An anonymous reader shares a fascinating true-crime story from Pittsburgh. Smithsonian magazine reports: Like nuclear power plants and sensitive computer networks, the safest rare book collections are protected by what is known as "defense in depth" — a series of small, overlapping measures designed to thwart a thief who might be able to overcome a single deterrent. The Oliver Room, home to the Carnegie Library of Pittsburgh's rare books and archives, was something close to the platonic ideal of this concept. Greg Priore, manager of the room starting in 1992, designed it that way.

The room has a single point of entry, and only a few people had keys to it. When anyone, employee or patron, entered the collection, Priore wanted to know. The room had limited daytime hours, and all guests were required to sign in and leave personal items, like jackets and bags, in a locker outside. Activity in the room was under constant camera surveillance. In addition, the Oliver Room had Priore himself. His desk sat at a spot that commanded the room and the table where patrons worked. When a patron returned a book, he checked that it was still intact. Security for special collections simply does not get much better than that of the Oliver Room.

In the spring of 2017, then, the library's administration was surprised to find out that many of the room's holdings were gone. It wasn't just that a few items were missing. It was the most extensive theft from an American library in at least a century, the value of the stolen objects estimated to be $8 million...
Perpetrating a daring 25-year heist, the thief "stole nearly everything of significant monetary value," the magazine reports. So who done it? Just about the only thing that keeps an insider from stealing from special collections is conscience. Security measures may thwart outside thieves, but if someone wants to steal from the collection he stewards, there is little to stop him. Getting books and maps and lithographs out the door is not much harder than simply taking them from the shelves...
The perpetrator was ultimately sentenced to three years' house arrest and 12 years' probation, the article reports, while his fence received four years' house arrest and 12 years' probation.

"After the sentences were made public, Carole Kamin, a member of the board of the Carnegie Natural History Museum, wrote to the Pittsburgh Post-Gazette that supporters of local nonprofits 'were appalled at the unbelievably light sentences.'"

An anonymous reader quotes a report from ZDNet: A South Carolina man was sentenced this week to two years in federal prison for taking government-owned networking equipment and selling it on eBay. The man, Terry Shawn Petrill, 48, of Myrtle Beach, worked as the IT Security Director for Horry County in South Carolina, the Department of Justice said in a press release on Tuesday. According to court documents, "beginning on June 11, 2015, through August 23, 2018, Petrill ordered forty-one Cisco 3850 switches that were to be installed on the Horry County network."

US authorities said that through the years, when the switches would arrive, Petrill would take custody of the devices and tell fellow IT staffers that he would handle the installation alone. However, investigators said that "Petrill did not install the switches on the network and instead sold them to third parties and kept the proceeds for himself." FBI agents who investigated the case said they tracked nine of the 41 missing Cisco switches to ads on eBay, while the location of the rest remains unknown. Nonetheless, this was enough to file charges against Petrill, which authorities arrested and indicted in November 2019. Besides prison time, Petrill was also ordered to pay restitution in the amount of $345,265.57 to the Horry County Government.

McGruber writes: Keith Sylvester, an Atlanta man wrongfully accused of killing his parents who were found dead in a burning home, is now a free man after Google geofence data identified another man as the murderer. "I had been telling them since 2018 that I was innocent," said Sylvester. "I was held in jail for almost 15 months and I wrote just about everybody and they finally released me in March."

"Officers accused Sylvester of strangling his parents and then setting their home on fire to get rid of evidence, but there was video evidence that he was not at the scene at the time of murders," reports CBS46 News Atlanta. "It's not just the video evidence from the convenient stores, it's also his cell phone GPS data that they had, it's also dash camera in his own car that recorded his location throughout the night. Putting all that evidence together it's impossible to reconcile him being there at a time when he could've started a fire," said Sylvester's attorney Zack Greenamyre.

"In a statement District Attorney Paul Howard said they dropped the charges after their Major Felonies Unit conducted their own independent investigation," the report says. "During the process they acquired a Google geofence search warrant which identified Cornelius Muckle as the culprit. The statement went on to say Muckle's cell phone was inside the house at the time of the crimes and he has now been charged with the murders. As for Sylvester, his attorney says that much of the information exonerating him was known at the time of his arrest. He says the officers ignored the evidence and should be held accountable."

When authorities arrested Graham Ivan Clark, who they said was the "mastermind" of the recent Twitter hack that ensnared Kanye West, Bill Gates and others, one detail that stood out was his age: He was only 17. Now authorities have homed in on another person who appears to have played an equal, if not more significant role, in the July 15 attack, New York Times reported Tuesday, citing four people involved in the investigation who declined to be identified because the inquiry was ongoing. They said the person was at least partly responsible for planning the breach and carrying out some of its most sensitive and complicated elements.His age? Just 16, public records show. From the report: On Tuesday, federal agents served the teenager with a search warrant and scoured the Massachusetts home where he lives with his parents, said one of the people involved in the operation. A spokesman for the FBI confirmed a search warrant had been executed at the address. The search warrant and other documents in the case are under seal and federal agents may decide not to charge the youth with a crime. If he is ultimately arrested, the case is likely to be handed over to Massachusetts authorities, who have more leverage than federal prosecutors in charging minors as adults. (The New York Times is not naming the teenager at this point because of his age and because he has not been charged.)

Police across Canada are increasingly using controversial algorithms to predict where crimes could occur, who might go missing, and to help them determine where they should patrol, despite fundamental human rights concerns, a new report has found. From a report: To Surveil and Predict: A Human Rights Analysis of Algorithmic Policing in Canada is the result of a joint investigation by the University of Toronto's International Human Rights Program (IHRP) and Citizen Lab. It details how, in the words of the report's authors, "law enforcement agencies across Canada have started to use, procure, develop, or test a variety of algorithmic policing methods," with potentially dire consequences for civil liberties, privacy and other Charter rights, the authors warn.

The report breaks down how police are using or considering the use of algorithms for several purposes including predictive policing, which uses historical police data to predict where crime will occur in the future. Right now in Canada, police are using algorithms to analyze data about individuals to predict who might go missing, with the goal of one day using the technology in other areas of the criminal justice system. Some police services are using algorithms to automate the mass collection and analysis of public data, including social media posts, and to apply facial recognition to existing mugshot databases for investigative purposes. "Algorithmic policing technologies are present or under consideration throughout Canada in the forms of both predictive policing and algorithmic surveillance tools." the report reads.

FBI documents warned that owners of Amazon's Ring and similar video doorbells can use the systems -- which collect video footage sometimes used to investigate crimes -- in order to watch police instead. The Verge reports: The Intercept spotted the files in the BlueLeaks data trove aggregated from law enforcement agencies. One 2019 analysis describes numerous ways police and the FBI could use Ring surveillance footage, but it also cites "new challenges" involving sensor- and camera-equipped smart home devices. Specifically, they can offer an early warning when officers are approaching a house to search it; give away officer locations in a standoff; or let the owner capture pictures of law enforcement, "presenting a risk to their present and future safety."

These are partly hypothetical concerns. The standoff issue, for instance, was noted in a report about motion-activated panoramic cameras. But the FBI points to a 2017 incident where agents approached the home of someone with a video doorbell, seeking to search the premises. The resident wasn't home but saw them approach by watching a remote video feed, then preemptively contacted his neighbor and landlord about the FBI's approach. He may also have "been able to covertly monitor law enforcement activity" with the camera. This isn't necessarily more information than a security camera would capture. But doorbells like the Ring or Google Nest Hello are pitched as more mainstream devices, and they've also created controversy around police use of the footage.

Krebs on Security tells the tale of Hieu Minh Ngo, who earned $3 million by selling the identity records he'd stolen from consumer data brokers (which included social security numbers and physical addresses). "He was selling the personal information on more than 200 million Americans," one secret service agent tells the site, "and allowing anyone to buy it for pennies apiece."

Handling over 160,000 queries each month, Ngo's service "enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States," according to government estimates, "and roughly $64 million in tax refund fraud with the states and the IRS..." Ngo said he wasn't surprised that his services were responsible for so much financial damage. But he was utterly unprepared to hear about the human toll. Throughout the court proceedings, Ngo sat through story after dreadful story of how his work had ruined the financial lives of people harmed by his services... "[D]uring my case, the federal court received like 13,000 letters from victims who complained they lost their houses, jobs, or could no longer afford to buy a home or maintain their financial life because of me. That made me feel really bad, and I realized I'd been a terrible person."

Even as he bounced from one federal detention facility to the next, Ngo always seemed to encounter ID theft victims wherever he went, including prison guards, healthcare workers and counselors. "When I was in jail at Beaumont, Texas I talked to one of the correctional officers there who shared with me a story about her friend who lost her identity and then lost everything after that," Ngo recalled. "Her whole life fell apart. I don't know if that lady was one of my victims, but that story made me feel sick. I know now that was I was doing was just evil."
The article says Ameria's secret service describes Ngo "as someone who caused more material financial harm to more Americans than any other convicted cybercriminal."

"Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good..."

In a series of investigations, BuzzFeed News used satellite images to reveal 268 newly-built internment camps for Muslims in the Xinjiang region. Longtime Slashdot reader wiredog shares the reports with us.

Part 1: China Secretly Built A Vast New Infrastructure To Imprison Muslims
Part 2: What They Saw: Ex-Prisoners Detail The Horrors Of China's Detention Camps
Part 3: Blanked Out Spots On China's Maps Helped Us Uncover Xinjiang's Camps

Here's an excerpt from Part 1 of their investigation: China has secretly built scores of massive new prison and internment camps in the past three years, dramatically escalating its campaign against Muslim minorities even as it publicly claimed the detainees had all been set free. The construction of these purpose-built, high-security camps -- some capable of housing tens of thousands of people -- signals a radical shift away from the country's previous makeshift use of public buildings, like schools and retirement homes, to a vast and permanent infrastructure for mass detention. In the most extensive investigation of China's internment camp system ever done using publicly available satellite images, coupled with dozens of interviews with former detainees, BuzzFeed News identified more than 260 structures built since 2017 and bearing the hallmarks of fortified detention compounds. There is at least one in nearly every county in the far-west region of Xinjiang. During that time, the investigation shows, China has established a sprawling system to detain and incarcerate hundreds of thousands of Uighurs, Kazakhs, and other Muslim minorities, in what is already the largest-scale detention of ethnic and religious minorities since World War II.

These forbidding facilities -- including several built or significantly expanded within the last year -- are part of the government's unprecedented campaign of mass detention of more than a million people, which began in late 2016. That year Chen Quanguo, the region's top official and Communist Party boss, whom the US recently sanctioned over human rights abuses, also put Muslim minorities -- more than half the region's population of about 25 million -- under perpetual surveillance via facial recognition cameras, cellphone tracking, checkpoints, and heavy-handed human policing. They are also subject to many other abuses, ranging from sterilization to forced labor. To detain thousands of people in short order, the government repurposed old schools and other buildings. Then, as the number of detainees swelled, in 2018 the government began building new facilities with far greater security measures and more permanent architectural features, such as heavy concrete walls and guard towers, the BuzzFeed News analysis shows. Prisons often take years to build, but some of these new compounds took less than six months, according to historical satellite data. The government has also added more factories within camp and prison compounds during that time, suggesting the expansion of forced labor within the region. Construction was still ongoing as of this month.

BuzzFeed News identified 268 newly built compounds by cross-referencing blanked-out areas on Baidu Maps -- a Google Maps-like tool that's widely used in China -- with images from external satellite data providers. These compounds often contained multiple detention facilities.

More than 2,400 police agencies have entered contracts with Clearview AI, a controversial facial recognition firm, according to comments made by Clearview AI CEO Hoan Ton-That in an interview with Jason Calacanis on YouTube. The Verge reports: The hour-long interview references an investigation by The New York Times published in January, which detailed how Clearview AI scraped data from sites including Facebook, YouTube, and Venmo to build its database. The scale of that database and the methods used to construct it were already controversial before the summer of protests against police violence. "It's an honor to be at the center of the debate now and talk about privacy," Ton-That says in the interview, going on to call the Times investigation "actually extremely fair." "Since then, there's been a lot of controversy, but fundamentally, this is such a great tool for society," Ton-That says.

Ton-That also gave a few more details on how the business runs. Clearview is paid depending on how many licenses a client adds, among other factors, but Ton-That describes the licenses as "pretty inexpensive, compared to what's come previously" in his interview. Ton-That ballparks Clearview's fees as $2,000 a year for each officer with access. According to Ton-That, Clearview AI is primarily used by detectives. You can watch the full interview here.

41-year-old Rudy Ferretti "was known in the male-dominated retro gaming community as a champion gamer — and as a raging misogynist who ferociously harassed women," writes blogger David Futrelle. "He once made a homebrew game in which the goal was to kill women.

"Last week, he allegedly gunned down his former girlfriend Amy Molter before turning his gun on himself."

Wired reports: Longtime members of the retro and arcade gaming scene say they warned community leaders and even police about Ferretti's threatening behavior for years. For close to a decade, they say, Ferretti had harassed, stalked, and threatened gamers, particularly women, pushing some out of the niche gaming scene entirely... Arcade game collector and researcher Catherine DeSpira and video game historian and storage auction buyer Patrick Scott Patterson — two of Ferretti's most public targets — say they collectively contacted police in different states a half-dozen times to report Ferretti's threats against themselves and others. They say those attempts ultimately had no effect.

All the while, clusters of retro gamers across the country egged Ferretti on in private messages and on forums, leveraging his apparent instability and misogynist inclinations against women they didn't want in the scene... "They were emboldening it, pushing him, giving him a support system," says Patterson.... The rise of the GamerGate campaign in 2014 gave Ferretti new fodder to fuel his idea that women — specifically "radical feminists," as he wrote in multiple blog posts and said in YouTube videos — were out to destroy the purity of the arcade gaming scene... Ferretti believed that his gaming acumen justified his stewardship of the community. "I can be an asshole. You know why? Because I'm a world champion. I'm a gamer," he once said in a video. As recently as April 2020, Ferretti described himself in a YouTube video as "the savior of the community..."

[I]t was a network of institutional failures — from forums to expos to law enforcement — that allowed Ferretti to continue his campaigns for over a decade. "I was trying to tell people this guy Rudy was dangerous and capable of doing exactly what he ended up doing," says Patrick Scott Patterson.

An anonymous reader quotes Ars Technica: Law enforcement in several cities, including New York and Miami, have reportedly been using controversial facial recognition software to track down and arrest individuals who allegedly participated in criminal activity during Black Lives Matter protests months after the fact. Miami police used Clearview AI to identify and arrest a woman for allegedly throwing a rock at a police officer during a May protest, local NBC affiliate WTVJ reported this week...

Similar reports have surfaced from around the country in recent weeks. Police in Columbia, South Carolina, and the surrounding county likewise used facial recognition, though from a different vendor, to arrest several protesters after the fact, according to local paper The State. Investigators in Philadelphia also used facial recognition software, from a third vendor, to identify protestors from photos posted to Instagram, The Philadelphia Inquirer reported.

An anonymous reader writes: The FBI and local police have made tens of arrests across the tri-state area this week as part of a crackdown against multiple criminal gangs who exploited a glitch in the software of Santander ATMs to cash-out more money than was stored on cards. According to reports in local media, the bulk of the arrests took place in Hamilton (20 suspects), across towns in Morris County (19), and Sayreville (11). Smaller groups of suspects were also detained in Bloomfield, Robbinsville, and Holmdel, while reports of suspicious cash-outs were also recorded in Woodbridge, towns across the Middlesex County, Booton, Randolph, Montville, South Windsor, Hoboken, Newark, and even in New York City itself, in Brooklyn. Based on information ZDNet received from a Santander spokesperson, sources in the threat intelligence community, and details released by police departments in the affected towns, criminal gangs appear to have found a bug in the software of Santander ATMs.

An anonymous reader quotes a report from Wired: Phone spear phishing" attacks have been on the rise since a bitcoin scam took over the social media platform in July. When law enforcement arrested three alleged young hackers in the US and the UK last month, the story of the worst-known hack of Twitter's systems seemed to have drawn to a tidy close. But in fact, the technique that allowed hackers to take control of the accounts of Joe Biden, Jeff Bezos, Elon Musk, and dozens of others is still in use against a broad array of victims, in a series of attacks that began well before Twitter's blowup, and in recent weeks has escalated into a full-blown crime wave.

But Twitter is hardly the only recent target of "phone spear phishing," also sometimes known as "vishing," for "voice phishing," a form of social engineering. In just the past month since the Twitter hack unfolded, dozens of companies -- including banks, cryptocurrency exchanges, and web hosting firms -- have been targeted with the same hacking playbook, according to three investigators in a cybersecurity industry group that's been working with victims and law enforcement to track the attacks. As in the Twitter hack, employees of those targets have received phone calls from hackers posing as IT staff to trick them into giving up their passwords to internal tools. Then the attackers have sold that access to others who have typically used it to target high-net-worth users of the company's services -- most often aiming to steal large amounts of cryptocurrency, but also sometimes targeting non-crypto accounts on traditional financial services. "Simultaneous with the Twitter hack and in the days that followed, we saw this big increase in this type of phishing, fanning out and targeting a bunch of different industries," says Allison Nixon, who serves as chief research officer at cybersecurity firm Unit 221b and assisted the FBI in its investigation into the Twitter hack. "I've seen some unsettling stuff in the past couple of weeks, companies getting broken into that you wouldn't think are soft targets. And it's happening repeatedly, like the companies can't keep them out."

While the perpetrators don't appear to be state-sponsored hackers or foreign cybercrime organizations, it may be only a matter of time until they're adopted by these foreign groups who contract out the phone calls to English-speaking phone phishers.

Slashdot reader Tekla Perry is also senior editor at IEEE Spectrum, and brings a story about San Diego's 3,300 "smart streetlights," each one equipped with "an Intel Atom processor, half a terabyte of storage, Bluetooth and Wi-Fi radios, two 1080p video cameras, two acoustical sensors, and environmental sensors that monitor temperature, pressure, humidity, vibration, and magnetic fields."

San Diego's smart streetlights were supposed to save money and inspire entrepreneurs to use streetlight sensor data to develop apps that would make the city a better place. The money savings didn't add up and the apps never emerged. Instead, the San Diego police realized the video data, intended to be processed at the edge by AI algorithms [and deleted after 5 days], could be tapped directly for law enforcement. Now consumer groups are looking to the city to pass legislation governing the use of data, and other cities are opting to avoid such issues by leaving cameras out of future intelligent lighting systems.
The first video accessed by police exonerated a person they'd arrested for murder in August of 2018. But over the next 10 months they'd accessed 99 more videos to investigate what they called "serious" crimes, a number climbing to up to 175 videos by early 2020. "The list included murders, sexual assaults, and kidnappings — but it also included vandalism and illegal dumping, which caused activists to question the city's definition of 'serious'..." according to IEEE Spectrum. "To date, San Diego police have tapped streetlight video data nearly 400 times, including this past June, during investigations of incidents of felony vandalism and looting during Black Lives Matter protests."

Morgan Currie, a lecturer in data and society at the University of Edinburgh, tells the site it's "a classic example of how data collection systems are easily retooled as surveillance systems, of how the capacities of the smart city to do good things can also increase state and police control."

An anonymous reader quotes a report from CNET: After months of speculation, Joe Biden has picked California Sen. Kamala Harris to be his vice-presidential running mate in the race for the White House. The choice fulfills a pledge from Biden, the Democrats' presumptive nominee for president, to name a woman to his ticket as he seeks to unseat Donald Trump in the November election. [...] Here's what we know about Harris' stance on tech issues:

A California senator and former candidate in the 2020 presidential race, Harris made her name in Washington by grilling Trump nominees and officials from her seat on the Senate Judiciary Committee. Harris, 55, is known for being a tough-on-crime prosecutor earlier in her career. That toughness, however, didn't carry over to Big Tech companies when she was California attorney general, critics charge. During her time as the state's top law enforcement officer, Facebook and other companies gobbled up smaller competitors. Harris, like regulators under Obama, did little from an antitrust perspective to slow consolidation, which many members of Congress now question.

During her 2020 presidential bid, Harris' stance on consumer protections and antitrust issues weren't as tough as those of some of her rivals, especially Sen. Elizabeth Warren, who called for the breakup of large tech companies, like Facebook and Google. Still, Harris was vocal last year in urging Twitter to ban Trump from the platform for "tweets [that] incite violence, threaten witnesses, and obstruct justice." This was a demand Twitter rejected. She has also been critical of Facebook for not doing more to rid its platform of misinformation.

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet reports: According to a review, the list includes: IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware version, SSH keys for each server, a list of all local users and their password hashes, admin account details, last VPN logins (including usernames and cleartext passwords), and VPN session cookies. Bank Security, a threat intelligence analyst specialized in financial crime [...] noted that all the Pulse Secure VPN servers included in the list were running a firmware version vulnerable to the CVE-2019-11510 vulnerability. Bank Security believes that the hacker who compiled this list scanned the entire internet IPv4 address space for Pulse Secure VPN servers, used an exploit for the CVE-2019-11510 vulnerability to gain access to systems, dump server details (including usernames and passwords), and then collected all the information in one central repository.

Making matters worse, the list has been shared on a hacker forum that is frequented by multiple ransomware gangs. For example, the REvil (Sodinokibi), NetWalker, Lockbit, Avaddonm, Makop, and Exorcist ransomware gangs have threads on the same forum, and use it to recruit members (developers) and affiliates (customers). Many of these gangs perform intrusions into corporate networks by leveraging network edge devices like Pulse Secure VPN servers, and then deploy their ransomware payload and demand huge ransom demands. As Bank Security told ZDNet, companies have to patch their Pulse Secure VPNs and change passwords with the utmost urgency.

The New Yorker this week has a story about a Dutchman named Xennt, who lived underground in a vast nuclear bunker in Germany with his family, friends, and an assortment of clever misfits. The story is about the dark web, a server empire used by cybercriminals, an encrypted phone network, a five-year investigation by the German police, and an Irish crime boss nicknamed The Penguin.

A University of San Diego (USD) professor has just published The Good Drone: How Social Movements Democratize Surveillance. He tells a local newspaper that drones (as well as other aerial technologies like balloons, satellites, and even kites) actually help effect social change. "That was my litmus test," Choi-Fitzpatrick continues. "Can I, or other people like me, use this technology for good? The thing that ties them all together is that they're all affordable and deployable by the public without regulatory oversight."

In order to prove this point, Choi-Fitzpatrick points to how the vast majority of the public uses drones for altruistic causes such as documenting human rights abuses, anti-poaching advocacy, and researching climate change research. With help from his students at USD, he meticulously scraped the internet, logging incident reports and media stories on negative drone usage. He says the data proved that, more often than not, that "the smallest categories were for spying and crime...."

It's his hope that "The Good Drone" will help the public understand the benefit of the technology before rushing to have them banned for public use... "The government already has surveillance drones monitoring protests and I think it's important that news agencies, the public and social movements also have drones to tell their side of the story as well. It's only imagery and video that will tell the full story."
The article points out that while the book will be published Tuesday, it will also be available as a free, downloadable, open access PDF. And the author's original manuscript, uploaded to PubPub's Open Peer Review platform, is already available online.

An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search. The news has undermined efforts by Verogen, the forensic genetics company that purchased GEDmatch last December, to convince users that it would protect their privacy while pursuing a business based on using genetic genealogy to help solve violent crimes.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site -- apparently targeting email addresses obtained in the attack on GEDmatch just two days before. In a statement emailed to BuzzFeed News and posted on Facebook, Verogen explained that the sudden unmasking of GEDmatch profiles that were supposed to be hidden from law enforcement was "orchestrated through a sophisticated attack on one of our servers via an existing user account." "As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours," the statement said. "During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users." It's unclear whether any unauthorized profiles were searched by law enforcement.

An anonymous reader quotes a report from Motherboard: The fugitive executive of the embattled payment startup Wirecard was mentioned in a brazen and bizarre attempt to purchase hacking tools and surveillance technology from an Italian company in 2013, an investigation by Motherboard and the German weekly Der Spiegel found. Jan Marsalek, a 40-year-old Austrian who until recently was the chief operating officer of the rising fintech company Wirecard, seems to have taken a meeting with the infamous Italian surveillance technology provider Hacking Team in 2013. At the time, Marsalek is described as an official representative of the government of Grenada, a small Caribbean island of around 100,000 people, in a letter that bears the letterhead of the Grenada government. The documents were included in a cache published after Hacking Team was hacked in 2015. In recent days, Marsalek has been described as the 'world's most wanted man.'

It is unclear from the documents alone whether Marsalek played any role in the attempt to procure hacking tools, or whether his name was simply used. However, months before Marsalek appears to have contacted with Hacking Team, several websites with official sounding names such as StateOfGrenada.org were registered under the name of Jan Marsalek, as Der Spiegel reported last week. Some of the sites were registered with Marsalek's phone number and his Munich address at the time, and the servers were apparently operated from Germany. Wirecard provided digital payment services and was considered one of the most important companies in the financial tech industry. Wirecard offered a mobile payment app called Boon, which was essentially a virtual MasterCard card, it also offered a prepaid debit card called mycard2go, and worked with companies such as KLM, Rakuten, and Qatar Airways to manage their online transactions. The company suddenly collapsed in June after German regulators raided its headquarters as part of an investigation into fraudulent stock price manipulation and 1.9 billion euros that are missing from the company's books. Marsalek is now a fugitive and a key suspect in the German investigation. He reportedly fled to Belarus, and is now hiding in Russia under the protection of the FSB, according to German news reports. In the past, he was involved in other strange dealings: he bragged about an attempt to recruit 15,000 Libyan militiamen, and about a trip to Syria along with Russian military, according to the Financial Times.