Prosecutors drop charges against ‘Serial’ podcast subject Adnan Syed

After 23 years in prison, Adnan Syed is a free man. Baltimore prosecutors on Tuesday announced they were dropping charges against the 41-year-old and subject of the hit podcast Serial, reports The New York Times. Prior to his release in September, Syed had been serving a life sentence for the 1999 murder of his former girlfriend Hae Min Lee.

The decision comes after a judge last month overturned Syed’s prison sentence on the recommendation of prosecutors, who said the state was no longer confident of the conviction. At that point, prosecutors had 30 days to decide whether to move forward with a new trial or drop charges. Where the case of Lee’s murder goes from here is hard to say. In September, following a nearly yearlong investigation, the state said it had found two possible “alternative suspects.” However, the public identity of those individuals is not known yet.

While Syed maintained his innocence throughout the two decades he was in prison, it’s fair to he probably wouldn’t be free today if not for Serial. His case attracted global attention in 2014 after it was chronicled by former Baltimore Sun reporter Sarah Koenig in the podcast’s breakout first season. Koenig spent more than a year investigating the specifics of Syed’s case, paying particular attention to the conduct of Cristina Gutierrez, his lawyer at the time. The issues she highlighted proved to be critical in the state’s reassessment of Syed’s case. 

In 2019, for instance, Maryland’s highest court found Gutierrez had failed to properly investigate an alibi witness ahead of Syed’s trial. More recently, the state investigation found “reliability issues” with some of the evidence that was used to convict Syed and that prosecutors may have failed to disclose evidence that would have aided his case.

Uber’s ex-security chief was found guilty of covering up a major data breach in 2016

Joseph Sullivan, who used to serve as Uber’s security chief, was convicted of federal charges for hiding a 2016 data breach from authorities. According to The New York Times, a jury in a San Francisco federal court has found Sullivan guilty of obstructing the FTC’s ongoing investigation into Uber at the time for another breach that occurred in 2014. He was also found guilty of actively hiding a felony from authorities. Sullivan’s case, believed to be the first time an executive has faced criminal charges over a hack, revolves around how the former executive dealt with the bad actors who infiltrated Uber’s Amazon server and demanded $100,000 from the company.

The hackers got in touch with Uber shortly after Sullivan sat for a deposition with the FTC for its investigation of the 2014 cybersecurity incident. They told him they found a security vulnerability that allowed them to download the personal data of 600,000 drivers and additional information linked to 57 million drivers and passengers. As The Washington Post reports, it was revealed later on that the hackers found a digital key that they used to get into Uber’s Amazon account. There, they found an unencrypted backup collection of personal data on passengers and drivers.

Sullivan pointed them to the company’s bug bounty program, which had a max payout of $10,000. The hackers wanted at least $100,000, however, and threatened to release the data they’d stolen if Uber didn’t pay up. The former security chief paid them the amount they demanded in bitcoin and made it appear as if they’d been paid under the bug bounty program — an action reportedly sanction by then Uber chief executive Travis Kalanick. He also tracked them down and made them sign nondisclosure agreements.

The former executive’s camp argued that Sullivan felt Uber’s user data was protected after the hackers signed an NDA. “Mr. Sullivan believed that their customers’ data was safe and that this was not some incident that needed to be reported. There was no coverup and there was no obstruction,” his lawyer David Angeli said. But prosecutors disagreed and viewed his use of NDAs as a way to cover up the incident. Further, they stressed that the incident shouldn’t have been qualified for a payout under the bug bounty program, which is meant to reward friendly security researchers, when the bad actors threatened to release users’ personal information if they didn’t get paid the amount they wanted.

In the end, the jury agreed with the prosecutors that Sullivan should have notified the FTC about the data breach. It wasn’t until Dara Khosrowshahi took over as CEO that the FTC was informed of the event. A sentence hasn’t been handed down yet, but Sullivan now faces five years in prison for obstruction and up to three more years for failing to report a felony. 

Former eBay execs get prison time in cyberstalking case involving Twitter threats and fetal pig deliveries

Two of the eBay executives who were charged for staging a cyberstalking campaign against the creators of the eCommerceBytes newsletter have been sentenced to prison. The Justice Department says that these execs, along with five other former eBay employees, worked together to intimidate David and Ina Steiner. They apparently hatched a scheme targeting the Steiners shortly after Ina published an article in their newsletter about a lawsuit eBay filed accusing Amazon of poaching its sellers. David said the people involved in their harassment made their lives “a living hell.”

James Baugh, eBay’s former senior director of safety and security, was sentenced to almost five years in prison and was ordered to pay a fine of $40,000. Meanwhile, David Harville, eBay’s former Director of Global Resiliency and the last person in the case who pleaded guilty, got a two-year sentence and was ordered to pay a $20,000 fine. 

According to the DOJ, the group sent disturbing deliveries to the couple’s home, including “a book on surviving the death of a spouse, a bloody pig mask, a fetal pig, a funeral wreath and live insects.” They also sent the couple threatening Twitter messages and posted on Craigslist to invite the public to partake in sexual encounters at the victims’ home. Authorities also said that Baugh, Harville and another eBay employee monitored the couple’s home in person with the intention of attaching a GPS tracker to their car. 

Based on the case’s court documents, David Wenig, who was eBay’s CEO at the time, sent another top exec a message that said “If you are ever going to take her down … now is the time” 30 minutes after Ina’s post was published. In turn, that executive sent Wenig’s message to Baugh, adding that Ina was a “biased troll who needs to get BURNED DOWN.” As The Washington Post notes, Wenig was not charged in the case but is facing a civil lawsuit from the Steiners, who accused him of attempting to “intimidate, threaten to kill, torture, terrorize, stalk and silence them.” He denied any knowledge of the harassment campaign. 

As for Baugh and Harville, both asked the Steiners for forgiveness, according to The Post. “I take 100% responsibility for this, and there is no excuse for what I have done. The bottom line is simply this: If I had done the right thing and been strong enough to make the right choice, we wouldn’t be here today, and for that I am truly sorry,” Baugh said.

UK police arrest alleged ‘GTA VI’ hacker

Police in the UK have arrested a 17-year-old suspected hacker. Reports suggest the arrest is connected to the Rockstar Games hack that led to a major Grand Theft Auto VI leak. The individual may have been involved with an intrusion on Uber as well.

According to journalist Matthew Keys’ sources, the arrest is the result of an investigation involving the City of London Police, the UK’s National Cyber Crime Unit and the FBI. Keys noted that the police and/or the FBI will reveal more details about the arrest later today. The City of London Police told Engadget it had “no further information to share at this stage.”

The GTA VI leak is unquestionably one of the biggest in video game history. Last weekend, the hacker shared a trove of footage from a test build of the game, which is one of the most hotly anticipated titles around. Rockstar, which tends to keep a tight lid on its development process, confirmed on Monday that the leak was legitimate. It said the incident won’t impact work on the game and that it will “properly introduce” fans to the next title in the blockbuster series once it’s ready.

Uber was also subject to a cybersecurity incident this month. The company said this week that the hacker in question didn’t access user accounts but, as of Monday, it was still trying to determine the impact of the intrusion. Uber also noted reports suggesting that the same person or group might have been responsible for the Rockstar hack. In addition, it said the perpetrator may be connected to the Lapsus$ hacking group.

The 17-year-old was arrested in Oxfordshire, where one of the leaders of Lapsus$ is said to live. In March, BBC News reported that a 16-year-old from Oxford (who may have had a birthday since then) had been identified by researchers and hackers as having ties to the group. That same month, City of London Police arrested seven teenagers with alleged ties to Lapsus$, but it wasn’t confirmed if the Oxford teen was among them. Lapsus$ has also targeted the likes of Microsoft, Okta and T-Mobile.