As part of its criminal case against Megaupload, the U.S. Government seized several domain names belonging to Kim Dotcom’s file-hosting service. Nearly five years later the authorities still control the domains but they haven’t done a very good job of securing them. Megaupload.org now links to a soft porn portal.
As Kim Dotcom’s extradition defense enters its second day, the court has heard that none of the 13 charges against the Megaupload founder are enough to extradite him to the United States. The U.S. is characterizing the alleged offenses as extraditable fraud but Dotcom’s team believes that copyright violations can not be prosecuted as such.
Three years ago now, EFF’s client Kyle Goodwin, a sports videographer, asked the court to allow him to retrieve the files he stored in an account on the cloud storage site Megaupload. When the government seized Megaupload’s assets and servers in January 2012, Mr. Goodwin lost access to video files containing months of his professional work.
The U.S. Government has informed the Court of Appeals that the civil forfeiture case against Megaupload and Kim Dotcom was launched as a last resort. The authorities feared that Dotcom and his colleagues would regain possession of the millions in seized assets and argue that they are properly labeled as “fugitives.”
A recording of Kim Dotcom and several Universal Music executives captured two days before the Megaupload raids has revealed the label planning to do a deal with the entrepreneur. Amid discussion of ‘taxing’ Google by diverting its ad revenue to the label, the execs offered to downgrade Dotcom from “evil” to “neutral” in return for dropping legal action over the “Mega Song”.
Well over three years have passed since Megaupload was shutdown, but there is still little progress in the criminal proceedings against the operation.
The United States hopes that New Zealand will extradite Kim Dotcom and his colleagues, but the hearings have been delayed several times already.
Meanwhile, several domain names including the popular Megaupload.com and Megavideo.com remain under the control of the U.S. Government. At least, that should be the case. In reality, however, they’re now being exploited by ‘cyber criminals.’
Instead of a banner announcing that the domains names have been seized as part of a criminal investigation they now direct people to a Zero-Click adverting feed. This feed often links to malware installers and other malicious ads.
One of the many malicious “ads” the Megaupload and Megavideo domain names are serving links to a fake BBC article, suggesting people can get an iPhone 6 for only £1.
And here is another example of a malicious ad prompting visitors to update their browser.
The question that immediately comes to mind is this: How can it be that the Department of Justice is allowing the domains to be used for such nefarious purposes?
Looking at the Whois records everything seems to be in order. The domain name still lists Megaupload Limited as registrant, which is as it was before. Nothing out of the ordinary.
The nameserver PLEASEDROPTHISHOST15525.CIRFU.BIZ, on the other hand, triggers several alarm bells.
CIRFU refers to the FBI’s Cyber Initiative and Resource Fusion Unit, a specialized tech team tasked with handling online crime and scams. The unit used the CIRFU.NET domain name as nameserver for various seized domains, including the Mega ones.
Interestingly, the CIRFU.NET domain now lists “Syndk8 Media Limited” as registrant, which doesn’t appear to have any connections with the FBI. Similarly, CIRFU.BIZ is not an official CIRFU domain either and points to a server in the Netherlands hosted by LeaseWeb.
It appears that the domain which the Department of Justice (DoJ) used as nameserver is no longer in control of the Government. Perhaps it expired, or was taken over via other means.
In June 2011, authorities in Germany, Spain, France and the Netherlands raided premises suspected of having something to do with kino.to, a site that offered links to a Megaupload-style file lockers containing unlicensed copies of movies, music and TV shows.
Not long after the raids, the site shut up shop. Folks associated with the site were later jailed.
But according to a new research paper, Online Copyright Enforcement, Consumer Behavior, and Market Structure, closing the site had little effect on copyright breaches. Indeed, it may have spawned a new generation of stronger piracy services.
The paper was penned by Luis Aguiar of the European Union’s Institute for Prospective Technological Studies, Jörg Claussen of the Copenhagen Business School and Christian Peukert from the University of Zürich. The three got their hands on Nielsen NetView data that “… monitors the online activity of a representative sample of Internet users by recording all of their URL visits together with visit duration, while guaranteeing them that the data will be kept anonymous.” With that data in hand, the authors set about identifying pirate sites and found that in their January to June 2011 sample kino.to topped their chart of 15 sites of interest with about 6,000 visits per week.
Those visits stopped once kino.to’s service ceased, but a new kinoX.to site that claimed to be kino.to’s the official heir quickly picked up traffic. So did other sites offering similar services.
“Put together, our data clearly shows that the shutdown massively altered the German market for unlicensed video streaming, making it less concentrated and more competitive,” the authors write. Users also started visiting more piracy sites, up to around 1.4 a week from the 1.15 when kino.to was online.
The study does find that former kino.to users did start to spend more time visiting sites selling licensed content, but argues “If we were to take the costs of the intervention into account (raid, criminal prosecution, etc.), our results would suggest that the shutdown of kino.to has not had a positive effect on overall welfare.”
“Finally,” the authors conclude, “the shutdown of kino.to resulted in a much more fragmented structure of the market for unlicensed movie streaming. This potentially makes future law enforcement interventions either more costly – as there would not be a single dominant platform to shutdown anymore – or less effective if only a single website is targeted by the intervention.”
The dramatic events of January 2012 in which the gigantic Mega empire of Kim Dotcom was brought to its knees are now more than three years old. Legal argument has dogged the case from day one, with each passing month presenting yet more points of contention.
One of the oldest issues surrounds the hardware seized as part of the global operation to close down what was once the world’s largest centralized file-sharing operation.
The U.S. Government seized 1,103 servers at Carpathia’s hosting facility in the United States, equipment that is currently gathering dust in a Virginia storage facility. Also at issue is a lesser-discussed batch of servers seized in Canada.
On January 18, 2012, a judge in Ontario issued a warrant to seize the 32 servers located in an Equinix datacenter. As the case continued to build against Megaupload, Kim Dotcom and his associates, the U.S. government asked Canadian authorities to hand the hardware over, claiming that an internal Megaupload email revealed them to be “database / number crunching machines.”
A year later in January 2013, Megaupload protested the handing over of the hardware to U.S. authorities claiming that the servers contained a lot of information irrelevant to the case. Megaupload said an independent forensic examiner could examine the servers and determine their contents before any handover.
An Ontario court sided with Megaupload and refused to send the servers’ data to the United States. Instead, both sides were ordered to find a way to filter out irrelevant content.
Now, more than two years later, the issue of just how much of this seized content can be sent to the United States remains an issue. The matter reappeared before a Toronto court Monday, with fresh ideas on how progression can be made.
Crown attorney Moiz Rahman, acting on behalf of the U.S. government, suggested the appointment of an independent group of forensic examiners to inspect the data and determine which data is relevant to the case, CBC reports.
However, Megaupload lawyer Scott Hutchison raised concerns that once back in the United States, the so-called “clean team” might disclose non-relevant information they’d discovered on the servers. Any ruling in Canada to seal their lips would not be enforceable in the U.S., Hutchinson said.
“Once they return to the United States, that’s nothing more than a promise,” the lawyer said.
While conceding that the “vast majority” of the data was likely to be media uploaded by Megaupload’s users, Hutchinson suggested that it would be preferable to hire an independent Canada-based investigator to carry out the work.
But speaking for the Crown on behalf of the U.S., Rahman said that a U.S. team could present the results of its investigation to a Canadian court, which could then decide what information would be allowed back to the United States under current treaty protocol.
“That’s a little bit of cold comfort to me,” said Justice Michael Quigley.
After Rahman claimed that an independent Canadian investigator would prove too expensive, the Judge ordered the parties to present their respective costings to the court before any decision on the fate of the data is made.
This also ensures that Dotcom won’t have money to defend himself…
Following the 2012 raid on Megaupload and Kim Dotcom, U.S. and New Zealand authorities seized millions of dollars in cash and other property.
Claiming the assets were obtained through copyright and money laundering crimes, last July the U.S. government launched a separate civil action in which it asked the court to forfeit the bank accounts, cars and other seized possessions of the Megaupload defendants.
Megaupload’s defense heavily protested the request but was found to have no standing, as Dotcom and his colleagues can be seen as fugitives.
A few hours ago District Court Judge Liam O’Grady ordered a default judgment in favor of the U.S. Government. This means that the contested assets, which are worth an estimated $67 million, now belong to the United States.
“It all belongs to the U.S. government now. No trial. No due process,” Dotcom informs TF.
More than a dozen Hong Kong and New Zealand bank accounts have now been forfeited including some of the property purchased through them. The accounts all processed money that was obtained through Megaupload’s alleged illegal activities.
In the wake of the now-famous 2012 raid, the U.S. government has done everything in its power to deny Kim Dotcom access to the assets of his former Megaupload empire. Millions were seized, setting the basis for a legal battle that has dragged on for more than three years.
In a July 2014 complaint submitted at a federal court in Virginia, the Department of Justice asked for forfeiture of the bank accounts, cars and other seized possessions, claiming they were obtained through copyright and money laundering crimes.
“Kim Dotcom and Megaupload will vigorously oppose the US Department of Justice’s civil forfeiture action,” Dotcom lawyer Ira Rothken told TF at the time.
But in the final days of last month Dotcom received a blow when a ruling from the United States barred him from fighting the seizure. A Federal Court in Virginia found that Dotcom was not entitled to contest the forfeiture because he is viewed as a “fugitive” facing extradition.
“We think this is not offensive to just Kim Dotcom’s rights, but the rights of all Kiwis,” Rothken said.
Wasting no time, yesterday the United States went in for the kill. In a filing in the District Court for the Eastern District of Virginia, the Department of Justice requested an entry of default against the assets of Kim Dotcom plus co-defendants Mathias Ortmann, Bram van der Kolk, Finn Batato, Julius Bencko, and Sven Echternach.
The targets for forfeiture are six bank accounts held in Hong Kong in the names of Ortmann, der Kolk, Echternach, Bencko and Batato. New Zealand based assets include an ANZ National Bank account in the name of Megastuff Limited, an HSBC account held by der Kolk and a Cleaver Richards Limited Trust Account for Megastuff Limited held at the Bank of New Zealand. Two Mercedes-Benz vehicles (an A170 and an ML500) plus their license plates complete the claim.
The request for default judgment was entered soon after.