An anonymous reader quotes a report from Gizmodo: The FBI wrote to its Internet Crime Complaint Center Tuesday that it has received multiple complaints of people using stolen information and deepfaked video and voice to apply to remote tech jobs. According to the FBI's announcement, more companies have been reporting people applying to jobs using video, images, or recordings that are manipulated to look and sound like somebody else. These fakers are also using personal identifiable information from other people -- stolen identities -- to apply to jobs at IT, programming, database, and software firms. The report noted that many of these open positions had access to sensitive customer or employee data, as well as financial and proprietary company info, implying the imposters could have a desire to steal sensitive information as well as a bent to cash a fraudulent paycheck.

What isn't clear is how many of these fake attempts at getting a job were successful versus how many were caught and reported. Or, in a more nefarious hypothetical, whether someone secured an offer, took a paycheck, and then got caught. These applicants were apparently using voice spoofing techniques during online interviews where lip movement did not match what's being said during video calls, according to the announcement. Apparently, the jig was up in some of these cases when the interviewee coughed or sneezed, which wasn't picked up by the video spoofing software. Companies who suspect a fake applicant can report it to the complaint center site.

Serhat Gumrukcu faces trial in a purported plot to kill an associate who could have exposed him and derailed a drug-development deal worth millions. From a report: Even as a teenager back in Turkey, Serhat Gumrukcu dazzled audiences. In a 2002 video, he opened one of his magic shows dancing with a cane that appeared to be levitating. He was introduced as a medical student and went by the stage name "Dr. No." A little more than a decade later, not long after Mr. Gumrukcu arrived in the U.S., he had his hand in multimillion-dollar oil and real-estate deals. Yet his best-known venture was in medicine. For a time, he thrilled investors with ideas for groundbreaking treatments and drew special notice from the government's top infectious-disease official, Anthony Fauci. In America, the magician had found a new, more lucrative audience.

Enochian Biosciences co-founded by Mr. Gumrukcu in 2018, paid more than $21 million to companies controlled by Mr. Gumrukcu and his husband for consulting, research and the licensing of potential drugs to treat influenza, hepatitis B, HIV and Covid-19, company financial filings show. "Dr. Gumrukcu is one of those rare geniuses that is not bound by scientific discipline or dogma. He sees connections and opportunities often missed," Enochian Vice Chairman Mark Dybul, now chief executive, said in a 2019 news release about Enochian's licensing of a hepatitis B drug from a company controlled by Mr. Gumrukcu. Mr. Gumrukcu's success as a biotech entrepreneur afforded the purchase last year of an $18.4 million office complex in North Hollywood, a neighborhood in Los Angeles, and, earlier, a $5.5 million house in the Hollywood Hills.

Yet much of what people saw in Mr. Gumrukcu was an illusion he cast, misrepresenting himself and his credentials, according to state and federal authorities, court records, former colleagues and those who have sued and won judgments against him over fraudulent medical and financial dealings. Prosecutors now allege that Mr. Gumrukcu arranged the murder of a business associate, Gregory Davis, who threatened to expose him as a fraud. Such a revelation would have put at risk the 39-year-old entrepreneur's deal with Enochian, they said. Mr. Gumrukcu has been in custody at the Metropolitan Detention Center in Los Angeles since his arrest on May 24. A federal grand jury indicted him on murder conspiracy charges, an offense punishable by death.

Celebrity-endorsed cryptocurrency scams in the UK are on pace to almost double this year, Banco Santander SA's local unit said. From a report: "Case volumes" jumped 61% in the first quarter from the prior three months, Santander said in a statement on its website on Tuesday. The average value of the scams was $14,540, up 65% from a year earlier. Around $2.4 million was lost to such schemes in the quarter, according to the bank. "We're seeing a worrying rise in 'celebrity-endorsed' cryptocurrency scams, where familiar faces are being misused on social media in order to con people out of often life-changing sums of money," said Chris Ainsley, Santander UK's head of fraud risk management, said in the statement. Crypto scams are getting increased attention as regulators and politicians grapple with how to encourage technological innovation while at the same time protecting unsuspecting consumers. Santander said it expects the number of celebrity-endorsed crypto scams to rise 87% in 2022 based on the current rate of growth.

"China's ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known," reports the New York Times, after their Visual Investigations team with reporters in Asia "spent more than a year analyzing more than 100,000 government bidding documents." The Chinese government's goal is clear: designing a system to maximize what the state can find out about a person's identity, activities and social connections.... The Times analysis found that the police strategically chose locations to maximize the amount of data their facial recognition cameras could collect.... The police also wanted to install facial recognition cameras inside private spaces, like residential buildings, karaoke lounges and hotels. In the police's own words, the strategy to upgrade their video surveillance system was to achieve the ultimate goal of "controlling and managing people."

Authorities are using phone trackers to link people's digital lives to their physical movements. Devices known as Wi-Fi sniffers and IMSI catchers can glean information from phones in their vicinity, which allow the police to track a target's movements... In a 2017 bidding document from Beijing, the police wrote that they wanted the trackers to collect phone owners' usernames on popular Chinese social media apps.... As of today, all 31 of mainland China's provinces and regions use phone trackers.

DNA, iris scan samples and voice prints are being collected indiscriminately from people with no connection to crime. The police in China are starting to collect voice prints using sound recorders attached to their facial recognition cameras. In the southeast city of Zhongshan, the police wrote in a bidding document that they wanted devices that could record audio from at least a 300-foot radius around cameras. Software would then analyze the voice prints and add them to a database. Police boasted that when combined with facial analysis, they could help pinpoint suspects faster.
The Times also created a separate video summarizing the results of their investigation.

And their article notes estimates that more than half the world's 1 billion surveillance cameras are already in China — but there's more information to be gathered. One of China's largest surveillance contractors also pitched software that to the government displays a person's "movements, clothing, vehicles, mobile device information and social connections," according to the Times. "The Times investigation found that this product was already being used by Chinese police."

Thanks to Slashdot reader nray for sharing the story.

Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, has been found guilty by a Seattle jury on charges of wire fraud and computer hacking. From a report: Thompson, 36, was accused of using her knowledge as a software engineer working in the retail giant's cloud division, Amazon Web Services, to identify cloud storage servers that were allegedly misconfigured to gain access to the cloud stored data used by CapitalOne. That included names, dates of birth, Social Security numbers, email addresses and phone numbers, and other sensitive financial information, such as credit scores, limits and balances. Some one million Canadians were also affected by the CapitalOne breach. Thompson also accessed the cloud stored data of more than 30 other companies, according to a superseding indictment filed by the Justice Department almost two years after Thompson was first charged, which reportedly included Vodafone, Ford, Michigan State University and the Ohio Department of Transportation.

Fraudsters who exploit LinkedIn to lure users into cryptocurrency investment schemes pose a "significant threat" to the platform and consumers, according to Sean Ragan, the FBI's special agent in charge of the San Francisco and Sacramento, California, field offices. From a report: "It's a significant threat," Ragan said in an exclusive interview. "This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims." The scheme works like this: A fraudster posing as a professional creates a fake profile and reaches out to a LinkedIn user. The scammer starts with small talk over LinkedIn messaging, and eventually offers to help the victim make money through a crypto investment. Victims interviewed by CNBC say since LinkedIn is a trusted platform for business networking, they tend to believe the investments are legitimate. Typically, the fraudster directs the user to a legitimate investment platform for crypto, but after gaining their trust over several months, tells them to move the investment to a site controlled by the fraudster. The funds are then drained from the account.

The Los Angeles Times reports on "a massive surge of criminal fraud that has been pummeling crypto users with unknown billions of dollars in losses with little relief in sight." The growth in crypto fraud has turned exponential in recent years. The reported losses from crypto scams in 2021 were 60 times larger than in 2018, the Federal Trade Commission reported earlier this month, with crypto now accounting for 1 out of every 4 dollars lost to fraud in the reports monitored by the agency. Over 46,000 people lost more than $1 billion in crypto to scams since 2021, but the real sum of losses is likely vastly larger because most frauds are not reported, the agency said.... "Since 2021, $575 million of all crypto fraud losses reported to the FTC were about bogus investment opportunities, far more than any other fraud type," the agency reported.

Financial losses specifically from NFT crimes just through May this year were already more than 600% higher than for all of 2021, with the space seeing twice as many hacks and bigger and bigger heists, according to analysis from digital privacy firm Top10VPN.

For many victims, there's little hope of getting their lost art back. The marketplaces where NFTs get sold — crypto exchanges — can't cancel or reverse fraudulent transactions the way a traditional bank or credit card company might; the whole point of crypto was to cut out these sorts of financial middlemen, which many crypto fans greatly distrust. Crypto technology was built out of a "libertarian ethos" in which "there's no nanny state that's going to take care of you," said Jeremy Goldman, an intellectual property attorney who specializes in legal issues involving crypto assets. "These are the consequences when there's a mistake ... there's no one to unwind it, you can't call customer service, you can't go back to the mothership, you can't go back to the bank."

But at the same time, law enforcement agencies in the U.S. have also shown a growing willingness and ability to mount sophisticated investigations into crypto fraud.... [I]n March, federal agents sought a court order to seize roughly $165,000 worth of Ethereum in a digital Binance.US wallet. Officials said the cryptocurrency had been stolen from an Orange County investor, nicknamed "P.M.," who got tricked into giving up his coins by an fraudster pretending to be a Coinbase technical support representative.
On the bright side, BuzzFeed notes that actor Seth Green has recovered his prized Bored Ape NFT from "Mr Cheese" for $297,000 worth of Ether.

But the Los Angeles Times points out that another victim of a Bored Ape heist has sued the creators of Bored Apes. Their lawyer argues the company "refuses to police their own community. They're the gatekeepers, they can lock out the thieves if they wanted to, and they won't do it."

Over the past year, large-scale robberies have swept through stores like Louis Vuitton in San Francisco's Union Square and a nearby Nordstrom, which was robbed by 80 people. Law enforcement and retailers have warned the public that this isn't traditional shoplifting. Rather, what they're seeing is theft organized by criminal networks. And there's a reason it's on the rise. From a report: "What fuels this as an enterprise is the ease of reselling stolen merchandise on online marketplaces," said Illinois Attorney General Kwame Raoul, who convened a national task force of state attorneys to make it easier to investigate across state lines. "It's no longer the age where it's done at flea markets or in the alley or in parking lots." Retailers say a total of $68.9 billion of products were stolen in 2019. In 2020, three-quarters said they saw an increase in organized crime and more than half reported cargo theft. Some big chains blame organized theft for recent store closures or for their decisions to limit hours.

For the U.S. Government's Homeland Security Investigations unit, organized retail crime probes are on the rise. Arrests and indictments increased last year from 2020, along with the value of stolen goods that was seized. While data is imprecise about the perpetrators, there's growing consensus that an entirely different group should be held accountable: e-commerce sites. Amazon, eBay and Facebook are the places where these stolen goods are being sold, and critics say they're not doing enough to put an end to the racket. The companies disagree.

Japan's parliament has passed legislation making "online insults" punishable by imprisonment amid rising public concern over cyberbullying sparked by the suicide of a reality television star who had faced social media abuse. From a report: Under the amendment to the country's penal code -- set to take effect later this summer -- offenders convicted of online insults can be jailed for up to one year, or fined 300,000 yen (about $2,200). It's a significant increase from the existing punishments of detention for fewer than 30 days and a fine of up to 10,000 yen ($75). The bill proved controversial in the country, with opponents arguing it could impede free speech and criticism of those in power. However, supporters said the tougher legislation was needed to crack down on cyberbullying and online harassment. It was only passed after a provision was added, ordering the law be re-examined three years after it goes into effect to gauge its impact on freedom of expression.

Under Japan's penal code, insults are defined as publicly demeaning someone's social standing without referring to specific facts about them or a specific action, according to a spokesperson from the Ministry of Justice. The crime is different to defamation, defined as publicly demeaning someone while pointing to specific facts. Both are punishable under the law.

"Paige Thompson worked as a software engineer in Seattle and ran an online community for other programmers," remembers the New York Times. [Alternate URL here and here.]

"In 2019, she downloaded personal information belonging to more than 100 million Capital One customers, the Justice Department said..." It included 140,000 Social Security numbers and 80,000 bank account numbers (drawn from applications for credit cards). Nearly three years after the disclosure of one of the largest data breaches in the United States, the former Amazon employee accused of stealing customers' personal information from Capital One is standing trial in a case that will test the power of a U.S. anti-hacking law.... She faces 10 counts of computer fraud, wire fraud and identity theft in a federal trial that began Tuesday in Seattle.... Thompson, 36, is accused of violating an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. Thompson has pleaded not guilty, and her lawyers say her actions — scanning for online vulnerabilities and exploring what they exposed — were those of a "novice white-hat hacker."

Critics of the computer fraud law have argued that it is too broad and allows for prosecutions against people who discover vulnerabilities in online systems or break digital agreements in benign ways, such as using a pseudonym on a social media site that requires users to go by their real names. In recent years, courts have begun to agree. The Supreme Court narrowed the scope of the law last year, ruling that it could not be used to prosecute people who had legitimate access to data but exploited their access improperly. And in April, a federal appeals court ruled that automated data collection from websites, known as web scraping, did not violate the law. Last month, the Justice Department told prosecutors that they should no longer use the law to pursue hackers who engaged in "good-faith security research."

Thompson's trial will raise questions about how far security researchers can go in their pursuit of cybersecurity flaws before their actions break the law. Prosecutors said Thompson had planned to use the information she gathered for identity theft and had taken advantage of her access to corporate servers in a scheme to mine cryptocurrency... The Justice Department has argued that Thompson had no interest in helping Capital One plug the holes in its security and that she cannot be considered a "white hat" hacker. Instead, she chatted with friends online about how she might be able to profit from the breach, according to legal filings.... Some security researchers said Thompson had ventured too far into Capital One's systems to be considered a white-hat hacker.... "Legitimate people will push a door open if it looks ajar," said Chester Wisniewski, a principal research scientist at Sophos, a cybersecurity firm.... But downloading thousands of files and setting up a cryptocurrency mining operation were "intentionally malicious actions that do not happen in the course of testing security," Wisniewski said....

"Thompson scanned tens of millions of AWS customers looking for vulnerabilities," Brown wrote in a legal filing.
The article notes that Capitol One ultimately agreed to pay $80 million in 2020 "to settle claims from federal bank regulators that it lacked the security protocols needed to protect customers' data" and another $190 million to settle a class-action lawsuit representing people whose data was exposed.

IRA Financial Trust, a platform that lets users save for retirement in alternative assets like cryptocurrency, is suing the Gemini cryptocurrency exchange over an alleged failure to protect its customers from a heist that resulted in the theft of $36 million in crypto. The financial platform partners with Gemini, owned by the Winklevoss twins, Cameron and Tyler, to allow customers to trade and store cryptocurrency. From a report: In February, IRA was the victim of a major attack that drained the millions in funds customers had stored with Gemini. The company was reportedly swatted, the act of calling the police to report a fake crime at someone's location, when the cyberattack occurred. Police showed up at IRA's South Dakota headquarters after false reports of a robbery, while bad actors made off with millions in crypto. At the time, a source close to Gemini told CoinDesk it wasn't hacked and that it makes various security controls available to its partners. "Gemini knew about the risks attendant to crypto assets," IRA's complaint states. "In fact, it built its public image around purportedly mitigating those risks. But like so much else in the world of crypto, Gemini's image is just that: an image. In reality, Gemini brushes security aside when there is a chance to earn more revenue."

Nintendo described the sentencing of a hacker earlier this year as a "unique opportunity" to send a message to all gamers about video game piracy. Axios reports: A newly released transcript of the Feb. 10 sentencing of Gary Bowser provides rare insight, directly from Nintendo, about the company's grievances. Bowser, a Canadian national, pled guilty last year to U.S. government cybercrime charges over his role as a top member of Team Xecuter. The group sold tech that circumvented copyright protections and enabled the Nintendo Switch and other systems to play pirated games. Authorities estimated the piracy cost Nintendo upward of $65 million over nearly a decade and even compelled the company to spend resources releasing a more secure model of the Switch.

"This is a very significant moment for us," Nintendo lawyer Ajay Singh told the court at the time, as he laid out the company's case against piracy and awaited the sentencing. "It's the purchase of video games that sustains Nintendo and the Nintendo ecosystem, and it is the games that make the people smile," Singh said. "It's for that reason that we do all we can to prevent games on Nintendo systems from being stolen." He noted Nintendo's losses from Team Xecuter's piracy and sounded a note of sympathy for smaller non-Nintendo game makers whose works are also pirated. And he wove in a complaint about cheating, which he said Team Xecuter's hacks enabled. Cheating could scare off honest players and upset families: "Parents should not be forced to explain to their children why people cheat and why sometimes games are not fair, just because one person wants an unfair advantage."

At the hearing, U.S. District Judge Robert Lasnik noted that TV and movies glorify hackers as "sticking it to the man," suggesting that "big companies are reaping tremendous profits and it's good for the little guy to have this." "What do you think?" Lasnik asked Nintendo's lawyer at one point. "What else can we do to convince people that there's no glory in this hacking/piracy?" "There would be a large benefit to further education of the public," Singh replied. In brief remarks directly to Lasnik, Bowser said longer prison time wouldn't scare off hackers. "There's so much money to be made from piracy that it's insignificant," he said.

Denmark-based Poul-Henning Kamp describes himself as the "author of a lot of FreeBSD, most of Varnish and tons of other Open Source Software." And he shares this message in June's Communications of the ACM.

"The software industry is still the problem." If any science fiction author, famous or obscure, had submitted a story where the plot was "modern IT is a bunch of crap that organized crime exploits for extortion," it would have gotten nowhere, because (A) that is just not credible, and (B) yawn!

And yet, here we are.... As I write this, 200-plus corporations, including many retail chains, have inoperative IT because extortionists found a hole in some niche, third-party software product most of us have never heard of.
But he's also proposing a solution. In Denmark, 129 jobs are regulated by law. There are good and obvious reasons why it is illegal for any random Ken, Brian, or Dennis to install toilets or natural-gas furnaces, perform brain surgery, or certify a building is strong enough to be left outside during winter. It may be less obvious why the state cares who runs pet shops, inseminates cattle, or performs zoological taxidermy, but if you read the applicable laws, you will learn that animal welfare and protection of endangered species have many and obscure corner cases.

Notably absent, as in totally absent, on that list are any and all jobs related to IT; IT architecture, computers, computer networks, computer security, or protection of privacy in computer systems. People who have been legally barred and delicensed from every other possible trade — be it for incompetence, fraud, or both — are entirely free to enter the IT profession and become responsible for the IT architecture or cybersecurity of the IT system that controls nearly half the hydrocarbons to the Eastern Seaboard of the U.S....

With respect to gas, water, electricity, sewers, or building stability, the regulations do not care if a company is hundreds of years old or just started this morning, the rules are always the same: Stuff should just work, and only people who are licensed — because they know how to — are allowed to make it work, and they can be sued if they fail to do so.

The time is way overdue for IT engineers to be subject to professional liability, like almost every other engineering profession. Before you tell me that is impossible, please study how the very same thing happened with electricity, planes, cranes, trains, ships, automobiles, lifts, food processing, buildings, and, for that matter, driving a car.

As with software product liability, the astute reader is apt to exclaim, "This will be the end of IT as we know it!" Again, my considered response is, "Yes, please, that is precisely my point!"

"Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers," reports CSO Online. (They describe the ESXi servers as "a bare-metal hypervisor for creating and running several virtual machines that share the same hard drive storage.") Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs — such as LockBit, Hive and RansomEXX — that have found ESXi an efficient way to infect many computers at once with malicious payloads.

Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server — the VMware server — and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."

"Most VM shops use some sort of VM backup product to back up all guest servers, so finding and deleting or corrupting one backup repository kills the backup image for all the hosted guest servers all at once," Grimes adds....

The gang behind Cheerscrypt uses a "double extortion" technique to extract money from its targets, the researchers explain. "Security Alert!!!" the attackers' ransom message declares. "We hacked your company successfully. All files have been stolen and encrypted by us. If you want to restore your files or avoid file leaks, please contact us."

"Russia is advancing a new law allowing it to take control of the local businesses of western companies that decide to leave in the wake of Moscow's invasion of Ukraine," reports Reuters, "raising the stakes for multinationals trying to exit." The law, which could be in place within weeks, will give Russia sweeping powers to intervene where there is a threat to local jobs or industry, making it more difficult for western companies to disentangle themselves quickly unless they are prepared to take a big financial hit. The law to seize the property of foreign investors follows an exodus of western companies, such as Starbucks, McDonald's and brewer AB InBev, and increases pressure on those still there.

It comes as the Russian economy, increasingly cut-off due to western sanctions, plunges into recession amid double-digit inflation.... The bill paves the way for Russia to appoint administrators over companies owned by foreigners in "unfriendly" countries, who want to quit Russia as the conflict with Ukraine drags down its economy. Moscow typically refers to countries as "unfriendly" if they have imposed economic sanctions on Russia, meaning any firms in the European Union or United States are at risk.

The European Commission proposed toughening its own stance on Wednesday to make breaking EU sanctions against Russia a crime, allowing EU governments to confiscate assets of companies and individuals that evade restrictions against Moscow.
Thanks to long-time Slashdot reader schwit1 for submitting the story.

An anonymous reader quotes a report from Reuters: Clearview AI is expanding sales of its facial recognition software to companies from mainly serving the police, it told Reuters, inviting scrutiny on how the startup capitalizes on billions of photos it scrapes from social media profiles. [...] Clearview primarily helps police identify people through social media images, but that business is under threat due to regulatory investigations. The settlement with the American Civil Liberties Union bans Clearview from providing the social-media capability to corporate clients.

Instead of online photo comparisons, the new private-sector offering [called "Clearview Consent"] matches people to ID photos and other data that clients collect with subjects' permission. It is meant to verify identities for access to physical or digital spaces. Vaale, a Colombian app-based lending startup, said it was adopting Clearview to match selfies to user-uploaded ID photos. [...] Clearview AI CEO Hoan Ton-That said a U.S. company selling visitor management systems to schools had signed up as well. He said a customer's photo database is stored as long as they wish and not shared with others, nor used to train Clearview's AI. But the face-matching that Clearview is selling to companies was trained on social media photos. It said the diverse collection of public images reduces racial bias and other weaknesses that affect rival systems constrained by smaller datasets. The company outlined their path forward in a press release Wednesday.

"Today, FRT is used to unlock your phone, verify your identity, board an airplane, access a building, and even for payment," Clearview AI CEO Hoan Ton-That said in a statement. "Now, we are offering companies who use facial recognition as part of a consent-based workflow access to Clearview AI's superior, industry-leading FRT algorithm, bringing an increased level of security and protection to the marketplace."

He added: "Using facial recognition as a preventative measure means fewer crimes and fewer victims. Ultimately, Clearview Consent is all about making everyday consumers feel more secure in a world that is rife with crime and fraud."

An anonymous reader quotes a report from The Guardian: Dutch police have received dozens of leads after using deepfake technology to virtually bring to life a teenager almost two decades after his murder. Sedar Soares was shot dead in 2003 while throwing snowballs with friends in the parking lot of a Rotterdam metro station. The 13-year-old's murder baffled police for years. Now, with the permission of Sedar's family, they have made a video in which the teen asks the public to help solve the cold-case crime.

In what Dutch police believe could be a world first, an eerily lifelike image of Sedar appears in the video as he greets the camera and picks up a football. Accompanied by stirring music, he walks through a guard of honor on the field, comprising his relatives, former teachers and friends. "Somebody must know who murdered my darling brother. That's why he has been brought back to life for this film," a voice says, before Sedar stops and drops his ball. "Do you know more? Then speak," Sedar and his relatives and friends say, before his image disappears from the field and the video gives the police contact details. Dutch police have posted the deepfake video on YouTube. You can also watch the making of the video in the documentary "Speak! Now!"

This week New York's attorney general announced they're officially "launching investigations into the social media companies that the Buffalo shooter used to plan, promote, and stream his terror attack." Slashdot reader echo123 points out that Discord confirmed that roughly 30 minutes before the attack a "small group" was invited to join the shooter's server. "None of the people he invited to review his writings appeared to have alerted law enforcement," reports the New York Times., "and the massacre played out much as envisioned."

But meanwhile, another Times article tells a tangentially-related story from 2019 about what ultimately happened to "a partial recording of a livestream by a gunman while he murdered 51 people that day at two mosques in Christchurch, New Zealand." For more than three years, the video has remained undisturbed on Facebook, cropped to a square and slowed down in parts. About three-quarters of the way through the video, text pops up urging the audience to "Share THIS...." Online writings apparently connected to the 18-year-old man accused of killing 10 people at a Buffalo, New York, grocery store Saturday said that he drew inspiration for a livestreamed attack from the Christchurch shooting. The clip on Facebook — one of dozens that are online, even after years of work to remove them — may have been part of the reason that the Christchurch gunman's tactics were so easy to emulate.

In a search spanning 24 hours this week, The New York Times identified more than 50 clips and online links with the Christchurch gunman's 2019 footage. They were on at least nine platforms and websites, including Reddit, Twitter, Telegram, 4chan and the video site Rumble, according to the Times' review. Three of the videos had been uploaded to Facebook as far back as the day of the killings, according to the Tech Transparency Project, an industry watchdog group, while others were posted as recently as this week. The clips and links were not difficult to find, even though Facebook, Twitter and other platforms pledged in 2019 to eradicate the footage, pushed partly by public outrage over the incident and by world governments. In the aftermath, tech companies and governments banded together, forming coalitions to crack down on terrorist and violent extremist content online. Yet even as Facebook expunged 4.5 million pieces of content related to the Christchurch attack within six months of the killings, what the Times found this week shows that a mass killer's video has an enduring — and potentially everlasting — afterlife on the internet.

"It is clear some progress has been made since Christchurch, but we also live in a kind of world where these videos will never be scrubbed completely from the internet," said Brian Fishman, a former director of counterterrorism at Facebook who helped lead the effort to identify and remove the Christchurch videos from the site in 2019....

Facebook, which is owned by Meta, said that for every 10,000 views of content on the platform, only an estimated five were of terrorism-related material. Rumble and Reddit said the Christchurch videos violated their rules and they were continuing to remove them. Twitter, 4chan and Telegram did not respond to requests for comment
For what it's worth, this week CNN also republished an email they'd received in 2016 from 4chan's current owner, Hiroyuki Nishimura. The gist of the email? "If I liked censorship, I would have already done that."

But Slashdot reader Bruce66423 also shares an interesting observation from The Guardian's senior tech reporter about the major tech platforms. "According to Hany Farid, a professor of computer science at UC Berkeley, there is a tech solution to this uniquely tech problem. Tech companies just aren't financially motivated to invest resources into developing it." Farid's work includes research into robust hashing, a tool that creates a fingerprint for videos that allows platforms to find them and their copies as soon as they are uploaded...

Farid: It's not as hard a problem as the technology sector will have you believe... The core technology to stop redistribution is called "hashing" or "robust hashing" or "perceptual hashing". The basic idea is quite simple: you have a piece of content that is not allowed on your service either because it violated terms of service, it's illegal or for whatever reason, you reach into that content, and extract a digital signature, or a hash as it's called.... That's actually pretty easy to do. We've been able to do this for a long time. The second part is that the signature should be stable even if the content is being modified, when somebody changes say the size or the color or adds text. The last thing is you should be able to extract and compare signatures very quickly.

So if we had a technology that satisfied all of those criteria, Twitch would say, we've identified a terror attack that's being live-streamed. We're going to grab that video. We're going to extract the hash and we are going to share it with the industry. And then every time a video is uploaded with the hash, the signature is compared against this database, which is being updated almost instantaneously. And then you stop the redistribution.

It's a problem of collaboration across the industry and it's a problem of the underlying technology. And if this was the first time it happened, I'd understand. But this is not, this is not the 10th time. It's not the 20th time. I want to emphasize: no technology's going to be perfect. It's battling an inherently adversarial system. But this is not a few things slipping through the cracks.... This is a complete catastrophic failure to contain this material. And in my opinion, as it was with New Zealand and as it was the one before then, it is inexcusable from a technological standpoint.
"These are now trillion-dollar companies we are talking about collectively," Farid points out later. "How is it that their hashing technology is so bad?

Last week America's Justice Department "launched its first criminal prosecution involving the alleged use of cryptocurrency to evade U.S. economic sanctions," reports the Washington Post. They cite a nine-page opinion from a federal judge approving the government's criminal complaint against an American "accused of transmitting more than $10 million worth of bitcoin to a virtual currency exchange in one of a handful of countries comprehensively sanctioned by the U.S. government: Cuba, Iran, North Korea, Syria or Russia.

"In the ruling, the judge called cryptocurrency's reputation for providing anonymity to users a myth." He added that while some legal experts argue that virtual moneys such as bitcoin, ethereum or Tether are not subject to U.S. sanctions laws because they are created and move outside the traditional financial system, recent action taken by the Treasury Department's Office of Foreign Assets Control [OFAC] require federal courts to find otherwise.

"Issue One: virtual currency is untraceable? WRONG ... Issue Two: sanctions do not apply to virtual currency? WRONG," Faruqui wrote...

"The Department of Justice can and will criminally prosecute individuals and entities for failure to comply with OFAC's regulations, including as to virtual currency," Faruqui said. In the opinion, Faruqui wrote that he adopted guidance issued in October by OFAC, which stated that sanctions regulations apply equally to transactions involving virtual currencies as those involving the U.S. dollar or other traditional fiat currencies.

Ari Redbord, who served in 2019 and 2020 as a senior adviser to the Treasury Department's undersecretary for terrorism and financial intelligence, called the case the first U.S. criminal prosecution targeting solely the use of cryptocurrency in a sanctions case. He said the ruling made clear such conduct is traceable and "immutable — in other words, transactions using cryptocurrency are forever.... What we are seeing is that the Department of Justice is going to actively go after actors that attempt to use cryptocurrency, but also that it is hard to use cryptocurrency to evade sanctions," Redbord said. "It shows, in many respects, cryptocurrency is not a good tool for sanctions evasion or money laundering."
In this case, The Register reports, "An unnamed American citizen allegedly used a US-based IP address to run an online payments platform" in a sanctioned country. The service advertised itself as being "designed to evade US sanctions" and claimed its transactions were untraceable, it was alleged. We're told the defendant bought and sold Bitcoin using a US-based online currency exchange using fiat currency from a US bank account.
The Post argues that this prosecution represents "a new U.S. criminal sanctions enforcement push targeting cryptocurrency transactions at a time of rising concern over the extent to which illicit actors can use or are using such methods to launder money or do business with countries the United States has cut off from the dollar..."

The Department of Justice announced today a policy shift in that it will no longer prosecute good-faith security research that would have violated the country's federal hacking law the Computer Fraud and Abuse Act (CFAA). Motherboard: The move is significant in that the CFAA has often posed a threat to security researchers who may probe or hack systems in an effort to identify vulnerabilities so they can be fixed. The revision of the policy means that such research should not face charges.

"Computer security research is a key driver of improved cybersecurity," Deputy Attorney General Lisa O. Monaco said in a statement published with the announcement. "The department has never been interested in prosecuting good-faith computer security research as a crime, and today's announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good." The policy itself reads that "the Department's goals for CFAA enforcement are to promote privacy and cybersecurity by upholding the legal right of individuals, network owners, operators, and other persons to ensure the confidentiality, integrity, and availability of information stored in their information systems."