"The third time my 1999 Honda Civic was stolen, I had a plan," writes Washington Post technology reporter Heather Kelly. Specifically, it was a tile tracker hidden in the car, "quietly transmitting its approximate location over Bluetooth." Later that day, I was across town hiding down the block from my own car as police detained the surprised driver. When the Tile app pinged me with a last known location, I showed up expecting the car to be abandoned. I quickly realized it was still in use, with one person looking through the trunk and another napping in the passenger seat, so I called the police...

In April of this year, one month after my car was stolen, Apple released the $29 AirTag, bringing an even more effective Bluetooth tracking technology to a much wider audience. Similar products from Samsung and smaller brands such as Chipolo are testing the limits of how far people will go to get back their stolen property and what they consider justice. "The technology has unintended consequences. It basically gives the owner the ability to become a mini surveillance operation," said Andrew Guthrie Ferguson, a law professor at the American University Washington College of Law...

Apple has been careful to never say AirTags can be used to recover stolen property. The marketing for the device is light and wholesome, focusing on situations like lost keys between sofa cushions. The official tagline is "Lose your knack for losing things" and there's no mention of crime, theft or stealing in any of the ads, webpages or support documents. But in reality, the company has built a network that is ideal for that exact use case. Every compatible iPhone, iPad and Mac is being silently put to work as a location device without their owners knowing when it happens. An AirTag uses Bluetooth to send out a ping with its encrypted location to the closest Apple devices, which pass that information on to the Apple cloud. That spot is visible on a map in the Find My app. The AirTag owner can also turn on Lost Mode to get a notification the next time it's detected, as well as leave contact information in case it's found. Apple calls this the Find My network, and it also works for lost or stolen Apple devices and a handful of third-party products. The proliferation of compatible Apple devices — there are nearly a billion in the network around the world — makes Find My incredibly effective, especially in cities. (Apple device owners are part of the Find My network by default, but can opt out in settings, and the location information is all encrypted...)

All the tracker companies recommend contacting law enforcement first, which may sound logical until you find yourself waiting hours in a parking lot for officers to address a relatively low-priority crime, or having to explain to them what Bluetooth trackers are.
The Times shares stories of two people who tried using AirTags to track down their stolen property. One Seattle man tracked down his stolen electric bike — and ended up pedalling away furiously on the (now out of power) bicycle as the suspected thief chased after him.

And an Ohio man waited for hours in an unfamiliar drugstore parking lot for a response from the police, eventually travelling with them to the suspect's house — where his stolen laptop was returned to the police officer by a man holding two babies in his arms.

Some parents have even hidden them in their childrens' backpacks, and pet owners have hidden them in their pet's collars, the Times reports — adding that the EFF's director of cybersecurity sees another possibility. "The problem is it's impossible to build a tool that is designed to track down stolen items without also building the perfect tool for stalking."

A "sophisticated" teenager has had $2.88m in cryptocurrency confiscated after he set up a phishing site and advertised it on Google, duping consumers into handing over gift voucher redemption codes. From a report: The schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results, Lincoln Crown Court was told. Crown prosecutor Sam Skinner told Her Honour Judge Catarina Sjolin Knight that the boy, whose identity is protected by a court order, harvested $8,931 worth of vouchers in the week his site was active. Love2shop began investigating in April 2020 after a customer complained, at which point the boy took down his fake site. The stolen vouchers were converted into Love2Shop vouchers on the A-level student's own account. A later police investigation discovered 12,000 credit card numbers on his computer along with details for 197 Paypal accounts. On top of that, he had 48 Bitcoins: when police arrested him in August last year these were worth $275,000 but their value has risen tenfold since. Sentencing the boy earlier this week, HHJ Knight commented in court: "If he was an adult he would be going inside."

Some 150 people were arrested worldwide and more than $31.6 million in cash and virtual currencies were seized during a 10-month international investigation into opioid trafficking through darknet marketplaces, the Department of Justice announced Tuesday. From a report: The massive probe, called "Operation Dark HunTor," spanned three continents and led to the recovery of about 234 kilograms (over 500 pounds) of illegal drugs, including enough fentanyl to cause more than 4 million lethal doses, according to deputy attorney general Lisa Monaco. A darknet is encrypted online content that can only be accessed with specific browsers and is primarily used to purchase or sell illegal goods or services, especially illegal drugs. 65 people were arrested in the United States, one in Bulgaria, three in France, 47 in Germany, four in the Netherlands, 24 in the United Kingdom, four in Italy and two in Switzerland. Prosecutors allege the suspects were responsible for tens of thousands of illegal sales across the U.S., Europe and Australia.

"License plate readers are rapidly reshaping private security in American neighborhoods," reports the Washington Post, as aggressively-marketed $2,500-a-year "safety-as-a-service" packages "spread to cover practically everywhere anyone chooses to live in the United States" and "bringing police surveillance tools to the masses with an automated watchdog that records 24 hours a day." Flock Safety, the industry leader, says its systems have been installed in 1,400 cities across 40 states and now capture data from more than a billion cars and trucks every month. "This is not just for million-dollar homes," Flock's founder, Garrett Langley, said. "This is America at its core..."

Its solar-powered, motion-sensing camera can snap a dozen photos of a single plate in less than a second — even in the dark, in the rain, of a car driving 100 mph up to 75 feet away, as Flock's marketing materials say. Piped into a neighborhood's private Flock database, the photos are made available for the homeowners to search, filter or peruse. Machine-learning software categorizes each vehicle based on two dozen attributes, including its color, make and model; what state its plates came from; and whether it had bumper stickers or a roof rack. Each "vehicle fingerprint" is pinpointed on a map and tracked by how often it had been spotted in the past month. The plates are also run against law enforcement watch lists for abducted children, stolen cars, missing people and wanted fugitives; if there's a match, the system alerts the nearest police force with details on how to track it down...

Flock's customer base has roughly quadrupled since 2019, with police agencies and homeowners associations in more than 1,400 cities today, and the company has hired sales representatives in 30 states to court customers with promises of a safer, more-monitored life. Company officials have also attended town hall meetings and papered homeowners associations with glossy marketing materials declaring its system "the most user-friendly, least invasive way for communities to stop crime": a network of cameras "that see like a detective," "protect home values" and "automate [the] neighborhood watch ... while you sleep." Along the way, the Atlanta-based company has become an unlikely darling of American tech. The company said in July it had raised $150 million from prominent venture capital firms such as Andreessen Horowitz, which said Flock was pursuing "a massive opportunity in shaping the future...."

Flock deletes the footage every 30 days by default and encourages customers to search only when investigating crime. But the company otherwise lets customers set their own rules: In some neighborhoods, all the homeowners can access the images for themselves...

Camera opponents didn't want the neighborhood's leaders to anoint themselves gatekeepers, choosing who does and doesn't belong. And they worried that if someone's car was broken into, but no one knew exactly when, the system could lead to hundreds of drivers, virtually all of them innocent, coming under suspicion for the crime. They also worried about the consequences of the cameras getting it wrong. In San Francisco, police had handcuffed a woman at gunpoint in 2009 after a camera garbled her plate number; another family was similarly detained last year because a thief had swiped their tag before committing a crime. And last year in Aurora, 30 miles from Paradise Hills, police handcuffed a mother and her children at gunpoint after a license plate reader flagged their SUV as stolen. The actual stolen vehicle, a motorcycle, had the same plate number from another state. Police officials have said racial profiling did not play a role, though the drivers in all three cases were Black. (The license plate readers in these cases were not Flock devices, and the company said its systems would have shown more accurate results...)

The Paradise Hills opponents were right to be skeptical about a local crime wave. According to Jefferson County sheriff's records shared with The Post, the only crime reports written up since September 2020 included two damaged mailboxes, a fraudulent unemployment claim and some stuff stolen out of three parked cars, two of which had been left unlocked. "I wouldn't exactly say it's a hot spot," patrol commander Dan Aten told The Post...

The cameras clicked on in August, a board member said. In the weeks since, the neighborhood hasn't seen any reports of crime. The local sheriff's office said it hasn't used the Flock data to crack any cases, nor has it found the need to ask.
Flock's founder, Garrett Langley, nonetheless tells the Washington Post, "There are 17,000 cities in America.

"Until we have them all, we're not done."

"A star located 60 million light years away went supernova last year, and astronomers managed to capture all stages of the stellar explosion using telescopes both on the ground and in space," reports Gizmodo.

Long-time Slashdot reader spaceman375 shared Gizmodo's report: This awesome display of astronomical power has yielded a dataset of unprecedented proportions, with independent observations gathered before, during, and after the explosion. It's providing a rare multifaceted view of a supernova during its earliest phase of destruction. The resulting data should vastly improve our understanding of the processes involved when stars go supernova, and possibly lead to an early warning system in which astronomers can predict the timing of such events.

"We used to talk about supernova work like we were crime scene investigators, where we would show up after the fact and try to figure out what happened to that star," Ryan Foley, an astronomer at the University of California, Santa Cruz, and the leader of the investigation, explained in a press release. "This is a different situation, because we really know what's going on and we actually see the death in real time."

Of course, it took 60 million years for the light from this supernova to reach Earth, so it's not exactly happening in "real time," but you get what Foley is saying... Observations of circumstellar material in close proximity to the star were made by Hubble just hours after the explosion, which, wow. The star shed this material during the past year, offering a unique perspective of the various stages that occur just prior to a supernova explosion. "We rarely get to examine this very close-in circumstellar material since it is only visible for a very short time, and we usually don't start observing a supernova until at least a few days after the explosion," said Samaporn Tinyanont, the lead author of the paper, which is set for publication in the Monthly Notices of the Royal Astronomical Society. TESS managed to capture one image of the evolving system every 30 minutes, starting a few days before the explosion and ending several weeks afterward. Hubble joined in on the action a few hours after the explosion was first detected. Archival data dating back to the 1990s was also brought in for the analysis, resulting in an unprecedented multi-decade survey of a star on its way out...

In the press release, the researchers referred to SN 2020fqv as the "Rosetta Stone of supernovas," as the new observations could translate hidden or poorly understood signals into meaningful data.

A new whistleblower affidavit submitted by a former Facebook employee "alleges that the company prizes growth and profits over combating hate speech, misinformation and other threats to the public," reports the Washington Post: The SEC affidavit goes on to allege that Facebook officials routinely undermined efforts to fight misinformation, hate speech and other problematic content out of fear of angering then-President Donald Trump and his political allies, or out of concern about potentially dampening the user growth key to Facebook's multi-billion-dollar profits...

Friday's filing is the latest in a series since 2017 spearheaded by former journalist Gretchen Peters and a group she leads, the Alliance to Counter Crime Online. Taken together, the filings argue that Facebook has failed to adequately address dangerous and criminal behavior on its platforms, including Instagram, WhatsApp and Messenger... "Zuckerberg and other Facebook executives repeatedly claimed high rates of success in restricting illicit and toxic content — to lawmakers, regulators and investors — when in fact they knew the firm could not remove this content and remain profitable," Peters said in a statement.

Friday's filing, which was accompanied by a second affidavit from Peters based on interviews she conducted with other former company employees, argues that top leaders at Facebook, including chief executive Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg, are aware of the severity of problems within the company but have failed to report them in SEC filings available to investors... Section 230 of the Communications Decency Act, which some lawmakers are pushing to reform, gives broad immunity to Internet companies for content that users post on their platforms. That is a barrier to some kinds of legal scrutiny but not necessarily to an investigation by the SEC, which has wide-ranging enforcement powers.
There appears to be a convenient case study available. Facebook "had set up safeguards that were aimed at combating misinformation and other forms of platform abuse" in the run-up to America's 2020 election, "but it dismantled many of them by mid-December," Bloomberg reported Friday, citing a new package of redacted documents provided to Congress by whistleblower Frances Haugen.

And in addition, "In early December, Facebook disbanded a 300-person squad known as Civic Integrity, which had the job of monitoring misuse of the platform around elections... even as efforts to delegitimize the election intensified." Meanwhile, Stop the Steal groups were "amplifying and normalizing misinformation and violent hate in a way that delegitimized a free and fair election," Facebook's internal analysis concluded.
But there's more in that company after-action report, adds the Washington Post: The documents also provide ample support that the company's internal research over several years had identified ways to diminish the spread of political polarization, conspiracy theories and incitements to violence but that in many instances, executives had declined to implement those steps...

The documents and interviews with former employees make clear that Facebook has deep, highly precise knowledge about how its users are affected by what appears on its sites. Facebook relentlessly measures an astonishing array of data points, including the frequency, reach and sources of falsehoods and hateful content and often implements measures to suppress both. The company exhaustively studies potential policy changes for their impacts on user growth and other factors key to corporate profits, such as engagement, the extent of sharing and other reactions.
The article adds that at Facebook, even the public relations and political impacts "are carefully weighed — to the point that potentially flattering and unflattering news headlines about the company are sketched out for review."

An anonymous reader shares a report from Reuters: The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog" website, which had been used to leak victim data and extort companies, is no longer available. Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates.

VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies. "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups," said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. "REvil was top of the list." [...] U.S. government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised U.S. software management company Kaseya in July. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom. But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers.

After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet. When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement. "The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised," said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them." Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.

An anonymous reader quotes a report from Motherboard: Japanese police on Monday arrested a 43-year-old man for using artificial intelligence to effectively unblur pixelated porn videos, in the first criminal case in the country involving the exploitative use of the powerful technology. Masayuki Nakamoto, who runs his own website in the southern prefecture of Hyogo, lifted images of porn stars from Japanese adult videos and doctored them with the same method used to create realistic face swaps in deepfake videos. But instead of changing faces, Nakamoto used machine learning software to reconstruct the blurred parts of the video based on a large set of uncensored nudes and sold the content online. Penises and vaginas are pixelated in Japanese porn because an obscenity law forbids the explicit depictions of genitalia.

Nakamoto reportedly made about $96,000 by selling over 10,000 manipulated videos, though he was arrested specifically for selling 10 fake photos at about $20 each. Nakamoto pleaded guilty to charges of copyright violation and displaying obscene images and said he did it for money, according to NHK. He was caught when police conducted a "cyber patrol," the Japanese broadcaster reported. "This is the first case in Japan where police have caught an AI user," Daisuke Sueyoshi, a lawyer who's tried cybercrime cases, told VICE World News. "At the moment, there's no law criminalizing the use of AI to make such images." For example, Nakamoto was not charged with any offenses for violating the privacy of the actors in the videos.

"A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them," reports the Register: From January 2016 through March 2021, according to the indictment, Talsma rented textbooks from the Amazon Rental program in order to sell them for a profit... His alleged fraud scheme involved using Amazon gift cards to rent the textbooks and prepaid MyVanilla Visa cards with minimal credit balances to cover the buyout price charged for books not returned. "These gift cards and MyVanilla Visa cards did not contain names or other means of identifying him as the person renting the textbooks," the indictment says. "Geoffrey Mark Talsma made sure that the MyVanilla Visa cards did not have sufficient credit balances, or any balance at all, when the textbook rentals were past due so that Amazon could not collect the book buyout price from those cards."

As the scheme progressed, the indictment says, Talsma "recruited individuals, including defendants Gregory Mark Gleesing, Lovedeep Singh Dhanoa, and Paul Steven Larson, and other individuals known to the grand jury, to allow him to use their names and mailing addresses to further continue receiving rental textbooks in amounts well above the fifteen-book limit..."

The indictment says the four alleged scammers stole 14,000 textbooks worth over $1.5m.
The U.S. Department of Justice adds If convicted, Talsma faces a maximum term of imprisonment of 20 years for each of the mail and wire fraud offenses; a maximum term of imprisonment of 10 years for interstate transportation of stolen property; and a maximum term of imprisonment of 5 years for making false statements to the FBI.

Additionally, if convicted of the aggravated identity theft charges, Talsma will serve a maximum term of imprisonment of four years consecutive to any sentence imposed for the other criminal offenses. Restitution and forfeiture of certain assets obtained with the proceeds of the scheme may also be ordered as a result of a conviction.

The Los Angeles Times reports that homemade (usually 3D-printed) "ghost guns" have contributed to more than 100 violent crimes this year, according to a report released Friday by the Los Angeles Police Department (LAPD)." Detectives have linked the untraceable weapons to 24 killings, eight attempted homicides and dozens of assaults and armed robberies since January, according to the report.

And police expect the problem to get worse, the report said. During the first half of this year, the department confiscated 863 ghost guns, a 400% increase over the 217 it seized during the same period last year, according to the report. That sharp jump suggests the number of ghost guns on the streets and such seizures "will continue to grow exponentially," the authors of the report wrote.

"Ghost guns are an epidemic not only in Los Angeles but nationwide," the department said...

Because they are not made by licensed manufacturers, they lack serial numbers, making them impossible to track. Felons who are banned from possessing firearms because of previous offenses increasingly are turning to ghost guns, LAPD officials have said. The LAPD's analysis was compiled in response to a City Council motion, introduced by Councilmen Paul Koretz and Paul Krekorian, that calls for a new city ordinance banning the possession, sale, purchase, receipt or transportation of such weapons or the "non-serialized, unfinished frames and unfinished receivers" that are used to make them.

The LAPD said it is "strongly in support" of the proposed ordinance. "Ghost guns are real, they work, and they kill," the agency said in the report.

Officials from 32 countries "recognize that ransomware is an escalating global security threat with serious economic and security consequences," according to a statement issued Thursday: From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity.

As with other cyber threats, the threat of ransomware is complex and global in nature and requires a shared response.
But the Wall Street Journal also reports the officials (who met virtually this week) blame another factor in the boom of ransomware: "uneven cryptocurrency standards." The representatives pledged to share information about cyberattacks and investigations, push firms to shore up security, and disrupt the financial infrastructure of a criminal hacking economy that has flourished in recent years. Consistent international scrutiny of cryptocurrencies will be key, the officials said, as ransomware groups that extort victims for digital payments can quickly transfer the funds to countries with lax standards for monitoring illicit transactions.

"We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities," the representatives said in a joint statement Thursday...

Hacking groups have increasingly targeted U.S. critical infrastructure, disrupting the East Coast's largest gas pipeline in May and a major meat processor in June. Law-enforcement officials are sometimes able to track crypto payments made by such victims, which can reach into the millions, across a public ledger known as a blockchain. The Counter-Ransomware Initiative convened by the White House this week called on countries to use such techniques alongside more aggressive enforcement of anti-money-laundering and know-your-customer rules that prevent cryptocurrency companies from facilitating such transactions...

Cybersecurity experts say international collaboration will be key to slowing criminal groups that often operate across borders and with relative impunity in countries such as Russia.

Mark Forkner, Boeing's 737 Max chief technical pilot during the aircraft's development, has been charged with misleading aviation regulators about safety issues blamed for two fatal crashes of the 737 Max. According to the U.S. Department of Justice, "he faces a maximum penalty of 20 years in prison on each count of wire fraud and 10 years in prison on each count of fraud involving aircraft parts in interstate commerce." Slashdot reader McGruber shares an excerpt from the press release: A federal grand jury in the Northern District of Texas returned an indictment charging Mark A. Forkner, former Chief Technical Pilot for The Boeing Company (Boeing), with deceiving the Federal Aviation Administration's Aircraft Evaluation Group (FAA AEG) in connection with the FAA AEG's evaluation of Boeing's 737 MAX airplane, and scheming to defraud Boeing's U.S.based airline customers to obtain tens of millions of dollars for Boeing.

As alleged in the indictment, Forkner provided the agency with materially false, inaccurate, and incomplete information about a new part of the flight controls for the Boeing 737 MAX called the Maneuvering Characteristics Augmentation System (MCAS). Because of his alleged deception, a key document published by the FAA AEG lacked any reference to MCAS. In turn, airplane manuals and pilot-training materials for U.S.-based airlines lacked any reference to MCAS -- and Boeing's U.S.-based airline customers were deprived of important information when making and finalizing their decisions to pay Boeing tens of millions of dollars for 737 MAX airplanes.

On or about Oct. 29, 2018, after the FAA AEG learned that Lion Air Flight 610 -- a 737 MAX -- had crashed near Jakarta, Indonesia, shortly after takeoff and that MCAS was operating in the moments before the crash, the FAA AEG discovered the information about the important change to MCAS that Forkner had withheld. Having discovered this information, the FAA AEG began reviewing and evaluating MCAS. On or about March 10, 2019, while the FAA AEG was still reviewing MCAS, the FAA AEG learned that Ethiopian Airlines Flight 302 -- a 737 MAX -- had crashed near Ejere, Ethiopia, shortly after takeoff and that MCAS was operating in the moments before the crash. Shortly after that crash, all 737 MAX airplanes were grounded in the United States.

An unprecedented wave of online bank fraud has been hitting Britain this year. "The country is the global epicenter for such attacks, according to five of the biggest British banks and more than a dozen security experts who said scammers were buying up batches of consumers' personal details on the dark net to target the record numbers shopping and banking online since the pandemic," reports Reuters. From the report: The country's super-fast payments infrastructure, relatively light policing of fraud-related crime, plus its use of the world's most widely used language English, also made it an ideal global test bed for scams, the banks and specialists added. A British record of 754 million pounds ($1 billion)was stolen in the first six months of this year, up 30% from the same period in 2020, according to data from banking industry body UK Finance, and up more than 60% from 2017, when it began compiling the figures. That represents a per capita fraud rate roughly triple that seen in the United States in 2020 [...].

Unlike simple email-based scams of the past purporting to be from princes or oil barons seeking your help to shift their millions, the modern bank scam can be sophisticated, multi-phased and extremely convincing. "We've seen some cases where the fraudster has been talking to somebody for three or four years as someone else before they actually scam them out of a large amount of money," said Brian Dilley, group director for economic crime prevention at Britain's biggest bank Lloyds.

An anonymous reader quotes a report from The Economist: Who should police the internet? For some time now the question has tied companies, regulators and campaigners in knots. Social networks spend billions moderating content posted on their platforms, but are still criticized either for not removing enough toxic material or for stifling free speech. They are not the only ones to grapple with the problem. Banks and credit-card companies too are finding themselves playing a bigger role in what is said and done in the public square -- to their, and their customers', discomfort. Now the boundary of censorship is being extended further, into the pornography business. From October 15th adult websites worldwide will have to verify the age and identity of anyone featured in a picture or video, as well as the ID of the person uploading it. They will need to operate a fast complaints process, and will have to review all content before publication. These requirements are being imposed not by regulators but by Mastercard, a credit-card giant. Websites can always choose not to work with Mastercard. But given that the company handles about 30% of all card payments made outside China, to do so would be costly. Visa, which manages a further 60% of payments, is also taking a firmer line on adult sites. And the trend goes beyond porn. In the shadier corners of the web, and in industries where the law is unclear or out of date, financial firms are finding themselves acting as de facto regulators.
[...]
Visa and Mastercard's near-duopoly on card payments makes their decisions more powerful -- and the firms prime targets for protesters. In 2019 SumOfUs, a left-wing pressure group, tabled a proposal at Mastercard's annual meeting meant to stop payments to far-right groups. (The proposal was defeated.) Thirty-four women are suing Visa along with the owners of Pornhub, an adult site which they say hosted unconsenting footage of them. Illegal-porn sites "care a lot more about their finances than they do about the law," says Laila Mickelwait, whose Justice Defense Fund helps sex-abuse victims litigate. And, she adds, when financial firms change their policies it applies globally. Last year Visa and Mastercard cut off Pornhub over its hosting of potentially unlawful material. Payment companies in particular face a philosophical dilemma. "On one hand they try to be very open, accepting, willing to facilitate payments for whomever. They're not taking any sort of political or moral stance," says Lisa Ellis of MoffettNathanson, a research firm. "But on the other hand, they also feel like they have a very strong responsibility in making sure that they're not aiding and abetting any sort of crime."

Visa and Mastercard both say that, as global companies, their guiding principle is local legality. (This can throw up some surprises: one executive recalls being informed by clients from a Scandinavian country that bestiality was legal there at the time.) Things are not always black and white. In 2017, after a far-right march in Charlottesville, Virginia, Mastercard shut down the use of its cards on websites that had made "specific threats or incite[d] violence," but kept dealing with other sites labelled hate-groups. "Our standard is whether a merchant's activity is lawful, even when we disagree with what they say or do," the company said at the time. In grey areas they have reason to err on the side of caution. Payment networks' risk of liability tends to be low, since they operate at one remove from the merchants. But being named in a sex-trafficking complaint or accused of helping Nazis does not look good. In working with a borderline adult site, for instance, there's "not a lot of upside and a lot of downside", says Ms Ellis. And in legally tricky areas it can be cheaper to issue a blanket ban than pick through every difficult case. Banks may steer clear of countries that are not embargoed but which have a lot of people on the banned list, "to minimize the burden of determining whether every transaction is compliant," says Jonathan Cross of Herbert Smith Freehills, a law firm. [...] For as long as legislation lags behind, financial institutions will be left in a difficult position: either accused of being the "moral police," as one executive puts it, or of enabling wrongdoing. As Richard Haythornthwaite, then Mastercard's chairman, told the protesters at the firm's annual meeting in 2019: "If it is lawful, then we need to respect that transaction. If it is something that is swimming against the tide of society, it's for the society to rise up and change the law."

Facebook says it will begin clamping down on the illegal sale of protected areas of the Amazon rainforest on its site. From a report: The social media giant changed its policy following a BBC investigation into the practice. The new measures will apply only to conservation areas and not to publicly owned forest. And the move will be limited to the Amazon, not other rainforests and wildlife habitats across the world. According to a recent study from the think tank Ipam (Instituto de Pesquisa Ambental da Amazonia), a third of all deforestation happens in publicly-owned forests in the Amazon. Facebook said it would not reveal how it planned to find the illegal ads but said it would "seek to identify and block new listings" in protected areas of the Amazon rainforest. In February, the BBC Our World documentary Selling the Amazon revealed that plots of rainforest as large as 1,000 football pitches were being listed on Facebook's classified ads service.

An anonymous reader quotes a report from the BBC: A gang of car thieves used a handheld device disguised as a Nintendo Game Boy to steal vehicles worth $245,000. Dylan Armer, Christopher Bowes and Thomas Poulson stole five Mitsubishi Outlanders by using the gadget to bypass the cars' security systems. West Yorkshire Police said the device, worth $27,000 could unlock and start a car "in a matter of seconds." The trio, all from Yorkshire, were jailed at Leeds Crown Court after pleading guilty to conspiracy to steal. CCTV footage of the theft showed them unplug the car from its charging point before using the device to unlock and start it. When officers stopped the three men they found the Game Boy-style gadget hidden in a secret compartment of their car. Police said footage recovered from Poulson's phone showed him demonstrating "how quickly and easily the gadget gave them full access to the vehicles, accompanied by a commentary in mocking tones." The force added that the "significant investment required to buy one of the sophisticated devices suggested the thefts were planned and orchestrated crimes."

The US Department of Justice has created a team to investigate cryptocurrency-related crime. The Verge reports: The National Cryptocurrency Enforcement Team (NCET) will handle investigations of "crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors," the agency said in a news release. Mixing and tumbling services can obscure the source of a cryptocurrency transaction, by mixing it with other funds. Cryptocurrency is "used in a wide variety of criminal activity," including ransomware demand payments, money laundering, and for the illegal sales of drugs, weapons, and malware, the agency noted. Several high-profile ransomware cases have involved demands in cryptocurrency, including the Colonial Pipeline attack in May, where the company reportedly paid a $5 million ransom to DarkSide.

The DOJ says the NCET, which will provide expertise in blockchain and cryptocurrency transactions for the Justice Department and other US government agencies, will draw team members from the DOJ's money laundering, intellectual property, and computer crimes divisions, as well as from US attorneys' offices across the country. The team will be under the supervision of Assistant Attorney General Kenneth Polite Jr. to start, but the Justice Department is seeking to hire someone who has "experience with complex criminal investigations and prosecutions, as well as the technology underpinning cryptocurrencies and the blockchain," on a more permanent basis.

"Tom Voigt, a Zodiac Killer expert and author who runs ZodiacKiller.com, pulls no punches when commenting on the story picked up by FoxNews that is now being posted at various news outlets including Slashdot," writes Slashdot reader ISayWeOnlyToBePolite. Rolling Stone spoke to Voigt on Wednesday about the bombshell report and why, in his opinion, it's "bullshit." From the article: By now obviously you've seen the news about the Zodiac Killer's identification. What's your take on it? Yeah, I've got about a million people on my website right now. It's all bullshit, by the way, just to get that out of the way. This is hot garbage. I don't know why it got any coverage at all. It was basically a press release.

Are you familiar with the Case Breakers? First of all, the funny thing is, I've never heard of any of these people that are these so-called experts. I have been doing this for 25 years and I've never heard of any of them. So that there are some red flags right off the bat. And then the funny thing is, they're matching up lines on foreheads. No witness ever described lines on Zodiac's forehead. Those lines were simply added by the sketch artist to fill in the sketch. The amended sketch, which is supposed to look more like Zodiac, according to witnesses, doesn't really even have any lines. So they got rid of them. So because the witnesses were like, "We're not really happy with that sketch that we gave you a few days ago," they got changed. The lines went away. No witness ever described that.

What about their claim that Poste's name unlocks one of the Zodiac's ciphers? A lot of what they're typing and talking about is nonsense. These people, what I've seen, they don't really have any kind of a command of the basics of the Zodiac case. From what I've read, they've gotten their Zodiac information from the comments section at Facebook. They'd skip the main article and they went right to the comments and they think they know everything about this. Maybe they've saw the Fincher movie, but probably not. Or, they turned it off after the two-hour mark or so.

If you had to put your money on one suspect, who would it be? Richard Gaikowski is my best bet. If I was if I was an employer looking to hire the Zodiac, he'd probably have the most impressive resume in my eyes. But the reality is that Allen is the suspect you just can't quit. I just can't quit that "Big Al," especially now I'm going over all these old emails and tips and leads going back 25 years. And some of the stuff that was that was said to me about about how it is just mind boggling. Yeah. If he wasn't, if he wasn't the Zodiac, he might be responsible for some other murders.

The European Parliament today called for a ban on police use of facial recognition technology in public places, and on predictive policing, a controversial practice that involves using AI tools in hopes of profiling potential criminals before a crime is even committed. Politico reports: In a resolution adopted overwhelmingly in favor, MEPs also asked for a ban on private facial recognition databases, like the ones used by the controversial company Clearview AI. The Parliament also supports the European Commission's attempt in its AI bill to ban social scoring systems, such as the ones launched by China that rate citizens' trustworthiness based on their behavior.

The non-biding resolution sends a strong signal on how the Parliament is likely to vote in upcoming negotiations of the AI Act. The European Commission's proposal of the bill restricts the use of remote biometric identification -- including facial recognition technology -- in public places unless it is to fight "serious" crime, such as kidnappings and terrorism. The AI Act's lead negotiator, Brando Benifei and almost all of his co-negotiators from other political groups in the Parliament have called for a blanket ban on facial recognition. This is in stark contrast to policies implemented in some EU member countries, who are keen to use these technologies to bolster their security apparatuses.

Evolved Apes is described on NFT marketplace OpenSea as "a collection of 10,000 unique NFTs trapped inside a lawless land." They are "fighting for survival, only the strongest ape will prevail," it says, referring to the project's much-hyped fighting game, which has not materialized. From a report: A week after the project launch, the anonymous developer known as Evil Ape who promised that game, vanished along with the project's official Twitter account and website. But they left traces behind on the blockchain that shows they siphoned 798 ether ($2.7 million) out of the project's funds in multiple transfers. The funds, derived from the initial public sale of NFTs and commissions on the secondary market, were meant for project-related expenses like marketing.

Evolved Ape investors noticed several red flags leading up to Evil Ape's rug pull. After the public sale on September 24, the announcements seemed suspiciously unprofessional and several of the leaders were not around anymore, one investor who requested anonymity due to the ongoing fallout from the scam told Motherboard. But they chalked it down to lack of experience at the time. "I don't think this giant storm was ever what was expected," the investor said. According to Mike_Cryptobull, who did not share their real name due to their standing in the community, the Evolved Apes community discovered that the social-media competition winners (a marketing activity to create buzz) hadn't received their NFT prizes from the project, and the artist hadn't been paid either.