Mistakes that betrayed anonymity of former DEA agent and Silk Road investigator

Mistakes that betrayed anonymity of former DEA agent and Silk Road investigator

Wow, just wow; it might be weird to suggest a 95-page criminal complaint (pdf) is good read, but you might feel like you watched some cybercrime drama show after reading about the scheming and alleged crimes of a former DEA Special Agent and a former U.S. Secret Service Special Agent who were part of the Silk Road and Ross Ulbricht, aka Dread Pirate Roberts, investigation.

Instead of writing “alleged” 50 times to describe one of the scumbags completely corrupt agents, just assume all of this describes mere allegations. Additionally, some italics were added to emphasize specific points.

Former DEA Special Agent Carl Force made numerous mistakes – other than the whole huge bitcoin theft and other alleged crimes which had him charged with “wire fraud, theft of government property, money laundering and conflict of interest” by the DOJ. Here are a few of Force’s mistakes that betrayed his anonymity, mistakes that jumped out from the criminal complaint (pdf), although Special Agent Tigran Gambaryan IRS Criminal Investigations spelled out many more.

DEA’s Force, using the alias Nob to communication with Dread Pirate Roberts (DPR), “repeatedly emphasized” the need for DPR to use PGP (pretty good privacy) encryption for all their communications. That might have helped convince DPR that Nob was a credible “criminal,” but Force’s official case file did not contain any private PGP keys or passwords that were needed to decrypt the encrypted communications between the two. Force also did not give the PGP keys to the any of the pack of law enforcement agencies involved in Silk Road investigations to help them build decipherable, admissible evidence.

“Nob” (aka Force) told DPR that he had access to “Kevin,” a corrupt government employee. Nob used this scenario with fake insider info to get DPR to pay him twice in bitcoins equaling about $90,000. The point is less about him “wrongfully” depositing “substantial portions of both payments into his own” personal CampBX and later Bitstamp accounts and more about a mistake.

Force of course denied making off with a fortune in bitcoins, claiming 400 of them were “at the DEA” and that he never received a 525 bitcoin payment. But he left a note to himself in a saved drafts folder in one of his personal email accounts; it referenced “two transfers of bitcoin payments from DPR.” The complaint states, “In other words, Force’s own saved email note indicates there was a payment from DPR on August 4, 2013.”

Besides the alias of “Nob,” Force communicated with DPR as “French Maid” and made off with another $100,000 in bitcoins that DPR paid to learn what name Mt. Gox CEO Mark Karpeles had supposedly given to the cops. That whole scenario is a good read, but regarding Force’s mistakes that potentially blew his anonymity…the complaint references “pieces of circumstantial evidence” which “prove that Force is ‘French Maid’.”

Both “French Maid” and Force (operating as “Nob”) used the exact same brand of PGP software, a free brand called GnuPG. There are different brands of PGP software so it is noteworthy that both Force (operating as “Nob”) and “French Main” used the same brand. Not only did Force and “French Maid” both use the same brand of PGP software, they also both used the same outdated version of that software, 1.4.12. Version 1.4.12 was released on January 2012, and was replaced with a new version by December 2012, and was one of several versions of GnuPG software. As such, both “French Maid” and Force (as Nob) were using the specific, older version of the GnuPG software, and neither of them replaced it with the other (free) version of GnuPG that came out thereafter.

After talking with another fed involved in undercover investigations involving TOR users, the complaint explains that the PGP version was outdated by the time “French Maid” used it in August 2013 to communication with DPR. “This is not akin, for example, to two people using the same model of mobile phone but both having software that is out of date. Rather, the outdated version that both ‘French Maid’ and Force (as Nob) used is more of a ‘signature’ given the greater number of versions available.”

There are also additional similarities between Force’s (Nob’s) and “French Maid’s” PGP patterns. Both “Nob” and “French Maid” left certain default settings on their PGP software. For one thing, both “French Maid” and Force (Nob) left a “tag” that appeared on every message authored from their PGP key revealing the brand and version of PGP software they were using. This is akin to, for example, leaving the phrase “sent from my iPhone” on the bottom of one’s emails but with greater detail: it would be akin to leaving a phrase like “sent from my iPhone 6 iOS 8.0.1.” Leaving this “tag” on typically reveals that one is dealing with a fairly inexperienced user of PGP, because someone that regularly uses PGP to communicate would normally have changed their settings to omit this tag.

After all, the entire point behind PGP software is anonymity, so if a user leaves the brand, version, bit and release data of software on a message this is revealing something about the sender and undermines the goal of remaining 100% anonymous. One of the first things many PGP forums or regular users of PGP software instruct is that a user disable this feature. Moreover, PGP offers choices of 1024, 2048, 3072 or 4096 bit encryption keys, with the higher keys giving greater protection. Many of the regular PGP users that were active on Silk Road chose the 4096 bit keys because of the additional protection the larger key provided. Here both Force (as Nob) and “French Maid” used the 2048 bit default encryption key.

Microsoft served with search warrant for former DEA’s Outlook email account

Since this is Microsoft Subnet, here’s a reference to the big M in the portion of the complaint dealing with Force. He was listed a Compliance Officer for CoinMKT, despite the conflict of interest as he also worked as a DEA agent. In fact, he offered to misuse a government database to run criminal queries for CoinMKT. He was ironically listed as a “compliance extraordinaire” and the “primary anti-money laundering contact;” he thought of himself as a core member of the CoinMKT team. The complaint quotes snippets of communications and lists numerous shady dealings initiated by Force, even though the CoinMKT CEO suggested it might be a conflict of interest.

Yet it serves as a potent reminder that just because you deleted an email that could come back to bite you, doesn’t mean the other party did. During the fed’s investigation into Force, Microsoft was served with a search warrant for Force’s personal emails in his Outlook account. Some of the quoted snippets of emailed communications that CoinMKT provided didn’t match up the emails stored in Force’s Outlook account.

“The FBI has conferred with Microsoft about this issue, and was advised that all emails from Force’s personal email were provided and that any emails that were missing likely meant that the user had deleted those emails.” The complaint added, “In other words, it appears to me that Force may have selectively deleted certain inculpatory emails between himself and CoinMKT.”

Of course Force used his government email account when he served an administrative subpoena on CoinMKT, but that leads to a whole CC’d (carbon copied) email mess.

Comment about NSA snooping resulted in Bitstamp block

There’s plenty more and we could turn it into soap opera episode for technically smart people; at one point of bitcoin scheming that triggered a Bitstamp Know Your Customer (KYC) check and then a complete block on Force’s account, Force sent an online support ticket to Bitstamp trying to explain why he used Tor to access his account.

Force wrote, “I utilize TOR for privacy. Don’t particularly want NSA looking over my shoulder :)”

The complaint stated, “The following day, a member of Bitstamp’s management learned of Force’s comments and thought it was strange that a government official would make such a statement. Force’s account was blocked again.”

Perhaps we’ll look at more tomorrow as the rest of the world may be filled with April Fool’s tricks.

This article was written by Ms. Smith from NetworkWorld and was legally licensed through the NewsCred publisher network.

SGS says Chris Kirk to step down as CEO

Gulshan Rai to take charge as Cyber Security chief on Wednesday

NEW DELHI: Gulshan Rai, the Director General of Indian Computer Emergency Response Team (Cert-In), will take over as India’s first Cyber Security chief tomorrow.

Rai, who also heads the eSecurity and Cyber Law division in the Ministry of Communications and Information Technology, has been involved in various capacities regarding cyber security for over two decades. He is part of the Department of Electronics and IT ( DeitY).

“Rai will take over as Cyber Security chief under the Prime Minister’s Office as Special Secretary from April 1,” a government official said.

His long experience with cyber security, e-Governance, legal framework and the Information Technology Act made him an ideal candidate for the top job, the official added.

Rai’s appointment comes at a time when cyber security assumes importance in the backdrop of growing network intrusions and hacking attempts on not just businesses but also on the government.

According to government data, more than 700 government websites that are hosted under ‘gov.in’ and ‘nic.in’ domains have been hacked by cyber criminals since 2012.

As per CERT-In, 371, 189, 155 and 13 government websites were hacked during the year 2012, 2013, 2014 and 2015 (January), respectively.

During the Budget Session last month, Home Minister Rajnath Singh had said an experts committee was set up to suggest ways and means to strengthen cyber security and was likely to submit its report within three months.

This article was from The Economic Times, India and was legally licensed through the NewsCred publisher network.

British Airways Frequent Flyer Program Grounded

British Airways Frequent Flyer Program Grounded

British Airways recently acknowledged that they suffered a security breach impacting their frequent flyer program. This is yet another security breach to impacted loyalty program systems. Earlier this year both American Airlines and United Airlines suffered security breaches where user accounts were compromised by criminals using stolen account credentials.

Loyalty programs may seem to be unusual targets for criminals as they often don’t hold credit card or other financial information. However, what is often overlooked is that not only do loyalty programs contain a large amount of personal data, data which could be used for later spear-phishing or identity theft attacks, the points earned by users can be used to purchase tickets, trips and other rewards. So in effect the points in those accounts has real value.

Late last year Europol conducted an operation which led to the arrest of 118 individuals in 45 different countries. According the International Air Transport Association airlines face over US$1 Billion every year due to fraudulent ticket transactions. While many of these fraudulent transactions are due to compromised credit cards, the use of stolen air miles may also contribute.

A spokesperson for British Airways says the breach impacted

padding-left: 30px;“a small number of frequent-flyer executive club accounts. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts.”

The spokesperson also stated that British Airways is not

padding-left: 30px;“aware of any access to any subsequent information pages within accounts, including travel histories or payment-card details.”

Affected customers have had their accounts frozen and will be unable to use their reward points until the system is restored to normal.

Reading between the lines from the above British Airways statement it appears the breach was due to log-in credentials gleaned from elsewhere on the Internet and used to log into the British Airways site.  The most likely scenario being the affected frequent flyer club members used the same login credentials across multiple systems. One of those systems was compromised allowing criminals to access any of the other systems which shared those credentials.

While we can lament and scold users for this insecure practise we should not lay all the blame solely at their feet. When I heard about the breach I decided to visit the British Airways site and register for their frequent flyers’ club to see how robust their password management was.

Below is the screenshot I got when I tried to use a secure password, one which uses a mixture of upper case and lower case letters, numerals and some special characters.

British Airways Password Requirements

As you can see the website has rejected my secure password and I have to downgrade the password to one that uses only upper and lower case letters and numerics. Of course, allowing users to employ a secure password still does not protect them should they re-use that secure password across multiple sites. However, it does raise the security bar for that website or system and helps reinforce good security practises amongst users.

Companies and websites that do not employ secure authentication systems simply help promote lax security amongst their users as many will use simple and easy to remember passwords. There are a number of additional measures websites could employ to increase the security of their users’ data such as employing geo-location profiling, device profiling for users’ systems, or employ a mobile phone based two factor authentication method similar to the ones used by sites such as  Twitter, Facebook, and Gmail.

Breaches like this are also a timely prompt for security officers to review the security of their websites and systems to determine how effective their authentication mechanisms are, particularly any Internet facing system. In addition, its a reminder that if users are reusing passwords across multiple systems it is likely they could be reusing those same passwords on corporate systems too.

These types of breaches are also excellent real life examples to include in security awareness programs as they can personalise the key messages to the users. Many users may be members of various loyally schemes be that for their airlines, hotels, or even shopping. Highlighting how the weak passwords and the re-use of passwords across many systems could lead to them losing their hard earned loyalty points could prompt them to rethink how they manage their passwords. Which in turn should help them practise secure password management in the enterprise.

Good security is not the responsibility of any one party. Rather users, vendors, and companies all need to ensure they take appropriate security measures, otherwise  security will never take off.

This article was written by Brian Honan from CSO and was legally licensed through the NewsCred publisher network.

Internet activists blame China for cyber-attack that brought down GitHub

Internet activists blame China for cyber-attack that brought down GitHub

Activists battling internet censorship in China said Monday they had proof a massive online assault on their websites had been coordinated by the Chinese authorities.

In recent days, popular coding service GitHub faced a massive denial of service (DDoS) attack – an online attack aimed at bringing down a service by overloading it with fake traffic.

The attack started last Thursday and targeted two GitHub projects designed to combat censorship in China: GreatFire and CN-NYTimes, a Chinese language version of the New York Times.

In a statement on the GreatFire.org blog, an activist identified as “Charlie” wrote: “On March 17th 2015, our websites and partner websites came under a DDoS attack. We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cybersecurity and economic threat for the people of China.”

After consulting with independent researchers and the internet community, GreatFire claims to have established that the attack was made by hijacking the account of millions of global internet users, inside and outside China.

Those users received malicious code which was then used to launch cyber-attacks against GreatFire.org’s websites. Among the users targeted were customers of Baidu, which offers a Chinese search engine and a Wikipedia-like service, and is one of China’s largest internet companies.

According to GreatFire, Baidu’s Analytics code – a service that tracks and reports website traffic – was one of the files replaced by malicious code. Baidu Analytics is used by thousands of websites.

GreatFire released a research report titled “Using Baidu to steer millions of computers to launch denial of service attacks” to back up its claims.

Baidu had previously told the Wall Street Journal that it wasn’t involved in the attack and its systems had not been infiltrated. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” it said in a statement.

This article originally appeared on guardian.co.uk

This article was written by Dominic Rushe from The Guardian and was legally licensed through the NewsCred publisher network.

Carnegie Mellon University is apologizing to 800 applicants after it erroneously sent them emails offering them places in its elite computer studies program

China suspected as software site GitHub hit by attack

The software collaboration website GitHub said Monday it was fighting off a cyber attack since late last week, and security analysts said the effort appeared to originate in China.

A US website described as “the world’s largest code host,” GitHub said it first noticed the so-called distributed denial of service (DDoS) attack Thursday, with intermittent disruptions over the past few days.

On Monday, GitHub said the attack “has evolved” and that it was working to mitigate the flood of requests which appear to be aimed at shutting its down.

GitHub said it believes “the intent of this attack is to convince us to remove a specific class of content.”

Some security specialists went further, saying it appears to be an attempt to block the use of anti-censorship tools in China.

The security firm Insight Labs noted that massive amounts of traffic from the large Chinese search engine Baidu were “hijacked” in the attack on GitHub.

“Even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech,” the security firm said.

Online security specialist Alan Woodward of the University of Surrey said on Twitter that the attack “seems to be coming from China aimed at pages censored — is this same as http://greatfire.org attack.”

Woodward was referring to the Chinese activist group GreatFire, which operates websites that circumvent the country’s censorship, and whose online service came under attack this month.

GreatFire allows residents of China to circumvent the so-called “Great Firewall” that censors much content from the West, by providing “mirror” websites of those which are blocked by censors.

Researchers said the GitHub attack appeared to be aimed at knocking out censored sites including the Chinese edition of the New York Times and GreatFire.

Security researcher Richard Bejtlich blamed the Chinese government for the attacks.

“Even if somehow this is not a state-executed or state-ordered attack, according to the spectrum of state responsibility, the Chinese government is clearly responsible in one form or another,” Bejtlich said in a blog post.

This article was from Agence France Presse and was legally licensed through the NewsCred publisher network.

Security crashes the boardroom party

Security crashes the boardroom party

This will be the year when cybersecurity concerns crash the boardroom party and take a seat at the head of the table. The aftershocks of significant data breaches at Anthem, Sony, Home Depot, eBay, JPMorgan Chase, Target and many more have caused headline-grabbing business upheavals that worry customers, affect profit margins and derail corporate careers.

This sharpening of cybersecurity focus has forced corporate boards to have conversations they once considered too technical and back-office-oriented. Now it’s all about business risk assessment, not firewalls or data loss prevention tools. How prepared are you to have these discussions with the CEO and the board of directors? What are the most important questions you should be ready to answer? Here are a few to consider:

  • What actions are we taking to protect the company from the high risks associated with cybersecurity incidents?
  • What is our specific plan to address cybersecurity across our business? Are our employees properly updated and trained?
  • If (or more likely when) a breach occurs, what is our response plan? (Internal and external.)
  • Do we have the right security talent on board? Are we structured properly to avoid (or reduce the impact of) a breach?
  • Have we quantified our risk exposure? (Both hard costs and soft?)

In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?

Should chief security officers report to CEOs instead of CIOs? Our own research–the annual Global State of Information Security Survey conducted by CSO, CIO and PricewaterhouseCoopers–suggests that they should. Our survey of more than 9,000 respondents worldwide found that companies with CSOs reporting directly to CEOs or boards had notably less downtime and smaller financial losses after cybersecurity incidents.

Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?

What are you waiting for?

This article was written by Michael Friedenberg from CIO and was legally licensed through the NewsCred publisher network.

ICT users must be encouraged to protect data, network integrity: Information Technology Authority CEO

ICT users must be encouraged to protect data, network integrity: Information Technology Authority CEO

Muscat: Cooperation between governments and the private sector and all users of ICT must be encouraged in order to determine the best way to protect data and network integrity, considering the current and potential dangers that threaten information and communication technology, said Dr. Salim Sultan Al Ruzaiqi, CEO of the Information Technology Authority (ITA).

He was speaking at the International Telecommunication Union’s (ITU) Arab Regional Cyber Security Center which opened on Sunday the forth Regional Cyber Security Summit at the Al Bustan Palace – a Ritz-Carlton Hotel Muscat under the auspices of His Highness Sayyid Taimur bin As’ad Al Said, Assistant Secretary General for International Relations, the Research Council and in presence of Their Excellencies, key government officials, CEOs and other experts in the areas of information communication technology from countries around the world.

Hosted by the Information Technology Authority’s (ITA) Oman’s National (CERT) in cooperation with Bluekaizen, the two day summit from 29th to 30th March, 2015 comes this year under the theme of “Towards the Future of Cyberattacks” and witnesses over 35 international keynote speakers to discuss the impact of the current and future cyber-attacks.

In his welcoming address at the Summit, Dr. Salim Sultan Al Ruzaiqi, CEO of the Information Technology Authority (ITA) emphasized the importance of this year’s theme “The Future of Cybersecurity Attacks” in a rapidly increasing concern over the recent cyberattacks which caused various economic and political damages to many counties.

Dr. Al Ruzaiqi continued noting some eye-opening statistics in the regional arena in general and the Arab region in the use of information technology and communications, saying: “Statistics show Cybercrimes cost the world’s economy around 445 Billion Dollar every year and 150 Billion Dollar for the loss of personal information such as stolen credit card information. Kaspersky Antivirus Company said in a recent report that the company was able to defect 6.2 billion viruses on the PCs and smartphones for users in 2014. This is an extra of 1 Billion attacks from the number of attacks in 2013.  As for the future of the cyberattacks, Ponemon specialized institute reports that fake currencies, big data analysis, payments through smart phones and the internet of things will dominate the risks of those attacks.”

On behalf of the ITU, Mr. Luc Dandurand, Head of the ICT Applications and Cybersecurity Division, praised the development information technology and communications (ICT) sector in the Sultanate and the attention allocated to cyber security in particular. He also gave thanks to the Sultanate for the continued support and attention to international cyber security, which has culminated in the Sultanate hosting the first Regional Cyber Security Centre, represented by the Information Technology Authority. He also spoke about the importance of alliances among international and regional groups to address the threats and risks to the ICT sector.

With the Summit underway, Eng. Badr Al Salehi Chairperson of the Summit sessions, gave an overview of the relevant workshops which address the challenges and security threats. He also highlighted the issue of security and the risks of the electronic world, facing a growing number of security threats in a manner requiring the coordination of efforts between the countries in the region and the exchange of information and experiences, in order to meet those threats.
 
A host of industry experts are present and speaking at the Summit, sitting for lively interactive panel discussions. Session One’s panel addressed cybersecurity and tomorrow’s technologies. Session Two presented the current and future international cooperation. Session Three addressed the challenges and measures of the cybersecurity across the world.

© Muscat Press and Publishing House SAOC 2015 Provided by SyndiGate Media Inc. (Syndigate.info).

This article was written by Times News Service from Times of Oman and was legally licensed through the NewsCred publisher network.

IT students at UAEU develop popular Android security app

IT students at UAEU develop popular Android security app

Mohammed Al Matrooshi and Saeed Al Bairaq, released a mobile cyber-security application called ‘Packet Generator’ on Google Play as part of their senior graduation project.

Dubai — Two College of Information Technology (CIT) graduates from the United Arab Emirates University (UAEU), Mohammed Al Matrooshi and Saeed Al Bairaq, released a mobile cyber-security application called ‘Packet Generator’ on Google Play as part of their senior graduation project. This project was supervised by Dr Zouheir Trabelsi.

Their application can be used to test the efficiency of firewalls, and intrusion detection systems. This application has a useful educational value as it allows users to generate different kinds of network traffic and learn about denial of service threats. According to the Google Play Store the application has been downloaded more than 8,000 times in about one year and has generated a user rating of 3.75.

Mohammed Al Matrooshi and Saeed Al Bairaq released a mobile cyber-security application called ‘Packet Generator’ on Google Play as part of their senior graduation project. This project was supervised by Dr Zouheir Trabelsi.

The students’ idea came from recognising the demand for efficient and easy-to-use mobile security tools that test the resilience of network and security devices against common network attacks.

There is also a demand for educational apps that can be used with mobile devices. Over the last decade the use of mobile devices for both personal and business purposes has increased exponentially with the arrival of smart devices (Google-Android-based smartphones and tablets) and a boom in mobile applications (apps). Mobile devices have become powerful general-purpose computing platforms. In the academic environment more and more students are using mobile devices for academic and research activities. As mobile devices grow in popularity with students, novel educational activities and tools, as well as learning approaches, can be developed to make use of mobile devices.

This app is designed for networking and security professionals to test the resilience of their network and security devices against malicious attacks. In addition, the app can be used by educators to teach students how to perform ethical hacking attacks and generate specific network traffic.

Professor Mohamed Albaili, deputy vice-chancellor for Academic Affairs, commended the students on their achievement and stressed that UAEU encourages innovation and imaginative thinking.

Dr Trabelsi and his students are planning to develop an extended version of the app to include other types of network attacks not covered by the current version.

Copyright © 2015 Khaleej Times. All Rights Reserved. Provided by SyndiGate Media Inc. (Syndigate.info).

This article was from Khaleej Times and was legally licensed through the NewsCred publisher network.

A picture of Saudi blogger Raif Badawi  is seen between others photos of prisoners in Saudi Arabia during a demonstration for his release from jail outside Embassy of Saudi Arabia in Mexico City

Saudi blogger Badawi views survival of 50 lashes as miracle: magazine

BERLIN (Reuters) – Jailed Saudi blogger Raif Badawi described in his first letter from prison how he “miraculously survived 50 lashes” as part of a conviction that sparked an international outcry, according to German weekly Der Spiegel in a report to be published on Saturday.

Badawi was arrested in 2012 for offences including insulting Islam, cyber crime and disobeying his father, which is a crime in Saudi Arabia. He was sentenced last year to 10 years in jail, a fine of 1 million riyals (US$266,000) and 1,000 lashes.

In his letter, Badawi recalled how he received the first round of lashes in January when he was surrounded by a cheering crowd that yelled “Allahu akbar”, according to Der Spiegel.

“All this cruel suffering happened to me only because I expressed my opinion,” Badawi was quoted as writing in what the magazine said was his first letter since being jailed.

“He’s in a poor condition,” the magazine quoted his wife Ensaf Haidar as saying, adding that her husband suffered from high blood pressure and that he was mentally very stressed.

Badawi’s letter is part of a book titled “1,000 Lashes: Why I Say What I Think” due to be published in Germany on April 1. Der Spiegel reported that the German government has warned against publication of the book because it could put the blogger’s life at risk.

A German diplomat told Reuters when asked about the report that Badawi was free to publish in Germany whatever he liked. But, she added, “The ministry cannot predict the consequences of such a publication for him.”

Publisher Siv Bublitz from Ullstein Buchverlage said in a statement on Friday that the company had “confidential contacts” with the German government regarding the Badawi book project.

“At no time we have felt that the exchange was an attempt by the foreign ministry to prevent our publication or to complicate it,” Bublitz said.

Human rights groups and several western governments have called on Riyadh to cancel the sentence of 1,000 lashes.

Earlier this month, Germany’s economy minister and vice chancellor Sigmar Gabriel said during a visit in Riyadh that he had discussed human rights issues in Saudi Arabia and suggested a pardon for Badawi.

(Reporting by Michael Nienaber; Editing by Toni Reinhold)

This article was written by Michael Nienaber from Reuters and was legally licensed through the NewsCred publisher network.

Francis Boucher accusé de trois nouveaux chefs

Francis Boucher charged after leaving jail

MONTREAL – Francis Boucher is facing three new charges after surrendering to authorities following several days on the lam.

The son of former Hells Angels boss Maurice (Mom) Boucher was charged this afternoon with identity theft, escaping lawful custody and being unlawfully at large.

He walked out of Montreal’s Bordeaux jail on Monday while serving a four-month sentence for uttering death threats against police officers.

His lawyer said today he believes his client left the institution after his name was called out instead of that of another inmate named Boucher.

The 39-year-old Boucher will remain in detention pending a bail hearing on Monday.

He was previously sentenced to 10 years behind bars for gangsterism, conspiracy to commit murder and drug-trafficking.

This article was written by The Canadian Press from The Canadian Press and was legally licensed through the NewsCred publisher network.