Bogus Security Company Can't Take Criticism, Issues Bogus DMCA Takedowns, Creates Sockpuppet Accounts

from the not-how-it's-done dept

A few weeks ago, Brian Krebs published a fantastic article entitled how not to start an encryption company, which detailed the rather questionable claims of a company called Secure Channels Inc (SCI). The post is long and detailed and suggests strongly that (1) SCI was selling snake oil pretending to be an "unbreakable" security solution and (2) that its top execs had pretty thin skins (and in the case of the CEO, a criminal record for running an investment ponzi scheme). The company also set up a bullshit "unwinnable" hacking challenge, and then openly mocked people who criticized it.

Now enter Asher Langton, who has an uncanny ability to spot all sorts of scams (he was the one who initially tipped me off to the Walter O'Brien scam, for example). He seems to especially excel at calling out bullshit security products and companies. He's spent the past few weeks tweeting up a storm showing just how bogus Secure Channels is -- including revealing that they're just rebranding someone else's free app. He also noted that the company appeared to be (not very subtly) astroturfing its own reviews, noting that the reviews came from execs at the company:
He also noticed that a "study" released by the company was almost entirely plagiarized from other sources.

So, uh, how did SCI respond? Let's just say not well. As detailed by Adam Steinbaugh at Popehat, a bunch of anonymous Twitter accounts magically appeared attempting to attack Langton, claiming that he was violating various computer crime and copyright laws. The accounts ridiculously argued that by posting screenshots of Secure Channel's source code, he was violating various statutes, including copyright law. This is wrong. Very wrong. Laughably wrong. In one of the screenshots posted by one of these "anonymous" accounts, other browser tabs were left visible -- and you'll notice the other two tabs.
You'll note Asher's tweet, but also a primer on "computer crime laws" and a "how to take screenshots" tab (apparently it didn't include a lesson on cropping). Oh, but more important, this tweet from a supposedly anonymous Twitter user also showed that the person taking the screenshot is logged in from a different account, that just happens to be the account of... SCI's director of Marketing Deirdre Murphy. It even uses the same photo.
This same Deirdre Murphy, back in Krebs' original article, used Twitter to attack another well recognized security expert who had been mocking SCI's claims:
James said he let it go when SCI refused to talk seriously about sharing its cryptography solution, only to hear again this past weekend from SCI’s director of marketing Deirdre “Dee” Murphy on Twitter that his dismissal of their challenge proved he was “obsolete.” Murphy later deleted the tweets, but some of them are saved here.
Right. It's entirely possible that Murphy is not behind the anonymous accounts, but she's pretty clearly connected to the screenshots that showed up on those anonymous accounts -- so even if it's not her directly... it seems likely that she's associated with whoever is doing the posting.

Oh, and then it gets worse. Right about the time Steinbaugh's article was published, someone claiming to be SecureChannels' CEO Richard Blech, sent Twitter a DMCA notice over some of Langton's tweets -- and Twitter took them down:
Twitter did this despite the fact that the DMCA claim itself was pretty clearly invalid. As summarized by Steinbaugh:
About an hour and a half after this post went live, SecureChannels CEO Richard Blech (or someone claiming to be him) sent a DMCA notice to Twitter for two of Langton's tweets, complaining that they consisted of "employee pics, company and personnel, posts copyright material, hacks products and posts copyright code from products, using trademarks, targeted harassment, slander to destroy commerce." As for the description of the "original work," Blech blathered: "Cracked an app and placed code online, uses trademarked logos to attack company."

This is a censorious abuse of copyright law to suppress criticism. It is, in essence, an attempt to use copyright law for everything except copyright. That SecureChannels would use copyright law to shield criticism on the basis that its trademarks are being used and because of "slander" is, well, hysterical. This is not a company interested in permitting people to criticize it.
A little while ago, I tweeted about how ridiculous it was that Twitter's legal team would go forward with the takedown on an obviously bogus takedown notice, and within 10 minutes, I was told by someone on Twitter's legal team that the notice had been reviewed and the posts had been restored.

Either way, for a company bragging that its "security" solution is "unhackable" -- you'd think the company would be more open to actual criticism. Instead, it seems to spend an inordinate amount of time attacking critics and abusing the law to try to silence them. Odd.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 4 Sep 2015 @ 7:52pm

    Simple rule of thumb:

    Any company or individual that cannot take criticism is one that cannot be trusted, and should never be worked with or hired. Whether it's demanding that their customers sign a non-disparagement clause, or harassing their customers, anyone with skin that thin is not someone you want to ever be involved with.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Sep 2015 @ 8:28pm

    First thing that came to mind when I saw "Dee"...

    https://www.youtube.com/watch?v=iDNg4UdwmNw

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Sep 2015 @ 11:42pm

    And this still isn't enough to trigger the punishments for a false DMCA claim, showing (for the billionth time) how toothless the safeguards are.

    reply to this | link to this | view in chronology ]

    • identicon
      Klaus, 5 Sep 2015 @ 5:46am

      Re:

      One day, quite soon, I can see a well-heeled company like Twitter or Google doing just that, taking a bogus DMCA claimant to court to bring perjury charges.

      These are companies after all. They have a bottom line. Profit & loss. These companies must be spending a considerable amount of their precious resources in having to deal with fraudulent DMCA claims. Ergo they would save money if they could reduce the number of bogus claims coming in through their front door. One way to do that would be to start making examples of at least the ones that have nothing to do with copyright, but are all about silencing criticism. The message would soon get out.

      I can see a parallel in the patent world, with companies like Newegg not bending over for patent trolls.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Sep 2015 @ 5:57am

      Re:

      this still isn't enough to trigger the punishments for a false DMCA claim,

      Stop being gutless cowards - if you had a false take down notice sue them.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 5 Sep 2015 @ 6:56am

        Re: Re:

        It's not cowardice to not want to waste a bunch of money for no gain. The penalties for false claims are pretty much never enforced(and in fact I'm not aware of so much as a single case where they have been), because the courts have basically made it impossible for such to happen.

        As far as I know at this point as long as you are willing to state that you believe that you own the copyright in question, then that's good enough for the courts. At that point the other party now has to prove something they flat out cannot, that the other party knew that their DMCA claim was false and made it anyway. Good luck proving what someone else did or didn't know and/or was thinking at the time.

        Even then courts have shown a willingness to bend over backwards for anything and everything copyright related, so should it reach that point(unlikely), a simple "I'm sorry, we made a mistake" is generally seen as 'punishment' enough.

        In short, companies and people don't sue over bogus takedowns in the vast majority of cases because (a)it's guaranteed to be expensive in terms of time, money, and effort, (b) the bar to actually win has been set effectively impossibly high, and (c) even if they 'win', they won't actually get anything from it, except being able to put the content in question back up until the next time someone targets it and they have to start again from the beginning.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Sep 2015 @ 7:51am

          Re: Re: Re:

          It's not cowardice to not want to waste a bunch of money for no gain.

          And that is why we are where we are at in this nation.

          Some days a fight needs to be had for the sake of the fight and as an example to others that, yea, sometimes BS won't be tolerated.

          Good luck proving what someone else did or didn't know and/or was thinking at the time.

          Pre-lawsuit discovery.

          In short,...people don't sue over bogus takedowns in the vast majority of cases because (a)it's guaranteed to be expensive in terms of time, money, and effort,

          PEOPLE should put on their big-boy pants and go through the effort to sue. They don't *NEED* a lawyer, you can go pro-se in the Courts.

          If you aren't willing to do that when your rights are violated don't whine about the state of affairs if, when you have standing, you opt to do nothing.

          even if they 'win', they won't actually get anything from it,

          Oh, by IT you mean money.

          VS standing up for your rights and enforcing them.

          Rights belong to the belligerent litigant. They are belligerent and have the 'right' use the DCMA.

          reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 5 Sep 2015 @ 8:52am

            Re: Re: Re: Re:

            Some days a fight needs to be had for the sake of the fight and as an example to others that, yea, sometimes BS won't be tolerated.

            Yes, but this also requires that you be able to fight, and most of those targeted have neither the time, knowledge, or money required to do so.

            Pre-lawsuit discovery.

            ... Will discover absolutely nothing, given I rather doubt most companies are going to write out something along the lines of 'Video/picture X was clearly not ours, but we decided to demand it's removal anyway'. The 'evidence' would all be in the heads of those making the claims, and you can't force them to admit to something they don't want to, especially with potential jail time if they do.

            There's nothing stopping them from lying, blaming whatever program they use to file the claims, or claiming that 'someone made a mistake', any of which would work the vast majority of the time.

            PEOPLE should put on their big-boy pants and go through the effort to sue. They don't *NEED* a lawyer, you can go pro-se in the Courts.

            And lose, badly. The legal battle would be like a child with a BB-gun facing a trained member of the military armed to the teeth. Nasty, short, and utterly one-sided. The lawyers the companies would employ go to court for a living, and they know all the little tricks to win and/or drag out the case until the one filing the lawsuit simply can't continue, and you can be sure they'd use them all.

            There's also the two problems I noted above, going pro-se would require time and money that most people simply don't have, and even if they do the 'proof' they'd need to win is effectively impossible to get, given it's locked up in the minds of the ones filing the DMCA claim.

            Oh, by IT you mean money.

            Yeah, that worthless thing called 'money', I mean jeesh, who doesn't have piles of that stuff just lying around to spend, right? Not to mention time and effort, but again, who doesn't have tons of that to spare on a lawsuit?

            Money and time/work, lawsuits will take a ton of at least one of them, and though you can slightly decrease one by spending more of the other, a whole lot of people don't have enough of either to spend on a lawsuit, which is the primary reason why so many fraudulent and/or abusive DMCA claims get filed, because those doing so know that their targets simply cannot afford to fight back.

            VS standing up for your rights and enforcing them.

            That's the thing, the law as it stands is so pathetic that you basically don't have rights under it if you're not the one making the DMCA claim.

            There is no punishment for those who use the DMCA system for abusive means(I'd say 'who abuse the system', but I'm pretty sure it's being used exactly how it was intended to be), and the deck is stacked entirely against those receiving the DMCA claims.

            Hard to 'enforce your rights' when the law as written and interpreted doesn't give you anything to work with.

            Rights belong to the belligerent litigant. They are belligerent and have the 'right' use the DCMA.

            Nice idea, but as I've noted several times now, this requires that one be able to fight back, and most, unfortunately enough, are not.

            The penalties for DMCA abuse have been weakened such that they're effectively non-existent, and the bar to reach before they can be even considered has been raised so high that it's effectively impossible to meet. A company might have the resources to fight past these 'obstacles', but most individuals simply don't, even if they really should.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 6 Sep 2015 @ 11:05pm

              Re: Re: Re: Re: Re:

              And lose, badly.

              Given the actual quality of lawyers out there practising law a pro-se can beat 'em.

              The legal battle would be like a child with a BB-gun facing a trained member of the military armed to the teeth. Nasty, short, and utterly one-sided.

              Given what I've seen of such battles the "military" side uses psychotic troops who screw up SO badly that when you bar grieve 'em they have shareholders quit. And later, they violate the conflict of interest rules while demanding the paperwork generated can't be used in court and how the whole arrangement needs to be on the down-low.

              The lawyers the companies would employ go to court for a living, and they know all the little tricks to win

              Oh like Prenda?

              and/or drag out the case until the one filing the lawsuit simply can't continue, and you can be sure they'd use them all.

              Dragging out a case works both ways - the pro-se can have the other side begging for an end. And there is always the appeal.

              reply to this | link to this | view in chronology ]

              • icon
                That One Guy (profile), 7 Sep 2015 @ 7:13pm

                Re: Re: Re: Re: Re: Re:

                Given the actual quality of lawyers out there practising law a pro-se can beat 'em.

                By that argument lawyers are useless, which is clearly not the case. When you're in court, and tiny legal details matter, knowing those details can be the difference between winning a case and losing.

                Oh like Prenda?

                Prenda only starting running into trouble when they got too confident, and you'll note that they haven't actually suffered any real penalties up to this point, despite the fact that a regular person running a scam like their's would have been thrown in jail years ago.

                Again, knowing those little legal 'tricks' can very easily be the difference between winning and losing a case, or losing without any real penalties, and losing with very real penalties.

                Dragging out a case works both ways - the pro-se can have the other side begging for an end. And there is always the appeal.

                Yeah, not likely. Between an individual and a company, the company is pretty much always going to have more resources they can burn through, meaning in a battle of endurance, the individual is very much at a disadvantage.

                reply to this | link to this | view in chronology ]

          • identicon
            DJ, 5 Sep 2015 @ 8:55am

            Re: Re: Re: Re:

            Going pro-se still costs money. Even the photocopying bills alone for a lawsuit run into the thousands of dollars. Not to mention, time is money.

            The law is so rigged in favor of the abusers and against legitimate users that one cannot win just by putting on big-boy pants. It costs virtually nothing to abuse the law, compared with a bare minimum of thousands of dollars and hundreds of hours to defend against abuse.

            In such situations, not only is whining appropriate, but to suggest that one should waste money doing nothing as you suggest is absurd.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2015 @ 12:08am

    /logic Take down posts, then have legal team review DCMA.

    reply to this | link to this | view in chronology ]

  • icon
    Monday (profile), 5 Sep 2015 @ 10:07am

    False DMCA takedowns & Suits that could stop this:

    What I need explained to me is this:

    If there are Groups / Associations / Organizations designed for the sole purpose of destroying people, livelihoods etc., why can't some Group / Association / Organization be formed for the sole purpose of going after the "people" (companies are people too, remember?) who file false reports, incredibly lame trademark and copyright filings, and all the other bull that is discussed here, week after week after week.

    What is to stop something, which I am sure could be extraordinarily well funded, from being formed? It takes resources to start this proposition, which I truly lack - excepting the education, but this thing could be (and should be) done. I haven't heard of anything like this, but then again, every other week, the landlord threatens me and holds my internet back 'cuz "it's a privilege" and I'm late with my rent / utilities again.
    Nevertheless, this could be done - I'm sure of it, and it too would have no problem in going after false claims, bogus 'troll' suits, and the other flotsam that is making all these headlines these days.

    I believe all things have the right to and deserve a speedy trial in your country, so just go on such an offensive that everyone from people who can't work the snipping tool, to the MPAA, to ADAs and DAs and Lawyers, who are in the pockets of big bad business really do start to think again when they attack.

    I know it's a fanciful thought, but it was never called Utopia... it's Eutopia - ALWAYS HAS BEEN.

    I'm just saying. There's alot of stuff being said daily across the web (dark and light) that's really beginning to confuse me. I stood up to my Bullies - eventually - and it worked. It worked very, very well.

    BUT, then again, maybe this is just a non-sensical rant by a guy who owes a hundred plus grand for his education...

    Cheers.

    reply to this | link to this | view in chronology ]

  • icon
    got_runs? (profile), 5 Sep 2015 @ 10:24am

    Bogus and Order.

    The legal Twitts should charge for bogus takedowns.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2015 @ 12:09pm

    "the copyright holder"

    I think it's problematic that Twitter is saying the tweet was "withheld in response to a report from the copyright holder". In other words, Twitter is asserting that the person who posted the tweet doesn't hold copyright and the person who sent the DMCA notice does. Their lawyers should know better than that.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2015 @ 12:18pm

    I've got a br... Encryption Product to sell you...

    I came up with an encryption scheme decades ago that is 100% uncrackable. It also has a 100% compression ratio.

    Seems like I've been seeing more and more software "companies" lately that are attempting to rehash something old with new branding. And they seem to figure that with enough bluster, they can get away with anything.

    Response is generally slow, as others can't believe someone would be this audacious, but eventually the wheels of justice do grind.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2015 @ 7:59pm

    Snake Oil

    It doesn't take a genius to figure out that any company that claims 100% security, meaning "no way we can be hacked", is full of male cow waste products.

    Anything after that claim does not matter. The company is probably full of said waste products and can not deliver what it promises. To my knowledge there isn't a system that didn't have bugs and/or exploits.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Sep 2015 @ 2:37am

    I think we found average_joe, guys!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Sep 2015 @ 12:42pm

    sock puppets

    some may wish to believe this is anomalous behavior we read about here in this situation, but i doubt it very, very strongly.  if virtually every company has a team for responding to threads concerning their product(s), whereby team members pose as ordinary respondents but essentially post as directed, i won't even be a little bit surprised.  i believe we see it here on this site almost constantly.

    reply to this | link to this | view in chronology ]

  • identicon
    MDR, 2 Aug 2016 @ 4:44am

    arturas kerelis

    Seems that you may have some info on this joker. I picked up that something seems very suspicious of this guys claims and internet presence. he has made some contacts with some friends in my circle, and would like some further info if available. seems like a fraud or con man to me.

    reply to this | link to this | view in chronology ]

  • identicon
    MDR, 2 Aug 2016 @ 4:44am

    arturas kerelis

    Alturas Kerelis. Seems that you may have some info on this joker. I picked up that something seems very suspicious of this guys claims and internet presence. he has made some contacts with some friends in my circle, and would like some further info if available. seems like a fraud or con man to me.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.