CNN reports: Two men were arrested on New Year's Eve for allegedly shutting down four Washington state power substations in late December that led to power outages for thousands across Pierce County. Matthew Greenwood and Jeremy Crahan have been charged with conspiracy to damage energy facilities and Greenwood faces a separate charge of possessing illegal short-barreled rifles.... The two cut off power to thousands of locals and caused at least $3 million worth of damage, according to charging documents.

Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Surveillance images cited in the court documents also showed images of one of the men and of the getaway car....

The two face up to 20 years behind bars if convicted of conspiring to attack energy facilities.
In addition, possession of an unregistered firearm is punishable by up to ten years in prison, according to a statement from the Department of Justice. But identifying the suspects was apparently pretty simple.

"When law enforcement served a search warrant on the home of the suspects, they recovered distinctive clothing pictured in the surveillance photos."

Thanks to long-time Slashdot reader schwit1 for sharing the story.

New York's attorney general on Thursday filed a civil lawsuit accusing Celsius Network founder Alex Mashinsky of scheming to defraud hundreds of thousands of investors by inducing them to deposit billions of dollars in digital assets with his cryptocurrency company. From a report: The lawsuit filed in a New York state court in Manhattan accuses Mashinsky of violating the state's Martin Act, which gives Attorney General Letitia James broad power to pursue civil and criminal cases over securities fraud, and other laws. Mashinsky was accused of promoting Celsius as a safe alternative to banks, while concealing that Celsius was actually engaged in risky investment strategies that contributed to its collapse and bankruptcy. "Alex Mashinsky promised to lead investors to financial freedom but led them down a path of financial ruin," James said in a statement. "Making false and unsubstantiated promises and misleading investors is illegal."

An anonymous reader shares a report: The investment bank B Riley is so determined to persuade the troubled bitcoin miner Core Scientific to avoid filing for bankruptcy that it has offered as much as $72mn in fresh financing to keep the company from seeking a court-supervised Chapter 11 restructuring. "Bankruptcy is not the answer and would be a disservice to the Company's investors," B Riley wrote in a letter from early December. "It will destroy value for the Company's shareholders, reduce potential recoveries for the Company's lenders, deplete its limited resources and create massive uncertainty for all its stakeholders."

Core Scientific filed for bankruptcy anyway last week. Still, B Riley's aversion should be understandable. A series of players have succumbed to the ongoing crypto winter including FTX, BlockFi, Voyager Digital and Celsius with customer accounts largely frozen. The novel legal issues about digital asset ownership, the continuing problems in the sector and the deliberative nature of US bankruptcy proceedings have kept any of the major companies from exiting court protection yet. The costs are piling up and account holders are noticing. Lawyers, bankers and other advisers in the Celsius case that began in July recently submitted detailed fee requests to the New York federal bankruptcy court totalling $53mn.

Per US law, these official advisers will have these so-called "administrative expenses," subject to court approval, paid by the "estate" or the company which will naturally eat into the recoveries of account holders. Law firms involved including Kirkland & Ellis and White & Case which are usual powerhouses in corporate and private equity bankruptcies are involved in Celsius and have top lawyers billing more than $1,800 per hour. (This may remain a bargain as top lawyers in the FTX bankruptcy at Sullivan & Cromwell are charging in excess of $2,000 per hour).

An anonymous reader shares a column: Every major phone manufacturer is guilty of a serious crime, and I won't be quiet about it any longer: they stole the power button from us. Apple, Google, Samsung: guilty, guilty, guilty. Long-pressing the power button used to bring up an option to turn your phone off, but then these companies decided to get cute and make this a shortcut to summon their digital assistant. This is bad and wrong, and I'm politely demanding that these companies return what they took from us.

Look, I get the logic. When phone screens got bigger, physical buttons like Apple's home button were axed, and existing buttons had to pick up the slack. In the iPhone X, Apple re-homed the Siri function to the power button. Since then, turning your iPhone off has required pressing a combination of buttons. If you make the fatal mistake of long-pressing the power button in hopes of turning your phone off, Siri will start listening to you as you curse about how the power button doesn't work how it should anymore. And woe to you if you don't hold down the right button combination long enough -- you'll take a screenshot that you didn't want and will have to delete later. It's just as bad on Samsung and Google phones.

Long-pressing the power button on the Pixel 7 Pro just now brought up the Google Assistant and a prompt to ask it how to say sorry in Spanish. No, Google. It is you who should be apologizing. And the Galaxy S22 phones I used this year all bid me to set up Bixby whenever I made the mistake of long-pressing the power button. Both Google and Samsung let you change it back to the power menu -- and Samsung has the decency to put a shortcut to side key options on its shutdown screen -- but enough is enough. Long-pressing the power button should, by default, just turn the phone off. The thing that really adds salt to the wound is that the button combination to turn your phone off isn't even the same on every phone. On an iPhone, you can press and hold the power button and either volume key to get to shutdown options. On a Pixel phone, it's a short press of the volume up key and power button. If you screw up and press the volume down key, you'll take a screenshot, which will make you feel stupid when you find it in your photo gallery later. Samsung makes you press and hold the volume down key and power button.

This week America passed a $1.7 trillion federal spending bill — and it includes a big win for retailrs reporters the Associated Press. It forces online marketplaces like Amazon and Facebook "to verify high-volume sellers on their platforms amid heightened concerns about retail crime...." The bill, called the INFORM ACT, also seeks to combat sales of counterfeit goods and dangerous products by compelling online marketplaces to verify different types of information — including bank account, tax ID and contact details — for sellers who make at least 200 unique sales and earn a minimum of $5,000 in a given year.

It's difficult to parse out how much money retailers are losing due to organized retail crime — or if the problem has substantially increased. But the issue has received more notice in the past few years as high-profile smash-and-grab retail thefts and mass shoplifting events grabbed national attention. Some retailers have also said in recent weeks they're seeing more items being taken from stores. Target executives said in November the number of thefts has gone up more than 50%, resulting in more than $400 million in losses. Its expected to be more than $600 million for the full fiscal year.... Walgreens, Best Buy and Home Depot have also pointed out similar problems.

The National Retail Federation, the nation's largest retail trade group, said its latest security survey of roughly 60 retailers found that inventory loss — called shrink — clocked in at an average rate of 1.4% last year, representing $94.5 billion in losses [included damaged products and theft by employees] ... It also noted retailers, on average, saw a 26.5% uptick in organized theft incidents last year.

A Valero gas station sells approximately 5,000 gallons of gas a day, one employee estimates.

But local police arrested six men who, in a series of robberies, tricked the pumps out of 30,000 gallons of gasoline, reports the Mercury News, "a haul authorities estimated was worth at least $180,000." Upon further inspection of surveillance video, authorities said, police saw one of the suspects activate a gas-pump computer, allowing another suspect to pump fuel into his vehicle.... An employee from the Valero station, who declined to give their name, called the process the gas thieves used "nearly untraceable."

"You must have a deep understanding of how the pump system works," the person said. "There is a time frame anywhere from 75 seconds to two minutes for the authorization to go through the network [after sliding a credit card into a gas pump]. In this (time period), there's an opportunity to manipulate the pump ... You're able to manipulate the pump and confuse the programming to an extent that the pump starts dispensing gas...."

In a Facebook post, authorities said the three suspects had been "conspiring together in a sophisticated operation to thwart security devices and pump electronics to steal large amounts of gasoline from the business...."

Authorities say $20,000 of damage was done to gas pumps.
Thanks to Slashdot reader k6mfw for submitting the story.

North Korean hackers have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years, more than half of it this year alone, South Korea's spy agency said Thursday. From a report: Experts and officials say North Korea has turned to crypto hacking and other illicit cyber activities as a source of badly needed foreign currency to support its fragile economy and fund its nuclear program following harsh U.N. sanctions and the COVID-19 pandemic. South Korea's main spy agency, the National Intelligence Service, said North Korea's capacity to steal digital assets is considered among the best in the world because of the country's focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.

The U.N. sanctions imposed in 2016-17 ban key North Korean exports such as coal, textiles and seafood and also led member states to repatriate North Korean overseas workers. Its economy suffered further setbacks after it imposed some of the world's most draconian restrictions against the pandemic. The NIS said state-sponsored North Korean hackers are estimated to have stolen 1.5 trillion won ($1.2 billion) in virtual assets around the world since 2017, including about 800 billion won ($626 million) this year alone. It said more than 100 billion won ($78 million) of the total came from South Korea.

Karl Sebastian Greenwood, co-founder of sham "Bitcoin-killer" OneCoin, pleaded guilty in Manhattan federal court to charges of conspiring to defraud investors and to launder money. "Greenwood was arrested in Thailand in July 2018 and subsequently extradited to the US," reports The Register. "OneCoin's other co-founder, 'Cryptoqueen' Ruja Ignatova (Dr. Ruja Ignatova -- she has a law degree), remains a fugitive on the FBI's Ten Most Wanted list and on Europol's Most Wanted list." From the report: "As a founder and leader of OneCoin, Karl Sebastian Greenwood operated one of the largest international fraud schemes ever perpetrated," said US Attorney Damian Williams in a statement. "Greenwood and his co-conspirators, including fugitive Ruja Ignatova, conned unsuspecting victims out of billions of dollars, claiming that OneCoin would be the 'Bitcoin killer.' In fact, OneCoins were entirely worthless." The US has charged at least nine individuals across four related cases, including Greenwood and Ignatova, with fraud charges related to OneCoin. Authorities in China have prosecuted 98 people accused of trying to sell OneCoin. Police in India arrested 18 for pitching the Ponzi scheme.

According to the Justice Department, Greenwood and Ignatova founded OneCoin in Sofia, Bulgaria, in 2014. Until 2017 or so, they're said to have marketed OneCoin as a cryptocurrency to investors. The OneCoin exchange was shut down in January 2017, but trades evidently continued among affiliated individuals for some time. The OneCoin.eu website remained online until 2019. In fact, OneCoin was a multi-level marketing (MLM) pyramid scheme in which network members received commissions when they managed to recruit people to buy OneCoin. The firm's own promotional materials claim more than three million people invested. And between Q4 2014 and Q4 2016, company records claim OneCoin generated more than $4.3 billion in revenue and $2.9 billion in purported profits. At the top of the MLM pyramid, Greenwood is said to have earned $21 million per month. Greenwood and others claimed that OneCoin was mined using computing power like BitCoin and recorded on a blockchain. But it wasn't. As Ignatova allegedly put it in an email to Greenwood, "We are not mining actually -- but telling people shit."

OneCoin's value, according to the Feds, was simply set by those managing the company -- they manipulated the OneCoin exchange to simulate trading volatility but the price of OneCoin always closed higher than it opened. In an August 1, 2015 email, Ignatova allegedly told Greenwood that one of the goals for the OneCoin trade exchange was "always close on a high price end of day open day with high price, build confidence -- better manipulation so they are happy." According to the Justice Department, the value assigned to OneCoin grew steadily from $0.53 to approximately $31.80 per coin and never declined.

An anonymous reader quotes a report from Ars Technica: Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday in the Central District of California. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor's home. When police arrived at the residence, Nelson allegedly accessed the residence's Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond. It's not clear how the defendants allegedly obtained the Yahoo account credentials. A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals. Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.

An anonymous reader quotes a report from TorrentFreak: The UK Government's Intellectual Property Office published new piracy guidance today, and it contains a small, easily missed detail. People who share their Netflix, Amazon Prime, or Disney+ passwords are violators of copyright law. And it gets worse. The IPO informs TorrentFreak that password sharing could also mean criminal liability for fraud. [...] In a low-key announcement today, the UK Government's Intellectual Property Office announced a new campaign in partnership with Meta, aiming to help people avoid piracy and counterfeit goods online. Other than in the headline, there is zero mention of Meta in the accompanying advice, and almost no advice that hasn't been issued before. But then this appears: "Piracy is a major issue for the entertainment and creative industries. Pasting internet images into your social media, password sharing on streaming services and accessing the latest films, tv series or live sports events through kodi boxes, fire sticks or Apps without paying a subscription all break copyright laws. Not only are you breaking the law but stopping someone earning a living from their hard work."

TorrentFreak immediately contacted the Intellectual Property Office for clarification on the legal side, particularly since password sharing sits under a piracy heading. The IPO's response was uncompromising, to put it mildly. "There are a range of provisions in criminal and civil law which may be applicable in the case of password sharing where the intent is to allow a user to access copyright protected works without payment," the IPO informs TorrentFreak. "These provisions may include breach of contractual terms, fraud or secondary copyright infringement depending on the circumstances." Given that using the "services of a members' club without paying and without being a member" is cited as an example of fraud in the UK, the bar for criminality is set very low, unless the Crown Prosecution Service decides otherwise, of course.

Slashdot reader lowvisioncomputing shares a story from the CBC about an elaborate heist discovered "when the chief administrative officer of a southwestern Manitoba rural municipality [population: 3,300] noticed the series of unusual cash withdrawals from its bank account...." It began with a job advertisement. A seemingly legitimate company, with a professional website and a Nova Scotia address, claimed it was looking for cash processors. The contract was for one month. Employees could work from home.

They were told they would receive payments to their credit cards, which they would be expected to move to their bank accounts. They would then withdraw the payments, convert them into bitcoin, and send that to another account.... The majority of the 18 people hired were young and lived in various communities across the country.... Anyone who did an internet search for the company would find a professional website, with information matching what was provided in the employment agreement.

In early December 2019, the cybercriminals sent a phishing email to multiple people at the municipal office of WestLake-Gladsone, a municipality about 150 kilometres west of Winnipeg, on the southwestern shore of Lake Manitoba. At least one person clicked on the link, which allowed the hackers to get into the municipality's computers and bank accounts. But weeks went by and nothing happened, so the municipality didn't report it to the police. It was only after the money disappeared that the municipality discovered the two incidents were connected, said Kate Halashewski, who at the time was the assistant chief administrative officer for the Municipality of WestLake-Gladstone....

Court documents say that on Dec. 19, 2019, a person logged into the municipality's bank account and changed the password, along with the personal verification questions. Over the next 17 days, the cyberattackers added the 18 "employees" hired as payees and began systematically making withdrawals, transferring the money to the employees' credit cards. Dozens of withdrawals were made, totalling $472,377, according to court documents — a considerable amount for a municipality with an entire annual budget of $7 million.

Those withdrawals weren't discovered until Jan. 6, when Halashewski saw 48 bank transfers — each less than $10,000 — going to unfamiliar accounts.... Once they'd completed the initial transfers and conversion, the bitcoin was then sent to the private account of the scammers — who cybersecurity experts say likely aren't in Canada....

The municipality finally announced it had lost nearly half a million dollars in an Oct. 12, 2020, news release.... No arrests have been made in connection with the WestLake-Gladstone cyberattack and RCMP say it is no longer under active investigation.

Long-time Slashdot reader wattersa is a lawyer in Redwood City, California, "and a Slashdot reader since 1998.

"I recently concluded a three-year missing person investigation that unfortunately turned into an overseas homicide in Taiwan. I was authorized by my client to publish the case study on my website, which is based on our recent court filings..." And yes, he writes that the case was solved with a subpoena to Google: I filed that case in late 2019 and then used the subpoena power to try to solve the disappearance, which seemed appropriate. We solved the case in late 2020 due to a fake "proof of life" email that the suspect sent from the victim's email account, which he sent from a hotel where he testified he was staying alone on the night of the disappearance — after (according to him) dropping off the victim at the local train station. The victim could not have sent the email from the other side of Taiwan, which is where the email indicated it was from.... The suspect in my case is a Tony Stark-level supergenius with a Ph.D. and dozens of patents, who works at a prominent engineering company in California. He is currently wanted in Taiwan.

The case was solved with a subpoena to Google for the login/logout history of the victim's Gmail account and the originating IP address of the proof of life email. Although Google does not include the originating IP address in the email headers, it turns out that they retain the IP address for some unknown length of time and we were able to get it. When it became clear that this case was a homicide, co-counsel and I dismissed the conservatorship case and filed a wrongful death case against the suspect in 2021.

We continue to gather information through subpoenas, depositions, and interviews, all of which show that the victim died in a 10-hour window on November 29, 2019. The wrongful death case goes to trial in late 2023 in Santa Clara County. This is a rare case in which the family can afford an expensive, lengthy, attorney-led private investigation.
The original submission includes additional details about a rarely used statute in California that allows conservatorship of a missing person's estate — and apparently grants subpoena power. And it was in response to such a subpoena that Google produced the originating IP address of that crucial proof of life email.

"This obscure statute in the Probate Code was instrumental in solving the case because we didn't have to wait for law enforcement to take action, and we were able to aggressively pursue our own leads. This gave the family a sense of agency and closure, as well as the obvious benefit of solving the disappearance. Also, Taiwan law enforcement could not do subpoenas from Taiwan, so we ended up contributing to their investigation to some extent as well."

U.S. prosecutors on Wednesday said they have charged eight individuals in a securities fraud scheme, alleging they reaped about $114 million from by using Twitter and Discord to manipulate stocks. Reuters reports: The eight men allegedly purported to be successful traders on the social media platforms and then engaged in a so-called "pump and dump" scheme by hyping particular stocks to their followers with the intent to dump them once prices had risen, according to prosecutors in the Southern District of Texas.

The U.S. Securities and Exchange Commission (SEC) said it has filed related civil charges against the defendants in the scheme, claiming that seven of the defendants used Twitter and Discord to boost stocks. It said the eighth was charged with aiding and abetting the scheme with his podcast. The individuals charged were Texas residents Edward Constantinescu, Perry Matlock, John Rybarczyk and Dan Knight, along with California residents Gary Deel and Tom Cooperman, Stefan Hrvatin of Miami and Mitchell Hennessey of Hoboken, New Jersey.

An anonymous reader shares a report: In mid-2020, FTX's chief engineer made a secret change to the cryptocurrency exchange's software. He tweaked the code to exempt Alameda Research, a hedge fund owned by FTX founder Sam Bankman-Fried, from a feature on the trading platform that would have automatically sold off Alameda's assets if it was losing too much borrowed money. In a note explaining the change, the engineer, Nishad Singh, emphasized that FTX should never sell Alameda's positions. "Be extra careful not to liquidate," Singh wrote in the comment in the platform's code, which it showed he helped author. Reuters reviewed the code base, which has not been previously reported.

The exemption allowed Alameda to keep borrowing funds from FTX irrespective of the value of the collateral securing those loans. That tweak in the code got the attention of the U.S. Securities and Exchange Commission, which charged Bankman-Fried with fraud on Tuesday. The SEC said the tweak meant Alameda had a "virtually unlimited line of credit." Furthermore, the billions of dollars that FTX secretly lent to Alameda over the next two years didn't come from its own reserves, but rather were other FTX customers' deposits, the SEC said.

The auto-liquidation exemption written into FTX code allowed Alameda to continually increase its line of credit until it "grew to tens of billions of dollars and effectively became limitless," the SEC complaint said. It was one of two ways that Bankman-Fried diverted customer funds to Alameda. The other was a mechanism whereby FTX customers deposited over $8 billion in traditional currency into bank accounts secretly controlled by Alameda. These deposits were reflected in an internal account on FTX that was not tied to Alameda, which concealed its liability, the complaint said.

The Royal Bahamas Police Force arrested FTX founder Sam Bankman-Fried, a press statement said. CoinDesk reports: The arrest came after the U.S. filed criminal charges against Bankman-Fried, the statement said, and the nation expects the U.S. to request The Bahamas extradite Bankman-Fried in short order. "As a result of the notification received and the material provided therewith, it was deemed appropriate for the Attorney General to seek SBF's arrest and hold him in custody pursuant to our nation's Extradition Act," the statement, attributed to Attorney General Ryan Pinder, said. "At such time as a formal request for extradition is made, The Bahamas intends to process it promptly, pursuant to Bahamian law and its treaty obligations with the United States."

A tweet from the U.S. Attorney's Office for the Southern District of New York confirmed that prosecutors in the U.S. indicted Bankman-Fried, though the indictment remains under seal. In the Bahamas' statement, Bahamas Prime Minister Philip Davis said the country would continue pursuing its own investigation into FTX's collapse, alongside the U.S.'s criminal charges. Bankman-Fried was set to testify virtually before the House Financial Services Committee about the exchange's collapse on Tuesday.

Tax authorities from Australia, Canada, France, the UK and the USA have conducted a joint probe into "electronic sales suppression software" -- applications that falsify point of sale data to help merchants avoid paying tax on their true revenue. From a report: A Friday announcement from the Joint Chiefs of Global Tax Enforcement (known as the J5), states that the probe "resulted in the arrest of five individuals in the United Kingdom who allegedly designed and sold electronic sales suppression systems internationally." Those responsible allegedly started to export their wares during the COVID-19 pandemic.

"These dodgy sales suppression tools allow retailers to keep a separate set of books and launder the money in one transaction," explained J5 chief and Australian Taxation Office deputy commissioner John Ford. "They conceal and transfer this income anonymously, sometimes offshore."

U.S. telecom providers, under a new FCC order, will have to take "all necessary steps" to block calls from a shady communication company engaged in a mass robocall scam preying on people seeking student loan forgiveness. From a report: The scammer company, called Urth Access, LLC, would reportedly spam users with calls urging them to forfeit their personal information or pay a fee in order to receive up to around $10,000 in student loan debt relief. Many of the scams reportedly referred to the Biden Administration's student loan forgiveness plan to give the messages a semblance of credibility. Though numerous fraudsters took part in the scam, an investigation conducted by the FCC and its private partner YouMail said Urth Access stood apart as the largest, accounting for around 40% of the robocalls in October.

"Scam robocalls try to pull from the headlines to confuse consumers," FCC Commissioner Jessica Rosenworcel said in a statement. "Trying to take advantage of people who want help paying off their student loans. Today we're cutting these scammers off so they can't use efforts to provide student loan debt relief as cover for fraud." The new order asks telecommunications companies to cease accepting phone calls coming from Urath Access, or report efforts they are making to limit Urath's reach in an effort to shut down the scams.

An anonymous reader quotes a report from MacRumors: Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy. iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection," encrypts users' data stored in iCloud, meaning only a trusted device can decrypt and read the data. iCloud data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.

While privacy groups and apps applaud Apple for the expansion of end-to-end encryption in iCloud, governments have reacted differently. In a statement to The Washington Post, the FBI, the largest intelligence agency in the world, said it's "deeply concerned with the threat end-to-end and user-only-access encryption pose." Speaking generally about end-to-end encryption like Apple's Advanced Data Protection feature, the bureau said that it makes it harder for the agency to do its work and that it requests "lawful access by design": "This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"

Former FBI official Sasha O'Connell also weighed in, telling The New York Times "it's great to see companies prioritizing security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence."

An anonymous reader quotes a report from CNBC: Former Theranos chief operating officer and president Ramesh "Sunny" Balwani was sentenced to nearly 13 years in prison Wednesday for fraud, after the unraveling of the blood-testing juggernaut prompted criminal charges in California federal court against both Balwani and Theranos founder Elizabeth Holmes, who on Nov. 18 was sentenced to more than 11 years in prison.

During the sentencing hearing, attorneys for Balwani attempted to pin the blame on Holmes, telling U.S. District Court Judge Edward J. Davila that "decisions were made by Elizabeth Holmes." Davila had set a sentencing range of 11 years plus 3 months to 14 years, but prosecutors today sought a 15-year sentence given his "significant" oversight role at Theranos' lab business. The final guideline sentence was 155 months, plus three years of probation. Davila set a Mar. 15, 2023, surrender date. [...] Balwani's sentencing in federal court marks the end of the Theranos saga, which enthralled the public and prompted documentary films and novel treatments.

Nobody is immune to being scammed online -- not even the people running the scams. From a report: Cybercriminals using hacking forums to buy software exploits and stolen login details keep falling for cons and are getting ripped off thousands of dollars at a time, a new analysis has revealed. And what's more, when the criminals complain that they are being scammed, they're also leaving a trail of breadcrumbs of their own personal information that could reveal their real-world identities to police and investigators. Hackers and cybercriminals often gather on specific forums and marketplaces to do business with each other. They can advertise upcoming work they need help with, sell databases of people's stolen passwords and credit card information, or tout new security vulnerabilities that can be used to break into people's devices or systems. However, these deals often don't go to plan.

The new research, published today by cybersecurity firm Sophos, examines these failed transactions and the complaints people have made about them. "Scammers scamming scammers on criminal forums and marketplaces is much bigger than we originally thought it was," says Matt Wixey, a researcher with Sophos X-Ops who studied the marketplaces. Wixey examined three of the most prominent cybercrime forums: the Russian-language forums Exploit and XSS, plus the English-language BreachForums, which replaced RaidForums when it was seized by US law enforcement in April. While the sites operate in slightly different ways, they all have "arbitration" rooms where people who think they've been scammed or wronged by other criminals can complain. For instance, if someone purchases malware and it doesn't work, they may moan to the site's administrators. The complaints sometimes lead to people getting their money back, but more often act as a warning for other users, Wixey says. In the past 12 months -- the period the research covers -- criminals on the forums have lost more than $2.5 million to other scammers, the analysis says. Some people complain about losing as little as $2, while the median scams on each of the sites ranges from $200 to $600, according to the research, which is being presented at the BlackHat Europe security conference.