Articles by Theodora Michaels:
New! EXCLUSIVE: Lawyer who wrote the book on informant handling and undercover investigations asked potential clients to contact him via insecure web form, and Washington State Bar Association said this is fine
I think the correspondence (below) speaks for itself, so I'm providing this with (relatively) minimal commentary:
- Dennis Fitzgerald is a lawyer who literally wrote the book on Informants, Cooperating Witnesses, and Undercover Investigations. On his website, he offers services "as an expert witness and investigative trial consultant . . . Specializing in undercover investigations and informant issues."
- His website had a "contact" form which was http, not https. Here is an archived version of it. This potentially revealed to random people what should have been confidential information, and could have endangered those contacting him, especially considering the nature of his practice.
- I wrote to suggest that he secure or delete this form, and he responded like a crazy person.
This is a list of questions I have for Hector Xavier Monsegur a/k/a Sabu, who will be speaking at the Suits and Spooks conference taking place on June 19 and 20, 2015. I'm neither a suit nor a spook, nor sure I'd be comfortable hanging out with suits and spooks, but I'm posting these here in case they're useful for anyone who's going.
I realize that Sabu probably can't or won't answer many of these. And some questions would probably be more appropriately addressed to the FBI, but they haven't been answering journalists' questions. In any case, there's no harm in asking, right?
I recently read the Notice of Inquiry on Virtual Currencies released by the New York State Department of Financial Services (PDF). Then I read it again, and again, because it's masterful. It occurred to me that it could serve as a template for every government press release about every new technology. Accordingly, I made a generic version, which I hope will be useful to others preparing similar press releases.
From Stratfor's FAQ about the hack:
3. How were credit card companies informed?
The FBI notified credit card companies in early December.
There is no evidence that the FBI notified credit card companies in early December, or ever. None. To the contrary, virtually all victims who publicly discussed the matter, and a few I heard about from an individual subscriber who spoke to others, found out about the hack from a reporter or from unauthorized charges on their credit card(s) in late December. I haven't seen a single journalist try to figure out what happened here, despite the glaring contradiction between Stratfor's statements and what actually happened.
When Jeremy Hammond hacked Stratfor, who knew first: the FBI or Stratfor? It seems a basic question, yet there has been surprisingly little discussion about it — mostly because people assumed (incorrectly) that they already knew the answer.
Let's see what Stratfor's official statement about the hack says:
In early December I received a call from Fred Burton, Stratfor's vice president of intelligence. He told me he had received information indicating our website had been hacked and our customer credit card and other information had been stolen. The following morning I met with an FBI special agent, who made clear that there was an ongoing investigation and asked for our cooperation. We, of course, agreed to cooperate. [Emphasis added.]
All of this information has been public for a while, but as far as I know I'm the first to compile it.
Contrary to popular belief, Sabu was not the first snitch in Anonymous or Lulz Security a/k/a LulzSec. His arrest came after others snitched on him. The first official acknowledgement of this was in a speech by former FBI director Robert Mueller on August 8, 2013:
A cautious cybercriminal would not have worked with Hector Xavier Monsegur a/k/a Sabu after mid-2011. Those who feel that Sabu betrayed them understandably want to blame Sabu instead of their own poor judgment and opsec, or youthful naiveté, but the facts speak for themselves. A few examples will suffice to illustrate the obviousness of Sabu's status as an informant:
From a recent article by Quinn Norton: Sabu "was so persistent, and kept telling me where he was." "He wrote like multiple people." "No one had ever known where Sabu got that computing power, but they also hadn't asked." "By January Antisec was so sure it was being monitored by the FBI that more than one member talked to me about it."
I've always been awed by painters who can capture the ocean on canvas. Writing about Anonymous must be a similar challenge: how to freeze in time something so vast and kaleidoscopic? Choosing the moment to capture is the first task, and here the timing seems premature. Court cases are ongoing, and who knows what interesting information they may reveal? Indeed, a trial currently prevents the release of the book in the UK.
Sabu was more leet than we ever knew
The bill of information against Sabu, in paragraph 24, alleges that he "did effect transactions . . . to receive payment and other things of value . . . the aggregate value of which was equal to and greater than $1,000 . . ." (Emphasis added.) Granted, it's been a long time since I took a math class, but isn't that impossible?
United as one, divided by zero indeed.
Remember when Anonymous listened in on that FBI conference call about Anonymous? The FBI may have expected them.
It certainly was lulzy, wasn't it? The FBI and their foreign counterparts had a sooper-seekrit conference call to discuss their ongoing investigations of Anonymous and Lulz Security. Unbeknownst to them, the very subjects of their call were listening in! What fun!
Well it gets even funnier, because the joke was on Anonymous. OK, the FBI hasn't said exactly what happened, but from what's publicly available, it seems reasonable to conclude that the FBI took Anonymous's "expect us" admonition to heart. The email setting up the conference call was on January 13th. (The original paste seems to have been deleted; this is a later one, but I think the content is the same.) On January 14th, Palladium (Donncha O'Cearrbhail of Ireland) and one or more other Anons discussed in a private IRC how to intercept the conference call -- and their chat was being recorded for the FBI with the consent of someone in the chatroom. Then the call took place on January 17th.
If law enforcement knew in advance that Anonymous would be listening in, that would explain a lot:
The next time you have over 9,000 people firing their lazers and cannons, I'm respectfully suggesting that you not target the U.S. Copyright Office website, copyright.gov. Here's why:
1. It doesn't make sense to block people from learning about copyright law.
If you want to change or even abolish the copyright law, this can only happen if people first learn about the existing law. One of the best places to do this is copyright.gov. They have a huge amount of material including an FAQ (though I've always wondered how often they actually get asked this).
- I'll spend my free time honing my skillz, not having pointless arguments with people on Twitter and IRC.
- If I desperately want to leave my house but am terrified of doing so, I won't "accidentally on purpose" get arrested just so I can go outside. Instead I'll ask a family member, friend, or local mental health services provider for help.
- In every IRC chat, I'll assume that at least one person is keeping the chat log, and will show it to my worst enemy at the worst possible moment.
- I'll never say something like "I am invincible! I can never be dox'd or v&!" After that, the FBI usually shows up instantaneously.
An open letter to Principal Murray of Danvers High School (MA):
Perhaps by now you've read some of the articles (and associated entertaining comments, such as those at Fark) about how Principal Murray has tried to ban his students from saying meep.
It's been a long time since I was in high school, but I still remember what it was like to be young, and chafing under what seemed like arbitrary and capricious rules set down by school authorities. So in solidarity with the students of Danvers High, and on my own initiative, I took about five seconds and sent an email to Principal Thomas Murray ( firstname.lastname@example.org ), Assistant Principal Mark Strout ( email@example.com ), Assistant Principal Cornelia Varoudakis ( firstname.lastname@example.org ), and Superintendent of Schools Dr. Lisa Dana ( email@example.com ). All of these addresses are publicly available on the Danvers High School website.
My subject line said (in full), "meep." The body said (in full), "Meep."
Yesterday I received a reply email from Assistant Principal Mark Strout, which said (in full) "Your E-mail has been forwarded to the Danvers Police Department."
LOLwut? . . . Read more
1. Make sure track notes are clear and complete. To say you're doing a "recording" is really a misnomer, because as you'll see you spend more time listening than actually recording. You record a particular part once, then may have to listen back several times to decide if the take is good enough to use, whether or not it's better than other takes of the same part, where an edit might be needed, whether the edit (if needed and done) was done well, what effects (if any) should be added, and how it fits in with the other tracks. Thus it's vitally important that the engineer keep careful notes . . . Read more
Consumers are enjoying music in more ways than ever: in ringtones, videogames, digital downloads, CD reissues, remixes, and too many other formats to list. And with the proliferation of entertainment companies and low-cost editing equipment, there is a huge market for music to enhance films, TV shows, and advertisements. Although there've been many media stories about widescale copyright infringement, it has been less reported that there are still numerous reputable companies paying the proper licensing fees to legally provide music to consumers. Yet many songwriters who've written hit songs, and many heirs of deceased songwriters, are not receiving their share of this money. . . .Read more
In a nutshell, a music publisher owns or administers copyrights in songs, and licenses them to companies and other entities that use music, such as record labels, radio stations, filmmakers, and advertisers. The publisher then collects the license fee, keeps a cut, and pays the rest to the songwriters or their heirs. Note that a music publisher controls the song -- the words and music -- as opposed to any particular recording of the song. Recordings are generally owned by recording artists and record labels. The most important function of a music publisher is to promote songs to licensees, thus getting the songs used in ways that earn money. . . . Read more
Music created collaboratively often has a complexity and beauty to it that solo projects can't match. Whether songwriting partners jam until something coalesces, or collaborate using a more structured method, it's common to avoid discussing, or even thinking about, the division of ownership in the songs for as long as possible. This is a mistake, and one that can cause inconvenience or even lawsuits down the road. I hope this article will encourage songwriters who work collaboratively to discuss and agree upon their respective interests sooner rather than later, and to put their agreement into writing. Under United States copyright law, if two or more people write a song together . . . Read more
Q. How many major label executives does it take to screw in a light bulb?
A. One to hold the bulb and another to shoot him in the foot.
Q. How many filesharers does it take to screw in a light bulb?
A. Technically just two, but the more there are the better it works.
Q. How many hardware manufacturers does it take to screw in a light bulb?
A. Why is everyone still using light bulbs when we're promoting what we thought was a light bulb-killer? Read more
It was my privilege to participate in a roundtable held at the U.S. Copyright Office in Washington, D.C. on June 15, 2007. We discussed issues pertaining to the compulsory licensing of musical works under Section 115 of the U.S. Copyright Law; there is a brief overview of these issues here: What’s Incidental to Your Transmission? (There was also a surprising amount of discussion about salads, as mentioned here: Of Copyrights and Salads.) I was there to represent my band Curse and its publishing company Cursory Rhymes (although I like to think that I was, in a sense, representing all indie artists, who were otherwise unrepresented on the roundtable). . . . Read more
Hello! Welcome to "Know Your Rights: Copyright Law for the Creator of Fan Works." I'd like to start out by assuring everyone that I don't work for New Line or the Tolkien Estate or anyone else with an interest in Tolkien's works, so I'm not here to tell anyone to stop doing anything. I'm here as a fan, both of Tolkien's works and of fan-fiction. I'd like to see them all flourish. My name is Theodora Michaels, and I've been working as an attorney in the field of copyright law for almost ten years. For about twenty years I've been working in the music industry, I'm also a musician, and I've done some work in film, doing clearances. . . . Read more
More coming soon!