based pharmaceutical company Cassava Sciences. Wang’s research and publications provided scientific underpinnings for Cassava’s Alzheimer’s treatment, Simufilam, which is now in Phase III trials.
Simufilam is a small-molecule drug that Cassava claims can restore the structure and function of a scaffolding protein in the brain of people with Alzheimer’s, leading to slowed cognitive decline. But outside researchers have long expressed doubts and concerns about the research.
In 2023, Science magazine obtained a 50-page report from an internal investigation at CUNY that looked into 31 misconduct allegations made against Wang in 2021. According to the report, the investigating committee “found evidence highly suggestive of deliberate scientific misconduct by Wang for 14 of the 31 allegations,” the report states. The allegations largely centered around doctored and fabricated images from Western blotting, an analytical technique used to separate and detect proteins. However, the committee couldn’t conclusively prove the images were falsified “due to the failure of Dr. Wang to provide underlying, original data or research records and the low quality of the published images that had to be examined in their place.”
In all, the investigation “revealed long-standing and egregious misconduct in data management and record keeping by Dr. Wang,” and concluded that “the integrity of Dr. Wang’s work remains highly questionable.” The committee also concluded that Cassava’s lead scientist on its Alzheimer’s disease program, Lindsay Burns, who was a frequent co-author with Wang, also likely bears some responsibility for the misconduct.
In March 2022, five of Wang’s articles published in the journal PLOS One were retracted over integrity concerns with images in the papers. Other papers by Wang have also been retracted or had statements of concern attached to them. Further, in September 2022, the Food and Drug Administration conducted an inspection of the analytical work and techniques used by Wang to analyze blood and cerebrospinal fluid from patients in a simufilam trial. The investigation found a slew of egregious problems, which were laid out in a “damning” report obtained by Science.
In the indictment last week, federal authorities were explicit about the allegations, claiming that Wang falsified the results of his scientific research to NIH “by, among other things, manipulating data and images of Western blots to artificially add bands [which represent proteins], subtract bands, and change their relative thickness and/or darkness, and then drawing conclusions” based on those false results.
Wang is charged with one count of major fraud against the United States, two counts of wire fraud, and one count of false statements. If convicted, he faces a maximum penalty of 10 years in prison for the major fraud charge, 20 years in prison for each count of wire fraud, and five years in prison for the count of false statements, the Department of Justice said in an announcement.
In a statement posted to its website, Cassava acknowledged Wang’s indictment, calling him a “former” scientific adviser. The company also said that the grants central to the indictment were “related to the early development phases of the Company’s drug candidate and diagnostic test and how these were intended to work.” However, Cassava said that Wang “had no involvement in the Company’s Phase 3 clinical trials of simufilam.”
Those ongoing trials, which some have called to be halted, are estimated to include over 1,800 patients across several countries.
Enlarge/ Ten milligram tablets of the hyperactivity drug, Adderall, made by Shire Plc, is shown in a Cambridge, Massachusetts pharmacy Thursday, January 19, 2006.
The Centers for Disease Control and Prevention on Thursday warned that a federal indictment of an allegedly fraudulent telehealth company may lead to a massive, nationwide disruption in access to ADHD medications—namely Adderall, but also other stimulants—and could possibly increase the risk of injuries and overdoses.
“A disruption involving this large telehealth company could impact as many as 30,000 to 50,000 patients ages 18 years and older across all 50 US states,” the CDC wrote in its health alert.
The CDC warning came on the heels of an announcement from the Justice Department Thursday that federal agents had arrested two people in connection with an alleged scheme to illegally distribute Adderall and other stimulants through a subscription-based online telehealth company called Done Global. The company’s CEO and founder, Ruthia He, was arrested in Los Angeles, and its clinical president, David Brody, was arrested in San Rafael, California.
“As alleged, these defendants exploited the COVID-19 pandemic to develop and carry out a $100 million scheme to defraud taxpayers and provide easy access to Adderall and other stimulants for no legitimate medical purpose,” Attorney General Merrick Garland said in a statement. “Those seeking to profit from addiction by illegally distributing controlled substances over the Internet should know that they cannot hide their crimes and that the Justice Department will hold them accountable.”
Deadly consequences
According to the Justice Department, Done Global generated $100 million in revenue by arranging for the prescription of over 40 million pills of Adderall and other stimulants, which are addictive medications used to treat ADHD (attention-deficit/hyperactivity disorder). Done Global allegedly eased access to the drugs by limiting the information available to prescribers, instructing prescribers to prescribe Adderall and other stimulants even if the patient didn’t qualify, and mandating that the prescribing appointments last no longer than 30 minutes. The company also discouraged prescriber follow-up appointments and added an “auto-refill” feature.
Prosecutors further allege that He and Brody continued with their scheme after becoming aware that patients had overdosed and died.
The CDC cautioned that the disruption from lost access to Done Global prescriptions comes amid a long-standing, nationwide shortage of Adderall and other stimulant medications. For patients with ADHD, the disruption could be harmful. “Untreated ADHD is associated with adverse outcomes, including social and emotional impairment, increased risk of drug or alcohol use disorder, unintentional injuries, such as motor vehicle crashes, and suicide,” the CDC warns. Further, a loss of access could drive some to seek illicit sources of the drugs, which could turn deadly.
“Patients whose care or access to prescription stimulant medications is disrupted, and who seek medication outside of the regulated healthcare system, might significantly increase their risk of overdose due to the prevalence of counterfeit pills in the illegal drug market that could contain unexpected substances, including fentanyl,” the CDC said. Fentanyl is a synthetic opioid that is up to 50 times stronger than heroin and 100 times stronger than morphine.
The Drug Enforcement Administration recently reported that seven out of every 10 pills seized from the illegal drug market contain a potentially lethal dose of illegally made fentanyl, the CDC noted.
This post was updated to clarify that the DEA’s data indicated that 70 percent of illicit pills seized contained “potentially” lethal doses, which was not included in the CDC’s warning.
Enlarge/ Dr. Craig Wright arrives at the Rolls Building, part of the Royal Courts of Justice, on February 06, 2024, in London, England.
“Overwhelming evidence” shows that Australian computer scientist Craig Wright is not bitcoin creator Satoshi Nakamoto, a UK judge declared Thursday.
In what Wired described as a “surprise ruling” at the closing of Wright’s six-week trial, Justice James Mellor abruptly ended years of speculation by saying:
“Dr. Wright is not the author of the Bitcoin white paper. Dr. Wright is not the person that operated under the pseudonym Satoshi Nakamoto. Dr. Wright is not the person that created the Bitcoin system. Nor is Dr. Wright the author of the Bitcoin software.”
Wright was not in the courtroom for this explosive moment, Wired reported.
In 2016, Wright had claimed that he did not have the “courage” to prove that he was the creator of bitcoin, shortly after claiming that he had “extraordinary proof.” As debate swirled around his claims, Wright began filing lawsuits, alleging that many had violated his intellectual property rights.
A nonprofit called the Crypto Open Patent Alliance (COPA) sued to stop Wright from filing any more lawsuits that it alleged were based on fabricated evidence, Wired reported. They submitted hundreds of alleged instances of forgery or tampering, Wired reported, asking the UK High Court for a permanent injunction to block Wright from ever making the claim again.
As a result of Mellor’s ruling, CoinDesk reported that Wright’s lawsuits against Coinbase and Twitter founder Jack Dorsey’s Block would be halted. COPA’s lawyer, Jonathan Hough, told CoinDesk that Wright’s conduct should be considered “deadly serious.”
“On the basis of his dishonest claim to be Satoshi, he has pursued claims he puts at hundreds of billions of dollars, including against numerous private individuals,” Hough said.
On Thursday, Dorsey posted a “W” on X (formerly Twitter), marking the win and quoting Mellor’s statements clearly rejecting Wright’s claims as false. COPA similarly celebrated the victory.
“This decision is a win for developers, for the entire open source community, and for the truth,” a COPA spokesperson told CoinDesk. “For over eight years, Dr. Wright and his financial backers have lied about his identity as Satoshi Nakamoto and used that lie to bully and intimidate developers in the bitcoin community. That ends today with the court’s ruling that Craig Wright is not Satoshi Nakamoto.”
Wright’s counsel, Lord Anthony Grabiner, had argued that Mellor granting an injunction would infringe Wright’s freedom of speech. Grabiner noted that “such a prohibition is unprecedented in the UK and would prevent Wright from even casually going to the park and declaring he’s Satoshi without incurring fines or going to prison,” CoinDesk reported.
COPA thinks the injunction is necessary, though.
“We are seeking to enjoin Dr. Wright from ever claiming to be Satoshi Nakamoto again and in doing so avoid further litigation terror campaigns,” COPA’s spokesperson told Wired.
And that’s not all that COPA wants. COPA has also petitioned for Wright’s alleged forgeries—some of which Reuters reported were allegedly produced using ChatGPT—to be review by UK criminal courts, where he could face fines and/or prison time. Hough alleged at trial that Wright “has committed fraud upon the court,” Wired reported, asking Britain’s Crown Prosecution Service to consider prosecuting Wright for “perjury and perverting the course of justice,” CoinDesk reported.
Wright’s counsel argued that COPA would need more evidence to back such a claim, CoinDesk reported.
Mellor won’t issue his final judgment for a month or more, Wired reported, so it’s not clear yet if Wright will be enjoined from claiming he is bitcoin’s creator. The judgement will “be ready when it’s ready and not before,” Mellor said.
Popular apps like Venmo, Zelle, and Cash App aren’t doing enough to protect consumers from fraud that occurs when unauthorized users gain access to unlocked devices, Manhattan District Attorney Alvin Bragg warned.
“Thousands or even tens of thousands can be drained from financial accounts in a matter of seconds with just a few taps,” Bragg said in letters to app makers. “Without additional protections, customers’ financial and physical safety is being put at risk.”
According to Bragg, his office and the New York Police Department have been increasingly prosecuting crimes where phones are commandeered by bad actors to quickly steal large amounts of money through financial apps.
This can happen to unwitting victims when fraudsters ask “to use an individual’s smartphone for personal use” or to transfer funds to initiate a donation for a specific cause. Or “in the most disturbing cases,” Bragg said, “offenders have violently assaulted or drugged victims, and either compelled them to provide a password for a device or used biometric ID to open the victim’s phone before transferring money once the individual is incapacitated.”
But prosecuting crimes alone won’t solve this problem, Bragg suggested. Prevention is necessary. That’s why the DA is requesting meetings with executives managing widely used financial apps to discuss “commonsense” security measures that Bragg said can be taken to “combat this growing concern.”
Bragg appears particularly interested in Apple’s recently developed “Stolen Device Protection,” which he said is “making it harder for perpetrators to use a phone’s passcode to steal funds when the user’s phone is not at home or at work.”
Apple just rolled out “Stolen Device Protection” for iOS 17.3. On its website, Apple explained that when “Stolen Device Protection” is enabled, “some features and actions have additional security requirements when your iPhone is away from familiar locations such as home or work.”
For users taking advantage of this enhanced security layer, biometric or FaceID would be required to access devices, with no option to bypass with a passcode. This alone could help deter crimes that Bragg described, potentially stopping thieves from rifling through someone’s passwords to get instant access to a cash app. “Stolen Device Protection” also sets up a security delay that could stop thieves from immediately changing the account password and locking an owner out of their device. To change a password in this more secure mode, thieves would need to wait one hour—perhaps giving time for the owner to report that the phone is stolen or missing—and then must provide a biometric or FaceID.
Bragg wants financial apps like Zelle or Venmo to follow Apple’s lead and build similar safeguards. He suggested that Apple’s release makes it clear that the technology exists where apps could detect when a user is attempting to send a large transaction from an unknown location and perhaps block or delay sending that transaction for up to a day without secondary verification. This could afford victims more time to discover and cancel fraudulent transfers before they go through, instead of after the theft, when it’s usually harder to claw back funds.
This problem goes well beyond Manhattan, Bragg wrote, pointing to “similar thefts and robberies” that have been “publicly reported” in major cities like Los Angeles and Orlando, as well as in West Virginia, Louisiana, Illinois, Kansas, Tennessee, Virginia, and “elsewhere across the United States.”
Overall, the DA traced a pattern showing that the more people were using financial apps, the more fraud claims spiked, “tripling between 2020 and 2022” and “costing consumers hundreds of millions of dollars each year.”
“While cash apps, like Cash App, offer consumers an easy and fast method to transfer funds, they also have made these platforms a favorite of fraudsters because consumers have no option to cancel transactions, even moments after authorizing them,” Bragg wrote to Cash App CEO Brian Grassadonia. “I am concerned about the troubling rise in illegal behavior that has developed because of insufficient security measures connected with your software and business policy decisions.”
While building tech like Apple’s “Stolen Device Protection” seems to be the most extreme step that Bragg recommended, he also pushed “commonsense solutions” that he claimed that financial apps currently overlook. These include steps like requiring multifactor authentication to help keep thieves locked out and lowering limits on daily transfers to make the scam less appealing to thieves looking for a big payday.
