Hacker News new | comments | show | ask | jobs | submit login
U.S. Arrests Paul Ceglia for Multi-Billion Dollar Scheme to Defraud Facebook (betabeat.com)
149 points by iProject 1789 days ago | hide | past | web | 72 comments | favorite

A few thoughts:

1. When Ceglia first filed his claims, I called it a "lawsuit full of holes [that was] built up by sensationalist reporting into a supposed major threat to Facebook and to Mr. Zuckerberg" and concluded that, "in the courts, this thing is going nowhere." (http://news.ycombinator.com/item?id=1537158) My sense of this had nothing to do with any fraudulent tampering with evidence as alleged now in the criminal prosecution but instead with the whole smell of the thing: a flaky 2-page contract with basically incoherent terms used as a basis for a lawsuit brought by a backwater lawyer who drafted a complaint that would have been an embarrassment to a first-year law student. It looked like a joke on the face of it, notwithstanding that a small-town judge had initially entered a TRO based on the filing.

2. Then, in April, 2011, this case looked like it had taken a major turn: Ceglia had dumped his original lawyer and retained the prestigious firm of DLA Piper; he also produced a mountain of emails "documenting" that he and Mr. Zuckerberg had, in effect, entered into a legal partnership giving him a major ownership piece in the FB venture; he also (via the lawyers) put together a compelling story in his complaint making it appear that FB and Mr. Zuckerberg were in deep legal trouble concerning his claims. (Here is my comment at the time: http://news.ycombinator.com/item?id=2438063) Once again, there was a sensationalist wave of reporting across the web rejoicing about how Mark Zuckerberg was about to get his comeuppance.

3. Since that time, through the work of very able lawyers for Facebook, the Ceglia case has been progressively torn to shreds in the federal court to which it had been removed and, as the case has disintegrated, it has drawn progressively less interest (the DLA firm withdrew at the first sign of serious trouble). Indeed, without the dramatic turn of a federal criminal indictment, I doubt that it would done more than draw a few yawns as it eventually headed to the judicial graveyard where most flaky cases ultimately find their rest.

4. The lesson here is how prejudice and crowd-think can dramatically affect and distort perceptions. When someone takes on the role of villain (as Mr. Zuckerberg has in some circles), there are those who so desperately want to see him torn down that they will suspend their better judgment just to see it happen, whether he was right or wrong in what he had done. This is not to excuse him in things he may have done wrong in other contexts, but he had done nothing wrong here and it is just amazing to me how many people were willing to take it as a given that he had even with little or no evidence to back it up.

5. The other (major) lesson here is that there are serious limits to playing fast and loose with the courts. It is true that there is much abusive litigation but there is obviously a line that cannot be crossed without inviting horrific consequences. It doesn't happen often enough that abusive litigants get what they deserve but, when it does occasionally happen, it is very nice to see. At least it sets an outer bound on what people can do to abuse one another in the courts.

This Atlantic piece on mob rule in Nigeria highlights three frightening features of lynchings; incredible speed, terrifying spontaneity, and often egregious inaccuracy.


There is an often-hidden virtue to the methodical, deliberative nature of a real court system that's easy to miss until you see how humans can behave in its absence.

It may be something forums in particular have yet to evolve. Now if only I could figure out how...

"and retained the prestigious firm of DLA Piper"

What are your thoughts on the pox on DLA Piper's house as a result of taking him on as a client? Doesn't it speak to their naiveté after reviewing the materials he was able to present? Or?

A black eye for the firm, for sure, but no lasting damage. Plausible story. Compelling legal position (if true). Big, fat and vulnerable defendant, with a ready-made villain at the center. And (I assume) a big, fat potential contingent fee in the offing. It likely proved irresistible for a Big Law firm trying to slog its way through a steep downturn.

Still, it is bad judgment, as I see it, to take on a high-profile representation of a guy with one conviction already under his belt on what would seem to be a very opportunistic claim ("Yeah, I know innocent investors put in millions, and the company is now worth billions, but I am a ghost from six years’ past who can pull out a piece of paper saying I own more than half of it because of my $1,000 investment.") If you are going to step into this pile of whatever as a law firm, you had better do some strong due diligence to make sure it holds together. I suspect that wasn't done here, much to the firm's ultimate regret.

That said, DLA has a great reputation and the bad effects of this will prove ephemeral, especially since it high-tailed it out of there once forensics showed it had been caught with its pants down. Highly embarrassing, but nothing more.

I wonder about that too. As a firm with a reputation to guard, I assumed they had vetted their client to some degree, and relied heavily on what I assumed was their good judgment in trying to guess the future progress of the case. I wonder if they simply got $ signs in their eyes?

If he's presenting them with what looks to be evidence, then what's the problem? Hindsight is 20/20.

Lawyers aren't paid to be credulous. Allowing oneself to be enlisted in a fraud is a severe failure of professional judgment.

DLA Piper is the world's largest lawfirm (by number of attorneys). They have other things to worry about.

What do you see in Ceglia's future?

You mean, aside from regularly spaced vertical obstructions to his outward view?

I think there's two villains. It's impossible for both of them to lose, but you can't blame people for being opposed to someone "winning" by being a villain.

Why was Zuckerberg going to Craigslist looking for work? Why did Zuckerberg want to do work for "known criminals"? The project Ceglia was trying to set up was an image database. Much like Facebook. I think if Paul Ceglia had a cleaner past and better judgment, he'd be collecting his (unearned?) share from Facebook in the same way that others, Winklevoss, etc., have collected.

The reason is the trail that Zuckerberg left behind him, screwing people over one after another, betraying their trust. The only person who could keep the damage under control is Zuckerberg. As others have said, other internet billionaires don't seem to have as many "forgotten co-founders" showing up for their "cut". The problem is particularly acute with Facebook. That's no coincidence.

The lesson here is you reap what you sow. Both Ceglia and Zuckerberg.

Except that this is not about Zuckerberg. Regardless of what Zuckerberg has done or has not done this guy tried to defraud others to the tune of several billion bucks. It doesn't require any other elements than him and his actions.

I was struck when we incorporated our company and raised financing how much we still use ink and paper to keep track of things like corporate ownership. When signing so many documents I wanted to seal them with paraffin wax and send them to our lawyers via carrier pigeon.

In the case of Facebook, a multi-billion dollar company, it seems amazing that someone can come out of the woodwork and with a little effort in document tampering cause such a hullabaloo. It seems like too important of an issue to be inpart determined by "spacing, columns, and margins of page one of the Alleged Contract."

Of course, I don't know of a better system, just that the current system seems archaic. (You probably couldn't create a centralized "contract bureau" in the federal government, because many contracts are private, until someone sues.)

Of course, I don't know of a better system, just that the current system seems archaic. (You probably couldn't create a centralized "contract bureau" in the federal government, because many contracts are private, until someone sues.)

Of course you can! Only submit a short cryptographic hash (summary), instead of the plaintext. Along with the digital public-key signatures of the signing parties.



You could even privatize it. There was at least one startup/concept like this on HN, but I forgot where.

(edit): Here's one discussion:


I used to write software for print manufacturing. Paper is high tech. It's also appropriate tech for many use cases.

In addition to privacy, paper is durable. Being physical, it's possible to safe guard the chain of custody. Paper is also largely tamper evident.

I'm still weirded out by digital signatures, both the crypto and fax kind. How are they challenged, verified, revoked? Electronic mediated transactions make sense when systems are double entry (credits and debits) so that each party has their own audit trail. But they seem rather virtual to me for things like transfer of ownership and voting.

Learning about the legalities of digital signatures is on my to do list.

I always wondered if there was a need for a cheaper, worldwide document certification system.

Of course you can get a notary to stamp a document or file it with the county clerk in your jurisdiction. But what about taking an MD5 of a PDF and printing it in the newspaper? Would that work?

A long time ago I posed md5's to usenet test groups when I wanted to prove I wrote something.

You have to worry about people breaking things. Raw MD5 is considered useless today, since there are tools that make two documents with the same MD5.

This would not necessarily invalidate all prior MD5s; if you published like that 10 years before people starting breaking MD5, that would be pretty good evidence you really did do it, unless your idea is so amazingly valuable that it was more worthwhile to try to forge documents instead of publicizing your research.

Using a few different HMACs in parallel would probably give you good proof.

Spoofed MD5s are a vulnerability when you execute software blindly, but the padding is obvious if you examine the source data.

That's no reason not to use a better algorithm. Weaknesses in MD5 are already well enough understood to make it useless for many applications, and weak crypto algorithms only get weaker, as new attacks are discovered and as technology progresses to make a broader range of things feasible.

Simpler: include in the contract a clause that says "the version of this text that counts is in a PDF with SHA1 23afb87c...".

You still need a way to prove that the other side really signed the document you hold, and willingly. Notaries work.

But this system is not forced - so it protects the side holding a real contract form the other side denying they signed, but does not protect you from a fraud turning up with a contract that you didn't really sign and claiming that you did, you just didn't bother to go to a notary with him.

If there were a way to publicly claim "from now on, only contracts signed by my private key count as really signed by me... But it's not easy to implement such a measure. Every one you sign contracts with needs a really easy way to check if you declared this in the past, otherwise you can fraud them by signing a contract only with a pen. And they need to be aware of this new law.

There's no technological problem with creating a "contract bureau" - just demand contracts to be in a somehow-digital format (scanned handwritten document counts) and have everyone send [SHA1(document) + names of entities signed on the document] to the bureau.

Only problem with demanding this is that you /want/ people to be able to sell their car without access to a computer. That, and authentication.

Ok, I've now seen reference to both MD5 and SHA1 w.r.t. digests which would have long shelf lives. Please either talk in generic terms, or suggest the use of an algorithm that doesn't have known collisions and/or suspected weakness.

I do understand that people are using these as a mental shorthand for "A one-way cryptographic hash", but when your instinctive exemplar of a digest algorithm is in the "not-recommended" category, it worries me that, in a context that matters (code or spec), you might accidentally type MD5 when you meant to type SHA3 or SHA-256

While I agree that stronger is better (and thus someone founding a contracts bureau for this should use the latest/greatest hash), I'm not sure collisions are a real risk here, since my understanding is that a collision is going to include a lot of junk to make the collision work. So any collision-based forgery is going to include large instances of complete gobbledegook so that it'll be really obvious in court that there was tampering.

Would collisions in MD5 really matter in case of legal documents? How would you use it to forge a contract? Take original, make alterations, then add data to the non-visible part of the file until hashes match? Wouldn't that be easy to detect? "What is that 15 Kb of stuff doing there? It is not normally part of pdf that any sane program would write."

Or are there some more sophisticated methods?

I can imagine (and therefore we should assume that the attacker can imagine with far more craftiness) several ways of hiding junk in a PDF.

E.g. How about in any binary content - embedded fonts, images etc.

My big concern is that in this scenario an attacker may have years to create an attack. One small part of designing a security protocol is understanding timeliness constraints.

So just use plain text.

The wordiness of legalese may actually be a place to pad. Also, extraneous terms and clauses that might sound plausible and have no bearing on what's actually being claimed.

Collision attacks are mitigated by careful examination coupled with a forbidding of extraneous data and a skepticism about possibly extraneous data - but I am not comfortable assuming they are defeated by it.

It is called escrow, and it is a longstanding industry.

That doesn't help in cases like these.

In order for it to help, a company or individual would need a way to say, "only contracts held in escrow are valid from the period from x to y" and have it hold up in court.

I'm disappointed by all the folks calling mail fraud a 'loophole'. Mail and wire fraud are the ways people prosecute domestic 419 (Nigerian prince) scams and other confidence games.

This case shouldn't be given a free pass just because the party intended to be deceived is the judicial system rather than the mail recipient.

Legality of fraud should have nothing to do with whether the mail was used.

It doesn't, really. The only difference is the venue where it's prosecuted.

It at least affects maximum sentence, right?

Fraud terms vary between states, but you're already looking at 10-15 years for commercial fraud before aggravating factors, from what I can tell (I'm not a lawyer).

The idea behind treating mail fraud separately is explicitly that the severity, if not the legality, of fraud should depend on whether or not the mail was involved.

Remember that when mail fraud came into existence as a discrete crime the mail was the primary means of communication for essentially everyone and everything. Tampering with it went beyond deceiving any one person or group of people.

It does influence whether there's federal jurisdiction.

Did this line strike anyone else as pathetic?

In today’s press release, USPIS Inspector-in-Charge Randall C. Till added: “When Mr. Ceglia allegedly decided to take advantage of Mark Zuckerberg and Facebook, he underestimated the resolve of the Postal Inspection Service to bring him to justice for illegal use of the U.S. Mail.”

Ceglia is probably in the wrong and unethical. But the self-righteousness and pompadour of the USPS? Really?

Mail fraud is a very big deal, because it is one of the DoJ's most important vectors for prosecuting fraud federally. Like "tax evasion", it's a means for the DoJ to pick up major cases in federal venues where the alternative might instead need to be costly, time-consuming coordinated state cases.

The statutes that make mail fraud a federal crime do indeed play up the sanctity of the US Postal Service, which is an idea that comes from the 1800's (when the US Postal Service played a far more important role in our society than it does today). But if the US Postal Service has gotten less important, the mail fraud statutes haven't. In the same manner that tax fraud makes criminal enterprises more difficult to scale and sustain (by making it much more difficult to handle the funds those enterprises generate), the mail fraud statutes make it harder to scale organized criminal efforts across state lines, by making the abuse of the communication services our society provides a crime in and of itself.

The Postal Inspection Service is a useful tool. Mail fraud brings down a lot of sleazeballs that would otherwise have gotten away. Maybe because that's the last thing they would think to cover up.

You make it sound like one of those grab-bag offenses like resisting arrest that effectively amount to `you pissed off the government and now we're going to punish you for it'.

He may have made it sound like that, but it is not. It's a federal felony, and it's generally used to foreclose on large-scale scam operations.

Except "resisting arrest" is your word against an officer's, while "mail fraud" (from what I understand, IANAL) still requires the state to meet the burden of proof.

It's used often because it's easy to prove, just like tax evasion.

This comment really comes off sounding bad. You don't think a multi-billion fraud was that serious? The people that arrested him are pathetic for being proud of that?

Ceglia faked a contract, faked several emails, wasted $100,000's of Facebooks money, wasted $100,000's of the courts time, experts were testifying as to the thickness of the paper and the age of the ink and the staple hole locations... all with the goal of getting a $20 Billion payday. A huge attempted fraud by any standards.

Good for the USPS for stopping one more fraud. They probably do this all the time for all sorts of frauds, and they don't get the credit they deserve.

The acts of forging these documents and attempting a multi-billion dollar fraud are serious. The act of sending these documents through the mail is not. It would have been just as bad if these documents were sent by personal courier.

True, but laws such as mail fraud, tax evasion, and racketeering are designed to be general enough to catch fraudsters and mobsters who can't be prosecuted under a specific law or are too skilled at hiding their crimes.

The famous mob boss Al Capone was only ever convicted of tax evasion and served 11 years in Alcatraz for that.

God's mercy on anyone making dubious use of the US Postal Service. An attack on the purity of the mail is an attack on us all and will be prosecuted with deliberate severity.

Everyone's allowed to take pride in a job well done. What's pathetic in that?

I would say it's over-the-top, not pathetic. It would be pathetic if Ceglia were charged with murder and he could only be convicted of not licking stamps. The quoted line is just silly. It would be at home in a Mel Brooks movie, except that mail fraud in the U.S. is no joke and carries serious penalties.

> self-righteousness and pompadour

Hair styling is everything when exuding self-righteousness. Choosing the Reagan model is as good a style as anything.

self-righteousness: check

correctness: check

I wonder what will happen to his lawyers. And I wonder what the judge thinks.

Ceglia has had a couple of lawyers (Argentieri and Boland) who have been filing discovery motions, and really aggressively going after Facebook and Zuckerberg. If you read only a couple of their filings, it seems really personal for them. They are absolutely offended at Facebook's lawyers behavior, really aggressive in the wording of their filings, and going so far as to call out FB lawyers by name and complain about them.

And now it turns out the US Govt found the real contract from email archives and it doesn't match at all.

I'd like to see the lawyers punished somehow (reprimanded) for pushing this obvious fraud through the court system so hard and for so long.

And if I were the judge, wasting 2 years of his life on a sham case like this, I'd be furious. They were still submitting filings even as of yesterday!

Perhaps a stupid question, but if this guy had hand-delivered all the documents to the court, he'd be totally in the clear with regard to criminal activity? Why isn't he being charged with providing fabricated evidence to a federal court?

Presumably because it was easier for the DoJ to make the same case using mail fraud as the vector, just like it was easier to take out Capone with tax fraud. The heart of the actual case will still be the deceptions Ceglia used to attempt to scam a billion dollars out of Facebook.

They probably could charge him with a number of offenses, from lying to a federal official to fabricating evidence, and some perjury might probably be involved too. But prosecuting each thing costs money, and more complex and burdensome the case is, more money it would cost - with the same result of getting the guy inside. So if they can get what they want cheaper (saving taxpayer money, court time, etc.) - I say why not? If he hand-delivered everything, I guess they probably would have to choose some other offense or maybe would just let it go if it'd be too hard to prosecute.

Can anyone give a reasonable argument for why mail fraud carries a maximum sentence of 20 years? That seems ludicrous in the extreme. Why does mail fraud incur a greater penalty than rape, kidnapping, and most forms of murder?

Because mail fraud cases address a very large spectrum of actual crimes. The typical sentence for a mail fraud case is 21 months; there exists a very large number of aggravating factors that increase mail fraud sentences, including the scale of the operation (if you mass-mail to perpetrate fraud, you'll do more time), the sophistication of the victims (if you try to defraud fixed-income seniors, you'll do more time), sophisticated attempts to conceal your activities to avoid investigators, if you react to investigation by trying to move your whole operation out of US jurisdiction, if you damage the solvency of a bank, things like that.

People fixate on the maximum sentences when they should focus instead on the minimums (here, 10 months). Just by nature of what "mail fraud" investigations represent, you're bound to get wild swings from case to case.

Maybe they fixate on maximums because those are what are used plea bargaining? Would you leave the possibility of 20 years in a federal prison (no matter how remote) to chance?

Maybe compared to what Europe sentences murderers. But in NY State, 2nd degree murder is 25 to life and 1st degree is life.

IANAL, but don't those have a maximum of life (25 years)?

To threaten defendants, they also stack each single charge one on top of each other to make 5 cases look like a maximum of 125 years too.

Mail fraud... looks like some AG spent too much time watching "The Firm"

They can arrest people whenever they want with "loopholes" like these, and yet they can't seem to do a damn thing about any of the bankers who helped bring down the economy. Yeah, I just don't buy that.

Elliot Spitzer - who knows all about books been suddenly thrown in cases that routinely go unpunished - has some choice words about this in "Inside Job". Having been on both sides of the table, he is entirely credible when saying that the dearth of prosecutions reflected a lack of will, not an absence of ways.


The same Preet Bharara did just come out with a suit against Bank Of America: http://www.businessinsider.com/bank-of-americas-hustle-progr...

Not that more oughtn't be done.

Well, not whenever they want. If you didn't send fraudulent documents by mail and they wanted to arrest you, they'd have hard time charging you with mail fraud, not?

As for bringing down the economy, if you're going to arrest everybody that participated, you'd need a lot more jails. You'd have to arrest all that took and signed liar's loans, all that took interest-only 40 year loans with no income source to speak of, all that used their HELOCs as ATMs and took luxurious vacations on borrowed cash, all that saw their house double in value in 3 years and decided they are real estate moguls now, etc. etc. Bankers are a fashionable target, but they were not alone in this.

I had dug up his arrest record ~day one -- Not pretty. Interestingly, I had surprised a previous lawyer, who apparently did not do the same before taking on the case.


Is it me, or does it seem like his combined stupidity and incompetence (two different things) is what caused him to not realise the shit he pulled of leaves a trace?

Take it from a non developer scumbag thief "wannatrepenur" to not have the God damn decency to read up on how email works before trying a stunt like this.

But Zuckerberg did meet with this Ceglia guy, right?

If only tl;dr were in Latin, lawyers would understand it

nimius illectus - "the excessive amount that is unread"

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact