The Computers Are Still Bad
The Computers Are Still Bad
Amazon, Twitter Hack, iTunes, Luckin, and Stolen Artifacts
Amazon
It’s been awhile since I wrote about Amazon, but don’t worry, they haven’t stopped being terrible. The Markup has written two pieces on the company’s inability to police illegal and dangerous products on its platform:
The Markup filled a shopping cart with a bounty of banned items: marijuana bongs, “dab kits” used to inhale cannabis concentrates, “crackers” that can be used to get high on nitrous oxide, and compounds that reviews showed were used as injectable drugs.
We found two pill presses and a die used to shape tablets into a Transformers logo, which is among the characters that have been found imprinted on club drugs such as ecstasy. We found listings for prohibited tools for picking locks and jimmying open car doors. And we found AR-15 gun parts and accessories that Amazon specifically bans.
Oh, is that all? Many of the products available on Amazon’s website are from “marketplace” sellers, or third parties who sell on Amazon but fulfill their own orders. Amazon has had a spotty history of policing those listings, to put it mildly. So, surely these illegal product sellers are all shady rule-breakers, right?
Almost three dozen listings for banned items were sold by third parties but available to ship from Amazon’s own warehouses. At least four were listed as “Amazon’s Choice.”
The phrase “ships from and sold by Amazon.com” appeared beneath the buy button of five of the banned items we found, which two former employees confirmed means those products are, in fact, sold by Amazon. In addition, one of the sellers we were able to reach also confirmed it sold the items to Amazon.
Many of the items we found had been up for sale for months, some with positive reviews showing they had been sold, including some of the items sold directly by Amazon.
Ahhhhhh, yeah. That’s not ideal, is it. Amazon is selling items banned by Amazon’s own policies! Not only are they facilitating the sale of dangerous and possibly illegal products, their search is leading people right to them:
When we typed “bong” into the website’s search bar, autocomplete suggestions included “bongs for smoking weed.” When we typed “pill press,” autocomplete suggested “pill press for making pills xanax.”
Speaking of pill presses, the article touches on why those particular items are an issue, because a guy who was sent to prison for making counterfeit opioids said he bought his on Amazon:
“I purchased two pill presses on there. I also purchased the pill press dies, which are the molds to shape the pills and imprint them with whatever number they need be,” Falkowski said in a phone interview from prison, where he is serving a 22-year sentence for crimes connected to his counterfeit drug business.
“You search under the code on the pill … and it’ll just come up,” he added. “It really wasn’t that complex.”
Two people died after taking Falkowski’s pills, and another woman was found dead from an overdose on the property where he kept his makeshift lab…
Good news for aspiring drug dealers out there! Amazon claims it has an army of reviewers who help weed out bad products, but the reality is quite a bit different:
A timer started the moment he logged in at his desk. He’d scan a post of a product flagged by someone as counterfeit, search for facts, and decide if the item should be pulled from Amazon’s marketplace. He said he gave the entire investigation about three minutes—and then the timer reset.
[…]
He and another former Amazon employee, Rachel Johnson Greer, who left the company in 2017, said the company required them to crank through about 20 review tasks an hour.
Like the punishing quotas in their warehouses, Amazon treats the people who try to root out fraud and criminal behavior on its marketplace platform like cogs in a machine. Hit your quotas, review a minimum number of products a day, or you get flagged and eventually fired. What a good system!
Amazon wouldn’t answer The Markup’s questions about why it was selling illegal products itself, and why many of the products continue to be listed on the site today. As social media platforms and other tech companies face increasing scrutiny and pressure to moderate the content on their platforms, Amazon has largely stayed out of the spotlight.
A professional association was recently formed to help companies across the world address “trust and safety” issues. Many of the US’s largest tech companies joined on. Amazon did not.
Probably Don’t Talk to the New York Times
If you do crimes, you should not to talk to anyone about them, or post about them on social media. I have said this many times. Last week, I wrote about the Twitter hack and the attempted Bitcoin scam. It was a brief source of amusement, and I figured it’d go away until the FBI arrested someone, or the hackers leaked a bunch of salacious DMs or something. What I definitely did not expect was four of the hackers to reach out to NY Times journalists and send them logs and screen shots of the hack and its conspirators:
“yoo bro,” wrote a user named “Kirk,” according to a screenshot of the conversation shared with The New York Times. “i work at twitter / don’t show this to anyone / seriously.”
He then demonstrated that he could take control of valuable Twitter accounts — the sort of thing that would require insider access to the company’s computer network.
The hacker who received the message, using the screen name “lol,” decided over the next 24 hours that Kirk did not actually work for Twitter because he was too willing to damage the company. But Kirk did have access to Twitter’s most sensitive tools, which allowed him to take control of almost any Twitter account, including those of former President Barack Obama, Joseph R. Biden Jr., Elon Musk and many other celebrities.
I do enjoy journalists attempting to translate Internet chatroom logs into serious newspaper articles. It must give their editors fits. So, four guys who helped perpetrate the hack went to the NY Times and talked about it. Not what I’d suggest if I was their defense lawyer, but okay. Why did they do it?
The hacker “lol” and another one he worked with, who went by the screen name “ever so anxious,” told The Times that they wanted to talk about their work with Kirk in order to prove that they had only facilitated the purchases and takeovers of lesser-known Twitter addresses early in the day. They said they had not continued to work with Kirk once he began more high-profile attacks around 3:30 p.m. Eastern time on Wednesday.
I am not sure that admitting to only hacking some of the Twitter accounts will solve your problem of criminal liability? Oh, also, they admitted to other crimes in the interviews:
Kirk connected with “lol” late Tuesday and then “ever so anxious” on Discord early on Wednesday, and asked if they wanted to be his middlemen, selling Twitter accounts to the online underworld where they were known. They would take a cut from each transaction.
In one of the first transactions, “lol” brokered a deal for someone who was willing to pay $1,500, in Bitcoin, for the Twitter user name @y.
Selling things someone else stole? Also a crime! One of the hackers, who didn’t mind sharing his identity, wasn’t too worried:
Discord logs show that while PlugWalkJoe acquired the Twitter account @6 through “ever so anxious,” and briefly personalized it, he was not otherwise involved in the conversation. PlugWalkJoe, who said his real name is Joseph O’Connor, added in an interview with The Times that he had been getting a massage near his current home in Spain as the events occurred.
“I don’t care,” said Mr. O’Connor, who said he was 21 and British. “They can come arrest me. I would laugh at them. I haven’t done anything.”
You…just…admitted you did something! In the preceding paragraph! Lord. No story about internet thieves would be complete without an embarrassing chat log excerpt:
Shortly before the big hacks began, he sent a phone message to his girlfriend saying, “nap time nap time,” and he disappeared from the Discord logs.
Despite all the effort and outrage, the scam only netted “Kirk” around $180,000 in Bitcoin, which is both an indictment of Twitter’s stingy user base and its security team. He should have stuck to selling Twitter handles, he’d have avoided large scale criminal investigations and NY Times snitch articles. Probably.
Anyhow, don’t post your crimes on social media, don’t talk to the cops, and maybe don’t snitch to journalists while implicating yourself in other crimes and confirming your personal details? I don’t know. We live in strange times.
iTunes Gift Cards
Someone must be reading my newsletter, because some attorneys have filed an 11-count federal class action lawsuit against Apple for enabling over a billion dollars in iTunes gift card scams. The suit makes some compelling claims:
"This case arises from Apple’s knowing or reckless enabling of the 'iTunes gift card scam.' Scammers have found a uniform way of tricking victims into paying them large sums of money via iTunes gift cards. Apple is incentivized to allow the scam to continue because it reaps a 30% commission on all scammed proceeds, and knowingly or recklessly, Apple plays a vital role in the scheme by failing to prevent payouts to the scammers.
Yup! Many of the scams I write about feature iTunes gift cards. The lawyers point out that Apple’s claim the money is unrecoverable is horseshit:
Despite the fact that Apple retains the funds from purchases made using iTunes gift cards for four to six weeks before paying App and iTunes store vendors and keeps a 30% commission on scammed proceeds, Apple’s webpage and other communications falsely inform the public that all scammed proceeds are irretrievable
Not only does Apple keep the 30% commission on the things people buy with the scammed iTunes cards, they could just refund the people who are victims of the fraud. They wouldn’t be out any money!
This lawsuit is a long time coming, and it’s not the only kerfuffle Apple is involved in right now over the outrageous fees it charges on its store, and how it runs its iOS ecosystem with zero oversight or accountability. Plus, they never responded to my email asking why they are the currency of choice for global fraud, so it serves them right, as far as I’m concerned.
Luckin Out
I can’t seem to stop writing about Luckin Coffee. Or, in this case, its auditors. Ernst & Young’s Chinese franchise says it isn’t at fault for the massive fraud the company perpetrated:
“Regarding EY’s audit of the IPO Financial Statements, EY was found to be prudent and independent, having strictly complied with all professional ethics and standards,” the accounting firm’s statement said.
EY said that since it has not issued any audit report on Luckin’s 2019 financial statements, it “should not be held responsible for the disclosure of Luckin Coffee’s 2019 financial information.”
Sure, okay. You only audited the two years before the fraud. But…did you, though?
While EY didn’t audit Luckin’s 2019 statements, the accounting firm issued a private “comfort letter” to investment banks that underwrote Luckin’s stock and bond sale earlier this year, according to a person familiar with the matter.
The letter indicated that EY didn’t have any issues with Luckin’s financial results for the first three quarters of 2019, the person said. Such comfort letters are part of standard due diligence conducted by underwriters prior to securities offerings, when companies’ financial statements haven’t been audited.
Whoops! So while EY says they didn’t issue an audit report on Luckin’s 2019 numbers, they did issue a letter to banks that helped ensure the company went public, raising hundreds of millions of dollars on the NASDAQ, before the fraud was uncovered and the stock cratered. Surely, the perverse incentives of auditors being paid by the companies they audit had nothing to do with any of this. Finance is ridiculous.
Stolen Artifacts
You thought it was going to be Museum of the Bible, didn’t you? Nope. This time, it’s a frozen seafood store in Spain:
A total of 13 Roman amphorae were found, alongside a metal anchor from the 18th century.
They were uncovered by surprised officers during a routine check of the storage and marketing of frozen fish products at the store in Alicante -- and the shop's owners now find themselves under investigation for breaking laws on possessing historical artifacts.
Who are these keen-eyed cops who showed up to inspect a fish shop and recognized ancient Roman artifacts? Can we hire them to work at the IRS or FBI or something?What is police training like in Spain? My goodness.
Short Cons
NY Times - “Goldman Sachs has agreed to a $3.9 billion settlement with Malaysia to put behind it one of the biggest scandals in the bank’s history that changed the course of politics in the country.”
Bloomberg - “Hedge fund managers who fled Manhattan to work from their second or third homes this year could end up saving millions of dollars -- and cost New York City dearly.”
Cincinatti Dot Com - “Federal officials arrested Ohio House Speaker Larry Householder and four others on Tuesday morning in connection with a $60 million bribery case.”
NY Times - “The Justice Department accused a pair of Chinese hackers on Tuesday of targeting vaccine development on behalf of the country’s intelligence service as part of a broader yearslong campaign of global cybertheft”
Tips, amphorae, and comfort letters to scammerdarkly@gmail.com