The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published recently. From a report: The company's findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away from C and C++ to Go, a programming language developed and launched by Google in 2007. While the first Go-based malware was detected in 2012, it took, however, a few years for Golang to catch on with the malware scene. "Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence," Intezer said in its report. But in the new report, Golang (as it's often also referred to instead of Go) has broken through and has been widely adopted. It is used by nation-state hacking groups (also known as APTs), cybercrime operators, and even security teams alike, who often used it to create penetration-testing toolkits.

Koreantoast writes: With the number of carjackings more than doubling in the city of Chicago during 2020, one lawmaker knows who to blame: the video game "Grand Theft Auto." According to Chicago ABC 7, Democratic State Representative Marcus Williams believes the video game is causing the rise in carjackings, stating that "Grand Theft Auto' and other violent video games are getting in the minds of our young people and perpetuating the normalcy of carjacking. Carjacking is not normal and carjacking must stop." He plans on introducing a bill to ban sales of the game in the state of Illinois.

Some are skeptical of Rep. Williams claims however. Columnist Joe Jurado of the Root points out that the franchise is hardly new and widely distributed, with the latest iteration, GTA V, released eight years ago and having sold 130 million copies. He adds that attempting to ban the game would be incredibly difficult writing, "Let me entertain this stupid-a** notion for a second. Say they're successful and get the game off store shelves in Illinois. What are you going to do about digital sales? You're telling me that the state of Illinois is willing to expend the time, money, and technical know-how to block the game off of PlayStation Network, Xbox Live, Epic Games, and the Rockstar storefront? I've worked for the state government, and I know damn well those Windows XP-using a**es ain't built for this life."

The United States has charged three North Korean computer programmers with a massive hacking spree that stole more than $1.3 billion in money and cryptocurrency, the Department of Justice said Wednesday. From a report: Officials added that a Canadian-American citizen has pleaded guilty to laundering some of the alleged hackers' money. The indictment alleges that Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, stole money while working for North Korea's military intelligence services. Park had previously been charged in a complaint unsealed in 2018.

The current COVID-19 pandemic and the subsequent stay-at-home and social distancing directives might have played a major role in romance scams losses reaching record levels in 2020, the US Federal Trade Commission said in a report last week. From a report: Total losses were estimated at a record $304 million, up about 50% from 2019, with the average loss last year being estimated at $2,500 per individual. "From 2016 to 2020, reported total dollar losses increased more than fourfold, and the number of reports nearly tripled," the agency said. The FTC believes that the 50% spike in extra losses recorded in 2020 can be attributed to the COVID-19 pandemic, which has limited people's ability to meet in person and has forced more users towards using online long-distance and impersonal communications, such as dating apps. In most cases, the ruse of these scams is that the targets of a romance scam have to send money back to the crooks.

Criminals who keep their funds in cryptocurrency tend to launder funds through a small cluster of online services, blockchain investigations firm Chainalysis said in a report last week. From a report: This includes services like high-risk (low-reputation) crypto-exchange portals, online gambling platforms, cryptocurrency mixing services, and financial services that support cryptocurrency operations headquartered in high-risk jurisdictions. Criminal activity studied in this report included cryptocurrency addresses linked to online scams, ransomware attacks, terrorist funding, hacks, transactions linked to child abuse materials, and funds linked to payments made to dark web marketplaces offering illegal services like drugs, weapons, and stolen data. But while you'd expect that the money laundering resulting from such a broad spectrum of illegal activity to have taken place across a large number of services, Chainalysis reports that just a small group of 270 blockchain addresses have laundered around 55% of cryptocurrency associated with criminal activity.

The kingpin or kingpins of the world's biggest illicit credit card marketplace have retired after making an estimated fortune of over $1 billion in cryptocurrency, according to research by blockchain analysis firm Elliptic shared with Reuters. From the report: The "Joker's Stash" marketplace, where stolen credit cards and identity data traded hands for bitcoin and other digital coins, ceased operations this month, Elliptic said on Friday, in what it called a rare example of such a site bowing out on its own terms. Criminal use of cryptocurrencies has long worried regulators, with U.S. Treasury Secretary Janet Yellen and European Central Bank President Christine Lagarde calling last month for tighter oversight. While terrorist financing and money laundering are top of law-enforcement concerns, narcotics, fraud, scams and ransomware are among the chief areas of illegal use of digital currencies, according to Elliptic co-founder Tom Robinson. Joker's Stash was launched in 2014, with its anonymous founder "JokerStash" -- which could be one or more people -- posting messages in both Russian and English, Elliptic said. It was available on the regular web and via the darknet, which hosts marketplaces selling contraband.

Eight men were arrested across England and Scotland this week as part of a coordinated crackdown against a SIM swapping gang that has hijacked the identities and social media profiles of US celebrities. From a report: The UK National Crime Agency, which made the arrests on Tuesday, said the gang targeted well-known sports stars, musicians, and influencers, primarily located in the US. "These arrests follow earlier ones in Malta (1) and Belgium (1) of other members belonging to the same criminal network," Europol, which coordinated the multi-national investigation, said today. Officials said this gang engaged in SIM swapping attacks, where they tricked US mobile operators into assigning a celebrity's phone number to a new SIM card under the attacker's control. While they had access to the victim's phone number, the SIM swappers would reset passwords and bypass two-factor authentication on the victim's accounts. "This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts," the NCA said. Europol said the gang stole more than $100 million worth of cryptocurrency using this method

An anonymous reader quotes a report from Motherboard: Last Friday, a man entered the Beverly Hills police department, only to be treated to a mini DJ set that could potentially get his Instagram account banned. Sennett Devermont was at the department to file a form to obtain body camera footage from an incident in which he received a ticket he felt was unfair. Devermont also happens to be a well-known LA area activist, who regularly live-streams protests and interactions with the police to his more than 300,000 followers on Instagram. So, he streamed this visit as well -- and that's when things got weird.

In a video posted on his Instagram account, we see a mostly cordial conversation between Devermont and BHPD Sgt. Billy Fair turn a corner when Fair becomes upset that Devermont is live-streaming the interaction, including showing work contact information for another officer. Fair asks how many people are watching, to which Devermont replies, "Enough." Fair then stops answering questions, pulls out his phone, and starts silently swiping around -- and that's when the ska music starts playing. Fair boosts the volume, and continues staring at his phone. For nearly a full minute, Fair is silent, and only starts speaking after we're a good way through Sublime's "Santeria."

Assuming that Fair wasn't just trying to share his love of '90s stoner music with the citizens of Beverly Hills, this seems to be an intentional (if misguided) tactic to use social media companies' copyright protection policies to prevent himself from being filmed. Instagram in particular has been increasingly strict on posting copyrighted material. Any video that contains music, even if it's playing in the background, is potentially subject to removal by Instagram. Most people complain about these rules. Beverly Hills law enforcement, however, seems to be a fan. "Under most circumstances, civilians are legally permitted to openly film on-duty police officers under the First Amendment," the report notes. "And while the interaction between Devermont and Fair is pretty benign, BHPD's recent behavior suggests that at least some cops believe they can prevent themselves from being filmed or livestreamed by playing copyrighted music, which would have serious implications for more serious incidents of police misconduct."

In a statement emailed to VICE News, Beverly Hills PD said that "the playing of music while accepting a complaint or answering questions is not a procedure that has been recommended by Beverly Hills Police command staff," and that the videos of Fair were "currently under review."

"A New Jersey appeals court has ruled that a man accused of murder is entitled to review proprietary genetic testing software to challenge evidence presented against him," reports The Register.

Long-time Slashdot reader couchslug shared their report: The maker of the software, Cybergenetics, has insisted in lower court proceedings that the program's source code is a trade secret. The co-founder of the company, Mark Perlin, is said to have argued against source code analysis by claiming that the program, consisting of 170,000 lines of MATLAB code, is so dense it would take eight and a half years to review at a rate of ten lines an hour. The company offered the defense access under tightly controlled conditions outlined in a non-disclosure agreement, which included accepting a $1m liability fine in the event code details leaked. But the defense team objected to the conditions, which they argued would hinder their evaluation and would deter any expert witness from participating...

Those arguing on behalf of the defense cited past problems with other genetic testing software such as STRmix and FST (Forensic Statistical Tool). Defense expert witnesses Mats Heimdahl and Jeanna Matthews, for example, said that STRmix had 13 coding errors that affected 60 criminal cases, errors not revealed until a source code review. They also pointed out, as the appeals court ruling describes, how an FST source code review "uncovered that a 'secret function...was present in the software, tending to overestimate the likelihood of guilt.'"
EFF activists have already filed briefs in multiple courts "warning of the danger of secret software being used to convict criminal defendants," reports an EFF blog post.

"No one should be imprisoned or executed based on secret evidence that cannot be fairly evaluated for its reliability, and the ruling in this case will help prevent that injustice."

All but two US states -- Montana and Wyoming -- now have police or fire departments participating in Amazon's Ring network, which lets law enforcement ask users for footage from their Ring security cameras to assist with investigations, the Financial Times reported. From a report: Figures from Ring show more than 1,189 departments joined the program in 2020 for a total of 2,014. That's up sharply from 703 departments in 2019 and just 40 in 2018. The FT reports that local law enforcement departments on the platform asked for Ring videos for a total of more than 22,335 incidents in 2020. The disclosure data from Ring also shows that law enforcement made some 1,900 requests -- such as subpoenas, search warrants, and court orders -- for footage or data from Ring cameras even after the device owner has denied the request. Amazon complied with such requests 57 percent of the time, its figures show, down from 68 percent in 2019.

Every year, tens of millions of Americans collectively lose billions of dollars to scam callers. Where does the other end of the line lead? From a report: I flew to India at the end of 2019 hoping to visit some of the call centers that L. had identified as homes for scams. Although he had detected many tech-support scams originating from Delhi, Hyderabad and other Indian cities, L. was convinced that Kolkata -- based on the volume of activity he was noticing there -- had emerged as a capital of such frauds. I knew the city well, having covered the crime beat there for an English-language daily in the mid-1990s, and so I figured that my chances of tracking down scammers would be better there than most other places in India. I took with me, in my notebook, a couple of addresses that L. identified in the days just before my trip as possible origins for some scam calls. Because the geolocation of I.P. addresses -- ascertaining the geographical coordinates associated with an internet connection -- isn't an exact science, I wasn't certain that they would yield any scammers.

But I did have the identity of a person linked to one of these spots, a young man whose first name is Shahbaz. L. identified him by matching webcam images and several government-issued IDs found on his computer. The home address on his ID matched what L. determined, from the I.P. address, to be the site of the call center where he operated, which suggested that the call center was located where he lived or close by. That made me optimistic I would find him there. In a recording of a call Shahbaz made in November, weeks before my Kolkata visit, I heard him trying to hustle a woman in Ottawa and successfully intimidating and then fleecing an elderly man in the United States.

Four European apps which secure user data via end-to-end encryption, ProtonMail, Threema, Tresorit and Tutanota, have issued a joint-statement warning over recent moves by EU institutions that they say are setting lawmakers on a dangerous path to backdooring encryption. From a report: Last month the EU Council passed a resolution on encryption that's riven with contradiction -- calling for "security through encryption and security despite encryption" -- which the four e2e app makers believe is a thinly veiled call to backdoor encryption. The European Commission has also talked about seeking "improved access" to encrypted information, writing in a wide-ranging counter-terrorism agenda also published in December that it will "work with Member States to identify possible legal, operational, and technical solutions for lawful access." Simultaneously, the Commission has said it will "promote an approach which both maintains the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to crime and terrorism." And it has made it clear there will be no 'one silver bullet' as regards the e2e encryption security 'challenge.' But such caveats are doing nothing to alleviate the concerns of e2e encrypted app makers -- who are convinced proposals from the Council of the EU, which is involved in adopting the bloc's laws (though the Commission usually drafts legislation), sums to an push toward backdoors.

"While it's not explicitly stated in the resolution, it's widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors," the four app makers write, going on to warn that such a move would fatally underline the security EU institutions also claim to want to maintain. "The resolution makes a fundamental misunderstanding: Encryption is an absolute, data is either encrypted or it isn't, users have privacy or they don't," they go on. "The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizen's home and might begin a slippery slope towards greater violations of personal privacy."

International law enforcement agencies said on Wednesday they had dismantled a criminal hacking scheme used to steal billions of dollars from businesses and private citizens worldwide. Reuters reports: Police in six European countries, as well as Canada and the United States, completed a joint operation to take control of Internet servers used to run and control a malware network known as "Emotet," authorities said in a statement. "Emotet is currently seen as the most dangerous malware globally," Germany's BKA federal police agency said in a statement. "The smashing of the Emotet infrastructure is a significant blow against international organized Internet crime."

German police said infections with Emotet had caused at least 14.5 million euros ($17.56 million) of damage in their country. Globally, Emotet-linked damages cost about $2.5 billion, Ukrainian authorities said. Ukraine's General Prosecutor said police had carried out raids in the eastern city of Kharkiv to seize computers used by the hackers. Authorities released photos showing piles of bank cards, cash and a room festooned with tangled computer equipment, but did not say if any arrests were made.

Dutch police arrested two individuals late last week for allegedly selling data from the Dutch health ministry's COVID-19 systems on the criminal underground. From a report: The arrests came after an investigation by RTL Nieuws reporter Daniel Verlaan who discovered ads for Dutch citizen data online, advertised on instant messaging apps like Telegram, Snapchat, and Wickr. The ads consisted of photos of computer screens listing data of one or more Dutch citizens. The reporter said he tracked down the screengrabs to two IT systems used by the Dutch Municipal Health Service (GGD) -- namely CoronIT, which contains details about Dutch citizens who took a COVID-19 test, and HPzone Light, one of the DDG's contact-tracing systems. Verlaan said the data had been sold online for months for prices ranging from $36 to $60 per person. Buyers would receive details such as home addresses, emails, telephone numbers, dates of birth, and a person's BSN identifier (Dutch social security number).

"Late last week, a website called Faces of the Riot appeared online, showing nothing but a vast grid of more than 6,000 images of faces, each one tagged only with a string of characters associated with the Parler video in which it appeared," reports WIRED, saying the site raises clear privacy concerns: The site's creator tells WIRED that he used simple, open source machine-learning and facial recognition software to detect, extract, and deduplicate every face from the 827 videos that were posted to Parler from inside and outside the Capitol building on January 6, the day when radicalized Trump supporters stormed the building in a riot that resulted in five people's deaths. The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know, or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone... "It's entirely possible that a lot of people who were on this website now will face real-life consequences for their actions...."

A recent upgrade to the site adds hyperlinks from faces to the video source, so that visitors can click on any face and see what the person was filmed doing on Parler. The Faces of the Riot creator, who says he's a college student in the "greater DC area," intends that added feature to help contextualize every face's inclusion on the site and differentiate between bystanders, peaceful protesters, and violent insurrectionists. He concedes that he and a co-creator are still working to scrub "non-rioter" faces, including those of police and press who were present. A message at the top of the site also warns against vigilante investigations, instead suggesting users report those they recognize to the FBI, with a link to an FBI tip page....

McDonald has previously both criticized the power of facial recognition technology and himself implemented facial recognition projects like ICEspy, a tool he launched in 2018 for identifying agents of the Immigration and Customs Enforcement agency... He sees Faces of the Riot as "playing it really safe" compared even to his own facial recognition experiments, given that it doesn't seek to link faces with named identities. "And I think it's a good call because I don't think that we need to legitimize this technology any more than it already is and has been falsely legitimized," McDonald says.

But McDonald also points out that Faces of the Riot demonstrates just how accessible facial recognition technologies have become. "It shows how this tool that has been restricted only to people who have the most education, the most power, the most privilege is now in this more democratized state," McDonald says.

The Boston Globe is starting a new program by which people who feel an article at the newspaper is harmful to their reputation can ask that it be updated or anonymized. From a report: It's reminiscent of the E.U.'s "right to be forgotten," though potentially less controversial, since it concerns only one editorial outlet and not a content-agnostic search engine. The "Fresh Start" initiative isn't for removing bad restaurant reviews or coverage of serious crimes, but rather for more commonplace crime desk reporting: a hundred words saying so-and-so was arrested for disorderly conduct and resisting arrest, perhaps with a mugshot.

Such stories do serve a purpose, of course, in informing readers of crime in their area. But as the Globe's editor, Brian McGrory points out: "It was never our intent to have a short and relatively inconsequential Globe story affect the futures of the ordinary people who might be the subjects. Our sense, given the criminal justice system, is that this has had a disproportionate impact on people of color. The idea behind the program is to start addressing it."

Here's some news from CNN for the 30 million tourists visiting Venice, Italy each year: They're watching you, wherever you walk. They know exactly where you pause, when you slow down and speed up, and they count you in and out of the city. What's more, they're tracking your phone, so they can tell exactly how many people from your country or region are in which area, at which time.

And they're doing it in a bid to change tourism for the better. Welcome to Venice in a post-Covid world....

Before Covid-19 struck, tourists were arriving in often unmanageable numbers, choking the main streets and filling up the waterbuses... Enter the Venice Control Room. On the island of Tronchetto, next to the two-mile bridge separating Venice from the Italian mainland, the Control Room opened in September 2020. A former warehouse that had been abandoned since the 1960s, it's part of a new headquarters for the city's police and government — a self-described "control tower" for the city. The building has offices for the mayor, other dignitaries, and a large CCTV room, with cameras feeding in images from around the city, watched over by the police.

So far so normal. But then, across the corridor, there's the Smart Control Room — another bank of screens with images and information coming live from around the lagoon. They're not being monitored for crime, though; they're feeding information to the authorities that will create a profile of the hordes of people visiting Venice. The hope is that gathering the information will not only track footfall now, enabling the authorities to activate turnstiles and start charging for entrance on busy days. Eventually, they hope that the data will help create a more sustainable tourism plan for the future....

At 10am, the arrivals reached a peak of 2,411: most likely the daytrippers. The authorities can see where these new arrivals are from by analyzing their phone data (the information is all aggregated automatically, so no personal details can be gleaned).... The system took three years to build, at a cost of €3m ($3.5m). And although some might baulk at the privacy implications (although no personal data is recorded, you and your provenance is essentially being logged as you move around the city), the authorities are very proud.

The state of Florida's former Covid-19 data manager was arrested today.

After her firing in May of 2020, Rebekah Jones had become a critic of the state's publicly-available information, even setting up her own online dashboard of Covid-19 case data. The state suspected her of being the person who'd illegally accessed the state's emergency alert health system in December to urge Health Department employees to speak up about the coronavirus, and state police obtained a warrant for a raid on her home during which they'd seized her computers and cellphones.

Jones later called the raid a "sham" to retaliate against her for not altering the state's COVID-19 data. This weekend on Twitter, Jones emphasized that the police found zero evidence during their raid to connect her to that message. She also argues that the newer allegation "was issued the day after a Tallahassee judge told police that if they're not investigating a crime, they had to return my equipment."

During that raid "police did find documents I received/downloaded from sources in the state, or something of that nature..." Jones posted Saturday. "[I]t isn't clear at this point what exactly they're saying I had that I shouldn't have had, but an agent confirmed it has nothing to do with the subject of the warrant."

The Tampa Bay Times reports: Jones announced Saturday on Twitter that she learned of the warrant and plans to turn herself in on Sunday. The Florida Department of Law Enforcement confirmed there is a warrant for Jones' arrest but said it cannot disclose what charges she faces until she is in custody.

Agency spokesman Gretl Plessinger said in an email to the Tampa Bay Times that "agents have been working with her attorney to have her turn herself in..."

Jones said she and her attorney were not told what she's being prosecuted for, just that she faces one criminal charge...
"The agent told my lawyer there would be only one charge," Jones tweeted on Saturday, "but emphasized that speaking out or going to the media may result in police 'stacking' additional charges."

UPDATE (1/18/2021): Monday in court prosecutors asked that Jones be banned from the internet, and be required to wear a GPS monitor — but a judge rejected the request (according to a local news report cited by the Orlando Sentinel). The warrant alleges that on Nov. 10, Jones downloaded a file equivalent to between 600 and 700 sheets of paper, containing contact information for about 19,182 Floridians. The file contained names, organizations, titles, home counties as well as personal phone numbers and emails, the warrant states.

On her Twitter account, Jones said the charge was retaliation for her criticisms of the state's COVID-19 response and claimed the charge had nothing to do with the original search warrant at her home last month...

The agency said the message was sent from an IP address that matched Jones' address, according to the warrant. Agents seized a desktop computer from Jones' home during the search, and a forensic analysis revealed she downloaded the file containing the information, the warrant reads.

The charge is a third-degree felony.

A security flaw in Ring's Neighbors app was exposing the precise locations and home addresses of users who had posted to the app. From a report: Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues. While users' posts are public, the app doesn't display names or precise locations -- though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes. But the exposed data wasn't visible to anyone using the app. Rather, the bug was retrieving hidden data, including the user's latitude and longitude and their home address, from Ring's servers. Another problem was that every post was tied to a unique number generated by the server that incremented by one each time a user created a new post. Although the number was hidden from view to the app user, the sequential post number made it easy to enumerate the location data from previous posts -- even from users who aren't geographically nearby.

An anonymous reader quotes a report from Bloomberg: European Central Bank President Christine Lagarde took aim at Bitcoin's role in facilitating criminal activity, saying the cryptocurrency has been enabling "funny business." "For those who had assumed that it might turn into a currency -- terribly sorry, but this is an asset and it's a highly speculative asset which has conducted some funny business and some interesting and totally reprehensible money-laundering activity," Lagarde said in an online event organized by Reuters.

The remarks, made in a conversation largely focused on the euro-area's economic outlook, show top policymakers are taking notice as a speculative fever sweeps cryptocurrency markets. Bitcoin prices have more than doubled since November and topped a record $41,000 earlier this month. Concerns over money laundering and the ability of financial firms to know the identities of their clients have been at the forefront of the cryptocurrency debate. While critics say that instruments like Bitcoin make the illicit transfer of funds easier, crypto advocates say the network of digital ledgers known as the blockchain allows money to be traced more easily than cash and can actually help law enforcement.