Camcording Movie Pirates Sentenced to Prison

Two members of the in-theater camcording gang known as IMAGiNE Group were sentenced Friday to lofty prison terms.

Sean Lovelady, 28, of California, was handed 23 months and had agreed to cooperate with the authorities. (.pdf) Willie Lambert, 57, of Pennsylvania, was given 30 months and ordered to pay $450,000 in restitution, the authorities said.

Two other men connected to the group have also pleaded guilty and are to be sentenced soon.

According to the indictment, (.pdf) “The conspirators informally identified themselves as the IMAGiNE Group and sought, among other things, to be the premier group to first release to the internet copies of new motion pictures only showing in movie theaters.”

Group members would audio-record films such as Friends With Benefits and Captain America: The First Avenger. Others members would record the film at a theater with a camcorder. Then the sound and video would be combined into a full-featured movie, the authorities said.

Other films the group recorded and uploaded included The Men Who Stare at Goats, Avatar, Clash of the Titans, Iron Man 2, The Sorcerer’s Apprentice, and, among others, The Green Hornet.

The authorities said the group utilized servers in France, Canada and the United States to offer in-theater-only movies from websites like, and

The indictment said the group accepted donations “to fund expenses, including the cost of renting servers used by the conspirators, and to accept payments for the unauthorized distribution and sale of pirated copies of copyrighted works.”

The indictment alleges that the IMAGiNE Group’s websites included member profiles, a torrent tracker, discussion forums and a message board.

Feds Ordered to Disclose Data About Wiretap Backdoors

Photo illustration: Brian Klug/Flickr

A federal judge is ordering the Justice Department to disclose more information about its so-called “Going Dark” program, an initiative to extend its ability to wiretap virtually all forms of electronic communications.

The ruling by U.S. District Judge Richard Seeborg of San Francisco concerns the Communications Assistance for Law Enforcement Act, or CALEA. Passed in 1994, the law initially ordered phone companies to make their systems conform to a wiretap standard for real-time surveillance. The Federal Communications Commission extended CALEA in 2005 to apply to broadband providers like ISPs and colleges, but services like Google Talk, Skype or Facebook and encrypted enterprise Blackberry communications are not covered.

The FBI has long clamored that these other communication services would become havens for criminals and that the feds would be left unable to surveil them, even though documents acquired by Wired shows that the FBI’s wiretapping system is robust and advanced.

Little is known about the “Going Dark” program, though the FBI’s 2011 proposal to require backdoors in encryption found no backers in the White House. The FBI has never publicly reported a single instance in the last five years where encryption has prevented them from getting at the plaintext of messages.

The Electronic Frontier Foundation sought information about the “Going Dark” program, via a Freedom of Information Act claim with the Justice Department, amid concerns that the Federal Bureau of Investigation is trying to expand backdoors into these and other services. Law enforcement officials privately complain they are running into cases where criminals are using online communication tools that aren’t wiretap-able in real-time, because the provider had not built in that capability or was not required to build the backdoor.

Among other things, the FOIA claims sought documents concerning “any communications or discussions with the operators of communications systems or networks (including, but not limited to, those providing encrypted communications, social networking, and peer-to-peer messaging services), or with equipment manufacturers and vendors, concerning technical difficulties the DOJ has encountered in conducting authorized electronic surveillance.”

The government, however, has withheld the bulk of relevant information on the topic, a move the judge said Tuesday was wrong. The government claimed the material it did not forward to the EFF — some 2,000 pages in all — was “non-responsive” or outside the scope of what the EFF was seeking.

Seeborg was not buying it.

…”The government is directed to conduct a further review of the materials previously withheld as non-responsive. In conducting such review, the presumption should be that information located on the same page, or in close proximity to undisputedly responsive material is likely to qualify as information that in ‘any sense sheds light on, amplifies, or enlarges upon’ the plainly responsive material, and that it should therefore be produced, absent an applicable exemption.” (.pdf)

Jennifer Lynch, an EFF attorney on the case, said the documents the government did turn over don’t say much at all.

“I don’t think they provide much information that we don’t already know,” she said. “We know the Justice Department and especially the FBI say they can’t get access to data they are entitled to under electronic surveillance laws because some providers are not forced to comply with CALEA.”

Judge Seeborg did not set a timeline for the government to comply.

Airpush Begins Obfuscating Ad Modules

Many Android apps contain advertising modules provided by third parties in order to monetize their development efforts. Airpush is a company that produces one of the more aggressive advertising modules. Their advertising modules can place ads in the Android notification bar where users are alerted to events such as missed messages or missed phone calls.

Unfortunately, in the most common versions of Android, the notification bar fails to show the user which app actually generated the advertisement. Since these advertisements can appear when the user is not actively using the app, there may be confusion on how to stop the advertisements from appearing in the notification bar. It is worth noting that changes have since been made by both Google and Airpush to better link advertisements directly to apps.

Many users disapprove of this model of advertising which has resulted in a controversy causing waves of not-so-good ratings and comments for some apps. This has prompted app developers to better describe what kind of ads are used before users install an app or, in some cases, to even reconsider using these advertising modules in their apps at all.

Norton Spot is a product designed to deal with this kind of problem by letting users know exactly what actions are performed by each ad platform and which apps contain them.

Symantec Security Response did notice a few Android apps where developers used tools to modify the Airpush modules. For instance, some developers changed strings referencing Airpush from "" to "com.andipush.androidsdk". There is no functional advantage to do this, so it looks like some developers prefer to hide the presence of the Airpush modules from their users.

Recently, there has been an increase in the number of apps that use random alphanumeric strings to reference the Airpush modules:

  • com.EtrSnehN.vkBWjQlJ103131.Airpush
  • com.XdtXq.jjxnz112220.Airpush

The number of apps using this method reaches into the thousands.

Obviously, individual developers have not all coincidentally begun doing this on their own. Instead, Airpush themselves are now providing a customized version of their advertising modules with unique strings referencing their modules to each developer. They have stated that the reason for introducing this obfuscation is because their competitors are scanning applications to see which developers are using their software.

Such obfuscation techniques can also have an effect on ad network detectors. For example, we downloaded four popular competitor products that normally detect unobfuscated versions of Airpush and, unfortunately, were surprised to find Airpush's techniques successfully bypassed them all.

This type of obfuscation does not affect Norton Spot. Norton Spot will alert you to any applications using Airpush despite the introduction of these customized modules.

If you see Airpush advertisements in your notification bar, you can use Norton Spot for free to find the unwanted application.

Farewell to Threat Level Editor Ryan Singel

Photo: Ariel Zambelich/Wired

Ryan Singel, the co-founder and editor of this blog, is leaving us Friday after 10 years writing for He’s moving on to focus on his start-up, Contextly, which among other things powers the nifty “Related Links” box at the bottom of every story.

Ryan co-founded Threat Level in 2006 with Kevin Poulsen, the blog’s first editor. Originally known as 27bstroke6, this was Wired’s first news blog, and it continues tackling security, privacy, crime and intellectual property in the online world.

During his tenure as writer, and then editor, Threat Level received a gaggle of awards and recognitions, from Webby Awards to twice being named in Time Magazine’s Top 25 list of blogs.

Contextly, which Ryan founded more than a year ago, is a San Francisco startup providing websites and blogs with tools to help them show off their best content to readers, and increase page views and the number of views per reader. In addition to Wired, the company’s clients include Cult of Mac and Wall St. Cheat Sheet.

“It’s gotten to the point that there’s enough interest and there’s so many fun things we want to build out that, in order to do that, I have to dedicate myself full-time. There’s just not enough hours in the day,” he said.

Singel’s pooch “Little.” Photo: Peter McCollough/Wired

“Ryan is a true hybrid — a journalist who knows the scene, and knows how to code. He’s broken big stories and fought for consumers in sharp columns challenging the telecom industry. And he’s been a smart and tireless pioneer of digital reporting methods,” said Evan Hansen,’s editor in chief.

“From his start at Wired, Ryan has embodied fully the promise and potential of online journalism,” said Poulsen, now’s news editor. “He brought courage, curiosity, fairness, and a clear-eyed dedication to the truth to the job every day. And as an editor, he brought out the best in his writers.”

One of Ryan’s biggest scoops was in 2006, when he obtained and published documents that were sealed in San Francisco federal court that apparently showed that AT&T was funneling Americans’ electronic communications to the National Security Agency. Even today, those documents remain the focal point of the Electronic Frontier Foundation’s eavesdropping lawsuit against the government.

Ryan, who graduated with a bachelor’s in English at Vassar College in 1995 and the University of Chicago in 1999 with a master’s in humanities, is best known among his colleagues for donning newsboy caps and complaining about the casual cruelty of San Francisco motorists that he had dodged on his bike ride to the office.

As one of the few editors who grasps the subject matter as much or more than the writers reporting to him, Ryan will be sorely missed here.

He said Threat Level was founded on the idea that it would be “a tool for journalism” and not a soap box.

“It wasn’t just a tool for mouthing off,” he said. “It values getting things right, quoting people and picking up the phone. I think that’s a big part of the success for the blogs at Wired generally.”