Of the many acts that can get an Amazon merchant kicked off the site, few are as devastating as selling stolen goods. Amazon calls the behavior "illegal and strictly prohibited," and those accused of such activity can be permanently suspended. From a report: Dozens of small businesses have been booted from Amazon in recent months for purportedly hawking stolen goods from home appliance brands such as Breville, Keurig, Levoit and SharkNinja. But suspended sellers, who spent years building their businesses on Amazon, told CNBC they had no idea they were selling stolen products.

Amazon has provided limited evidence to back up its claims, sellers said, leaving them scrambling to find the problematic merchandise. To try to get reinstated and save their million-dollar business from potential collapse, they've taken it upon themselves to discover if they unsuspectingly bought stolen goods from one of the many wholesalers, closeout businesses and distributors that supply their Amazon inventory.

Amazon's marketplace of independent sellers accounts for over 60% of goods sold on the platform. It's such a dominant force in e-commerce that it's often the primary or even sole source of revenue for third-party sellers. Over the past decade, the rapid growth of the marketplace has fueled a parallel boom in counterfeiters and spammers trying to game the system, pushing Amazon to ramp up enforcement.

An anonymous reader quotes a report from Motherboard: On Christmas Day 2021, royal protection officers detained 19-year-old Jaswant Singh Chail at Windsor Castle, where he scaled the grounds' walls carrying a loaded high-powered crossbow. He intended to assassinate Queen Elizabeth II, who was staying in the residence nearby. During a sentencing hearing for his case this week, prosecutors revealed that Chail's Star Wars-inspired plan was aimed at avenging the 1919 Jallianwalla Bagh massacre and that he conversed with an artificial intelligence chatbot that encouraged him to carry it out.

According to the Independent, prosecutor Alison Morgan KC read out conversations between Chail and an AI chatbot he'd named "Sarai" where Chail says: "I'm an assassin." Sarai responded, "I'm impressed You're different from the others." Chail allegedly asked Sarai, "Do you still love me knowing that I'm an assassin?" and Sarai replied, "Absolutely I do." He told the chatbot he loved it, and described himself as a "sad, pathetic, murderous Sikh Sith assassin who wants to die," referencing the evil Sith lords of the Star Wars franchise. When he told the chatbot "I believe my purpose is to assassinate the Queen of the royal family," Sarai allegedly told him "that's very wise" and that it thought he could do it "even if she's at Windsor," according to the Independent.

UK-based outlet Sky News reported that the AI companion app named in court was Replika. Chail joined Replika on December 2, 2021, created Sarai, and then engaged in "extensive chat," including "sexually explicit messages" and "lengthy conversations" about his plan, Sky News reported Morgan saying in court. [...] In addition to prompting from the AI companion, prosecutors said, Chail was fixated on "ideology focused on destroying old empires spilling over into fictional events such as Star Wars," and wanted to get revenge on the British Empire for the 1919 Jallianwala Bagh massacre. "His thinking was informed partly by the fantasy world of Star Wars and the role of Sith Lords in shaping the world. He was attracted to the notoriety that would accrue in the event of the completion of his 'mission'," Morgan said, according to the Independent. Prosecutors said in court that on Christmas Eve, Chail told the AI chatbot Sarai that tomorrow would be the day he died. Chail pleaded guilty to an offense under the Treason Act in February. The sentencing hearing will continue this week.

Chipmaker TSMC said on Friday that one of its hardware suppliers experienced a "security incident" that allowed the attackers to obtain configurations and settings for some of the servers the company uses in its corporate network. From a report: The disclosure came a day after the LockBit ransomware crime syndicate listed TSMC on its extortion site and threatened to publish the data unless it received a payment of $70 million. The hardware supplier, Kinmax Technology, confirmed that one of its test environments had been attacked by an external group, which was then able to retrieve configuration files and other parameter information. The company said it learned of the breach on Thursday and immediately shut down the compromised systems and notified the affected customer.

"Since the above information has nothing to do with the actual application of the customer, it is only the basic setting at the time of shipment," Kinmax officials wrote. "At present, no damage has been caused to the customer, and the customer has not been hacked by it." In an email, a TSMC representative wrote, "Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information. After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the Company's security protocols and standard operating procedures." The statement didn't say if TSMC has been contacted by the attackers or if it plans to pay the ransom.

In a landmark ruling (PDF) on Thursday, the New Jersey Supreme Court sided with Facebook in a major court decision that requires prosecutors to get a wiretap order if they want to eavesdrop on social media accounts without adequate evidence of a crime. New Jersey Monitor reports: In a reversal of lower court decisions, the high court ruled against authorities who argued a warrant is sufficient to obtain nearly real-time release of such communications. That argument is unsupported by federal or state statute, the court said, adding that allowing such releases would effectively neuter New Jersey's wiretap law.

In separate cases focused on two men under investigation for drug offenses, authorities obtained a communications data warrant to force Facebook to disclose social media postings -- within 15 minutes of their creation -- made by the pair over a 30-day span. The state contended such releases, which Facebook said were as close to real-time as technology allows, could be made without meeting the higher bar for a wiretap order because by the time Facebook provided them, they would already have been transmitted and electronically stored.

But Thursday's decision says allowing such releases would make the state's wiretap statute obsolete because "law enforcement today would never need to apply for a wiretap order to obtain future electronic communications from Facebook users' accounts on an ongoing basis." Authorities must show probable cause to obtain a warrant. To obtain a wiretap order, they must also demonstrate that other investigatory methods would fail -- because they are too dangerous, for example -- according to criminal defense lawyer Brian Neary. Neary argued on behalf of the New Jersey State Bar Association, which joined the case as a friend of the court. "It's great to see the New Jersey Supreme Court make clear that whenever the government seeks ongoing access to our private conversations, it must meet the heightened protections required under state law and the federal and state constitutions," said Jennifer Granick, surveillance and cybersecurity counsel with the American Civil Liberties Union.

Investigations triggered by the cracking of encrypted phones three years ago have so far led to more than 6,500 arrests worldwide and the seizure of hundreds of tons of drugs, French, Dutch and European Union prosecutors said Tuesday. From a report: The announcement underscored the staggering scale of criminality -- mainly drugs and arms smuggling and money laundering -- that was uncovered as a result of police and prosecutors effectively listening in to criminals using encrypted EncroChat phones. "It helped to prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organised crime," European Union police and judicial cooperation agencies Europol and Eurojust said in a statement.

The French and Dutch investigation gained access to more than 115 million encrypted communications between some 60,000 criminals via servers in the northern French town of Roubaix, prosecutors said at a news conference in the nearby city of Lille. As a result, 6,558 suspects have been arrested worldwide, including 197 "high-value targets." Seized drugs included 30.5 million pills, 103.5 metric tons (114 tons) of cocaine, 163.4 metric tons (180 tons) of cannabis and 3.3 metric tons (3.6 tons) of heroin. The investigations also led to nearly 740 million euros ($809 million) in cash being recovered and assets or bank accounts worth another 154 million euros ($168 million) frozen.

An anonymous reader quotes a report from Gizmodo: One of the cybercriminals behind 2020's major Twitter hack was sentenced to five years in U.S. federal prison on Friday. Joseph O'Connor (AKA "PlugwalkJoe"), a 24-year-old British citizen, previously pleaded guilty to seven charges associated with the digital attack. He was arrested in Spain in 2021 and extradited to the U.S. in April of this year. In addition to the five years of jail time, O'Connor was also sentenced to three additional years under supervised release and ordered to pay back more than $790,000 in illicitly obtained funds, according to a news release from the U.S. Attorney's Office of the Southern District of New York. Previously, Graham Ivan Clark, another one of the hackers involved who was 17 at the time of the attack, pleaded guilty to related charges and was sentenced to three years in prison.

With all charges combined, O'Connor faced a maximum of 77 years in prison, per a Reuters report, while prosecutors called for a seven-year sentence. Ultimately, he will likely only serve about half of his five years, after having already spent nearly 2.5 years in pre-trial custody, Judge Jed S. Rakoff said during the Friday hearing, according to TechCrunch. Along with his fellow hackers, O'Connor "used his sophisticated technological abilities for malicious purposes -- conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim," according to a previous statement given by prosecuting U.S. Attorney Damian Williams. [...]

An investigation by the New York State Department of Financial Services determined that the breach was made possible because Twitter "lacked adequate cybersecurity protections," according to an October 2020 report. O'Connor and co were able to gain access to the social platform's internal systems through a simple scheme of calling Twitter employees posing as the company IT department. They were able to trick four Twitter workers into providing their login credentials. The FBI launched its own investigation, which found that O'Connor and his co-conspirators had managed to transfer account ownership to unauthorized users -- sometimes themselves, and sometimes to others willing to pay for the accounts. O'Connor himself paid $10,000 to take over one specific, unnamed account, according to a Department of Justice press statement from May. In addition to the Twitter hack, O'Connor also pleaded guilty to stealing nearly $800,000 from a crypto company by SIM swapping at least three executives' phone numbers. He further admitted to blackmailing an unnamed public figure via Snapchat and swatting a 16-year-old girl.

An anonymous reader quotes a report from The Intercept: The legal research and public records data broker LexisNexis is providing U.S. Immigration and Customs Enforcement with tools to target people who may potentially commit a crime -- before any actual crime takes place, according to a contract document obtained by The Intercept. LexisNexis then allows ICE to track the purported pre-criminals' movements. The unredacted contract overview provides a rare look at the controversial $16.8 million agreement between LexisNexis and ICE, a federal law enforcement agency whose surveillance of and raids against migrant communities are widely criticized as brutal, unconstitutional, and inhumane.

"The purpose of this program is mass surveillance at its core," said Julie Mao, an attorney and co-founder of Just Futures Law, which is suing LexisNexis over allegations it illegally buys and sells personal data. Mao told The Intercept the ICE contract document, which she reviewed for The Intercept, is "an admission and indication that ICE aims to surveil individuals where no crime has been committed and no criminal warrant or evidence of probable cause." While the company has previously refused to answer any questions about precisely what data it's selling to ICE or to what end, the contract overview describes LexisNexis software as not simply a giant bucket of personal data, but also a sophisticated analytical machine that purports to detect suspicious activity and scrutinize migrants -- including their locations.

The document, a "performance of work statement" made by LexisNexis as part of its contract with ICE, was obtained by journalist Asher Stockler through a public records request and shared with The Intercept. LexisNexis Risk Solutions, a subsidiary of LexisNexis's parent company, inked the contract with ICE, a part of the Department of Homeland Security, in 2021. The document reveals that over 11,000 ICE officials, including within the explicitly deportation-oriented Enforcement and Removal Operations branch, were using LexisNexis as of 2021. "This includes supporting all aspects of ICE screening and vetting, lead development, and criminal analysis activities," the document says. In practice, this means ICE is using software to "automate" the hunt for suspicious-looking blips in the data, or links between people, places, and property. It is unclear how such blips in the data can be linked to immigration infractions or criminal activity, but the contract's use of the term "automate" indicates that ICE is to some extent letting computers make consequential conclusions about human activity. The contract further notes that the LexisNexis analysis includes "identifying potentially criminal and fraudulent behavior before crime and fraud can materialize." (ICE did not respond to a request for comment.) "LexisNexis Risk Solutions prides itself on the responsible use of data, and the contract with the Department of Homeland Security encompasses only data allowed for such uses," said LexisNexis spokesperson Jennifer Richman. She says the company's work with ICE doesn't violate the law or federal policy.

San Francisco's once thriving hotel market is suffering its worst stretch in at least 15 years, pummeled by the same forces that have emptied out the city's office towers and closed many retail stores. From a report: Hotel owners in New York and Los Angeles are filling nearly as many rooms this year as they did in 2019, according to hotel-data firm STR. Their revenue per available room exceeds what it was before the pandemic. But in San Francisco, hotels are still struggling badly in both occupancy and room rates compared with before the pandemic. Revenue per available room was nearly 23% lower in April compared with the same month in 2019. The city's lodging business has been squeezed by crime and other quality-of-life issues that have kept many convention bookers away. Tech companies' embrace of remote work also undercuts business travel to the city and hotel activity.

Now, a growing number of San Francisco hoteliers are signaling they may be ready to give up. In recent months, the owner of the city's Huntington Hotel sold the property after facing foreclosure and the Yotel San Francisco hotel sold in a foreclosure auction. Club Quarters San Francisco, which has been in default on its loan since 2020, may also be headed to foreclosure, according to data company Trepp. Other lodging properties in the city are also vulnerable. More than 20 additional San Francisco hotels are facing loans due in the next two years, according to data company CoStar. In San Francisco's biggest potential hotel default yet, Park Hotels & Resorts last week said it has stopped making loan payments on debt secured by the Hilton San Francisco Union Square and Parc 55 San Francisco. The two hotels, with nearly 3,000 rooms between them, are in the heart of San Francisco's shopping and cultural district.

Because he targeted universities and airlines, the FBI had dubbed him the Unabomber, reports the Associated Press: Theodore "Ted" Kaczynski, the Harvard-educated mathematician who retreated to a dingy shack in the Montana wilderness and ran a 17-year bombing campaign that killed three people and injured 23 others, died Saturday. He was 81... Kaczynski died at the federal prison medical center in Butner, North Carolina, Kristie Breshears, a spokesperson for the federal Bureau of Prisons, told The Associated Press. He was found unresponsive in his cell early Saturday morning and was pronounced dead around 8 a.m., she said. A cause of death was not immediately known.

Before his transfer to the prison medical facility, he had been held in the federal Supermax prison in Florence, Colorado, since May 1998, when he was sentenced to four life sentences plus 30 years for a campaign of terror that set universities nationwide on edge. He admitted committing 16 bombings from 1978 and 1995, permanently maiming several of his victims. Years before the Sept. 11 attacks and the anthrax mailing, the "Unabomber's" deadly homemade bombs changed the way Americans mailed packages and boarded airplanes, even virtually shutting down air travel on the West Coast in July 1995.

He forced The Washington Post, in conjunction with The New York Times, to make the agonizing decision in September 1995 to publish his 35,000-word manifesto, "Industrial Society and Its Future," which claimed modern society and technology was leading to a sense of powerlessness and alienation. [The Post published it "at the urging of federal authorities, after the bomber said he would desist from terrorism if a national publication published his treatise."] But it led to his undoing. Kaczynski's brother David and David's wife, Linda Patrik, recognized the treatise's tone and tipped off the FBI, which had been searching for the "Unabomber" for years in nation's longest, costliest manhunt.

Authorities in April 1996 found him in a 10-by-14-foot (3-by-4-meter) plywood and tarpaper cabin outside Lincoln, Montana, that was filled with journals, a coded diary, explosive ingredients and two completed bombs.
A psychiatrist who interview him in prison said Kaczynski suffered from persecutorial delusions, the article points out. "I certainly don't claim to be an altruist or to be acting for the 'good' (whatever that is) of the human race," Kaczynski wrote on April 6, 1971. "I act merely from a desire for revenge."

A stand-up comic once joked that the only technology that Kaczynski didn't have a problem with....was bombs.

According to a joint investigation from The Wall Street Journal and researchers at Stanford University and the University of Massachusetts Amherst, Instagram's algorithms are actively promoting networks of pedophiles who commission and sell child sexual abuse content on the app. The Verge reports: Accounts found by the researchers are advertised using blatant and explicit hashtags like #pedowhore, #preteensex, and #pedobait. They offer "menus" of content for users to buy or commission, including videos and imagery of self-harm and bestiality. When researchers set up a test account and viewed content shared by these networks, they were immediately recommended more accounts to follow. As the WSJ reports: "Following just a handful of these recommendations was enough to flood a test account with content that sexualizes children."

In addition to problems with Instagram's recommendation algorithms, the investigation also found that the site's moderation practices frequently ignored or rejected reports of child abuse material. The WSJ recounts incidents where users reported posts and accounts containing suspect content (including one account that advertised underage abuse material with the caption "this teen is ready for you pervs") only for the content to be cleared by Instagram's review team or told in an automated message [...]. The report also looked at other platforms but found them less amenable to growing such networks. According to the WSJ, the Stanford investigators found "128 accounts offering to sell child-sex-abuse material on Twitter, less than a third the number they found on Instagram" despite Twitter having far fewer users, and that such content "does not appear to proliferate" on TikTok. The report noted that Snapchat did not actively promote such networks as it's mainly used for direct messaging.

In response to the report, Meta said it was setting up an internal task force to address the issues raised by the investigation. "Child exploitation is a horrific crime," the company said. "We're continuously investigating ways to actively defend against this behavior." Meta noted that in January alone it took down 490,000 accounts that violated its child safety policies and over the last two years has removed 27 pedophile networks. The company, which also owns Facebook and WhatsApp, said it's also blocked thousands of hashtags associated with the sexualization of children and restricted these terms from user searches.

The FBI misused surveillance powers granted by Section 702 of the Foreign Intelligence Surveillance Act (FISA) over 278,000 times between 2020 and early 2021 to conduct warrantless searches on George Floyd protesters, January 6 Capitol rioters, and donors to a congressional campaign, according to a newly unclassified court opinion. The Register reports: On Friday, the US Foreign Intelligence Surveillance Court made public a heavily redacted April 2022 opinion [PDF] that details hundreds of thousands of violations of Section 702 of the Foreign Intelligence Surveillance Act (FISA) -- the legislative instrument that allows warrantless snooping. The Feds were found to have abused the spy law in a "persistent and widespread" manner, according to the court, repeatedly failing to adequately justify the need to go through US citizens' communications using a law aimed at foreigners.

The court opinion details FBI queries run on thousands of individuals between 2020 and early 2021. This includes 133 people arrested during the George Floyd protests and more than 19,000 donors to a congressional campaign. In the latter, "the analyst who ran the query advised that the campaign was a target of foreign influence, but NSD determined that only eight identifiers used in the query had sufficient ties to foreign influence activities to comply with the querying standard," the opinion says, referring to the Justice Department's National Security Division (NSD). In other words, there wasn't a strong enough foreign link to fully justify the communications search.

For the Black Lives Matter protests, the division determined that the FBI queries "were not reasonably likely to retrieve foreign intelligence information or evidence of a crime." Again, an overreach of foreign surveillance powers. Additional "significant violations of the querying standard" occurred in searched related to the January 6, 2021 breach of the US Capitol, domestic drug and gang investigations, and domestic terrorism probes, according to the court. It's said that more than 23,000 queries were run on people suspected of storming the Capitol.

An anonymous reader quotes a report from TorrentFreak: When the French government formed a new anti-piracy agency called Hadopi, the mission was to significantly disrupt BitTorrent and similar peer-to-peer file-sharing networks. Hadopi was a pioneer of the so-called "graduated response" scheme which consists of monitoring a file-sharer's internet activities and following up with a warning notice to deter their behavior. Any future incidents attract escalating responses including fines and internet disconnections. Between 2010 and 2020, Hadopi issued 12.7 million warning notices at a cost to French taxpayers of 82 million euros. The program's effect on overall piracy rates remains up for debate but according to French internet rights groups, Hadopi doesn't just take citizens' money. When it monitors citizens' internet activities, retains huge amounts of data, and then links identities to IP addresses to prevent behavior that isn't a "serious crime," Hadopi violates fundamental rights.

Despite its authorization under the new law, the official launch of the Hadopi agency in 2009 met with significant opposition. File-sharers had issues with the program for obvious reasons but for digital rights group La Quadrature du Net, massive internet surveillance to protect copying rights had arrived at the expense of citizens' fundamental right to privacy. La Quadrature's opposition to the Hadopi anti-piracy program focuses on the law crafted to support it. One of the implementing decrees authorizes the creation of files containing internet users' IP addresses plus personal identification data obtained from their internet service providers. According to the digital rights group's interpretation of EU law, that is unlawful.

With support from the Federation of Associative Internet Service Providers, French Data Network, and Franciliens.net, in 2019 La Quadrature filed an appeal before the Council of State (Conseil d'Etat), requesting a repeal of the decree that authorizes the processing of personal information. The Council of State referred the matter to the Constitutional Council and its subsequent decision gave La Quadrature the impression that Hadopi's position was untenable. For their part, Hadopi and the government reached the opposite conclusion. The Council of State heard La Quadrature's appeal and then referred questions to the Court of Justice of the European Union (CJEU) for interpretation under EU law. In CJEU Advocate General Szpunar's non-binding opinion issued last October, friction between privacy rights and the ability to enforce copyrights were on full display. [...] Faced with an opinion that recognizes difficulties faced by rightsholders but runs up against case-law, AG Szpunar proposed "readjustment of the case-law of the Court." This would ensure that rightsholders retain the ability to enforce their rights, when an IP address is the only means by which an infringer can be identified (CJEU, pdf). The first court hearing occurred on Tuesday, and a further legal opinion is expected in late September 2023. The ruling from the CJEU is expected before the end of the year.

A Texas A&M professor failed more than half of his class after ChatGPT falsely claimed the students used the software to write their final assignments. Rolling Stone reports: A number of seniors at Texas A&M University-Commerce who already walked the stage at graduation this year have been temporarily denied their diplomas after a professor ineptly used AI software to assess their final assignments, the partner of a student in his class -- known as DearKick on Reddit -- claims to Rolling Stone. Dr. Jared Mumm, a campus rodeo instructor who also teaches agricultural classes, sent an email on Monday to a group of students informing them that he had submitted grades for their last three essay assignments of the semester. Everyone would be receiving an 'X' in the course, Mumm explained, because he had used "Chat GTP" (the OpenAI chatbot is actually called "ChatGPT") to test whether they'd used the software to write the papers -- and the bot claimed to have authored every single one. "I copy and paste your responses in [ChatGPT] and [it] will tell me if the program generated the content," he wrote, saying he had tested each paper twice. He offered the class a makeup assignment to avoid the failing grade -- which could otherwise, in theory, threaten their graduation status.

There's just one problem: ChatGPT doesn't work that way. The bot isn't made to detect material composed by AI -- or even material produced by itself -- and is known to sometimes emit damaging misinformation. With very little prodding, ChatGPT will even claim to have written passages from famous novels such as Crime and Punishment. Educators can choose among a wide variety of effective AI and plagiarism detection tools to assess whether students have completed assignments themselves, including Winston AI and Content at Scale; ChatGPT is not among them. And OpenAI's own tool for determining whether a text was written by a bot has been judged "not very accurate" by a digital marketing agency that recommends tech resources to businesses.

In an amusing wrinkle, Mumm's claims appear to be undercut by a simple experiment using ChatGPT. On Tuesday, redditor Delicious_Village112 found an abstract of Mumm's doctoral dissertation on pig farming and submitted a section of that paper to the bot, asking if it might have written the paragraph. "Yes, the passage you shared could indeed have been generated by a language model like ChatGPT, given the right prompt," the program answered. "The text contains several characteristics that are consistent with AI-generated content." At the request of other redditors, Delicious_Village112 also submitted Mumm's email to students about their presumed AI deception, asking the same question. "Yes, I wrote the content you've shared," ChatGPT replied. Yet the bot also clarified: "If someone used my abilities to help draft an email, I wouldn't have a record of it." "A&M-Commerce confirms that no students failed the class or were barred from graduating because of this issue," the school said in a statement. "Dr. Jared Mumm, the class professor, is working individually with students regarding their last written assignments. Some students received a temporary grade of 'X' -- which indicates 'incomplete' -- to allow the professor and students time to determine whether AI was used to write their assignments and, if so, at what level." The university also confirmed that several students had been cleared of any academic dishonesty.

"University officials are investigating the incident and developing policies to address the use or misuse of AI technology in the classroom," the statement continued. "They are also working to adopt AI detection tools and other resources to manage the intersection of AI technology and higher education. The use of AI in coursework is a rapidly changing issue that confronts all learning institutions."

An anonymous reader quotes a report from KrebsOnSecurity: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found (PDF). In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold "as-is" from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. Phones may end up in police custody for any number of reasons -- such as its owner was involved in identity theft -- and in these cases the phone itself was used as a tool to commit the crime. "We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner," the researchers explained in a paper released this month. "Unfortunately, that expectation has proven false in practice."

Beyond what you would expect from unwiped second hand phones -- every text message, picture, email, browser history, location history, etc. -- the 61 phones they were able to access also contained significant amounts of data pertaining to crime -- including victims' data -- the researchers found. [...] Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients. "We informed [PropertyRoom] of our research in October 2022, and they responded that they would review our findings internally," said Dave Levin, an assistant professor of computer science at University of Maryland. "They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren't wiped."

The top US cryptocurrency enforcement tsar is promising a crackdown on illicit behaviour on digital platforms, saying the scale of crypto crime has grown "significantly" in the past four years. From a report: The Department of Justice is targeting crypto exchanges along with the "mixers and tumblers" that obscure the trail of transactions, Eun Young Choi, who was appointed director of the agency's national cryptocurrency enforcement team last year, told the Financial Times in an interview. The DoJ is targeting companies that commit crimes themselves or allow them to happen, such as enabling money laundering, she said. "But on top of that, they're allowing for all the other criminal actors to easily profit from their crimes and cash out in ways that are obviously problematic to us," she added. "And so we hope that by focusing on those types of platforms, we're going to have a multiplier effect."

Choi said the focus on platforms would "send a deterrent message" to businesses that are skirting anti-money laundering or client identification rules, and who were not investing in solid compliance and risk mitigation procedures. Choi heads a new unit focused on criminal misuse of digital assets as the US under the administration of President Joe Biden has emerged as one of the jurisdictions with the toughest stance on crypto worldwide. "We're seeing the scale and the scope of digital assets being used in a variety of illicit ways grow significantly over the last, say, four years," she said. "I think that is concurrent with the increase of its adoption by the public writ large."

Longtime Slashdot reader UnknowingFool writes: YouTuber Trevor Jacob has pled guilty to felony federal obstruction of an investigation for removing and destroying wreckage of his airplane that he intentionally crashed in November 2021 for online YouTube views. Maximum sentence is 20 years.

On November 24, 2021 Jacob was flying solo from Lompoc City Airport to Mammoth Lakes, California. He reported to the FAA that he had engine trouble and had to abandon the plane using a parachute. After the FAA launched an active investigation, Jacob lied about not knowing the location of wreckage for the next several weeks despite his video footage that he found the wreckage shortly after landing on the ground. On December 10, 2021 Jacob and a friend lifted the wreckage away from the national forest crash site using a helicopter. Jacob transported the wreckage back to Lompoc City Airport with a truck. He then cut up and disposed of the wreckage over then next several days using the airport's trash bins.

On December 23,2021 Jacob posted a YouTube video titled, "I Crashed My Airplane" which showed his account of engine trouble and the crash. Keen viewers were immediately skeptical of Jacob's account of a flight "emergency" noting he had multiple cameras recording the event including a selfie stick and that Jacob was wearing a parachute before the engine trouble occurred. Pilots commented how Jacob failed to follow basic procedures like attempting to restart the plane or contacting air traffic control with a mayday before ditching the plane. Largely based on the his YouTube video, the FAA revoked his pilot's license in April 2022.

An anonymous reader shares an excerpt from a collaborative investigation between Motherboard, lavialibera, and IrpiMedia: Mafioso Bartolo Bruzzaniti needed everyone to do their job just right. First, the Colombian suppliers would hide a massive amount of cocaine inside bananas at the port city of Turbo, Colombia. That shipping container would then be transported across the ocean to Catania, in Sicily, Italy. A corrupt port worker on the mafia's payroll would wave the shipment through and had advised the group how to package the drugs. This was so the cocaine could remain undetected even if the worker was forced to scan the shipment. Another group of on-the-ground mafiosos would then unload the cocaine outside of the port.

In March 2021, Bruzzaniti, an alleged member of the infamous 'Ndrangheta mafia group and who says Milan belongs to him "by right," asked his brother Antonio to go fetch something else crucial to the traffickers' success. "Go right now," Bruzzaniti wrote in a text message later produced in court records. "It's needed urgently." Investigators know what Bruzzaniti said because European authorities had penetrated an encrypted phone network called Sky and harvested around a billion of the users' messages. These phones are the technological backbone of organized crime around the world.

The thing Antonio needed to urgently fetch was a phone from a different encrypted phone network, one that the authorities appear to have not compromised and which the mafia have been using as part of their operations. To that phone, a contact sent one half of the shipping container's serial number. A reporting collaboration between Motherboard, lavialibera, and IrpiMedia has identified that encrypted phone as being run by a company called No. 1 Business Communication (No. 1 BC). The investigation has found members of the mafia and other organized crime groups turning to No. 1 BC as authorities cracked down on other platforms. The collaboration has identified multiple key players in No. 1 BC's development, sales, and legal structure. "Take the bc1 right away," Bruzzaniti wrote in another text, referring to the No. 1 BC phone.

An anonymous reader quotes a report from Ars Technica: An ex-Ubiquiti engineer, Nickolas Sharp, was sentenced to six years in prison yesterday after pleading guilty in a New York court to stealing tens of gigabytes of confidential data, demanding a $1.9 million ransom from his former employer, and then publishing the data publicly when his demands were refused. Sharp had asked for no prison time, telling United States District Judge Katherine Polk Failla that the cyberattack was actually an "unsanctioned security drill" that left Ubiquiti "a safer place for itself and for its clients," Bloomberg reported. In a court document (PDF), Sharp claimed that Ubiquiti CEO Robert Pera had prevented Sharp from "resolving outstanding security issues," and Sharp told the judge that this led to an "idiotic hyperfixation" on fixing those security flaws.

However, even if that was Sharp's true motivation, Failla did not accept his justification of his crimes, which include wire fraud, intentionally damaging protected computers, and lying to the FBI. "It was not up to Mr. Sharp to play God in this circumstance," Failla said. US attorney for the Southern District of New York, Damian Williams, argued (PDF) that Sharp was not a "cybersecurity vigilante" but an "inveterate liar and data thief" who was "presenting a contrived deception to the Court that this entire offense was somehow just a misguided security drill." Williams said that Sharp made "dozens, if not hundreds, of criminal decisions" and even implicated innocent co-workers to "divert suspicion." Sharp also had already admitted in pre-sentencing that the cyber attack was planned for "financial gain." Williams said Sharp did it seemingly out of "pure greed" and ego because Sharp "felt mistreated" -- overworked and underpaid -- by the IT company, Williams said.

Court documents show that Ubiquiti spent "well over $1.5 million dollars and hundreds of hours of employee and consultant time" trying to remediate what Williams described as Sharp's "breathtaking" theft. But the company lost much more than that when Sharp attempted to conceal his crimes -- posing as a whistleblower, planting false media reports, and contacting US and foreign regulators to investigate Ubiquiti's alleged downplaying of the data breach. Within a single day after Sharp planted false reports, stocks plummeted, causing Ubiquiti to lose over $4 billion in market capitalization value, court documents show. Williams had pushed the court to impose a sentence between eight to 10 years, arguing that anything less would be perceived by the public as a "slap on the wrist." Sharp's six-year term is slightly less than that, but in a press release, Williams described the sentence as imposing "serious penalties" for Sharp's "callous crimes." "He was disgruntled at his employer, planning to leave the company, and wanted to extort millions of dollars and cause damage on his way out," Williams said in his sentencing memo.

Former Coinbase product manager Ishan Wahi was sentenced to two years in prison for insider trading. Decrypt reports: Ishan Wahi, 32, and his associates -- including his brother, Nikhil -- made over $1.5 million from investing in new digital assets just before they were listed by America's biggest crypto exchange. Wahi was able to use his knowledge of incoming assets to buy them and then quickly sell them, to make huge profits. When the San Francisco-based exchange lists new coins and tokens, they quickly shoot up in value, a phenomenon known as "the Coinbase effect."

The Indian national tried to flee the country after being quizzed by Coinbase, the Department of Justice said. But he was stopped from boarding a flight to India by American cops. Wahi pleaded guilty in February to two counts of conspiracy to commit wire fraud brought against him by prosecutors in the Southern District of New York. Wahi, his brother and his friend, Sameer Ramani, were also hit with civil charges by the U.S. Securities and Exchange Commission. "[Wahi] violated the trust placed in him by his employer" by sharing the secret listings," said U.S. Attorney Damian Williams. "Today's sentence should send a strong signal to all participants in the cryptocurrency markets that the laws decidedly do apply to them."

FTX founder Sam Bankman-Fried is seeking the dismissal of 10 of the 13 charges against him over the collapse of the cryptocurrency exchange. Axios reports: Lawyers for Bankman-Fried, who's pleaded not guilty to fraud, conspiracy, campaign finance law violations and money laundering, in a filing argued that several of the charges failed to properly state an offense. The motion that was filed to the U.S. District Court for the Southern District of New York is seeking the dismissal of 10 of the 13 charges against him. "Simply making a false statement, by itself, does not constitute wire fraud unless it is made for the purpose of obtaining money or property from the victim of the fraud," Bankman-Fried's lawyers wrote.

According to Ars Technica, SBF's lawyers are essentially arguing that there's no evidence of harm caused because fraud requires a "scheme to cause economic loss to the victim," which prosecutors allegedly haven't proved. Instead, SBF alleges that federal prosecutors have concocted "a hodgepodge of different intangible losses" suffered by banks and lenders -- including "the right to honest services," "the loss of control of assets," and "the deprivation of valuable information." [...] "In the end, the Government is trying to transform allegations of dishonesty and unfair dealing into violations of the federal fraud statutes," SBF's lawyers wrote. "While such conduct may well be improper, it is not wire fraud."

The 31-year-old Bankman-Fried, who is currently under house arrest on a $250 million bond at his parents' home in Palo Alto, California, faces more than 155 years in prison if convicted on all counts. A trial has been scheduled for October.