Dutch Prosecutors Say One Man Got Into Trump's Twitter Account With 'MAGA2020!' Password

from the p@ssw0rd! dept

This sort of thing will never stop amazing me. For any American President, one would assume they would have all kinds of advisers on all matters regarding security and best practices when it comes to the systems and technology they use. I'm old enough to remember when everyone freaked out over Barack Obama using a Blackberry, but at the time I hand-waived any such concerns under the assumption that there were checks in place to make such technology secure.

So how in the world did Donald Trump, often called America's first Twitter President, manage to have his Twitter account accessed using a laughably predictable password and 2-factor authentication?

Dutch prosecutors have found a hacker did successfully log in to Donald Trump's Twitter account by guessing his password - "MAGA2020!" But they will not be punishing Victor Gevers, who was acting "ethically".

Mr Gevers shared what he said were screenshots of the inside of Mr Trump's account on 22 October, during the final stages of the US presidential election. But at the time, the White House denied it had been hacked and Twitter said it had no evidence of it.

For what it's worth, both the White House and Twitter are both still claiming that they don't see any evidence that Gevers did in fact access Trump's Twitter account. That being said, Gevers is said to have provided evidence for what he'd done to Dutch police and the prosecutors there seem utterly convinced that Gevers did precisely what he said he had.

Dutch police said: "The hacker released the login himself.

"He later stated to police that he had investigated the strength of the password because there were major interests involved if this Twitter account could be taken over so shortly before the presidential election."

They had sent the US authorities their findings, they added.

For any other president, this sort of unauthorized access would be frustrating and somewhat concerning. For this president, however, who routinely announces hirings and firings of government employees via Twitter, and occasionally even announces American policy that way, it's horrifying. Someone who was actually nefarious could have created all kinds of chaos at the very least, or precipitated real life wars at worst, just by tweeting out from Trump's account. Imagine a world where a bad actor accesses Trump's account and tweets "America has declared war on North Korea. The battle begins in hours." It's not inconceivable that Seoul would be lost under North Korean artillery... or worse.

It's also worth noting that Gevers claims this isn't the first time he got access to Trump's account.

Earlier this year, Mr Gevers also claimed he and other security researchers had logged in to Mr Trump's Twitter account in 2016 using a password - "yourefired" - linked to another of his social-network accounts in a previous data breach.

The best people are apparently not advising the president on how to keep his vaunted Twitter account secure.

Filed Under: donald trump, hacking, maga2020, netherlands, passwords, security, victor gevers

Dutch Approach To Asset Forfeiture Will Literally Take The Clothes Off Pedestrians' Backs

from the take-'em-right-off dept

We've long complained about civil asset forfeiture in the United States. Law enforcement agencies, thanks to a series of perverse incentives, have grown to love taking people's property (usually cash) without charging them for crimes. The excuse is that lifting a few thousand dollars from some random person somehow chips away at drug cartels located overseas.

It would seem to be more crippling if criminal charges were pursued and suspects interrogated, jailed, and flipped. But law enforcement has no time for that, not when a pile of cash is only a few pieces of paperwork away from changing ownership.

They're taking asset forfeiture to a whole new level over in the Netherlands. Dutch cops will now be taking the clothes off people's back if they "suspect" the clothing might be out of the spending range of the person wearing it. (h/t Charles C.W. Cooke)

Police in the Dutch city of Rotterdam have launched a new pilot programme which will see them confiscating expensive clothing and jewellery from young people if they look too poor to own them.

Officers say the scheme will see them target younger men in designer clothes they seem unlikely to be able to afford legally – if it is not clear how the person paid for it, it will be confiscated.

The idea is to deter criminality by sending a signal that the men will not be able to hang onto their ill-gotten gains.

The police say they'll be able to make quick determinations about the legality of… um… clothing by accosting well-dressed youngsters. Presumably, no one will be carrying receipts. The police have used the term "undress" but swear they'll be focused on items that won't leave their former owners in a state of undress (watches are mentioned). Then again, the police also say they'll be packing clothes to hand out to people they've disrobed for dressing too richly, so it's obvious it won't just be watches being watched.

What's propelling this new spin on asset forfeiture? Apparently, it's some form of disrespect Dutch police want to shut down.

Police Chief said the young men targeted often have no income and are already in debt from fines for previous convictions but wearing expensive clothing.

This “undermines the rule of law” which sends “a completely false signal to local residents”, he explained.

The law already gives Dutch police permission to forfeit items procured with criminal funds. Over the last decade, the police have expanded these programs to go far beyond perceived kingpins to reach street hassle levels. Dutch law enforcement have been performing "Rolex checks" on young people for three years now, but the recent expansion into Rotterdam (it originated in Amsterdam), coupled with inflammatory "undress them on the street" comments from the Rotterdam police chief, has resulted in a new wave of backlash.

The police refuse to say how they'll determine rightful ownership of clothing/watches/jewelry they wish to seize. Obviously, the specifics would let "criminals" know what receipts to carry, but also suggests they're not entirely sure how they're going to carry this out either. Of course, the method matters less to the police. They don't have to prove anything. All they have to find is a lack of proof of legitimate ownership. The burden is completely upon those walking around wearing items cops subjectively feel they can't afford. Given the way this deck is stacked, citizens may as well just hand over "expensive" items the moment an officer approaches them. Why go through all the extra hassle if it's not going to change anything?

The police chief has responded to the backlash by blaming the media and the citizens for "rushing ahead" without knowing all the facts. This is a typical response, one that should be greeted with the obvious point that most of the facts came directly from from the police chief, i.e., the threat to "undress" people in public to rebuild "respect" for the "rule of law." Those facts are ugly and indisputable. And they're all attributable to Rotterdam Police Chief Frank Depauuw. He can't blame an extremely awful forfeiture program on all the people who won't be actively participating in it. The facts will continue to develop, but they're never going to reach the point where this program looks like anything but a gross misuse of power.

Filed Under: asset forfeiture, expensive clothing, law enforcement, netherlands

Study: Dutch Piracy Rates In Free Fall Due Mostly To The Availability Of Legal Alternatives

from the you-don't-say dept

The claim that the best way to combat content piracy is to offer good legal alternatives and make them widely available isn't exactly breaking new ground. Case studies made out of several nations' piracy rates, such as in Australia and Norway, demonstrate the severe impact creating good digital marketplace alternatives to piracy can have. Techdirt's think tank arm, the Copia Institute, produced the definitive report highlighting this in multiple countries nearly two years ago.

And, yet, the copyright industries and their mouthpiece organizations typically choose to beat the punishment drum instead, going the route of litigation against pirates that ultimately ends up being a PR nightmare, or instead going the route of wholesale censorship on the internet that is equal parts ineffective and alarming to those of us that think such censorship ought to have a high bar to hurdle in order to be implemented. It's with that in mind that any new example that simply offering legal alternatives is a better route is useful to highlight.

Which brings us to the Netherlands, long assumed to be a hotspot of piracy. And, indeed, as recently as 2013 a study put out by Telecompaper indicated that 41% of the Dutch people were downloading copyrighted content for free. But that same study also suggests that this piracy rate has dropped all the way to 27% as legal alternatives have emerged.

In November 2013, when services such as Netflix and Spotify were still new, 41% of Dutch people were downloading illegal content. In January, that percentage fell to 27%. From this group, 77% say they plan to download less pirated content; the remaining 23% claim they will increase illegal usage.

Of the group that still downloads, 8% say they have reduced their activities because it is becoming harder to find what they are looking for. Of the people who have increased their pirate activities, 6% said in January that it was easier to find what they were looking for, compared to 13% in 2013.

Now, the post makes a point to note that BREIN, the anti-piracy outfit in the region, has also stepped up its efforts in this time. But if you look at the data in the respondents, it's clear that BREIN's attempts to make pirated content less available isn't much of a factor for those that have ceased pirating that content. Less than one in ten of the people still downloading content illicitly are finding it harder to do so. That's much less a factor than the piracy rate in the country dropping by a third.

Which leaves us with the wider availability of legal alternatives being the main impetus for the change. That jives well with what we've seen in other countries too. All of which leaves us to ponder once again why the content industries don't seek to ramp up the legal alternatives instead of going to war with them or, worse yet, trying to wage some unwinnable legal fight with all of piracy everywhere?

Filed Under: copyright, innovation, netherlands, piracy

Dutch Court Rules That Freely Given Fan-Subtitles Are Copyright Infringement

from the can-you-translate-that? dept

For some reason, there has been a sub-war raging for more than a decade between anti-piracy groups and fans who create free subtitles for content so other regions can enjoy that same content. While much of this war has been fought for years on the anime front of all places, the conflict has spread to mainstream movies and television as well. And it is a painfully dumb war to fight at all for the content creators, whose publishers have failed to provide the subtitle translations that are obviously in demand, and which would open up new markets at no cost for them. Instead, they typically choose to scream "Copyright infringement!" at these fans instead.

In the Netherlands, one group of fans that creates free subtitles in this way took BREIN to court to have its work declared kosher. Unfortunately, the Dutch court appears to have drunk the BREIN kool-aid on how fan subtitles are the bane of the entertainment industry and used only by pirate-y pirate types.

The Free Subtitles Foundation, after coming under fire from the Netherlands' anti-piracy association BREIN, decided to raise some money and take BREIN to court. The Foundation's lawyer told TorrentFreak that the lawsuit sought to clarify whether the creators of a TV show or movie can reserve the right to create and distribute subtitles.

And indeed, that's exactly what the court ruled: that subtitles can only be created and distributed with permission from the rights holders. Doing so without permission is copyright infringement, and thus punishable with either jail time or a fine, depending on where you live.

Now, FSF took this to court because BREIN has a habit of threatening fans who create these free subtitles. It's important to draw the distinction that this is about copyright here, because the key point in all of this is that BREIN does not have to threaten fansubbers at all. This isn't trademark law. There is no requirement to police this sort of thing. This kind of action only makes sense if either fansubs are a true danger to the entertainment industry or if BREIN and other anti-piracy groups are in the habit of seeing dangers everywhere they look and picking unneccesary fights.

One of those is certainly true. Fansubs, long vilified by the content industries, have actually been shown to open up entire new markets for content where the creator or publisher didn't bother to create subtitles for those markets. And, taking a step back, the very, very simple fact is that fansubs wouldn't be needed at all if those same subtitles were offered up by the publishers themselves.

Much like file sharing websites themselves, actually policing subtitle sites will be difficult. Just look at the world of anime fansubbing, which has been under fire for more than a decade but is still going strong—or, in some cases, has shifted to just straight-up anime streaming websites with baked-in English subtitles. A better solution might be for content creators and distributors to release officially subtitled content simultaneously worldwide, much in the same way that some big American TV shows and movies are now being released in Europe and Asia at the same time, rather than a few months or years later.

What fansubs actually do is serve as free market research for content publishers to determine where additional demand for their content is geographically. A freely given fanmade subtitle to a movie or show is only necessary when content providers don't provide it first. The product is not serving the market in which the subtitles will be used, which makes targeting them for copyright infringement all sorts of silly.

Filed Under: copyright, fansubs, netherlands, subtitles
Companies: brein

Netherlands Looks To Join The Super-Snooper Club With New Mass Surveillance Law

from the but-it-ain't-over-until-the-CJEU-rules dept

As Techdirt has noted, the UK's Investigatory Powers Act, better known as the Snooper's Charter, has been dubbed "the most extreme surveillance law ever passed in a democracy." It may be the worst, but it's not an isolated case. Governments around the world are bringing in laws that grant them powers to spy on innocent citizens using "bulk collection" of information -- mass surveillance, in other words. As the Dutch site Bits of Freedom reports, the latest country to join the super-snooper club is the Netherlands, where the lower house has just passed the bill for the new Intelligence and Security Services Act:

The controversial new law will allow intelligence services to systematically conduct mass surveillance of the internet. The current legal framework allows security agencies to collect data in a targeted fashion. The new law will significantly broaden the agencies' powers to include bulk data collection. This development clears the way for the interception of the communication of innocent citizens.

Another worrying trend is for spies around the world to pass on information they have gathered to intelligence services in other countries. The Dutch law is particularly bad in this respect, for the following reason:

Under the passed bill, Dutch security agencies may also share collected data without having analyzed it first. But when we hand over data to foreign governments without performing some form of data analysis prior to the exchange, we run the risk of not knowing what potentially sensitive information falls into foreign hands, and the consequences that might have for citizens.

The Bits of Freedom post also notes that much in the proposed law has yet to be defined, which is hardly a happy state of affairs. That includes limitations on the powers and how oversight will be carried out. However, more positively, among the revisions made to the bill when it was put out for public consultation in 2015 are some important improvements. Here's what happens next:

It's now the Senate's turn to review the bill. A bill that, in all likelihood, will not meet the minimum safeguards dictated by European law. If the parliamentary groups in the upper house abide by those in the lower house, the bill will be cleared with a comfortable majority.

The mention of the safeguards of European law is significant. As we reported in December, the Court of Justice of the European Union (CJEU) confirmed that general and indiscriminate data retention is illegal in the EU. Assuming the Dutch law is passed as expected, a legal challenge at the CJEU could follow, and would seem to stand a good chance of getting the law struck down in its present form.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: intelligence and security services act, mass surveillance, netherlands, privacy

Here's What Happened When The Dutch Secret Service Tried To Recruit A Tor Admin

from the true-or-false? dept

Law enforcement keeps bumping into Tor, as Techdirt has reported many times over the years. So it's understandable that the authorities are always looking for ways to subvert and circumvent the extra protection that Tor can offer its users when used properly. For obvious reasons, we don't often get to hear exactly how they are doing that, but a fascinating post on the Dutch site Buro Jansen & Janssen purports to give some details of what happened when the country's secret service tried to recruit a Tor admin. First, a caveat. The site says:

We received this story from a person who wants to remain anonymous. We conducted an investigation to the existence of this person and confirmed their existence.

However, that still raises the question of whether the site itself is reliable. It describes itself as follows:

A land-rights collective which has been publishing for 30 years on the expansion of repressive legislation, public-private partnerships, authorities, governmental actions and other state affairs.

Some might argue that means it has an axe to grind against the authorities and secret services, making its report less credible. That said, the site seems to contain a wide variety of solid information, and the post itself is plausible enough. It recounts how the Dutch secret service in the form of an older man and younger woman contacted the unnamed Tor admin:

They approached me and identified themselves with a badge of the Ministry of Internal Affairs and said they were working for the AIVD (Dutch secret service). They asked me to hear them out. I was in a state of shock and thought I had committed a crime but they immediately started to talk about on my studies. They made it clear they've read my thesis on IT security and showered me with compliments before they were firing a round of job offers at me.

Here's what they offered and what they wanted:

They asked me if I was interested in traveling for a couple of years and for example work in Germany at a technology company while visiting the Chaos Computer Club's hacker spaces to see what's going on and report back to them. All my expenditures would be covered.

...

They also mentioned that occasionally there are hacker parties in Italy, Austria, Spain, and other countries, and they said I could see that as paid holidays. They were very honest about the fact that they were looking for foreign talent but mostly interested in keeping tabs on Dutch IT-professionals and hackers abroad. They emphasized on monitoring Dutch people abroad at least 3 times.

That's pretty conventional stuff. But you obviously don't try to recruit a Tor admin unless you are also interested in keeping an eye on Tor itself:

The old man who showered me with compliments suddenly said: "look, we know about your Tor-exit nodes, if you run them with us you will be able to make a living out of it, but if you don't and something illegal happens, we can't help you if the police visits your home and seizes your equipment."

That threat was accompanied with a further warning not to speak to anybody about the conversation that had just taken place. Let's hope that nothing has happened, or will happen, to the person involved for disobeying that instruction. Assuming, of course, that the post is genuine -- something that Techdirt readers will doubtless have their own views about.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: aivd, law enforcement, netherlands, recruitment, tor admin

Dutch Regulators Demand T-Mobile Stop Zero Rating, Remind Users That Free Data Isn't Really Free

from the no-free-rides dept

We've talked a lot about how the FCC's refusal to outright ban "zero rating" here in the States opened the door to all manner of net neutrality violations and anti-competitive behavior. Thanks to this omission, we've now got gatekeepers like AT&T, Verizon and Comcast all exempting their streaming content from usage caps, while penalizing competing services. Consumers also now face T-Mobile and Sprint plans that throttle video, music and games by default -- unless users pony up an additional monthly fee. Some folks, like VC Fred Wilson, saw this coming a long way off.

And while the FCC only this month acknowledged this kind of behavior is anti-competitive and problematic, the "enforcement" (which is a pretty generous term for the weak-kneed letters the agency is sending out) comes too late as the FCC appears poised to be scheduled for a defunding and defanging under the incoming Trump administration.

In numerous countries (The Netherlands, Japan, Chile, Norway and India) regulators realized the threat of zero rating early on, and banned the practice to prevent this kind of distortion of the open market. In the Netherlands, T-Mobile this week was told it must stop zero rating its services immediately, or face fines of up to $52,000 per day. In its announcement, the Netherlands Authority for Consumers and Markets (ACM) makes it clear that when it comes to zero rating, the idea that consumers are getting something for free simply isn't true when it comes to zero rating:

"While the ACM noted European telecom regulators do allow some services to be allowed for free or at “favorable rates” under strict conditions, it said Dutch law does not allow price discrimination of any kind. "Dutch law is clear about zero-rating: it is not allowed,” ACM board member Henk Don said in a statement. "That is why ACM is taking action … There is no such thing as free data: it causes other services to become more expensive."

Here in the States, you'll see plenty of people who still don't understand why zero rating is a problem, despite what should be obvious anti-competitive implications of letting AT&T, Comcast and Verizon give their own services an unfair market advantage. This failure to understand that usage caps are arbitrary, often unnecessary, and can be abused resulted in a lack of political pressure on the FCC to fully ensure net neutrality was protected. Instead, we get people laboring under the illusion that they're getting something for free, resulting in net neutrality being undermined -- ironically to thunderous public applause.

But again, with everything pointing to the FCC's net neutrality rules being dismantled entirely over the next six months (likely in the form of a new law that pretends to protect net neutrality while actually dismantling it), net neutrality advocates will find zero rating to be the least of their worries in the new year.

Filed Under: net neutrality, netherlands, zero rating
Companies: t-mobile

Monster Corporate Sovereignty Ruling Against Russia Overturned By Dutch Court, But It's Hard To Tell Whether It's Over Yet

from the plus-or-minus-$50-billion dept

By now, the theoretical risks of including corporate sovereignty chapters in TPP and TAFTA/TPP are becoming more widely known. But as Techdirt wrote back in 2014, there's already a good example of just how bad the reality can be, in the form of the monster-sized case involving Russia. An investor-state dispute settlement (ISDS) tribunal ruled that Vladimir Putin really ought to pay $50 billion to people who were majority shareholders in the Yukos Oil Company. The Russian government didn't agree, and so naturally took further legal action to get the ruling overturned. As The New York Times reports, it seems to have succeeded:

In a major victory for the Russian government, a Dutch court on Wednesday overturned an award of more than $50 billion to former shareholders of the defunct oil company Yukos that Moscow was ordered to pay in 2014.

The award was thrown out because of something mentioned in the earlier Techdirt article: the fact that the claim was brought under the Energy Charter Treaty, which Russia signed, but never ratified. Because the ISDS arbitration panel had met in The Hague, in the Netherlands, Russia took its case before Dutch judges, who agreed that Vlad need not pay in these circumstances.

But the ruling is unlikely to signal the end of this case -- after all, some pretty serious sums of money are involved. According to The New York Times, the international arbitration practice representing the Yukos shareholders intends to make an appeal to higher courts in the Netherlands against the decision. And even if it fails to get the latest court ruling overturned, it's still quite possible that GML, the company that controlled a majority of the Yukos shares, will be able to collect its $50 billion elsewhere. As the NYT says:

GML is pursuing legal efforts to collect the Russian money in a half-dozen other countries: Belgium, Britain, France, Germany, India and the United States. There have not yet been rulings in those cases, and it was not immediately clear on Wednesday how the decision in The Hague might affect them.

That lack of legal clarity underlines one of the worst aspects of ISDS: the fact that it does not sit neatly within traditional legal systems, but in many ways lies outside them. Far from helping to uphold the law, as supporters of corporate sovereignty like to claim, it makes it arbitrary and unpredictable. When you're talking plus or minus $50 billion, that's a pretty serious flaw.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: corporate sovereignty, courts, isds, netherlands, russia
Companies: yukos