Categories
Game

Bungie sues ‘Destiny 2’ YouTuber who issued almost 100 fake DMCA claims

In December of last year, a YouTuber by the name of Lord Nazo received copyright takedown notices from CSC Global — the brand protection vendor contracted by game creator Bungie — for uploading tracks from their game Destiny 2’s original soundtrack. While some content creators might remove the offending material or appeal the copyright notice, Nazo, whose real name is Nicholas Minor, allegedly made the ill-fated decision to impersonate CSC Global and issue dozens of fake DMCA notices to his fellow creators. As first spotted by The Game Post, Bungie is now suing him for a whopping $7.6 million.

“Ninety-six times, Minor sent DMCA takedown notices purportedly on behalf of Bungie, identifying himself as Bungie’s ‘Brand Protection’ vendor in order to have YouTube instruct innocent creators to delete their Destiny 2 videos or face copyright strikes,” the lawsuit claims, “disrupting Bungie’s community of players, streamers, and fans. And all the while, ‘Lord Nazo’ was taking part in the community discussion of ‘Bungie’s’ takedowns.” Bungie is seeking “damages and injunctive relief” that include $150,000 for each fraudulent copyright claim: a total penalty of $7,650,000, not including attorney’s fees.

The game developer is also accusing Minor of using one of his fake email aliases to send harassing emails to the actual CSC Global with the subject lines such as “You’re in for it now” and “Better start running. The clock is ticking.” Minor also allegedly authored a “manifesto” that he sent to other members of the Destiny 2 community — again, under an email alias — in which he “took credit” for some of his activities. The recipients promptly forwarded the email to Bungie.

As detailed in the lawsuit, Minor appears to have done the bare minimum to cover his tracks: the first batch of fake DMCA notices used the same residential IP address he used to log-in to both his Destiny and Destiny 2 accounts, the latter of which shared the same Lord Nazo username as his YouTube, Twitter and Reddit accounts. He only switched to a VPN on March 27th — following media coverage of the fake DMCA notices. Meanwhile, Minor allegedly continued to log-in to his Destiny account under his original IP address until May.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
Game

‘Roblox’ sues long-banned user for allegedly terrorizing the platform

 is suing a person it banned years ago for allegedly terrorizing the gaming platform and its community of developers. The Roblox Corporation wants Benjamin Robert Simon to stop his alleged harassment of employees and users on Roblox and elsewhere, and to pay $1.65 million in damages.

In the filing, which was first reported by , the company claims Simon, an alleged “cybermob” leader, “commits and encourages unlawful acts designed to injure Roblox and its users.” Roblox banned him years ago, allegedly for using homophobic and racist slurs, harassing others and sexual harassment. Simon is said to use accounts created by others and hacks to maintain access to the platform.

The suit contains several examples of purported misconduct on Simon’s part. Among them is an allegation that he posted “false and misleading terrorist threats” last month that led to a temporary shutdown of the Roblox Developers Conference in San Francisco. Roblox claims it cost $50,000 to investigate the threat and secure the venue.

In addition, Simon is accused of “glamorizing the April 3, 2018 in San Bruno, California and threatening/taunting a copycat act of terrorism at Roblox headquarters in nearby San Mateo, California.” Roblox also claims he tried to upload a mostly nude photo of himself and images of Adolf Hitler, and attempted to upload a sex game to the platform.

Simon, a popular YouTuber known as Ruben Sim, allegedly profited from videos of stunts that were uploaded to that platform and Patreon. The Roblox Corporation is suing him for, among other things, breach of contract, fraud and allegedly violating both the Computer Fraud and Abuse Act and the California Comprehensive Computer Data Access and Fraud Act.

Roblox has tens of millions of daily users, many of whom are kids. Keeping trolls as far away as possible from the platform is important to help protect the platform’s young audience. The lawsuit follows an outage that for three days.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
Security

Apple sues NSO Group for attacking iPhones with Pegasus spyware

Now Apple has followed WhatsApp and its parent company Meta (formerly known as Facebook) in suing Pegasus spyware maker NSO Group. Along with promising new information about how NSO Group infected targeted iPhones via a zero-click exploit that researchers later dubbed ForcedEntry, Apple says it’s “seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.”

Senior VP of software engineering Craig Federighi didn’t mention sideloading this time but says in a statement, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change…Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.” Apple and WhatsApp aren’t alone in their push against NSO Group in court, as last year, tech companies including Microsoft and Google filed a brief supporting Facebook’s lawsuit.

Pegasus spyware is designed to let governments remotely access a phone’s microphones, cameras, and other data on both iPhones and Androids, according to Apple’s press release. It’s also designed to be able to infect phones without requiring any action from the user and without leaving a trace, according to reports that came out earlier this year from a journalistic coalition called the Pegasus Project and Apple’s complaint.

Apple also cites reports that the spyware has been used against journalists, activists, and politicians, despite NSO’s claims that its governmental clients are forbidden from using the spyware against those sorts of targets. It’s understandable why Apple, the “what happens on your iPhone, stays on your iPhone” company, would be upset about its devices and services being used to carry out what it calls “human rights abuses.”

Apple’s senior director of commercial litigation Heather Grenier says in a statement to The New York Times the lawsuit is meant to be a “stake in the ground, to send a clear signal” that the company won’t allow its users to suffer “this type of abuse.” Part of Apple’s argument laid out in the complaint (PDF) is that NSO violated Apple’s terms of service because the group created “more than one hundred” Apple IDs to help it send data to targets.

The Court has personal jurisdiction over Defendants because, on information and belief, they created more than one hundred Apple IDs to carry out their attacks and also agreed to Apple’s iCloud Terms and Conditions (“iCloud Terms”), including a mandatory and enforceable forum selection and exclusive jurisdiction clause that constitutes express consent to the jurisdiction of this Court

In Apple’s complaint, it breaks down how the attack worked — using the Apple IDs it created, NSO would send data to a target via iMessage (after determining that they were using an iPhone), which was maliciously crafted to turn off the iPhone’s logging. That would then let NSO secretly install the Pegasus spyware and control what was being collected on the phone. Apple says that the specific vulnerability that NSO was using was patched in iOS 14.8, which you can read more about here. The summary is that NSO was sending files that exploited a bug in how iMessage rendered GIFs and PDFs.

Apple says in its press release that, thanks to improvements it’s made to iOS 15 security, it “has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions.” When the Pegasus Project was publishing its reports in July, Amnesty International said that the latest versions of iOS (at the time iOS 14.6) were susceptible to attack.

For more information about the reporting done on Pegasus, its capabilities, and its potential targets, see our explainer.

In addition to its lawsuit against NSO, Apple says it’ll be supporting “organizations pursuing cybersurveillance research and advocacy,” both financially and with technical resources. The company says it’ll distribute $10 million (plus any damages it wins from its lawsuit) to groups working on counter-surveillance and pledges in its press release to give free “technical, threat intelligence, and engineering assistance” to Citizen Lab, a group of researchers that were involved with the Pegasus Project and that helped Apple discover and patch NSO’s exploits. Apple also says it’ll do the same for other organizations “where appropriate.”

NSO was recently added to the US Entity List, which limits the ways American companies can sell or provide their technology to the company. According to a report by the MIT Technology Review, the sanction has been seriously detrimental both to employee morale at NSO Group, and the company’s ability to do business. The report says the company has to request permission from the US government to purchase items like laptops running Windows and iPhones, and that the government has said its default decision would be to turn down those requests.

Updated November 23rd, 3:36PM ET: Added context about sanctions against NSO, and the alleged misuse of Pegasus.

Repost: Original Source and Author Link

Categories
Security

College student sues Proctorio after source code copyright claim

The Electronic Frontier Foundation (EFF) has filed a lawsuit against the remote testing company Proctorio on behalf of Miami University student Erik Johnson. The lawsuit is intended to “quash a campaign of harassment designed to undermine important concerns” about the company’s remote test-proctoring software, according to the EFF. It’s the latest legal battle for the software company, which has publicly sparred with online critics throughout the last year.

The lawsuit intends to address the company’s behavior toward Johnson in September of last year. After Johnson found out that he’d need to use the software for two of his classes, Johnson dug into the source code of Proctorio’s Chrome extension and made a lengthy Twitter thread criticizing its practices — including links to excerpts of the source code, which he’d posted on Pastebin. Proctorio CEO Mike Olsen sent Johnson a direct message on Twitter requesting that he remove the code from Pastebin, according to screenshots viewed by The Verge. After Johnson refused, Proctorio filed a copyright takedown notice, and three of the tweets were removed. (They were reinstated after TechCrunch reported on the controversy.)

In its lawsuit, the EFF is arguing that Johnson made fair use of Proctorio’s code and that the company’s takedown “interfered with Johnson’s First Amendment right.”

“Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them,” said EFF Staff Attorney Cara Gagliano in a statement.

“I’m doing this to stand up against student surveillance, as well as abuses of copyright law,” Johnson told The Verge. “This isn’t the first, and won’t be the last time a company abuses copyright law to try and make criticism more difficult. If nobody calls out this abuse of power now, it’ll just keep happening.”

Proctorio is one of the most prominent software platforms that schools use to watch for cheating on remote tests. Its use exploded last year with the rise of remote learning; the platform proctored over 16 million exams. The software records students through their webcams as they work and monitors the position of their heads while they take exams. It flags “suspicious signs” to professors, who can review its recordings. It also enables instructors to track the websites students visit during the exam period and to bar them from functions like copying and pasting text.

Students and instructors around the country have volleyed numerous criticisms against Proctorio, claiming it violates student privacy and has the potential to discriminate against marginalized students. The Electronic Privacy Information Center filed a complaint against the service (and four others) in December, calling it “inherently invasive.” A coalition of US senators, including Sens. Richard Blumenthal (D-CT), Elizabeth Warren (D-MA), and Cory Booker (D-NJ), cited similar concerns about Proctorio in an open letter last year.

Proctorio has engaged critics in court before, although more often as a plaintiff. Last October, the company sued a technology specialist at the University of British Columbia who made a series of tweets criticizing the platform. The thread contained links to unlisted YouTube videos, which Proctorio claimed contained confidential information. The lawsuit drew ire from the global education community: hundreds of university faculty, staff, administrators, and students have signed an open letter in the specialist’s defense, and a GoFundMe for his legal expenses has raised $60,000 from over 700 donors.

“We disagree that sharing confidential information is the same thing as criticism,” Olsen told The Verge at the time. “Posting these kinds of things…it risks students learning how to circumvent the software, and it risks the safety and security of millions of students who use the software.”

Proctorio did not immediately respond to a request for comment on the EFF’s lawsuit.

Update April 22nd, 3:46PM ET: Added statement from Erik Johnson.



Repost: Original Source and Author Link

Categories
Tech News

Apple sues former designer over alleged stolen secrets

Apple is suing a former MacBook designer, alleging that he sold unreleased product details to a journalist in return for favorable coverage as he left the Cupertino firm for a startup. Simon Lancaster had been Advanced Materials and Prototyping lead at Apple until he resigned in November 2019, but a new lawsuit accuses him of copying trade secrets from other projects so that he could supply them to an “outside media correspondent” currently unnamed.

After leaving Apple, Lancaster joined Arris Composites as Head of Consumer Products, according to his LinkedIn profile. The company has developed a system called Additive Molding, in which composite structures can be manufactured with a mixture of continuously aligned fibers, electronics, and metallic components.

However before he left, Apple alleges, Lancaster used his position to gain access to information about other products and projects underway there. That information was shared with an unnamed journalist, along with details on roadmaps for new products and updates.

“Despite over a decade of employment at Apple, Lancaster abused his position and trust within the company to systematically disseminate Apple’s sensitive trade secret information in an effort to obtain personal benefits,” Apple’s lawsuit, first reported by AppleInsider, claims. “He used his seniority to gain access to internal meetings and documents outside the scope of his job’s responsibilities containing Apple’s trade secrets, and he provided these trade secrets to his outside media correspondent.”

According to the lawsuit, Lancaster was first contacted by the media correspondent in late November, 2018. The two then communicated regularly through into 2019. In September 2019, it’s alleged, they had begun meeting in person to exchange both information and physical documents. When Lancaster revealed he planned to leave Apple, the lawsuit says, the source asked him to get specific documents on a future product. The designer also reportedly attended a meeting on the product, despite it not being in his remit.

When he left Apple, Lancaster did not hand over the documents he had acquired. AppleInsider speculates, based on the timelines in Apple’s lawsuit, that the product in question – which Apple refers to only as “Project X” – could either be the “Apple Glass” smart glasses or possibly the AirPods Max, the premium headphones the company announced in December 2020.

“Tens of thousands of Apple employees work tirelessly every day on new products, services and features in the hopes of delighting our customers and empowering them to change the world. Stealing ideas and confidential information undermines their efforts, hurting Apple and our customers,” Apple said in a statement to The Verge. “We take very seriously this individual’s deliberate theft of our trade secrets, violation of our ethics and our policies, all for personal gain. We will do all we can to protect the innovations we hold so dear.”

Apple is alleging violation of Defense of Trade Secret Act, violation of California Uniform Trade Secret Act, and a breach of written contract. As well as requesting a trial by jury, it’s asking the court to grant it injunctive relief, damages proven at trial, punitive damages, restitution, and costs of the lawsuit.

Repost: Original Source and Author Link