Bogus Security Company Can't Take Criticism, Issues Bogus DMCA Takedowns, Creates Sockpuppet Accounts

from the not-how-it's-done dept

A few weeks ago, Brian Krebs published a fantastic article entitled how not to start an encryption company, which detailed the rather questionable claims of a company called Secure Channels Inc (SCI). The post is long and detailed and suggests strongly that (1) SCI was selling snake oil pretending to be an "unbreakable" security solution and (2) that its top execs had pretty thin skins (and in the case of the CEO, a criminal record for running an investment ponzi scheme). The company also set up a bullshit "unwinnable" hacking challenge, and then openly mocked people who criticized it.

Now enter Asher Langton, who has an uncanny ability to spot all sorts of scams (he was the one who initially tipped me off to the Walter O'Brien scam, for example). He seems to especially excel at calling out bullshit security products and companies. He's spent the past few weeks tweeting up a storm showing just how bogus Secure Channels is -- including revealing that they're just rebranding someone else's free app. He also noted that the company appeared to be (not very subtly) astroturfing its own reviews, noting that the reviews came from execs at the company:
He also noticed that a "study" released by the company was almost entirely plagiarized from other sources.

So, uh, how did SCI respond? Let's just say not well. As detailed by Adam Steinbaugh at Popehat, a bunch of anonymous Twitter accounts magically appeared attempting to attack Langton, claiming that he was violating various computer crime and copyright laws. The accounts ridiculously argued that by posting screenshots of Secure Channel's source code, he was violating various statutes, including copyright law. This is wrong. Very wrong. Laughably wrong. In one of the screenshots posted by one of these "anonymous" accounts, other browser tabs were left visible -- and you'll notice the other two tabs.
You'll note Asher's tweet, but also a primer on "computer crime laws" and a "how to take screenshots" tab (apparently it didn't include a lesson on cropping). Oh, but more important, this tweet from a supposedly anonymous Twitter user also showed that the person taking the screenshot is logged in from a different account, that just happens to be the account of... SCI's director of Marketing Deirdre Murphy. It even uses the same photo.
This same Deirdre Murphy, back in Krebs' original article, used Twitter to attack another well recognized security expert who had been mocking SCI's claims:
James said he let it go when SCI refused to talk seriously about sharing its cryptography solution, only to hear again this past weekend from SCI’s director of marketing Deirdre “Dee” Murphy on Twitter that his dismissal of their challenge proved he was “obsolete.” Murphy later deleted the tweets, but some of them are saved here.
Right. It's entirely possible that Murphy is not behind the anonymous accounts, but she's pretty clearly connected to the screenshots that showed up on those anonymous accounts -- so even if it's not her directly... it seems likely that she's associated with whoever is doing the posting.

Oh, and then it gets worse. Right about the time Steinbaugh's article was published, someone claiming to be SecureChannels' CEO Richard Blech, sent Twitter a DMCA notice over some of Langton's tweets -- and Twitter took them down:
Twitter did this despite the fact that the DMCA claim itself was pretty clearly invalid. As summarized by Steinbaugh:
About an hour and a half after this post went live, SecureChannels CEO Richard Blech (or someone claiming to be him) sent a DMCA notice to Twitter for two of Langton's tweets, complaining that they consisted of "employee pics, company and personnel, posts copyright material, hacks products and posts copyright code from products, using trademarks, targeted harassment, slander to destroy commerce." As for the description of the "original work," Blech blathered: "Cracked an app and placed code online, uses trademarked logos to attack company."

This is a censorious abuse of copyright law to suppress criticism. It is, in essence, an attempt to use copyright law for everything except copyright. That SecureChannels would use copyright law to shield criticism on the basis that its trademarks are being used and because of "slander" is, well, hysterical. This is not a company interested in permitting people to criticize it.
A little while ago, I tweeted about how ridiculous it was that Twitter's legal team would go forward with the takedown on an obviously bogus takedown notice, and within 10 minutes, I was told by someone on Twitter's legal team that the notice had been reviewed and the posts had been restored.

Either way, for a company bragging that its "security" solution is "unhackable" -- you'd think the company would be more open to actual criticism. Instead, it seems to spend an inordinate amount of time attacking critics and abusing the law to try to silence them. Odd.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    That One Guy (profile), 5 Sep 2015 @ 8:52am

    Re: Re: Re: Re:

    Some days a fight needs to be had for the sake of the fight and as an example to others that, yea, sometimes BS won't be tolerated.

    Yes, but this also requires that you be able to fight, and most of those targeted have neither the time, knowledge, or money required to do so.

    Pre-lawsuit discovery.

    ... Will discover absolutely nothing, given I rather doubt most companies are going to write out something along the lines of 'Video/picture X was clearly not ours, but we decided to demand it's removal anyway'. The 'evidence' would all be in the heads of those making the claims, and you can't force them to admit to something they don't want to, especially with potential jail time if they do.

    There's nothing stopping them from lying, blaming whatever program they use to file the claims, or claiming that 'someone made a mistake', any of which would work the vast majority of the time.

    PEOPLE should put on their big-boy pants and go through the effort to sue. They don't *NEED* a lawyer, you can go pro-se in the Courts.

    And lose, badly. The legal battle would be like a child with a BB-gun facing a trained member of the military armed to the teeth. Nasty, short, and utterly one-sided. The lawyers the companies would employ go to court for a living, and they know all the little tricks to win and/or drag out the case until the one filing the lawsuit simply can't continue, and you can be sure they'd use them all.

    There's also the two problems I noted above, going pro-se would require time and money that most people simply don't have, and even if they do the 'proof' they'd need to win is effectively impossible to get, given it's locked up in the minds of the ones filing the DMCA claim.

    Oh, by IT you mean money.

    Yeah, that worthless thing called 'money', I mean jeesh, who doesn't have piles of that stuff just lying around to spend, right? Not to mention time and effort, but again, who doesn't have tons of that to spare on a lawsuit?

    Money and time/work, lawsuits will take a ton of at least one of them, and though you can slightly decrease one by spending more of the other, a whole lot of people don't have enough of either to spend on a lawsuit, which is the primary reason why so many fraudulent and/or abusive DMCA claims get filed, because those doing so know that their targets simply cannot afford to fight back.

    VS standing up for your rights and enforcing them.

    That's the thing, the law as it stands is so pathetic that you basically don't have rights under it if you're not the one making the DMCA claim.

    There is no punishment for those who use the DMCA system for abusive means(I'd say 'who abuse the system', but I'm pretty sure it's being used exactly how it was intended to be), and the deck is stacked entirely against those receiving the DMCA claims.

    Hard to 'enforce your rights' when the law as written and interpreted doesn't give you anything to work with.

    Rights belong to the belligerent litigant. They are belligerent and have the 'right' use the DCMA.

    Nice idea, but as I've noted several times now, this requires that one be able to fight back, and most, unfortunately enough, are not.

    The penalties for DMCA abuse have been weakened such that they're effectively non-existent, and the bar to reach before they can be even considered has been raised so high that it's effectively impossible to meet. A company might have the resources to fight past these 'obstacles', but most individuals simply don't, even if they really should.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.