stalking

ebay-hit-with-$3m-fine,-admits-to-“terrorizing-innocent-people”

eBay hit with $3M fine, admits to “terrorizing innocent people”

eBay, fbi, harassment, intimidation, Policy, stalking / /

“Never-ending nightmare” —

eBay must pay maximum fine for putting Massachusetts couple “through pure hell.”

eBay hit with $3M fine, admits to “terrorizing innocent people”

eBay has agreed to pay $3 million—the maximum criminal penalty possible—after employees harassed, intimidated, and stalked a Massachusetts couple in retaliation for their critical reporting of the online marketplace in 2019.

“Today’s settlement holds eBay criminally and financially responsible for emotionally, psychologically, and physically terrorizing the publishers of an online newsletter out of fear that bad publicity would adversely impact their Fortune 500 company,” Jodi Cohen, the special agent in charge of the Federal Bureau of Investigation Boston Division, said in a Justice Department press release Thursday.

eBay’s harassment campaign against the couple, David and Ina Steiner, stretched for 18 days in August 2019 and was led by the company’s former senior director of safety and security, Jim Baugh. It started when then-CEO Devin Wenig and then-chief communications officer Steven Wymer decided to “take down” the Steiners after growing frustrated with their coverage of eBay in a newsletter called EcommerceBytes.

Executing the “take down,” Baugh and six co-conspirators “put the victims through pure hell,” acting US attorney Joshua S. Levy wrote in the DOJ’s press release.

The former eBay employees turned the Steiners’ world “upside-down through a never-ending nightmare of menacing and criminal acts,” Levy said. That included “sending anonymous and disturbing deliveries,” such as “a book on surviving the death of a spouse, a bloody pig mask, a fetal pig and a funeral wreath and live insects,” the DOJ said. The intimidation also included publishing a series of “Craigslist posts inviting the public for sexual encounters at the victims’ home.”

But the intimidation did not stop there. After sending tweets and DMs threatening to visit the couple’s home, former eBay employees escalated the criminal activity by traveling to Massachusetts and installing a GPS tracker on the Steiners’ car. Spotting their stalkers, the Steiners called local police, who coordinated with the FBI to investigate what Levy called an “unprecedented stalking campaign” fueled by eBay’s toxic corporate culture.

Once police got involved, the former eBay employees tried to cover their tracks. Baugh and his team falsified records and deleted evidence to throw the cops “off the trail,” the DOJ said. Baugh was also caught making false statements to police and internal investigators and subsequently became the first eBay employee involved who was imprisoned in 2022 for “terrorizing innocent people,” Levy said.

In a press release, eBay confirmed that the company admitted to all the relevant facts that law enforcement uncovered in the case.

“The company’s conduct in 2019 was wrong and reprehensible,” said Jamie Iannone, eBay’s CEO. “From the moment eBay first learned of the 2019 events, eBay cooperated fully and extensively with law enforcement authorities. We continue to extend our deepest apologies to the Steiners for what they endured.”

Cohen acknowledged that the settlement “cannot erase the significant distress this couple suffered” but said that the DOJ hopes slapping eBay with the maximum fine “will deter others from engaging in similar conduct.”

“No one should ever feel unsafe in their own home,” Cohen said.

Ars could not immediately reach the Steiners’ lawyer for comment on the settlement.

Under eBay’s agreement with the DOJ, eBay must “retain an independent corporate compliance monitor” to ensure the company’s corporate culture never pushes employees to engage in such criminal conduct again.

All seven former eBay employees have been convicted on felony charges, the DOJ said. As the “ringleader,” Baugh was sentenced to 57 months in federal prison. Others have received prison sentences between 12 and 24 months. Two former employees were sentenced to a year of home confinement. One co-conspirator has pleaded guilty and is still awaiting sentencing.

In the end, the DOJ said that “eBay was charged criminally with two counts of stalking through interstate travel, two counts of stalking through electronic communications services, one count of witness tampering, and one count of obstruction of justice, and has entered into a deferred prosecution agreement.”

Through the deferred prosecution agreement, eBay must remain compliant and fully cooperate with the DOJ’s terms for three years. If that process is successful, the US attorney will “dismiss the criminal information against eBay.”

The DOJ announced criminal penalties during Stalking Awareness Month, when advocates work to raise awareness that stalking is a serious crime.

After taking responsibility for the misconduct of its former employee, eBay seems ready to put the harassment campaign in its past.

“Since these events occurred, new leaders have joined the company and eBay has strengthened its policies, procedures, controls and training,” eBay said. “eBay remains committed to upholding high standards of conduct and ethics and to making things right with the Steiners.”

eBay hit with $3M fine, admits to “terrorizing innocent people” Read More »

researchers-come-up-with-better-idea-to-prevent-airtag-stalking

Researchers come up with better idea to prevent AirTag stalking

AirTags, Apple, privacy, Security, stalking, syndication / /
Picture of AirTag

BackyardProduction via Getty Images

Apple’s AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets.

Over the past year, Apple has taken protective steps to notify iPhone and Android users if an AirTag is in their vicinity for a significant amount of time without the presence of its owner’s iPhone, which could indicate that an AirTag has been planted to secretly track their location. Apple hasn’t said exactly how long this time interval is, but to create the much-needed alert system, Apple made some crucial changes to the location privacy design the company originally developed a few years ago for its “Find My” device tracking feature. Researchers from Johns Hopkins University and the University of California, San Diego, say, though, that they’ve developed a cryptographic scheme to bridge the gap—prioritizing detection of potentially malicious AirTags while also preserving maximum privacy for AirTag users.

The Find My system uses both public and private cryptographic keys to identify individual AirTags and manage their location tracking. But Apple developed a particularly thoughtful mechanism to regularly rotate the public device identifier—every 15 minutes, according to the researchers. This way, it would be much more difficult for someone to track your location over time using a Bluetooth scanner to follow the identifier around. This worked well for privately tracking the location of, say, your MacBook if it was lost or stolen, but the downside of constantly changing this identifier for AirTags was that it provided cover for the tiny devices to be deployed abusively.

In reaction to this conundrum, Apple revised the system so an AirTag’s public identifier now only rotates once every 24 hours if the AirTag is away from an iPhone or other Apple device that “owns” it. The idea is that this way other devices can detect potential stalking, but won’t be throwing up alerts all the time if you spend a weekend with a friend who has their iPhone and the AirTag on their keys in their pockets.

In practice, though, the researchers say that these changes have created a situation where AirTags are broadcasting their location to anyone who’s checking within a 30- to 50-foot radius over the course of an entire day—enough time to track a person as they go about their life and get a sense of their movements.

“We had students walk through cities, walk through Times Square and Washington, DC, and lots and lots of people are broadcasting their locations,” says Johns Hopkins cryptographer Matt Green, who worked on the research with a group of colleagues, including Nadia Heninger and Abhishek Jain. “Hundreds of AirTags were not near the device they were registered to, and we’re assuming that most of those were not stalker AirTags.”

Apple has been working with companies like Google, Samsung, and Tile on a cross-industry effort to address the threat of tracking from products similar to AirTags. And for now, at least, the researchers say that the consortium seems to have adopted Apple’s approach of rotating the device public identifiers once every 24 hours. But the privacy trade-off inherent in this solution made the researchers curious about whether it would be possible to design a system that better balanced both privacy and safety.

Researchers come up with better idea to prevent AirTag stalking Read More »

verizon-fell-for-fake-“search-warrant,”-gave-victim’s-phone-data-to-stalker

Verizon fell for fake “search warrant,” gave victim’s phone data to stalker

Policy, stalking, verizon, verizon wireless / /
A Verizon logo on top of a black background.

Enlarge / A Verizon logo at GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain.

Verizon Wireless gave a female victim’s address and phone logs to an alleged stalker who pretended to be a police officer, according to an affidavit filed by an FBI special agent. The man, Robert Michael Glauner, was later arrested near the victim’s home and found to be carrying a knife at the time, according to the affidavit submitted in court yesterday.

Glauner allegedly traveled from New Mexico to Raleigh, North Carolina, after finding out where she lived and, before arriving, sent a threatening message that said, “if I can’t have you no one can.” He also allegedly threatened to send nude photos of the victim to her family members.

Glauner was charged yesterday with stalking and fraud “in connection with obtaining confidential phone records” in US District Court for the Eastern District of North Carolina. We aren’t posting or linking directly to the court record because it seems to contain the victim’s home address. The incident was previously reported by 404 Media.

Glauner and the victim met in August or September 2023 on xhamster.com, a porn website with dating features, and “had an online romantic relationship,” the affidavit said. The victim ended the relationship, but Glauner “continued to contact or try to contact” her, the document said.

Glauner tricked Verizon into providing sensitive information by sending an email and fake search warrant to [email protected], the email address for the Verizon Security Assistance Team (VSAT), which handles legal requests. Verizon didn’t realize the request was fraudulent even though it came from a Proton Mail address rather than from a police department or other governmental agency, according to the affidavit filed yesterday by FBI Special Agent Michael Neylon.

Fake cop, forged judge’s signature

An email to Verizon from “[email protected]” on September 26, 2023, said, “Here is the pdf file for search warrant. We are in need if the [sic] this cell phone data as soon as possible to locate and apprehend this suspect. We also need the full name of this Verizon subscriber and the new phone number that has been assigned to her. Thank you.”

The email’s attached document contained a fake affidavit written by “Detective Steven Cooper” of the Cary, North Carolina Police Department. The Cary Police Department confirmed that no officer named Steven Cooper is employed by their agency, Neylon wrote.

VSAT received a phone call the same day from a man identifying himself as Cooper, who stated that he needed information on a suspect in a homicide case. “The caller stated that the person involved changed her phone number,” Neylon wrote.

The fake affidavit asked for the new phone number as well as “call records both outgoing and incoming” and “locations and text messages incoming and outgoing.” The affidavit for a search warrant was supposedly approved by Superior Court Judge Gale Adams.

Adams is a real judge and she later confirmed to authorities “that the signature displayed on the document was not hers,” Neylon wrote. Neylon’s affidavit also said the “search warrant” was “not in the proper format and does not have form AOC-CR-119, as required for State of North Carolina search warrants.”

Verizon provides address and phone logs

But after reviewing the email and document sent by “Cooper,” Verizon provided an address and phone logs. “On October 5, 2023, Verizon Wireless provided Victim 1’s phone records, including address and phone logs, to Glauner,” according to Neylon’s affidavit.

Verizon’s website says that the Verizon Security Assistance Team ensures that “court orders, search warrants, subpoenas and other legal demands served upon Verizon are processed confidentially and in compliance with all applicable law.”

“Verizon Security Assistance Team will only accept valid legal demands (subpoena, court order or search warrant) for records,” the VSAT webpage says.

We contacted Verizon about the incident today and will update this article if we get a response. A Verizon spokesperson told 404 Media that the company is cooperating with law enforcement on this matter.

Verizon fell for fake “search warrant,” gave victim’s phone data to stalker Read More »