17 October, 2024
Publishers prevail in lawsuit over Internet Archive's 'emergency' e-book lending
A long-running lawsuit over the Internet Archive’s “emergency” e-book lending practices during the COVID-19 pandemic has ended in a loss for the website and a victory for publishers.
The lawsuit concerned the Internet Archive’s National Emergency Library, a program it established at the beginning of the pandemic to allow wider access to some 1.3 million e-books. Previously only able to be checked out one at a time, books were later able to be “borrowed” by many people at once.
The publishers, which already had an uneasy relationship with both the Internet Archive and the digital book-lending community in general, sued soon after in June 2020. The publishers contended that going from single-user borrowing to limitless borrowing essentially turned the system from a notional library into unvarnished piracy.
For its part, the Internet Archive asserted that its use of the books fell under the fair use doctrine, and that the removal of limits was done in the public interest. Furthermore, as a nonprofit organization, the Internet Archive could have no pecuniary motivation.
The courts disagreed, and in March 2023 found the Internet Archive liable. The nonprofit and the plaintiffs reached an agreement, but the Internet Archive also attempted a long-shot appeal — which was just denied, finding that the original judgment was sound. Legally speaking, it is now essentially a matter of fact that what the Internet Archive did was unlawful.
The court ruling is a divisive decision in that the Internet Archive was seen as doing a public good by making these books available at the time, and that overly restricting digital lending may have unintended negative consequences. At the same time it’s also hard not to sympathize with the authors who found their works freely available with no remuneration and little accountability. Wired, which first published the news, has a few statements covering the ground.
As for the publishers, they’ve won the case but left few convinced of their arguments. It’s been questioned whether, as with some other forms of piracy, the Internet Archive’s practices actually hurt sales in any way. And the long-term repercussions of this case and others in the same domain are yet to be explored and may be detrimental to libraries and digital lending in general.
Rediff, once an internet pioneer in India, sells majority stake for $3M
Payments infrastructure firm Infibeam Avenues has acquired a majority 54% stake in Rediff.com for up to $3 million, a dramatic twist of fate for the 28-year-old business that was the first Indian internet firm to list on Nasdaq back in the year 2000.
Founded in 1996, Rediff rode the initial dot-com wave to become one of India’s leading web portals, offering email, news and e-commerce services. At its peak, Rediff was valued at over $600 million on the Nasdaq stock exchange. It also drove some of the largest traffic in India, climbing at least up to the 12th spot, according to brokerage house Jefferies.
The company struggled to adapt to the evolving digital landscape in the 2000s and 2010s. As social media platforms and specialized e-commerce sites gained prominence, Rediff’s broad portal model became increasingly obsolete. Despite attempts to diversify its offerings, it failed to compete effectively against more nimble rivals and eventually delisted from Nasdaq.
Infibeam said Friday that Rediff still drives more than 55 million visits each month. It plans to tap Rediff’s user base to cross-sell financial products, including loans, insurance and investment advisory.
Rediff reported $4 million in revenue in the financial year ending in March.
Chinese government hackers targeted US internet providers with zero-day exploit, researchers say
A group of hackers linked to the Chinese government used a previously unknown vulnerability in software to target U.S. internet service providers, security researchers have found.
The group known as Volt Typhoon was exploiting the zero-day flaw — meaning the software maker was unaware of it before having time to patch — in Versa Director, a piece of software made by Versa Networks, according to researchers at Black Lotus Labs, which is part of cybersecurity firm Lumen.
Versa sells software to manage network configurations, and is used by internet service providers (ISPs) and managed service providers (MSPs), which makes Versa “a critical and attractive target” for hackers, the researchers wrote in a report published on Tuesday.
This is the latest discovery of hacking activities carried out by Volt Typhoon, a group that is believed to be working for the Chinese government. The group focuses on targeting critical infrastructure, including communication and telecom networks, with the goal of causing “real-world harm” in the event of a future conflict with the United States. U.S. government officials testified earlier this year that the hackers aim to disrupt any U.S. military response in a future anticipated invasion of Taiwan.
The hackers’ goals, according to Black Lotus Labs’ researchers, were to steal and use credentials on downstream customers of the compromised corporate victims. In other words, the hackers were targeting Versa servers as crossroads where they could then pivot into other networks connected to the vulnerable Versa servers, Mike Horka, the security researcher who investigated this incident, told TechCrunch in a call.
Contact Us
Do you have more information about Volt Typhoon, or other government-sponsored hacking activities? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
“This wasn’t limited to just telecoms, but managed service providers and internet service providers,” said Horka. “These central locations that they can go after, which then provide additional access.” Horka said these internet and networking companies are targets themselves, “very likely because of the access that they could potentially provide to additional downstream customers.”
Horka said he found four victims in the United States, two ISPs, one MSP and an IT provider; and one victim outside of the U.S., an ISP in India. Black Lotus Labs did not name the victims.
Versa’s Chief Marketing Officer Dan Maier told TechCrunch in an email that the company has patched the zero-day identified by Black Lotus Labs.
“Versa confirmed the vulnerability and issued an emergency patch at that time. We have since issued a comprehensive patch and distributed this to all customers,” said Maier, adding that researchers warned the company of the flaw in late June.
Maier told TechCrunch that Versa itself was able to confirm the flaw and observe the “APT attacker” taking advantage of it.
Black Lotus Labs said it alerted the U.S. cybersecurity agency CISA of the zero-day vulnerability and the hacking campaign. On Friday, CISA added the zero-day to its list of vulnerabilities that are known to have been exploited. The agency warned that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
Chinese government hackers targeted US internet providers with zero-day exploit, researchers say
A group of hackers linked to the Chinese government used a previously unknown vulnerability in software to target U.S. internet service providers, security researchers have found.
The group known as Volt Typhoon was exploiting the zero-day flaw — meaning the software maker was unaware of it before having time to patch — in Versa Director, a piece of software made by Versa Networks, according to researchers at Black Lotus Labs, which is part of cybersecurity firm Lumen.
Versa sells software to manage network configurations, and is used by internet service providers (ISPs) and managed service providers (MSPs), which makes Versa “a critical and attractive target” for hackers, the researchers wrote in a report published on Tuesday.
This is the latest discovery of hacking activities carried out by Volt Typhoon, a group that is believed to be working for the Chinese government. The group focuses on targeting critical infrastructure, including communication and telecom networks, with the goal of causing “real-world harm” in the event of a future conflict with the United States. U.S. government officials testified earlier this year that the hackers aim to disrupt any U.S. military response in a future anticipated invasion of Taiwan.
The hackers’ goals, according to Black Lotus Labs’ researchers, were to steal and use credentials on downstream customers of the compromised corporate victims. In other words, the hackers were targeting Versa servers as crossroads where they could then pivot into other networks connected to the vulnerable Versa servers, Mike Horka, the security researcher who investigated this incident, told TechCrunch in a call.
Contact Us
Do you have more information about Volt Typhoon, or other government-sponsored hacking activities? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
“This wasn’t limited to just telecoms, but managed service providers and internet service providers,” said Horka. “These central locations that they can go after, which then provide additional access.” Horka said these internet and networking companies are targets themselves, “very likely because of the access that they could potentially provide to additional downstream customers.”
Horka said he found four victims in the United States, two ISPs, one MSP and an IT provider; and one victim outside of the U.S., an ISP in India. Black Lotus Labs did not name the victims.
Versa’s Chief Marketing Officer Dan Maier told TechCrunch in an email that the company has patched the zero-day identified by Black Lotus Labs.
“Versa confirmed the vulnerability and issued an emergency patch at that time. We have since issued a comprehensive patch and distributed this to all customers,” said Maier, adding that researchers warned the company of the flaw in late June.
Maier told TechCrunch that Versa itself was able to confirm the flaw and observe the “APT attacker” taking advantage of it.
Black Lotus Labs said it alerted the U.S. cybersecurity agency CISA of the zero-day vulnerability and the hacking campaign. On Friday, CISA added the zero-day to its list of vulnerabilities that are known to have been exploited. The agency warned that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
Rediff, once a pioneer of internet services in India, sells majority stake for $3M
Payments infrastructure firm Infibeam Avenues has acquired a majority 54% stake in Rediff.com for up to $3 million, a dramatic twist of fate for the 28-year-old business that was the first Indian internet firm to list on NASDAQ back in the year 2000.
Founded in 1996, Rediff rode the initial dot-com wave to become one of India’s leading web portals, offering email, news, and e-commerce services. At its peak, Rediff was valued at over $600 million on the Nasdaq stock exchange. It also drove some of the largest traffic in India, climbing at least up to the 12th spot, according to brokerage house Jefferies.
The company struggled to adapt to the evolving digital landscape in the 2000s and 2010s. As social media platforms and specialized e-commerce sites gained prominence, Rediff’s broad portal model became increasingly obsolete. Despite attempts to diversify its offerings, it failed to compete effectively against more nimble rivals and eventually delisted from NASDAQ.
Infibeam said Friday that Rediff still drives more than 55 million visits each month. It plans to tap Rediff’s user base to cross-sell financial products including loans, insurance and investment advisory.
Rediff reported $4M in revenue in the financial year ending in March.
Global Founders Capital will deploy Rocket Internet’s cash instead of raising a new fund
Global Founders Capital, the Berlin-based early-stage VC firm with close ties to the German startup factory Rocket Internet, is going to become the venture arm of Rocket Internet.
The VC previously raised two $1 billion funds and, just a few years ago, its name appeared in dozens of deals per year. But then, things quietened down. Now we know why: Going forward, it’ll exclusively invest from Rocket Internet’s balance sheet.
Last year Financial Times reported that Global Founders Capital was in the middle of a big strategic shift. A couple of weeks ago the VC firm reached out to TechCrunch to confirm the pivot and discuss the reasons behind the shift.
“To be transparent, there have been quite a few changes at Global Founders Capital in recent years — in terms of the structure of the fund and the composition of the team,” Global Founders Capital Partner David Sainteff (pictured above) told us.
Sainteff said the firm decided it’s not the right time to raise another fund because it’s not a great time to invest as they do not believe there are that many good opportunities that meet the firm’s criteria and that they don’t need more capital to remain competitive against other investors for deals.
Global Founders Capital was originally structured as a traditional VC firm with several limited partners participating in funds. With its first fund, it backed then-future unicorns such as Personio, Revolut and SumUp. With its second fund, the firm invested in several companies TechCrunch has also covered, such as Pennylane, Ankorstore and Seyna.
Prior to joining Global Founders Capital, seven years ago, Sainteff worked for Rocket Internet, which was an investor in Global Founders Capital from the beginning. So there have been close ties between them since the beginning.
“Following the deployment of this second fund, we decided not to raise another fund. Instead, we’ll use Rocket Internet’s capital,” he confirmed. “We have €300 million to deploy for venture investments on the balance sheet. We don’t have any fundraising planned.”
Frankly, this is a bit odd as the firm’s past performance seems quite good. According to Sainteff, the first fund is going to generate returns between 3x and 4x. “For the second fund, it’s far too early [to say],” he continued. “But we have a few clear winners like Pennylane. We entered at the pre-seed stage and the company is worth over €1 billion.”
The new strategy means Global Founders Capital is now much smaller than it used to be, with only five partners left: Fabricio Pettena, Don Stalter, Cedric Asselman, Sainteff and of course Rocket Internet co-founder and CEO Oliver Samwer.
The new version of the firm will also only focus on early-stage investments, plus the ability for follow-on investments in later rounds (Series A, B, C, etc.).
Did Global Founders Capital choose not to raise a third fund because it didn’t get enough support from potential limited partners or because of the current tech downturn compared to 2021 (with the exception of the boom in artificial intelligence)? Probably the decision hinged on a bit of both.
“It wasn’t the best moment to raise funds with [limited partners],” Sainteff told us. “We think it was difficult to have the imperative to deploy capital.”
“It’s an easy decision to make when you have €300 million in the bank,” he added. “If other VC firms were in the same boat, they would have made the same decision. We don’t rule out the possibility to raise a fund when the conditions are right and favorable.”
For now, the pivot reverses much of the fund’s earlier expansion, when it scaled into more geographies, tech areas and funding stages and the Global Founders Capital name was attached to a bunch of deals.