Category Archives: Legal

U.S. Department of Treasury Sanctions Russian Ransomware Actor



The U.S. Department of the Treasury posted a press release titled: “Treasury Sanctions Russian Ransomware Actor Complicit in Attacks on Police and U.S. Critical Infrastructure”. From the press release:

Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), designated Mikhail Matveev (Matveev) for his role in launching cyberattacks against U.S. law enforcement, businesses, and critical infrastructure. Concurrently, the U.S. District Courts for the District of New Jersey and the District of Columbia unsealed indictments against Matveev. Additionally, the U.S. Department of State announced an award of up to $10 million for information that leads to the arrest and/or conviction of Matveev under its Transnational Organized Crime Rewards Program.

“The United States will not tolerate ransomware attacks against our people and our institutions,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats.”

The press release continued: The impacts of ransomware attacks are far-reaching, with victims experiencing the loss and disclosure of sensitive information and disruption of critical services. Russia is a haven for ransomware actors, enabling cybercriminals like Matveev to engage openly in ransomware attacks against U.S. organizations.

According to analysis conducted by Treasury’s Financial Crimes Enforcement Network (FinCEN), 75 percent of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf. Russia-linked ransomware variants such as Hive, LockBit, and Baby, which Matveev helped to develop and deploy, have been responsible for millions of dollars in losses to victims in the United States and around the world. The Hive ransomware group alone has targeted more than 1,500 victims in over 80 countries, including hospitals, school districts, financial firms, and other critical infrastructure.

The U.S Department of Justice released news titled: “Russian National Charged with Ransomware Attacks Against Critical Infrastructure” From the news:

The Justice Department today unsealed two indictments charging a Russian national and resident with using three different ransomware variants to attack numerous victims throughout the United States, including law enforcement agencies in Washington D.C. and New Jersey, as well as victims in healthcare and other sectors nationwide…

…On or about June 25, 2020, Matveev and his LockBit coconspirators allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey. Additionally, on or about May 27, 2022, Matveev and his Hive coconspirators allegedly deployed Hive against a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey. On April 26, Matveev and his Babuk coconspirators allegedly deployed Babuk against the Metropolitan Police Department in Washington, D.C…

…Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces over 20 years in prison…

Engadget reported: In April of 2021, for instance, [Matveev] was linked to a Babuk ransomware attack that saw the computers of the Metropolitan Police Department in Washington DC locked out. Last May, Matveev, whose online pseudonyms include Wazawaka, Uhodiransomwar, m1x, and Boriselcin, was allegedly involved in a Hive ransomware attack that targeted a healthcare NGO in New Jersey.

Engadget also reported that the Department of Justice is offering a reward of up to $10 million for information that leads to the arrest of Matveev.

I always find it interesting when more than one official U.S. Department works together on fighting crime, especially when the crime involves ransomware attacks. Ideally, this coordination should make ransomware thieves think twice before (potentially) ending up in prison.


Three Companies To Pay $615,000 Over Faked Net Neutrality Comments



Three companies accused of falsifying millions of public comments to support the contentious 2017 repeal of net neutrality rules nave agreed to pay $615,000 in penalties to New York and other states, New York’s attorney general said Wednesday, The Associated Press reported.

New York Attorney General Letitia James posted a press release on her official website titled: “Attorney General James Secures $615,000 from Companies that Supplied Fake Comments to Influence FCC’s Repeal of Net Neutrality Rules”. The press release was posted on May 10, 2023.

New York Attorney General Letitia James today secured $615,000 from three companies, LCX, Lead ID, and Ifficient, that supplied millions of fake public comments to influence a 2017 proceeding by the Federal Communications Commission (FCC) to repeal net neutrality rules. Net neutrality prohibits broadband providers from blocking, slowing down, or charging companies to prioritize certain content on the internet.

An investigation by the Office of the Attorney General (OAG) found that the fake comments used the identities of millions of consumers, including thousands of New Yorkers, without their knowledge or consent. Collectively, the three companies have agreed to pay $615,000 in penalties and disgorgement. This is the second series of agreements secured by Attorney General James with companies that supplied fake comments to the FCC…

…Today’s agreements are the result of an investigation by OAG that uncovered widespread fraud and abusive practices surrounding efforts to sway the FCC in the agency’s 2017 net neutrality rule making proceeding. As detailed by a report by OAG, the nation’s largest broadband companies funded a secret campaign to generate millions of comments to the FCC in 2017. These comments provided “cover” for the FCC to repeal net neutrality rules.

To help generate these comments, the broadband industry engaged commercial lead generators that used advertisements and prizes, like gift cards and sweepstakes entries, to encourage consumers to join the campaign. However, nearly every lead generator that was hired to enroll consumers in the campaign instead simply fabricated consumers’ responses. As a result, more than 8.5 million fake comments that impersonated real people were submitted to the FCC, and more than half a million fake letters were sent to Congress.

The press release also stated that LCX and its principals will pay $400,000 in penalties and disgorgement to New York and $100,000 to the San Diego District Attorney’s Office. Lead ID and its principal will pay $30,000 in penalties and disgorgement to New York. Ifficient will pay $63,750 in penalties and disgorgement to New York, and $21,250 to Colorado.

Engadget reported that the fines come after a 2021 Attorney General report that found over 18 million of the 22 million comments on net neutrality were fake. While there were signs of trouble at the time, the FCC under then-chairman Ajit Pai fought attempts to investigate and address the spam.

I remember feeling like something was off back in 2017, and was very confused about why so many Americans wanted to remove net neutrality and the protections it provides. Attorney General James has now made it clear that the entire scheme was fraudulent.


New York’s Attorney General Seeks Broader Authority To Police Crypto



New York Attorney General Letitia James is proposing new legislation that would give her office more authority to regulate the increasingly tumultuous cryptocurrency industry, The Wall Street Journal reported.

The bill would give the attorney general’s office broader enforcement authority over crypto firms that have operations in the state, while codifying the New York State Department of Financial Services’ authority to license participants in the sector and oversee the state’s digital asset licensing regime.

The bill, called the Crypto Regulation, Protection, Transparency and Oversight Act, or CRYPTO, will be submitted by Ms. James’s office to the New York State Senate and Assembly for consideration during the 2023 legislative session, which runs through June 8.

The New York attorney general, an elected official, is seeking jurisdiction to enforce crypto firms’ violations of the law, issue subpoenas and impose civil penalties of $10,000 per violation for each individual or $100,000 per violation from each crypto firm, according to a statement from the attorney general’s office. The attorney general is also seeking to shut down businesses that are engaging in alleged fraud and illegality, The Wall Street Journal reported.

The website of New York Attorney General Letitia James posted: “Attorney General James Proposes Nation-Leading Regulations on Cryptocurrency Industry”. Here are some parts of the press release:

New York Attorney General Letitia James today announced landmark legislation to tighten regulations on the cryptocurrency industry to protect investors, consumers, and the broader economy. The multi-billion dollar industry lacks robust regulations making it prone to dramatic market fluctuations, and has been used to hide and facilitate criminal conduct and fraud.

Attorney General James’s program bill, which proposes the strongest and most comprehensive set of regulations on cryptocurrency in the nation, would increase transparency, eliminate conflicts of interest, and impost commonsense measures to protect investors, consistent with regulations imposed on other financial services…

Here is an overview of the CRYPTO bill:

Stop Conflicts of Interest

Preventing common ownership of crypto issuers, marketplaces, brokers, and investment advisers and preventing any participant from engaging in more than one of those activities;

  • Preventing crypto brokers and marketplaces from trading for their own accounts;
  • Prohibiting marketplaces and investment advisers from keeping custody of customer funds;
  • Prohibiting brokers from borrowing or lending customer assets; and
  • Prohibiting referrals from marketplaces to investment services for compensation

Require Public Reporting of Financial Statements

  • Undergo mandatory independent auditing and publish audited financial statements;
  • Provide investor with material information about issuers, including risks and conflict-of-interest disclosures;
  • Require cryptocurrency promoters to register and report their interest in any issuer whose crypto assets they promote

Require Public Reporting of Financial Statements

  • Enacting and codifying “know-your-customer” provisions, meaning brokers would have to know essential facts about their customers, and requiring crypto bankers and marketplaces to only conduct business with first that comply to KYC provisions;
  • Banning the use of the term “stablecoin” to describe market digital assets unless they are backed 1:1 with U.S. currency or high-quality liquid assets as defined in federal regulations; and
  • Requiring platforms to reimburse customers who are victims of unauthorized asset transfers resulting from fraud.

It sounds to me like Attorney General Letitia James is wanting to treat crypto companies in a way that is similar to how banks are treated. That said, I think those companies will attempt to push back against this proposed bill.


Australia’s Financial Regulator Cancelled Binance’s Services License



Australia’s financial regulator has cancelled the local financial services license of the world’s biggest cryptocurrency exchange, Binance, The Guardian reported.

Earlier this year, the Australian Securities and Investments Commission (Asic) found Binance had incorrectly classified hundreds of retail customers as wholesale investors.

The Asic chair, Joe Longo, said the distinction was important because retail customers have access to more consumer protections under Australian law, including the right to dispute resolution.

Binance’s Australia’s financial services (AFS) license only allows it to provide derivatives products to sophisticated investors, rather than retail customers.

The Australian Securities & Investments Commission (ASIC) posted: “23-09MR Binance Australia Derivatives – AFS license cancelled”. From the information:

AISC has today cancelled the Australian financial services license held by Oztures Trading Pty Ltd trading as Binance Australia Derivatives (Binance). The license cancellation was effected today in response to a request to cancel received from Binance yesterday.

Following the cancellation:

  • With effect from 14 April 2023, clients will not be able to increase derivatives positions or open new positions with Binance;
  • Binance will require clients to close any existing derivative positions before 21 April, 2023;
  • On 21 April 2023, Binance will close any remaining open positions.

The terms if the cancellation include a provision that the cancellation has no effect on the requirement for Binance to continue as a member of the Australian Financial Complaints Authority until the end of 8 April 2024.

ASIC has been conducting a targeted review of Binance financial services businesses in Australia, including its classification of retail and wholesale clients. On 29 March 2023, ASIC issued a notice of hearing under s915C of the Corporations Act 2001 to consider whether ASIC should cancel or suspend the AFS license held by Oztures Trading Pty Ltd.

ASIC Chair Joe Longo said, “It is critically important that AFS licensees classify retail and wholesale clients in accordance with the law. Retail clients trading in crypto derivatives are afforded important rights and consumer protections under financial services laws in Australia, including access to external dispute resolution through the Australian Financial Complaints Authority.

“Our targeted review of these matters is ongoing, including focus on the extent of consumer harms”, said Mr. Longo.

CNBC reported that Binance’s Australian derivatives license was canceled the crypto exchange’s own request, the Australian Securities & Investments Commission said Thursday, after the regulator had begun a “targeted review of Binance” in February.

Beginning April 14, Binance’s derivatives clients in Australia will not be able to open or increase their existing trading positions. By April 21, Bianance will be required to close out any remaining trading positions, the regulator said.

According to CNBC, regulatory scrutiny of Binance has been mounting in recent weeks and months. Anti-money laundering and know-your-customer compliance issues are at the heart of the U.S. Commodity Futures Trading Commission’s extensive complain against the crypto exchange and its founder, Changpeng Zhao. The complaint detained how fees from derivatives trading provided highly lucrative revenue for Binance.

In my opinion, cryptocurrency is not something that will ever replace the federal currency of a country. I suppose it is possible that there are some cryptocurrency companies that are following the rules that were set in place by whatever country they operate in. However, it appears that Binance failed to follow the Australian regulator’s rules.


Coinbase Warned By SEC Of Potential Securities Charges



The Securities and Exchange Commission issued crypto exchange Coinbase a Wells notice, warning the company that it identified potential violations of U.S. securities law, CNBC reported.

According to CNBC, Coinbase shares fell nearly 12% in extended trading after the news broke on Wednesday, adding to an 8.16% drop during regular trading hours.

“Based on discussions with the Staff, the Company believes these potential enforcement actions would relate to aspects of the Company’s spot market, staking service Coinbase Earn, Coinbase Prime and Coinbase Wallet,” Coinbase said in a regulatory filing. “The potential civil action may seek injunctive relief, disgorgement, and civil penalties.”

CNBC also reported that the SEC has ramped up its enforcement of the crypto industry, bearing down on companies and projects that the regulator alleges were hawking unregistered securities. Reports first surfaced of an SEC probe into Coinbase in mid-2022.

Coinbase posted some information on its website. Here is from the TL:DR (too long, didn’t read) section:

“Today, the SEC gave Coinbase a “Wells notice” regarding an undefined portion of our listed digital assets, our staking service Coinbase Earn, Coinbase Prime, and Coinbase Wallet after a cursory investigation. We are prepared for this disappointing development. We are confident in the legality of our assets and services, and if needed, we welcome a legal process to provide the clarity we have been advocating for and to demonstrate that the SEC simply has not been fair or reasonable when it comes to its engagement on digital assets. Rest assured, Coinbase products and services continue to operate as usual – today’s news does not require any changes to our current products or services.”

The Wall Street Journal reported that the Securities and Exchange Commission has told Coinbase Global Inc. that it plans to take enforcement action against the company, escalating its crackdown on digital-currency firms by targeting the biggest U.S. crypto exchange, Coinbase said Wednesday.

According to the Wall Street Journal, Coinbase said it received a letter from the SEC known as a Wells notice, in which regulators say they believe companies or individuals violated investor-protection laws. The notices aren’t final because the agency’s commissioners must authorize any lawsuits or enforcement settlements.

By warning Coinbase about a potential lawsuit, The Wall Street Journal reported, the SEC is setting its sights on one of the biggest names in crypto, a publicly traded company that has helped bring tens of millions of customers into the digital-currency markets since it was founded 2012.

A lawsuit would represent SEC Chair Gary Gensler’s biggest step to assert his agency’s jurisdiction over crypto. If Coinbase prevailed in a lawsuit, it would embolden the crypto industry’s claims that Mr. Gensler has overreached and that virtual currencies shouldn’t be subject to U.S. securities laws.

TechCrunch reported that in response to receiving a Wells notice from the FTC, Coinbase’s CEO Brian Armstrong struck a confident posture, tweeting that his company is “right on the law, confident in the facts, and welcome the opportunity for Coinbase (and by extension the broader crypto community) to get before a court.”

In a separate tweet, Armstrong wrote: “Two years ago the SEC reviewed our business in detail and approved Coinbase to go public. Our S1 clearly explained our asset listing process and included 57 references to staking. Coinbase runs a rigorous asset review process and has rejected more than 90% of assets that have applied to be listed on the platform.”

It is unclear to me exactly how this particular situation will end up. I suppose there will eventually be an announcement if something changes.


California Court Affirms Right To Treat Uber And Lyft Drivers as Contractors



Uber Technologies Inc., Lyft Inc. and other companies scored a victory with a California court ruling that preserves their independent contractor model in the state and could boost their efforts to maintain that model elsewhere, The Wall Street Journal reported.

A state appeals court reversed a lower-court ruling that found a California ballot measure known as Proposition 22 illegal. Proposition 22, which passed in November 2020, allowed these companies to continue to treat their drivers as independent contractors.

According to the Wall Street Journal, Uber and others are in a global tug of war with regulators over whether and how to grant more benefits such as paid sick leave and health insurance to workers in the so-called gig economy, where apps distribute individual tasks to a poll of people whom companies generally regard as independent contractors.

California sued Uber and Lyft in 2020, saying they were in violation of a new state law that sought to reclassify their drivers as employees. A legal battle ensued, culminating in Proposition 22, in which Uber, Lyft, DoorDash Inc. and Instacart Inc. asked state voters to exempt them from the law. The companies spent a record amount of money for a California ballot measure, about $200 million.

The New York Times reported that the decision by three appeals court judges overturned the ruling late last year by a California Superior Court judge, who said the Proposition was “unenforceable.” It was a victory for companies like Uber, which use gig drivers to transport passengers and to deliver food, but does not pay costs that an employer would have to. Those costs can include drivers’ unemployment insurance, health insurance, and business expenses.

According to The New York Times, the appeals court ruling was not the final say. The Service Employees International Union, which, along with several drivers, filed a lawsuit challenging Proposition 22 in early 2021, is expected to appeal the decision to the California Supreme Court, which would then have several months to decide whether to hear the case.

The opponents of the proposition argued that the ballot measure was unconstitutional under several grounds. It set limits on the State Legislature’s ability to oversee workers’ compensation for gig drivers. It included a rule restricting them from collective bargaining that critics said was unrelated to the rest of the measure, and it set a seven-eights majority vote of the Legislature as a bar for passing amendments to the measure related to collective bargaining – a requirement that was considered nearly impossible to achieve.

CNBC reported that Proposition 22 created a set of criteria which determined whether ride-share drivers were employees or independent contractors. In practice, it exempted Uber and similar companies from following certain minimum wage, overtime, or workers compensation laws for hundreds of thousands of Californian rideshare drivers.

Instead, according to CNBC, the ballot measure required companies to provide compensation and healthcare “subsidies” based on “engaged” driving time, as well as the benefits, including safety training as “sexual harassment training.”

To me it sounds like Uber, Lyft, DoorDash, and Instacart are desperately trying to suppress drivers ability to form a union, (also known as “collective bargaining”). Unionization would require the large companies to provide drivers with the same types of benefits that other workers, who have unionized, would be expected to receive. It also make it harder for the big companies to fire them.


New York Attorney General Cracks Down On Unregistered Crypto Platforms



New York Attorney General Letitia James sues KuCoin for allowing investors in New York to buy and sell Crypto without registering with the state. This lawsuit marks James’ eight action to rein in shadowy cryptocurrency platforms. From the press release:

New York Attorney General Letitia James continued her efforts to crack down on unregistered cryptocurrency platforms by filing a lawsuit against KuCoin for failing to register as a securities and commodities broker-dealer and falsely representing itself as an exchange.

The Office of the Attorney General (OAG) was able to buy and sell cryptocurrencies on KuCoin in New York even though the company was not registered in the state. Through this enforcement action, Attorney General James seeks to stop KuCoin from operating in New York and to block access to its website until it complies with the law. Today’s action is the latest in Attorney General James’ efforts to rein in cryptocurrency platforms.

“One by one my office is taking action against cryptocurrency companies that are brazenly disregarding our laws and putting investors at risk,” said Attorney General James. “Today’s action is the latest in our efforts to rein in shadowy cryptocurrency companies and bring order to the industry. All New Yorkers and all companies operating in New York have to follow our state’s laws and regulations. KuCoin operated in New York without registration and that is why we are taking strong action to hold them accountable and protect investors.”

KuCoin is a virtual currency trading platform that allows investors to buy and sell cryptocurrency through its website and app. On its platform KuCoin investors can buy and sell popular currencies, including ETH, LUNA and TerraUSD (UST), which are securities and commodities. This action is one of the first times a regulator is claiming in court that ETH, one of the largest cryptocurrencies available, is a security.

The petition argues that ETH, just like LUNA and UST, is a speculative asses that relies on the efforts of third-party developers in order to provide profit to the holders of ETH. Because of that, KuCoin was required to register before selling ETH, LUNA, or UST.

KuCoin also sells unregistered securities in the form of KuCoin Earn, its lending and staking product. New York law requires securities and commodities brokers to register with the state, which KuCoin failed to do. The OAG was able to create an account with KuCoin using a computer with a New York based IP address and buy and sell digital tokens, for which KuCoin charged a fee. The OAG was also able to deposit digital tokens into the KuCoin Earn product, for which KuCoin also charged a fee…

…Through her lawsuit, Attorney General James seeks a court order that stops KuCoin from misrepresenting that it is an exchange, prevents the company from operating in New York, and directs KuCoin to implement geo-blocking based on IP addresses and GPS location prevent KuCoin’s mobile app, website, and services from New York…

Reuters reported that cryptocurrency token Ether fell to its lowest in two months on Friday after the New York attorney general labeled it a security, bracketing it with assets such stocks and bonds and fueling fears of a wider regulator crackdown.

According to Reuters, KuCoin is one of the biggest cryptocurrency platforms in the United States. The world’s second-biggest cryptocurrency token was trading around $1,390, its lowest since January 10.

In my opinion, KuCoin could have prevented being sued by New York Attorney General James. Unfortunately, KuCoin apparently believed it could get away with selling cryptocurrency in New York without registering to do so. My best guess is that KuCoin will – eventually – face some penalties for making that decision.