> charged with criminal cyberstalking with the intent to kill or cause bodily harm and faces a maximum sentence of 10 years in prison if convicted,
What is even more sad:
> More than 40 Twitter users sent similar strobes to Mr. Eichenwald after they realized they could trigger seizures, he tweeted Friday.
The agent went through these steps to identify the suspect:
- Asked Twitter about account information. (w/ search warrant)
- Got phone number
- Phone number was Tracfone prepaid but asked AT&T for information about phone number. AT&T could map [phone number] -> [specific iPhone model] ("DPD sent a request to AT&T")
- Asked apple about iCloud account related to [phone number] (w/ search warrant)
- Find selfie of accused with his DL in hand in iCloud pictures, and also a screenshot of the seizure-triggering GIF, and many other incriminating/stalking behavior items.
EDIT: Added (w/ warrant search) to clarify what "Asked" meant in my summary.
edit: should have read the post. Thought "ask" meant they handed it over willingly. Apple was served a search warrant, AT&T was not.
Imagine someone running up to someone with epilepsy in public and showing them strobes? What sort of deranged person does that?
Imagine someone sending death threats through snail mail over and over. Of course that's horrific! But brigaders doing it through twitter is kinda fine because "hey, you're on twitter, stupid stuff happens".
So much harassement is extremely cruel but we (myself included) tend to discount it when it happens over social media.
How do you come to this conclusion?
If you've got something to say about mens rea, then say it.
The suspect tweeted "I know he has epilepsy" and "I hope he dies."
But sure, a judge and jury could only possibly conjecture about intent…
Are we going to throw 5 year olds in jail when they tell an adult male they hope they die? No, we're going to apply the same level of doctrine, how likely is it that the 5 year old can carry through with the threat?
I'm not suggesting that these people shouldn't be charged with some sort of crime, regardless of whether or not they can prove that Eichenwald had a seizure (which I have my doubts about). There's a precedent set that things like lasers shined at pilots eyes are gone after regardless of whether or not it causes a crash.
However, while not condoning these peoples' alleged actions, I can understand why this guy attracts a lot of derision online. Eichenwald appears to be a really scummy character. Google his name and "child p*rn" just for starters. There appears to be a lot of wild stuff there about a big time shady payoff to a site he was "researching".
He also recently appears to be becoming mentally unhinged. He recently went on Tucker Carlson's show and gave a serious repeated accusation about Trump being hospitalized in a mental institution that he later claimed was a joke.
Should be a fascinating legal case to follow if it goes to trial.
50K people die in the USA alone each year due to seizures, this is really no joking matter.
That's vastly different from, say, a heavy metal band inadvertently causing a seizure with their stage lights, or an animator inadvertently drawing a sequence that triggers photosensitive epilepsy.
By analogy, consider someone who deliberately drives their car at a bus stop and later brags on social media about trying to mow down pedestrians, versus someone who slips on black ice and spins out of control.
I am fundamentally opposed to "throwing the book" at anyone - I'd much prefer a programme of evidence-based rehabilitation.
The image itself says something like "You deserve a seizure" but that image has been around for years - this person did not create that image.
There's documented evidence of intent here. The guy was trying to give their victim a seizure. There's nothing accidental here.
Of course if someone accidentally gave someone else a seizure, there should be different standards applied. Of course!
Also, yes, we need to make sure photosensitive people can browse more safely (for the same reason we put airbags in cars).
The book you throw at them isn't "giving someone a seizure", it's "attempting to harm someone intentionally with super malicious intent".
I'm kind of surprised that we don't have "epilepsy mode" in a browser somewhere. Just limit the redraw speed. It'd mess with the browsing experience but much less than a seizure.
Same for TVs, for an epileptic user it's much better for a highly dynamic scene to look washed out or just blur to a whitish color than to show it accurately and potentially cause a seizure.
> "AT&T responded and a review of the subscriber information showed the telephone number was associated with a Tracfone prepaid account with no subscriber information. However, a review of the AT&T toll records showed an associated Apple iPhone 6A Model 1586"
That is, if you are a Tracfone user and Tracfone uses AT&T to provide service, AT&T effectively sees the Tracfone user information?
Also, Twitter tracks the type of client used to send a tweet and reveals it in the metadata accessible to the public API -- the `source` attribute , e.g. "Twitter for iPhone", "Twitter Web Client", "TweetDeck". And Twitter probably captures more about the device/client that isn't publicly revealed, such as the browser agent for when a tweet is sent via the web client.
If the suspect had tweeted using the iPhone client, or via the iPhone Safari browser, would the police have enough info to subpoena Apple for Apple Account tied to that specific phone number? In other words, skipping the process of subpoenaing AT&T/Tracfone because the suspect was dumb enough to register the Twitter account using that phone number?
At minimum they need to keep track of the ICCID for your sim card and the IMEI for your phone . Once you have the IMEI and know that this is an iPhone, it is trivial to ask Apple for the records of who bought that device, or which iTunes account is associated with that SN.
edit: corrected per comment below.
Makes sense why AT&T was asked for data. I'm interested in why Tracfone wasn't. But I guess if it's enough to have a phone number and suspicion that it belongs to an iPhone, that's enough to send a search warrant to Apple. Given the popularity of the iPhone, I wonder if law enforcement has the option of querying Apple to see if an Apple account is tied to a number and save them the work of sending a search warrant to the phone service provider.
edit: replaced "subpoenaed" with "asked for data"/"search warrant". Doesn't look like a warrant was mentioned in the AT&T case.
If you have a lot of knowledge in this field and a fair amount of time to prepare you may be able to pull it off but chances are you will still get a detail wrong somewhere and find yourself lifted out of bed at 3 am.
In that case I hope you have a very good lawyer.
Surveillance camera(s) in the street tracking you to you parking your car?
Forgot not to take your cell phone?
Did it ring while you were in the library? Did you answer if it did?
Is it the city/town that you live in?
Did you talk to anybody while you were there?
Do you speak the language natively?
Do you have any accent that might stand out?
Did you go during office hours?
Male or female?
How big a city/town was this in anyway?
Another 100 items or so?
See, it is so easy to forget something, and that's before getting into any fancy CSI stuff.
One would have thought this scenario would have been thought of.
Is it possible on iOS to disable animations / autoplay within an app?
Edit: There is (offline) software to check if a video could cause a seizure: https://trace.umd.edu/peat.
Is there a strong argument that distinguishes this case of being "asshat on the internet" vs "homicidal with intent to kill"?
Kinda like purposely giving someone something they're allergic to.
Maybe the suspect in this case knew it would work, maybe not.
I would urge you to do some reading on these sorts of events. Following the facts of the case can do wonders for your own arguments.
Edit: Should clarify that it's still atrocious, and seems criminal. Not convinced though, that it's clearly attempted murder. The charge is interesting in that the penalty is 10 years max, even though it speaks of intent to kill.
Also, they're not charging him with attempted murder here. They're charging him with "Cyber Stalking, in violation of U.S.C. s2261A(2)(a) and s2261A(2)(A) and (B)"
There's no doubt at all, that if the evidence as listed is true, he's in clear violation of this: https://www.law.cornell.edu/uscode/text/18/2261A (Something which I suspect a lot of GamerGate/4Chan/shitposters/self-identified-edgelords should think carefully about... I bet a lot of them have no better opsec than this guy...)
It takes one guy to file a suit that he got a seizure from your game when it didn't have a warning. Even if he didn't get a seizure, have fun in court.
Collection of custom stylesheets: https://userstyles.org/
WARNING, THIS IS THE ACTUAL GIF AND INDUCED A SEIZURE IN ATLEAST ONE INSTANCE THAT WE KNOW OF. DON'T OPEN IF YOU'RE EPILEPTIC!
As a person with epilepsy I viewed the image (FOR SCIENCE!) and almost immediately had a headache. which is on par with what I was expecting from previous experiences with flashing lights.
That being said, EEG testing has reveled that my thresh hold for Photosensitive seizures is much higher than other triggers making me feel safe viewing the image.
Seizures can kill and this is widely known, so widely that we got instruction in high school on how to deal with a seizure victim to make sure they don't die.
Surely someone sending a seizure inducing picture to someone they know is prone to seizures is well aware of the risk they are taking, they are definitely not doing it to give them a monitor induced suntan. See perps quote above, definitely a slam dunk for intent.
Griefers don't care about the damage they cause, the more the merrier.
And in full context it says:
… engages in conduct that—
(2) with the intent to kill, injure, harass, intimidate, or place under surveillance with intent to kill, injure, harass, or intimidate another person, uses the mail, any interactive computer service or electronic communication service or electronic communication system of interstate commerce, or any other facility of interstate or foreign commerce to engage in a course of conduct that—
__(A) places that person in reasonable fear of the death of or serious bodily injury to a person described in clause (i), (ii), or (iii) of paragraph (1)(A); or
__(B) causes, attempts to cause, or would be reasonably expected to cause substantial emotional distress to a person described in clause (i), (ii), or (iii) of paragraph (1)(A),
So they're not trying to prove "intent to kill". They only need to prove "intent to intimidate anther person" using an "electronic communication system of interstate commerce" that either for (A) "places that person in reasonable fear of … serious bodily injury", or for (B) "would be reasonably expected to cause substantial emotional distress".
Seems to me they've laid out all the evidence needed to show that - the only thing a court needs to decide is if that evidence is all true and admissible.
I wouldn't want to be the defendant here.
While his own DMs might be construed to be hyperbolic, he's done himself no favours there at all, and his defense attorney is going to have the fun task of trying to prove that.
> whoever (2) with the intent to kill, injure, harass, intimidate[...] or intimidate another person[...] in a course of conduct that—
> (A) places that person in reasonable fear of the death of or serious bodily injury to a person described in clause (i), (ii), or (iii) of paragraph (1)(A); or
> (B) causes, attempts to cause, or would be reasonably expected to cause substantial emotional distress to a person described in clause (i), (ii), or (iii) of paragraph (1)(A),
> shall be punished as provided... 
The affidavit in the complaint does say "AND" but maybe that's just a calculated legal ploy, where they can still fall back on the "OR" of the actual statute?
> I hope this sends him into a seizure
> Spammed this at [Mr. Eichenwald] let's see if he dies
> I know he has epilepsy
So, the intent to harm and/or kill is pretty damn clear.
Can anyone point out what might be of interest here.
I find this case interesting. While it's far beyond acceptable or fair play even in good fun and trolling to do something like sending someone who suffers from epilepsy a gif known to trigger a seizure, it's being classed as stalking in this case. I'm curious to see the evidence and what precedent this sets, because it seems like a stretch to call it stalking from what I understand of this case, which is admittedly not too much.
A good side effect of this is that hopefully it prompts companies to provide better protections against this, because it's rather unique in terms of medical conditions interacting with technology and has a lot of potential to cause harm.
Maybe there are many other cases but they go under- / un-reported?
It's good to remember that Google holds the keys and that they are used according to legal procedure (as in this case), and at times, according to Google's fancy (as in PRISM and I'm sure many incidents of unauthorized employee spying).
Pay attention to what you upload, and pay attention to what you're using. It's very easy to cross-contaminate or leak information, and these things can have a very long tail. "The internet never forgets".
Dread Pirate Roberts aka Ross Ulbrecht was eventually tracked down because early on in the Silk Road's lifecycle, he made a post on a btc talk account linked to his personal email account asking if "[anyone had heard about this new marketplace called Silk Road]". Since that was the first mention found online, agents began to investigate Ulbrecht.
It may seem obvious in hindsight, but that was a single long-forgotten post made years before anyone had an inkling of what Silk Road would become. Strict opsec is very important.
You might be overthinking it. I get the feeling that many people think of "online" as some sort of magical place where they are shielded from the consequences of their own behavior.
One odd little thing that caught my eye: the way they used archive.org to establish some history of the victim's Wikipedia page. I would have expected that they would have used Wikipedia's own edit history for that. It made me wonder if the FBI agent just didn't know about the Wikipedia edit history, or if they thought archive.org was a more reliable source.
Weird how he takes screenshots of random shit like his research on how to trigger epilepsy.
Who researches shit and takes screenshots?
Same principal as pinboard.in's archiving, except comes stock on nearly every phone.
Useful when arriving in foreign countries where you don't have internet setup - download them all first and have names of destinations, maps, tickets and bookings - especially good in Asian where a taxi driver may not read or speak English.
(It looks like iOS 10, to which I've just updated, supports print to PDF in the same style as OS X. So maybe I'll be leaning less heavily on the screengrab method in future.)
[Unsafe] Here's a mirror in case it goes down: http://i.imgur.com/Qi6tSit.gif
[Safe] And here are the two frames extracted to two separate images. Anyone with epilepsy should be able to view this without issues. http://imgur.com/a/kQTQc
I tried recording the GIF but that was too much for the GPU in my ThinkPad :P suffice to say that it's about ten times faster (and that playing the GIF in `animate' is even faster than that)
It seems that either twitter has vacuumed up any copies of the gif from their website, or google reverse image search has removed all/has no indexed copies of it on site:twitter.com. (I don't exactly want to upload the gif to twitter to test it...)
Twitter gave the police information about the phone number which registered the account that sent the seizure-triggering gif
AT&T gave the police information that is was a Tracfone prepaid account with an associated toll record that was an iphone
Apple gave them access to his cloud account which had all the incriminating details needed including email / picture of him with his drivers license and data about the victim
We detached this comment from https://news.ycombinator.com/item?id=13920864 and marked it off-topic.
Are local LE's capable of deciphering the possibly extremely technical misdirections one could easily employ? What if someone reads WikiLeaks, and used one of the exposed zero day exploits to frame a mobile phone user of this. What if someone's friend knows their WiFi password and does the same thing, spoofing the owners Mac address?
What prevents a 10 year old kid from sending anyone they dislike to court for who knows how long, requiring them to amass legal fees to defend themselves. What happens if one of the enormous number of people who have RAT's from malware on their computer from being set up in this manner?
What if someone creates their own image hosting server, and they swap all the images hosted, out for this gif? What happens if someone hacks said img hoster and does the same? What if it is a massive free, fast image hoster, and they are hacked and this happens?
If the precident dictates that this could potentially kill people, what standards of security should image hosters be held to? Should they be required to pay for the same annual audits companies who handle credit card info do? Or should they be held to the standards of government contractors? Seems like they are effectively claiming the security of image hosters is an order of magnitude more vital than any other company. What if a kid uses the WikiLeaks zerodays which were purposely not exposed by the CIA, provided the entry for this 'prankster'? Can any potential victims sue the government.
Since we've established that feelings matter, how is a gif like this different then offending someone to an absurd degree? I've seen several articles from multiple news sources from different countries, detailing the enforcement of hate speech crimes; for example, Western countries making it illegal to speak out against islam? Are offenses of those nature subject to similar accountibility? Are law enforcement agencies equipped well enough to be certain that no misdirection or projection of the actions onto another was utilized?
Obviously one could go on for eternity like this. Making it simple for anyone with Google to lock someone up who they dislike. Seems to me that a person who is susceptible to these triggers, should find a solution on their end to somehow inhibit the effectiveness of such weapons. If all jurisdictions were to take this seriously, whether it's a 'meme' charge or attempted murder, one could backlog an entire countries legal system for years for a small sum of money. Tbh, this is the dumbest thing I've ever heard of, and the few comments I read, are equally ignorant.
What if, the defendant in op's story denies the accusations. What if his friend did it from his phone while he was sleeping, and never told a soul? Good luck using the internet, everyone. Hide your kids, hide your wife.
You are apparently unfamiliar with the concept of 'intent' in criminal law. This was a message targeted at an individual with specific intent to cause seizures. All your hypotheticals have no basis in fact.
> Name one thing in my wall of text that is not an implication of this story;
Every one of them?
> Unless you are implying this article is on hackernews, only to foster discussion of the technical aspects of a subpoena of personal information?
No, it is on HN because enough people found it interesting to warrant discussion of this actual case. Fantasy need not enter the discussion unless it bears some connection to reality, making stuff up out of whole cloth is not going to further the discussion in a meaningful way, no matter how long you make your walls of text.
I don't know about "most cases", but in this particular case it's fairly easy since the weapon came attached with a note saying essentially 'I am hoping this kills you, buh bye'.
> mining in the very early days of Bitcoin
So junior was mining at what, age 3? Smart kid.
The "what if the guy didn't do it" is what the justice system is for, attorneys and investigators sort it out.
You must have missed the bit in the article where the defendant actually indicated he did just that, and in writing no less.
No, it's because he actually did.
If that was the standard for a criminal prosecution, we'd rarely convict anyone.
> The presidence this case might set forth is terrifying. It provides a never before seen limitless weaponization of the justice system, which will be abused by those without morals, those who have a lot to lose, and those with more $ to attack anyone they like.
The fact that assault is a crime has been established many, many years ago.
If you want to have a discussion, take some time to clearly articulate your arguments because it's hard to read. I think that's what's getting voted down, not necessarily that everyone disagrees with you.
> Is it a crime to email those to a person who enjoys optical illusions, has severe panic disorder and ptsd, and several heart conditions?
Maybe, it depends. In any case if your intent was pure but you're just stupid the case brought against you in the event of a mishap would be one of negligence.