Another ex-eBay exec admits cyberstalking web souk critics

David Harville is seventh to cop to harassment campaign

David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.

Harville is the last of seven former eBay employees/contractors charged by the US Justice Department to have admitted participating in a 2019 cyberstalking campaign to silence Ina and David Steiner, who publish the web newsletter and website EcommerceBytes.

Former eBay employees/contractors Philip Cooke, Brian Gilbert, Stephanie Popp, Veronica Zea, and Stephanie Stockwell previously pleaded guilty. Cooke last July was sentenced to 18 months behind bars. Gilbert, Popp, Zea and Stockwell are currently awaiting sentencing.

Last month, James Baugh, eBay’s former senior director of global security, pleaded guilty to nine felony counts.

The Steiners had reported critically on eBay, to the dissatisfaction of the internet tat bazaar's executives. eBay's leaders allegedly made their displeasure known. And then, according to court documents, Baugh, Harville, and the others proceeded to stalk and harass the Steiners online and offline in an effort to silence them.

The former eBay employees/contractors are alleged to have sent the Steiners live insects, the severed head of a fetal pig, a funeral wreath, a pig's head mask, and a book about coping with the loss of a spouse, among other things.

Harville pleaded guilty [PDF] to five felony counts related to interstate stalking; as part of the plea deal, the US Attorney handling the case agreed to dismiss charges of witness tampering or destruction of records. Each of the five felony counts carries a maximum penalty of five years.

The Steiners are pursuing a civil complaint [PDF] that was filed last July in Massachusetts, USA. They've named as defendants not only the seven former eBay employees who have pleaded guilty, but former executives not charged by the government, including Devin Wenig, former CEO of eBay, Steven Wymer, former SVP and chief communications officer of eBay, security contractor Progressive FORCE Concepts, LLC (PFC), and eBay itself.

The Steiners's complaint alleges that eBay's CEO and comms chief gave at least seven members of eBay's security staff free rein to shut down their publication:

eBay, through its Chief Executive leadership, sent a directive and enlisted at least seven members of the eBay security staff – Defendants James Baugh, David Harville, Brian Gilbert, Stephanie Popp, Stephanie Stockwell, Philip Cooke, and Veronica Zea, an eBay contractor employed by PFC, most of whom, on information and belief directly or indirectly reported to eBay’s Head of Security and Operations – to deal with the Steiners.

Defendants Wenig and Wymer provided the other Defendants with carte blanche authority to terminate the reporting of the Steiners by whatever means necessary, with Defendant Wymer expressing '…I want to see ashes. As long as it takes. Whatever it takes.'

eBay in a statement issued following the Justice Department charges in 2020 said its internal investigation "found that, while Mr Wenig’s communications were inappropriate, there was no evidence that he knew in advance about or authorized the actions that were later directed toward the blogger and her husband."

eBay cyberstalking victims sue web giant


Wenig reportedly resigned in September 2019, ostensibly over disagreements with the eBay board of directors, and Wymer was fired that same month in relation to eBay's internal investigation.

The Steiners's complaint contends that Wenig's employment "was terminated by eBay" and it notes that he "departed eBay with a $57m severance package."

In light of Baugh's guilty plea, the Massachusetts court extended the deadline for the plaintiffs to respond to the opposing counsel's motion to dismiss the case to May 23, 2022. Harville's plea looks likely to figure into the eventual opposition motion, too.

Neither Wenig nor Wymer were charged by the Justice Department in relation to the harassment campaign against the Steiners and both in statements to the press have denied endorsing criminal activity. ®

Other stories you might like

  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • America edges closer to a federal data privacy law, not that anyone can agree on it
    What do we want? Safeguards on information! How do we want it? Er, someone help!

    American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form.

    The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce.

    Therein, legislators and various concerned parties opined on the American Data Privacy and Protection Act (ADPPA) [PDF], proposed by Senator Roger Wicker (R-MS) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA).

    Continue reading
  • Europol arrests nine suspected of stealing 'several million' euros via phishing
    Victims lured into handing over online banking logins, police say

    Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.

    The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross-border operation.

    On Tuesday, after searching 24 houses in the Netherlands, officers cuffed eight men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse, and a 25-year-old woman from Deventer. We're told the cops seized, among other things, a firearm, designer clothing, expensive watches, and tens of thousands of euros.

    Continue reading

Biting the hand that feeds IT © 1998–2022