An anonymous reader quotes a report from Motherboard: Last year, T-Mobile confirmed it was breached after hackers offered to sell the personal data of 30 million of its customers for 6 bitcoin worth around $270,000 at the time. According to court documents unsealed today and reviewed by Motherboard, a third-party hired by T-Mobile tried to pay the hackers for exclusive access to that data and limit it from leaking more widely. The plan ultimately failed, and the criminals continued to sell the data despite the third-party giving them a total of $200,000. But the news unearths some of the controversial tactics that might be used by companies as they respond to data breaches, either to mitigate the leak of stolen information or in an attempt to identify who has breached their networks.

On Tuesday, the Department of Justice unsealed an indictment against Diogo Santos Coelho, who it alleges is the administrator of a popular hacking site called RaidForums. Law enforcement also uploaded a banner to the RaidForums site announcing they had taken over its domain. Coelho was arrested in the United Kingdom in March. Included in the affidavit in support of request for his extradition to the United States is a section describing a particular set of data that was advertised on RaidForums in August. [...] The document does not name the victim company, instead referring to it as Company 3, but says another post confirmed that the data belonging to "a major telecommunications company and wireless network operator that provides services in the United States.

The document goes on to say that this company "hired a third-party to purchase exclusive access to the database to prevent it being sold to criminals." An employee of this third-party posed as a potential buyer and used the RaidForums' administrator's middleman service to buy a sample of the data for $50,000 in Bitcoin, the document reads. That employee then purchased the entire database for around $150,000, with the caveat that SubVirt would delete their copy of the data, it adds. The purpose of the deletion would be that this undercover customer would be the only one with a copy of the stolen information, greatly limiting the chance of it leaking out further. That's not what happened. The document says that "it appears the co-conspirators continued to attempt to sell the databases after the third-party's purchase." Company 3, the unnamed telecommunications firm that hired this third-party, was T-Mobile, according to Motherboard's review of the timeline and information included in the court records. The third-party that paid cybercriminals $200,000 may have been Mandiant, though the security company has yet to confirm with Motherboard. In March, Mandiant announced it was being acquired by Google.

The United States has extradited a man it accuses of working for Anom, a company that sold encrypted phones to criminals but which was secretly backdoored by the FBI to spy on the communications of organized crime around the globe. Aurangzeb Ayub quietly arrived in the U.S. last month, according to court records reviewed by Motherboard. From the report: Ayub is the first of 17 alleged Anom workers to be extradited since Motherboard reported on the operation, known as Trojan Shield, and the FBI and its law enforcement partners held press conferences on its success in June. While authorities have arrested and prosecuted users of the Anom devices, Ayub's extradition is some judicial movement regarding those who allegedly sold phones for Anom, some of whom the U.S. Department of Justice has also charged. "Ayub is charged with 16 other co-defendants; he is the first defendant to appear on the Indictment and was extradited from the Netherlands to the United States," a court document filed on Tuesday reads. He first appeared in the Southern District of California on March 21, the document adds.

The Department of Justice and Ayub's defense team have already discussed the production of discovery, which includes all of Ayub's communications on the Anom platform, according to court records. That material contains around 3,500 communications and about 14GB of data, the court records add. By last Friday, the government was expected to turn over these messages to Ayub's defense team, the document reads. The court record adds that the Department of Justice anticipates that it will turn over more material in May, which will contain recorded conversations between an FBI confidential human source (CHS) and Ayub, a technical report about the Anom platform, and other reports. [...] Ayub is charged under RICO, a law traditionally used to prosecute mob bosses. Since 2018 when the FBI started shutting down encrypted phone companies initially with Phantom Secure, the Department of Justice has leveled similar charges against the administrators and sellers for such companies.

Chainalysis is a software for tracing cryptocurrency, "to turn the digital underworld's preferred means of exchange into its Achilles' heel," writes Wired.

This week they describe what happened when that company's co-founder discovered that for two yeras, hundreds of users of a child pornography-trading site — and its administrators — "had done almost nothing to obscure their cryptocurrency trails..." and "seemed to be wholly unprepared for the modern state of financial forensics on the blockchain." Over the previous few years, [Internal Revenue Service criminal investigator Chris] Janczewski, his partner Tigran Gambaryan, and a small group of investigators at a growing roster of three-letter American agencies had used this newfound technique, tracing a cryptocurrency that once seemed untraceable, to crack one criminal case after another on an unprecedented, epic scale. But those methods had never led them to a case quite like this one, in which the fate of so many people, victims and perpetrators alike, seemed to hang on the findings of this novel form of forensics.... Janczewski thought again of the investigative method that had brought them there like a digital divining rod, revealing a hidden layer of illicit connections underlying the visible world....

When Bitcoin first appeared in 2008, one fundamental promise of the cryptocurrency was that it revealed only which coins reside at which Bitcoin addresses — long, unique strings of letters and numbers — without any identifying information about those coins' owners. This layer of obfuscation created the impression among many early adherents that Bitcoin might be the fully anonymous internet cash long awaited by libertarian cypherpunks and crypto-anarchists: a new financial netherworld where digital briefcases full of unmarked bills could change hands across the globe in an instant. Satoshi Nakamoto, the mysterious inventor of Bitcoin, had gone so far as to write that "participants can be anonymous" in an early email describing the cryptocurrency. And thousands of users of dark-web black markets like Silk Road had embraced Bitcoin as their central payment mechanism.

But the counterintuitive truth about Bitcoin, the one upon which Chainalysis had built its business, was this: Every Bitcoin payment is captured in its blockchain, a permanent, unchangeable, and entirely public record of every transaction in the Bitcoin network. The blockchain ensures that coins can't be forged or spent more than once. But it does so by making everyone in the Bitcoin economy a witness to every transaction. Every criminal payment is, in some sense, a smoking gun in broad daylight. Within a few years of Bitcoin's arrival, academic security researchers — and then companies like Chainalysis — began to tear gaping holes in the masks separating Bitcoin users' addresses and their real-world identities.
The article describes some investigative techniques — like pressuring exchanges for identities, tying a transaction to a known identity, or even performing an undercover transaction themselves. "Thanks to tricks like these, Bitcoin had turned out to be practically the opposite of untraceable: a kind of honeypot for crypto criminals that had, for years, dutifully and unerasably recorded evidence of their dirty deals.

"By 2017, agencies like the FBI, the Drug Enforcement Agency, and the IRS's Criminal Investigation division had traced Bitcoin transactions to carry out one investigative coup after another, very often with the help of Chainalysis.

"The cases had started small and then gained a furious momentum...."

Thanks to long-time Slashdot reader Z00L00K for sharing the article.

The International Monetary Fund "has indicated it will not give El Salvador a much-needed loan unless it drops bitcoin" as one of the country's legal tenders, reports the Los Angeles Times. And meanwhile the "bitcoin bond" proposed by El Salvador has been "delayed indefinitely."

But the government has taken other actions:
After a dramatic spike in killings here over a single weekend last month, Salvadoran President Nayib Bukele's reaction was swift — and extreme. He sent soldiers into poor neighborhoods to round up thousands of people who he claimed were gang members, then paraded them in front of news cameras in their underwear and handcuffs.

He tweeted pictures of detainees who had been bruised and bloodied by security forces, suggesting they "maybe fell" or "were eating fries with ketchup." And he started feeding the nation's prisoners two meals a day instead of three, warning that if violence continued, "I swear to God that they won't eat a single grain of rice."

It is a distinct look for Bukele, who has been focused in recent months on presenting himself to the world as a modern tech innovator on a quest to turn El Salvador into a cryptocurrency paradise. Not only is Bukele now embracing the mano duro techniques of past Latin American leaders, he is going much further, using the homicide spree — which left 87 people dead in three days — as a pretext for suspending civil liberties and attacking the press.

In recent days, Bukele and his loyalists in the Legislative Assembly ordered a state of emergency that restricts freedom of association, suspends the norm that detainees be informed of their rights at the moment of arrest and denies prisoners access to lawyers....

That Bukele would use the spate of homicides as a pretext to further consolidate power is no surprise to many of his critics, who believe he may be preparing to stay in office past 2024, when he is supposed to step down, even though El Salvador's constitution bans consecutive presidential terms.

But they also say that there may be another motive for his new tough-on-crime stance: diverting attention from the deepening failure of his cryptocurrency experiment.

Thieves netting massive sums in cybercrime have limited options for laundering the funds. From a report: Many eyes in the crypto world are on a 42-character address on the Ethereum blockchain, which has unclear ownership and is currently home to the equivalent of about $600 million. Hackers stole the funds from players of online game "Axie Infinity" in a March 23 heist uncovered last week. The criminals have moved millions of dollars of assets in recent days, according to blockchain-monitoring tools, but the majority of funds remain in place, leaving victims and outside observers awaiting next moves. Crypto's transparency has turned money laundering into a perverse spectator sport. Transaction records on public blockchains give authorities a bird's-eye view of stolen funds equivalent to tens or hundreds of millions of dollars, often pilfered by targeting poorly secured software bridges that transfer assets between blockchains. The openness leaves successful cyber thieves facing a key question: How do you launder a nine-figure score?

"When there's a hack like that, everyone is watching the wallets," said Kimberly Grauer, director of research at Chainalysis, a blockchain-analytics firm. "So you better damn well know what you're going to do." The fate of the money stolen from "Axie Infinity" users, one of the largest such thefts, has become a topic of speculation. On Etherscan, a monitoring platform where users can see transactions to and from the address in question, commenters claiming to be victims, broke college students or Ukrainian refugees have posted messages asking the hackers to spread their newfound wealth. [...] Last week, blockchain analysts and amateur digital sleuths watched as ether worth about $20 million moved to crypto exchanges based in the Bahamas and Seychelles. On Monday, an additional $12 million of assets flowed into a mixer, which blends different cryptocurrencies to help obscure their sources. Mixers can have their own security compromises and are dependent on having enough crypto on hand to exchange illicit deposits for cleaner funds, said Mitchell Amador, chief executive of Immunefi, a bug-bounty platform focused on decentralized systems.

An anonymous reader quotes a report from Reuters: The European Union's top court ruled on Tuesday that national authorities cannot retain phone data in a "general and indiscriminate" manner, but could use specific information to tackle some very serious crime. The court ruled on a case brought by the Supreme Court in Ireland where a man sentenced in 2015 to life imprisonment for murder appealed, saying the court of first instance had wrongly admitted traffic and location data of telephone calls as evidence.

The Luxembourg-based Court of Justice of the EU (ECJ) on Tuesday said it was up to a national court there to decide whether the evidence was allowed. But it also said the bloc's members cannot have laws in place that would allow crime prevention through the "general and indiscriminate" retention of such data. Some circumstances, such as particularly serious crime regarded as a threat to national security, could justify data retention but only in a narrower scope or for a limited time.

German authorities shut down the server infrastructure for the Russian darknet marketplace Hydra, seizing ~$25.2 million worth of Bitcoin in the process, Germany's Federal Crime Police Office (BKA) announced on Tuesday. From a report: Hydra is a large marketplace on the dark web that serves as a hub for drugs, stolen credit card information, counterfeit bills, fake documents, and other illegal goods or services. The market primarily caters to criminals in Russia and surrounding nations. "Treasuremen," or dealers connected with the site, push drugs throughout the region by hiding them in geo-tagged pickup locations. With the shutdown of the German-based server, authorities are now launching an investigation into the "unknown operators and administrators" of Hydra, whom they suspect of selling narcotics and engaging in money laundering. German authorities say they have been investigating the marketplace with the help of the US since August 2021. The BKA told The Verge that no arrests have been made as of yet.

While Nokia stopped sales in Russia and denounced the invasion of Ukraine, the New York Times reported Monday that Nokia had previously "worked with state-linked Russian companies to plan, streamline and troubleshoot" the connection between a Russian telecom and the government's powerful SORM digital surveillance tool. But Nokia says the claims are "misleading," reports ITWire.

Slashdot reader juul_advocate shares ITWire's report, which labels the Times' story "a rehashing of a story published by the American tech website TechCrunch back in 2019."

A Nokia spokesperson said, in a detailed rebuttal, that the Times had confirmed that the documents used as source material for the story were the same as those used by TechCrunch....

The Russian lawful intercept system is known as System for Operative Investigative Activities, or SORM. Nokia said the Times had suggested that its networks play an active part in enabling equipment used for SORM. "This is incorrect. Like any other network infrastructure supplier, Nokia is required to ensure that the networking products we sell have passive capability to interface with lawful intercept equipment of law enforcement agencies," the company said.

"This is governed by internationally recognised standards, as well as local regulations. All Nokia deals go through a strict human rights due diligence process that has been externally assessed and vetted by the Global Network Initiative. We are the first and only telecommunications equipment vendor to have this external assessment in place...."

[I]t is a third party which converts the standards-based interface in Nokia's products to fit with the legal intercept requirements — a fact which is also reflected in the 2019 documents." The Finnish company, one of four that is able to supply end-to-end 5G networks, added: "As Nokia has made clear to The New York Times, Nokia does not manufacture, install or service SORM equipment or systems. Any suggestions that we do, are incorrect.

"Lawful intercept is a standard capability that exists in every network in almost every nation. It provides properly authorised law enforcement agencies with the ability to track and view certain data and communications passing through an operator's network for purposes of combatting crime."
In short, Nokia's rebuttal argues, "The information that was already published by TechCrunch in 2019 does not show anything more than Nokia's product interfaces meeting the standards-based, legal requirements related to lawful intercept."

In March of 2021 the Krebs on Security blog reported that Ubiquiti, "a major vendor of cloud-enabled Internet of Things devices," had disclosed a breach exposing customer account credentials. But Krebs added that a company source "alleges" that Ubiquiti was downplaying the severity of the incident — which is not true, says Ubiquiti.

Krebs' original post now includes an update — putting the word "breach" in quotation marks, and noting that actually a former Ubiquiti developer had been indicted for the incident...and also for trying to extort the company. It was that extortionist, Ubiquiti says, who'd "alleged" they were downplaying the incident (which the extortionist had actually caused themselves).

Ubiquiti is now suing Krebs, "alleging that he falsely accused the company of 'covering up' a cyberattack," ITWire reports: In its complaint, Ubiquiti said contrary to what Krebs had reported, the company had promptly notified its clients about the attack and instructed them to take additional security precautions to protect their information. "Ubiquiti then notified the public in the next filing it made with the SEC. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his website, www.KrebsOnSecurity.com," the complaint alleged.

It said there was no evidence to support Krebs' claims and only one source, [the indicted former employee] Nickolas Sharp....

According to the indictment issued by the Department of Justice against Sharp in December 2021, after publication of the articles in question on 30 and 31 March, Ubiquiti's stock price fell by about 20% and the company lost more than US$4 billion (A$5.32 billion) in market capitalisation.... The complaint alleged Krebs had intentionally misrepresented the truth because he had a financial incentive to do so, adding, "His entire business model is premised on publishing stories that conform to this narrative...."

"Through its investigation, Ubiquiti learned that Sharp had used his administrative access codes (which Ubiquiti provided to him as part of his employment) to download gigabytes of data. Sharp used a Virtual Private Network (VPN) to mask his online activity, and he also altered log retention policies and related files to conceal his wrongful actions," the complaint alleged. "Ubiquiti shared this information with federal authorities and the company assisted the FBI's investigation into Sharp's blackmail attempt. The federal investigation culminated with the FBI executing a search warrant on Sharp's home on 24 March 2021." The complaint then went into detail about how Sharp contacted Krebs and how the story came to be published.

Krebs was accused of two counts of defamation, with Ubiquiti seeking a jury trial and asking for a judgment against him that awarded compensatory damages of more than US$75,000, punitive damages of US$350,000, all expenses and costs including lawyers' fees and any further relief deemed appropriate by the court.
Krebs' follow-up post in December had included more details: Investigators say they were able to tie the downloads to Sharp and his work-issued laptop because his Internet connection briefly failed on several occasions while he was downloading the Ubiquiti data. Those outages were enough to prevent Sharp's Surfshark VPN connection from functioning properly — thus exposing his Internet address as the source of the downloads...

Several days after the FBI executed its search warrant, Sharp "caused false or misleading news stories to be published about the incident," prosecutors say. Among the claims made in those news stories was that Ubiquiti had neglected to keep access logs that would allow the company to understand the full scope of the intrusion. In reality, the indictment alleges, Sharp had shortened to one day the amount of time Ubiquiti's systems kept certain logs of user activity in AWS.
Thanks to Slashdot reader juul_advocate for sharing the story...

A Twitter user from the UK named Joseph Kelly has been sentenced to 150 hours of community service for posting a "grossly offensive" tweet about Captain Sir Tom Moore, a British Army officer who raised money for the NHS during the pandemic. The Verge reports: Moore became a national figure in the UK after walking 100 laps around his garden before his 100th birthday. He was later knighted by the Queen. The day after his death, Kelly, 36, tweeted "the only good Brit soldier is a deed one, burn auld fella buuuuurn." Kelly was found guilty in February last year and faced possible jail time. His case brought attention to an often-criticized piece of UK legislation that allows social media users to be prosecuted for sending "grossly offensive" messages.

As reported by The National, Kelly was sentenced on Wednesday. His defense argued that Kelly had few followers on Twitter at the time; that he had been drinking before writing the post; and that he deleted the tweet just 20 minutes after sending it. "He accepts he was wrong. He did not anticipate what would happen. He took steps almost immediately to delete the tweet but the genie was out of the bottle by then," said Kelly's defence agent Tony Callahan. "His level of criminality was a drunken post, at a time when he was struggling emotionally, which he regretted and almost instantly removed." Kelly was sentenced to 18 months of supervision and 150 hours of unpaid work in the form of a Scottish Community Payback Order (CPO).

Two teenagers from the UK have been charged by police over hacking for a notorious cyber-crime gang. From a report: A 16 and 17-year-old will appear at Highbury Corner Magistrates' Court on Friday. The boys have been charged with multiple cyber-offences and remain in police custody. The teens were arrested as part of an international police investigation into the Lapsus$ gang, which is relatively new but much talked-about. The cyber-crime group successfully breached major firms like Microsoft, and then bragged about it online. Last week, the FBI launched an appeal for information about the people behind the hacking crew. According to Det Insp Michael O'Sullivan, from the City of London Police, both teenagers have been charged with three counts of unauthorised access to a computer with intent to impair the reliability of data, one count of fraud by false representation, and one count of unauthorised access to a computer with intent to hinder access to data.

European Union lawmakers were set on Thursday to back tougher safeguards for transfers of bitcoin and other cryptocurrencies, in the latest sign that regulators are tightening up on the freewheeling sector. From a report: Two committees in the European Parliament have thrashed out cross-party compromises to be voted on. Crypto exchange Coinbase has warned the rules would usher in a surveillance regime that stifles innovation. The $2.1 trillion crypto sector is still subject to patchy regulation across the world. Concerns that bitcoin and its peers could upset financial stability and be used for crime have accelerated work by policymakers to bring the sector to heel. Under the proposal first put forward last year by the EU's executive European Commission, crypto firms such as exchanges would have to obtain, hold, and submit information on those involved in transfers. That would make is easier to identify and report suspicious transactions, freeze digital assets, and discourage high-risk transactions, said Ernest Urtasun, a Spanish Green Party lawmaker helping to steer the measure through the parliament. The Commission had proposed applying the rule to transfers worth 1,000 euros ($1,116) or more, but under the cross-party agreement this 'de minimis' rule has been scrapped -- meaning all transfers would be in scope.

An anonymous reader quotes a report from NPR: A nearly decade-long scheme to steal millions of dollars of computers and iPads from Yale University's School of Medicine is officially over. Former Yale administrator Jamie Petrone, 42, pleaded guilty Monday in federal court in Hartford, Conn., to two counts of wire fraud and a tax offense for her role in the plot. Petrone's ploy started as far back as 2013 and continued well into 2021 while she worked at the university, according to the U.S. Attorney's Office for the District of Connecticut. Until recently, her role was the director of finance and administration for the Department of Emergency Medicine at Yale. As part of this job, Petrone had the authority to make and authorize certain purchases for the department -- as long as the amount was below $10,000.

Starting in 2013, Petrone would order, or have a member of her staff order, computers and other electronics, which totaled to thousands of items over the years, from Yale vendors using the Yale School of Medicine's money. She would then arrange to ship the stolen hardware, whose costs amounted to millions of dollars, to a business in New York, in exchange for money once the electronics were resold. Investigators said Petrone would report on documents to the school that the equipment was for specific needs at the university, like medical studies that ultimately didn't exist. She would break up the fraudulent purchases into orders that were below $10,000 each so that she wouldn't need to get additional approval from school officials. Petrone would ship this equipment out herself to the third-party business that would resell the equipment. It would later pay Petrone by wiring funds into an account of Maziv Entertainment LLC, a company she created.

Petrone used the money to live the high life, buy real estate and travel, federal prosecutors say. She bought luxury cars as well. At the time of her guilty pleas, she was in possession of two Mercedes-Benz vehicles, two Cadillac Escalades, a Dodge Charger and a Range Rover. [...] At the time of her guilty plea, she agreed to forfeit the luxury vehicles as well as three homes in Connecticut. A property she owns in Georgia may also be seized. Petrone has also agreed to forfeit more than $560,000 that was seized from the Maziv Entertainment LLC bank account. Federal prosecutors say the loss to Yale totals approximately $40,504,200.

In 2018 police arrested "the Golden State Killer" — now a 72-year-old man who had committed 13 murders between 1974 and 1986, the New York Times remembers: What made the investigation possible was GEDmatch, a low-frills, online gathering place for people to upload DNA test results from popular direct-to-consumer services such as Ancestry or 23andMe, in hopes of connecting with unknown relatives. The authorities' decision to mine the genealogical enthusiasts' data for investigative leads was shocking at the time, and led the site to warn users. But the practice has continued, and has since been used in hundreds of cases.
But now using similar techniques, a wellness coach born in Mississippi (through a Facebook group called DNA Detectives) has helped over 200 strangers identify their unknown parents, the Times reports.

And she's recently donated more than $100,000 to a genetics lab called Othram — to fund the sequencing of DNA to solve cold cases back in her home state. "These families have waited so long for answers," she told the New York Times, which calls her "part of a growing cohort of amateur DNA detectives..." [Othram] created a site called DNASolves to tell the stories of horrific crimes and tragic John and Jane Does — with catchy names like "Christmas tree lady" and "angel baby" — to encourage people to fund budget-crunched police departments, so that they can hire Othram. A competitor, Parabon NanoLabs, had created a similar site called JusticeDrive, which has raised around $30,000.

In addition to money, Othram encouraged supporters to donate their DNA, a request that some critics called unseemly, saying donors should contribute to databases easily available to all investigators. "Some people are too nervous to put their DNA in a general database," said Mr. Mittelman, who declined to say how large his database is. "Ours is purpose-built for law enforcement."
Another group raising money for genetic investigations are the producers of true-crime podcasts — and their listeners. According to the article, the podcast-producing company Audiochuck has donated roughly $800,000 to organizations doing investigative genealogical research (including Othram), though the majority went to a nonprofit started by the host of the "Crime Junkie" podcast. (And that nonprofit raised another $250,000, some through crowdfunding.)

"Why just listen to a murder podcast when you can help police comb through genealogical databases for the second cousins of suspected killers and their unidentified victims?" the Times asks? So far donors around the country have given at least a million dollars to the cause. They could usher in a world where few crimes go unsolved — but only if society is willing to accept, and fund, DNA dragnets.... A group of well-off friends calling themselves the Vegas Justice League has given Othram $45,000, resulting in the solving of three murder-rape cases in Las Vegas, including those of two teenage girls killed in 1979 and in 1989.... [T]he perpetrators were dead....

Natalie Ram, a law professor at the University of Maryland, expressed concern about "the public picking and choosing between cases," saying investigative priorities could be determined by who can donate the most. Ms. Ram said the "largest share" of cases solved so far with the method "tend to involve white female victims...."

Ms. Ram is also concerned about the constitutional privacy issues raised by the searches, particularly for those people who haven't taken DNA tests or uploaded their results to the public internet. Even if you resolve never to put your DNA on a site accessible to law enforcement authorities, you share DNA with many other people so could still be discoverable. All it takes is your sibling, aunt or even a distant cousin deciding differently.

In 1983 the annual revenue at the electronics chain Crazy Eddie was roughly $134 million (or about $372 million today), remembers The Hustle. The next year they'd sold $44 million just in computers and games — and eventually grew to 43 stores. The company's stock ticker symbol was CRZY.

"There was just one major problem," the article notes. "Crazy Eddie had been lying about its numbers since its inception — and the higher the stock soared the further founder Eddie Antar went to maintain the illusion."

It's a colorful story from the early days of home PC sales. Antar's uncle hid up to $3.5 million in cash in a false ceiling at Antar's father's house, according to The Hustle. "Eddie Antar kept close tabs, usually calling his uncle twice a day to see how much money they were skimming.... The skimming strategy allowed Antar to not only hoard cash but also evade sales taxes. His employees were also paid off the books so Crazy Eddie could avoid payroll taxes." "Money was always in the house," said Debbie Rosen Antar, Antar's first wife, to investigators in the late 1980s. "And if I needed it and I asked him, he would say, 'Go underneath the bed and take what you need....'"

Why would a company built on a family fraud go public? Somebody told Antar he could keep making millions skimming cash, but he could make tens of millions if the company traded on the stock market. Strangely, Crazy Eddie's fraudulent history gave it an advantage. To provide the illusion of quickly increasing profits ahead of the IPO, the Antars simply reduced the amount of cash they were skimming. With millions more on the ledger instead of in the family's pockets, the company's profits looked more impressive.

As a public company, Crazy Eddie then made up for its inability to skim cash by initiating new fraud streams.

- The company embellished its inventories by millions of dollars to appear better-stocked and better positioned for profits.

- The Antar family laundered profits it had previously skimmed — and deposited in foreign bank accounts — back into the company to inflate revenues....

In November 1987, a hostile investment group led by Houston entrepreneur Elias Zinn pounced, purchasing Crazy Eddie. As Antar's cousin later recounted, Antar thought the sale would at least give them an opportunity to pin the fraud on the new owners. But Zinn immediately discovered $45 million of listed inventory was missing. Stores soon closed, and the company went bankrupt in 1989.
Two disgruntled ex-employees then brought fraud allegations to America's stock-regulating agency, the article reports, while the FBI "started sniffing around, too." Crazy Eddie fled the country, using forged passports to escape to Tel Aviv, Zurich, São Paulo, and the Cayman Islands. But he was eventually arrested in Israel, sentenced to 12.5 years in prison, and ordered to repay investors $121 million (though he apparently served only seven).

But Crazy Eddie also became a cultural phenomenon -- sort of. In the 1984 movie Splash, Darryl Hannah's character even watches a Crazy Eddie TV ad. The Hustle's article also includes photos of a Crazy Eddie stock certificate — and an actual "Wanted" poster issued the next year by the U.S. Marshalls office.

Yet just four years before his death in 2016, Antar — a high school dropout — was telling an interviewer from The Record that "I changed the business...."

Former Microsoft Senior Director Yasser Elabd is working with whistleblowing agency Lioness to share information about kickbacks and bribery in the Middle East and North Africa. From a report: In June 2019, former Microsoft Senior Director Yasser Elabd traveled to Washington, D.C., to meet with members of the Securities and Exchange Commission, the Federal Bureau of Investigation and the U.S. Attorney General's office to discuss his allegations that Microsoft was ignoring bribery at subsidiaries in the Middle East and Africa. The meetings lasted nearly the entire day. Federal agents asked Elabd questions for hours. Elabd's attorney told him that it was one of the first times they had witnessed the AG's office send a representative to a whistleblower meeting like his.

But more than a year later, the SEC still hadn't made a decision about Elabd's allegations. The agency kept promising him that the team in charge of his case would make a decision soon about whether they would bring charges against Microsoft. Finally, at the beginning of March 2022, the case agent in charge of Elabd's whistleblowing report told his lawyer that the SEC was closing the case because it didn't have the resources to conduct interviews and find documentation abroad during the coronavirus pandemic. So Elabd decided to try a different route to share what he knows. Today he published an essay on the whistleblowing website Lioness that accuses Microsoft of firing him after two decades with the company because he asked questions about what he saw as bribery within the contracting services Microsoft uses to sell software to government and public bodies in countries in the Middle East and Africa.

An anonymous reader quotes a report from TechCrunch: Police in the United Kingdom have arrested seven people over suspected connections to the Lapsus$ hacking group, which has in recent weeks targeted tech giants including Samsung, Nvidia, Microsoft and Okta. In a statement given to TechCrunch, Detective Inspector Michael O'Sullivan from the City of London Police said: "The City of London Police has been conducting an investigation with its partners into members of a hacking group. Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

News of the arrests comes just hours after a Bloomberg report revealed a teenager based in Oxford, U.K. is suspected of being the mastermind of the now-prolific Lapsus$ hacking group. Four researchers investigating the gang's recent hacks said they believed the 16-year-old, who uses the online moniker "White" or "Breachbase," was a leading figure in Lapsus$, and Bloomberg was able to track down the suspected hacker after his personal information was leaked online by rival hackers. TechCrunch has seen a copy of the the suspected hacker's leaked personal information, which we are not sharing -- but it matches Bloomberg's reporting. City of London Police, which primarily focuses on financial crimes, did not say if the 16-year-old was among those arrested.

At least one member of Lapsus$ was also apparently involved with a recent data breach at Electronic Arts, according to [security reporter Brian Krebs], and another is suspected to be a teenager residing in Brazil. The latter is said to be so capable of hacking that researchers first believed that the activity they were witnessing was automated. Researchers' ability to track the suspected Lapsus$ members may be because the group, which now has more than 45,000 subscribers to its Telegram channel where it frequently recruits insiders and leaks victims' data, does little to cover its tracks. In a blog post this week, Microsoft said the group uses brazen tactics to gain initial access to a target organization, which has included publicly recruiting company insiders. As reported by Bloomberg this week, the group has even gone as far as to join the Zoom calls of companies they've breached and taunted employees trying to clean up their hack.

"A former Apple employee has been charged with defrauding the tech giant out of more than $10 million," reports NBC News, "by taking kickbacks, stealing equipment and laundering money, federal prosecutors said." Dhirendra Prasad, 52, worked for 10 years as a buyer in Apple's Global Service Supply Chain department. A federal criminal case unsealed Friday alleges that he exploited his position to defraud the company in several schemes, including stealing parts and causing the company to pay for items and services it never received.

A court has allowed the federal government to seize five real estate properties and financial accounts worth about $5 million from Prasad, and the government is seeking to keep those assets as proceeds of crime, the U.S. Attorney's office in San Jose said in a news release...

Two owners of vendor companies that did business with Apple have admitted to conspiring with Prasad to commit fraud and launder money, prosecutors said.

Senator Elizabeth Warren and House Representative Mondaire Jones have introduced legislation in their respective congressional chambers that would effectively ban large technology mergers. Engadget reports: The Prohibiting Anticompetitive Mergers Act (PAMA) would make it illegal to pursue "prohibited mergers," including those worth more than $5 billion or which provide market shares beyond 25 percent for employers and 33 percent for sellers. The bills would also give antitrust regulators more power to halt and review mergers. They would have authority to reject mergers outright, without requiring court orders. They would likewise bar mergers from companies with track records of antitrust violations or other instances of "corporate crime" in the past decade. Officials would have to gauge the impact of these acquisition on labor forces, and wouldn't be allowed to negotiate with the companies to secure "remedies" for clearing mergers.

Crucially, PAMA would formalize procedures for reviewing past mergers and breaking up "harmful deals" that allegedly hurt competition. The Federal Trade Commission has signaled a willingness to split up tech giants like Meta despite approving mergers years earlier. PAMA might make it easier to unwind those acquisitions and force brands like Instagram and WhatsApp to operate as separate businesses.

Friday the Verge reported: The Main Directorate for Combating Organized Crime and Corruption of Belarus (GUBOPiK) has detained prominent Wikipedia editor Mark Bernstein, according to the Belarusian publication Zerkalo.

The arrest comes after Bernstein's personal information was shared on GOBUPiK's public Telegram channel. Bernstein is one of the top 50 editors of Russian Wikipedia. The Verge was able to confirm that Bernstein's information — including his social media, Wikipedia handle, and place of work — had been shared in GUBOPik's channel on the messaging app. A video of Bernstein's arrest was also posted alongside his photo and personal details. In the photo itself, Bernstein is accused of "distributing fake anti-Russian information." The channel has since been made private....

In an activity log of Bernstein's purported Wikimedia username, you can see that he's made over 200,000 edits to Russian Wikipedia articles. Currently, his account is described as "blocked indefinitely."
"Earlier in March, Slate reported on the same Wikipedia editor and his efforts to ensure the correct information hits pages about the invasion," adds The Byte.

On Saturday the human rights site Charter 97 reported that Bernstein was given 15 days of arrest, "according to the Viasna human rights center."