Software Wars Slings And Arrows, Cease And Desist

David Busby WeedTraQR says BioTrackTHC hacked his rival software system in the latest compliance software skirmish.

WASHINGTON: MJ News Network has been reporting on the ongoing software wars between participants in the cannabis compliance, or so called “traceability” or “seed to sale” software arena.

Last week we reported on widespread accusations in social media that the official LCB portal, whose use is mandated for all licensees, contained security flaws — a charge the LCB flatly denied.

This week, following a meeting of the Marijuana Business Association in Seattle, MJ News Network was contacted by WeedTraqr, with accusations that BioTrackTHC, the author of the official LCB software, of “hacking” their system in a blog post on the company site. After attorneys for BioTrackTHC contacted WeedTraqr, the accusatory post was removed, but WeedTraQR’s Eric Ogden remains defiant:

Hi David, …so last night after MJBA BioTrackTHC tried to hack WeedTraQR. David [Busby] wrote a blog about this… We only have a couple hundred followers on our FB page and I was hoping you might share or at least ‘like’ our blog post… Check it out! Thanks! Eric
checking it out now.

They sent a cease and desist letter about 20 minutes ago claiming we are libelous! …we have documented proof of their hack attempt…
I read your blog.

before we had to pull it?
what will you do about the “cease and desist” demand from BioTrackTHC?

They faxed a letter from their attorney in FLA claiming our blog was libelous and demanding a cease and desist.

so we pulled the blog and posted a public response with documentation of the hack

We’ll get an attorney to respond. It’s not libelous if it’s true and we have proof

Attorney recommendation?
Chat Conversation End
MJ News Network contacted BioTrackTHC’s COO Patrick Vo, who passed along a copy of the response that he sent to WeedTraQR management:

WeedTraQR Management,

If you feel that you have been the victim of an internet crime, BioTrackTHC strongly advises that you contact the FBI’s Seattle office at 206-622-0460 so that the authorities can get involved and get to the bottom of this and so you can leave BioTrackTHC out of your problems. 

The information that you have provided thus far suggests that the attack came from Seattle by a user using the Google Chrome browser on a Mac OSX operating system.  TJ Ferraro is in Fort Lauderdale and uses the FireFox browser on Linux Slackware.  On top of that, to think that TJ would use his @biotrackthc email address in an attack is laughable.  It appears that your site allows anyone, even a six-year-old in another country, to sign-up with any email address they choose without an email verification process. 

We can assure you that BioTrackTHC was in no way involved in any attempted “hack”, and your continued baseless insinuations will not be tolerated and legal remedies will be pursued to the fullest extent possible.  


  1. says

    It seems our posting was not clear to all of our readers, so I will make this clear.

    Someone attempted to sign-up for our system using an email in the domain. Right after sign-up our system processes new users through a wizard. During this process some XSS style data was entered into the form fields on this wizard.

    Our blog post was about how we trapped this suspect activity before any threat was posed to the WeedTraQR system or our clients data.

    Eric’s casual SMS messages to David Rheins are not the official position of WeedTraQR and we were not asked to provide any on-the-record comments for this article.

    BioTrackTHC sent us two C&Ds via email (above is the 2nd), each with only minutes to respond to their demand deadlines. We’ve updated our post so it’s even more clear what happened. It was a funny situation that someone tried suspect activity on our system using a well-known email address from a another vendor. We were/are proud of our system for catching it.

    You can read here where BIoTrackTHC claims that “a six-year-old in another country” could successfully sign up for our product:

    Which is absolutely not true.

    Furthermore, we can confirm the non-enforcement of SSL connectivity issues that were reported by VeridianSciences. And cheers to them for pointing out this critical flaw. We noticed the fix on Jan 14, we tweeted about it –

    There are a other security issues with this LCB system which we are attempting to address through official channels.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>