An anonymous reader quotes ZDNet: In a press release Friday, the U.S. Department of Justice charged a former Acting Inspector General for the US Department of Homeland Security (DHS) with the theft of proprietary software and confidential government databases.

The indictment named Charles K. Edwards, a former DHS Acting Inspector General between 2011 to 2013, but also his former aid, 54-year-old Murali Yamazula Venkata. DOJ officials claim that between October 2014 and April 2017 -- after Edwards left office -- Edwards, Venkata, and others were part of a scheme that stole confidential and proprietary software from DHS Office of Inspector General (OIG). Edwards and others also stole sensitive government databases containing the personal identifying information (PII) of DHS and United States Postal Service (USPS) employees, the DOJ claims.

U.S. officials claim Edwards had set up his own company, named Delta Business Solutions, through which he wanted to sell an enhanced version of stolen DHS-OIG software to the OIG for the U.S. Department of Agriculture, at a profit... "Although Edwards had left DHS-OIG in December 2013, he continued to leverage his relationship with Venkata and other DHS-OIG employees to steal the software and the sensitive government databases," the DOJ said Friday in an announcement. According to court documents, Venkata, Edwards' former aid, along with others, assisted the former DHS AIG by reconfiguring his laptop so that he could properly upload the stolen software and databases.

In addition, the DOJ claims they also provided Edwards with technical and troubleshooting support and even helped the former DHS AIG build a testing server at his residence where he could test the stolen software and stolen government databases.

An anonymous reader quotes Motherboard: The state of Utah has given an artificial intelligence company real-time access to state traffic cameras, CCTV and "public safety" cameras, 911 emergency systems, location data for state-owned vehicles, and other sensitive data. The company, called Banjo, says that it's combining this data with information collected from social media, satellites, and other apps, and claims its algorithms "detect anomalies" in the real world.

The lofty goal of Banjo's system is to alert law enforcement of crimes as they happen. It claims it does this while somehow stripping all personal data from the system, allowing it to help cops without putting anyone's privacy at risk. As with other algorithmic crime systems, there is little public oversight or information about how, exactly, the system determines what is worth alerting cops to.

In its pitches to prospective clients, Banjo promises its technology, called "Live Time Intelligence," can identify, and potentially help police solve, an incredible variety of crimes in real-time. Banjo says its AI can help police solve child kidnapping cases "in seconds," identify active shooter situations as they happen, or potentially send an alert when there's a traffic accident, airbag deployment, fire, or a car is driving the wrong way down the road. Banjo says it has "a solution for homelessness" and can help with the opioid epidemic by detecting "opioid events." It offers "artificial intelligence processing" of state-owned audio sensors that "include but may not be limited to speech recognition and natural language processing" as well as automatic scene detection, object recognition, and vehicle detection on real-time video footage pulled in from Utah's cameras.

In July, Banjo signed a five-year, $20.7 million contract with Utah that gives the company unprecedented access to data the state collects. Banjo's pitch to state and local agencies is that the more data that's fed into it, the better its product will work... Privacy experts are unsure how Banjo can be doing anything other than applying machine learning to a terrifying amount of data to create a persistent panopticon pointed at everyone who lives in Utah.
Banjo now has direct, real-time access to the thousands of traffic cameras in Utah, and is plugged into 911 systems across the state.

Quartz tells the story of a large-scale heroin and methamphetamine dealer named Francisco Ruelas-Payan who's now serving 15 years in prison: While phone records and GPS location devices were useful in helping investigators keep tabs on Ruelas-Payan's location and near-term plans, it was his public Facebook activity that not only confirmed many of these leads but also offered additional clues authorities used to build their case. Ruelas-Payan posted lengthy videos to the social media network of himself driving to suspected drug deals, according to a Drug Enforcement Administration search warrant application unsealed late last month. The trips were further corroborated by GPS data from electronic tracking devices investigators placed on Ruelas-Payan's cars and phone...

In a 2012 survey, 4 out of 5 law enforcement officials said they used social media to solve crimes, and nearly 7 out of 10 said social media helps to close cases faster. Facebook received nearly 130,000 data requests from governments around the world during the first six months of 2019, according to the most recent figures available. Between January and June of last year, the U.S. government requested data from Facebook related to more than 82,000 accounts. About 88% of those requests were granted. The second-most requests came from the government of India, which asked for data on 33,000 accounts. Facebook agreed to provide about half of them.

Yet people often leave a trail of clues on their public social media profiles that investigators can see without ever needing a subpoena. Some, for example, take to Facebook Live to discuss an impending $10 million extortion attempt... Others post selfies in the same clothes they wore while robbing a bank.
It all provoked a bemused response from a former New York City detective sergeant interviewed by Quartz who now teaches police procedure at John Jay College.

"The 'look at me' generation can't help themselves."

JustAnotherOldGuy shares a tale for our time: "I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime," said Zachary McCoy. Yep, that's all it took. Google's legal investigations support team emailed him to let him know that local police had demanded information related to his Google account. The man's lawyer dug around and learned that the notice had been prompted by a "geofence warrant," a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users' GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby.
NBC News reports: An avid biker, he used an exercise-tracking app, RunKeeper, to record his rides. The app relied on his phone's location services, which fed his movements to Google. He looked up his route on the day of the March 29, 2019, burglary and saw that he had passed the victim's house three times within an hour, part of his frequent loops through his neighborhood, he said. "It was a nightmare scenario," McCoy recalled. "I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime. And I was the lead suspect.
McCoy's lawyer "pointed to an Arizona case in which a man was mistakenly arrested and jailed for murder largely based on Google data received from a geofence warrant. McCoy said he may have ended up in a similar spot if his parents hadn't given him several thousand dollars to hire Kenyon."

"I didn't realize that by having location services on that Google was also keeping a log of where I was going," McCoy said. "I'm sure it's in their terms of service but I never read through those walls of text, and I don't think most people do either...."

The article also notes a Google filing last year reporting that the requests from state and federal law enforcement authorities incrased by more than 1,500 percent from 2017 to 2018, and then again by 500 percent from 2018 to 2019.

A call center scammed 40,000 people over the last 14 months, bringing in $8 million. But within four months their own computer system had been remotely breached by "online vigilante" Jim Browning, according to the BBC. He secretly tapped into the call center's own closed-circuit TV cameras, and eventually tipped off the police, leading to a raid on the call center this week.

Browning also shared the footage with the BBC program Panorama -- along with recordings of 70,000 phone calls -- so you can watch some of that footage online. "I really do want the whole world to see what this looks like," Browning says in the BBC's report.

Slashdot reader newcastlejon shared the link. At one point Browning even dialed in to that call center from the U.K. -- and then watched as the scammers in India took his call while claiming to be in San Jose, California. "Can you name me one restaurant in San Jose?" Browning asks -- and as the scammer pulls up Google, Browning adds "I bet you're looking at Google right now..."

But Browning does take issue with the BBC's terminology. "I'm not a 'vigilante'," he complained on Twitter this week. "I report the scams to the proper authorities. Most of the time the reports are ignored and it seems to take a documentary before something actually happens."

"I love that my car recorded a hit-and-run on my behalf," writes a technology columnist at the Washington Post. "Yet I'm scared we're not ready for the ways cameras pointed inside and outside vehicles will change the open road..."

Long-time Slashdot reader Strudelkugel shared the Post's report: It's not just crashes that will be different. Once governments, companies and parents get their hands on car video, it could become evidence, an insurance liability and even a form of control... [I]t's not just the bad guys my car records. I've got clips of countless people's behinds scooching by in tight parking lots, because Sentry Mode activates any time something gets close. It's also recording my family: With another function called Dash Cam that records the road, Tesla has saved hours and hours of my travels -- the good driving and the not-so-good alike.

We've been down this road before with connected cameras. Amazon's Ring doorbells and Nest cams also seemed like a good idea, until hackers, stalkers and police tried to get their hands on the video feed... Applied to a car, the questions multiply: Can you just peer in on your teen driver -- or spouse? Do I have to share my footage with the authorities? Should my car be allowed to kick me off the road if it thinks I'm sleepy? How long until insurance companies offer "discounts" for direct video access? And is any of this actually making cars safer or less expensive to own? Your data can and will be used against you. Can we do anything to make our cars remain private spaces...?

Their design choices may well determine our future privacy. It's important to remember: Automakers can change how their cameras work with as little as a software update. Sentry mode arrived out of thin air last year on cars made as early as 2017... Tesla is already recording gobs. Living in a dense city, my Sentry Mode starts recording between five and seven times per day -- capturing lots of people, the vast majority of whom are not committing any crime. (This actually drains the car's precious battery. Some owners estimate it sips about a mile's worth of the car's 322-mile potential range for every hour it runs.) Same with the Dash Cam that runs while I'm on the road: It's recording not just my driving, but all the other cars and people on the road, too. The recordings stick around on a memory card until you delete them or the card fills up, and it writes over the old footage... Now imagine what Google or Facebook might want to do with that data on everywhere you drive...

Without Sentry Mode, I wouldn't have known what hit me. The city's response to my hit-and-run report was that it didn't even need my video file. Officials had evidence of their own: That bus had cameras running, too.
"Thank You St. Tesla," jokes Slashdot reader DenverTech, linking to a story in which a Tesla owner shared the video it recorded of another car struck in a hit-and-run accident in the parking lot of a Colorado Olive Garden. "It just makes me really thankful that there are cars out there, that can prove what happened so justice can happen," that car's owner told a local news station -- though the Tesla owner had also already written down the license number of the truck which struck her vehicle.

The news station also links to another story in which a man accused of dragging a knife across a parked Tesla "was also captured on the vehicle's built-in camera."

Karl Bode, reporting for Vice: Back in 2012, the US Supreme Court declared it was illegal for law enforcement to attach a GPS tracker to a suspect's car without first getting a warrant. But in 2018, cops in Indiana charged a suspected drug dealer with theft after he removed such a tracking device from his SUV, triggering a legal debate over whether you can legally remove such devices. As it turns out, you most assuredly can. A new unanimous ruling from the Indiana Supreme Court has declared that the suspect in question did not "steal" the government-owned device, and that law enforcement should have known better before bringing the charges. The case started back in July of 2018, when the Warrick County, Indiana Sheriff's Office obtained a warrant to attach a GPS tracking device to an SUV belonging to Derek Heuring, after receiving a tip from a confidential information who claimed he used the vehicle to sell meth.

While the attached device delivered Heuring's location data to police for around a week, it stopped transmitting shortly thereafter -- leading police to suspect it had been removed. Police waited another 10 days to see if the device would start transmitting again, then applied for a new search warrant to search both Heuring and his parents' homes. Under US law, law enforcement has to show probable cause that a crime has been committed before performing a property search. In Heuring's case, police declared that the probable cause was the suspicion that Heuring had committed a crime by removing the device, something the court was skeptical of from the start.

A U.S. Congressional subcommittee is now "pursuing a deeper understanding of how Ring's partnerships with local and state law enforcement agencies mesh with the constitutional protections Americans enjoy against unbridled police surveillance," reports Gizmodo: Rep. Raja Krishnamoorthi, chairman of the House Oversight and Reform subcommittee on economic and consumer policy, is seeking to learn why, in more than 700 jurisdictions, police have signed contracts that surrender control over what city officials can say publicly about the Amazon-owned company... "In one instance, Ring is reported to have edited a police department's press release to remove the word 'surveillance,'" the letter says, citing a Gizmodo report from last fall.
But that's just the beginning, reports Ars Technica: Congress wants a list of every police deal Ring actually has, the House Subcommittee on Economic and Consumer Policy wrote in a letter (PDF) dated February 19. After that, the Subcommittee wants to know... well, basically everything. The request for information asks for documentation relating to "all instances in which a law enforcement agency has requested video footage from Ring," as well as full lists of all third-party firms that get any access to Ring users' personal information or video footage. Ring is also asked to send over copies of every privacy notice, terms of service, and law enforcement guideline it has ever had, as well as materials relating to its marketing practices and any potential future use of facial recognition. And last but not least, the letter requests, "All documents that Ring or Amazon has produced to state attorneys general, the Federal Trade Commission, the Department of Justice, or Congress in response to investigations into Ring...."

The company in the fall pulled together a feel-good promotional video comprising images of children ringing Ring doorbells to trick-or-treat on Halloween. It is unclear if Ring sought consent to use any of the clearly visible images of the children or their parents shown in that video...

Ring has also faced pressure to describe its plans for future integration of facial recognition systems into its devices. While the company has stated repeatedly that it has no such integration, documents and video promotional materials obtained by reporters in the past several months show that the company is strongly looking into it for future iterations of the system...

The House letter gives Amazon a deadline of March 4 to respond with all the requested documentation.
Amazon responded by cutting the price of a Ring doorbell camera by $31 -- and offering to also throw in one of Amazon's Alexa-enabled "Echo Dot" smart speakers for free.

A Slashdot reader shared a warning from the editor-in-chief at How-To Geek about a "shockingly convincing" scam: The scam text message says, "Your Verizon account security needs validation" and invites you to tap a link to "validate your account." Once you do, you end up at a phishing website that looks almost exactly like Verizon's real website. The fake website asks for your My Verizon mobile number or user ID and password. After you provide those, it'll ask for your account PIN. Finally, it requests all your personal details to "identify yourself."

For smishing scams, this is convincing work. The website looks real and authentic — if you don't look too hard at the address, which isn't actually Verizon's actual website... At the end of the process, the phishing website thanks you for providing your information and "redirects you to the home page." For maximum deception, the phishing website actually redirects you to Verizon's real website at the end of the process. If you don't look too close, you might be deceived into thinking you were on Verizon's website the whole time.

What's the game? We didn't provide real Verizon account details, so we can't say for sure. The scammer will probably try to take over your Verizon account, order smartphones on credit, and stick you with the bill.

Ring's promotional video includes the police chief of the small Florida suburb of Winter Park saying "we understand the value of those cameras in helping us solve crimes." But over the last 22 months, their partnership with Ring hasn't actually led to a single arrest, reports NBC News.

The only crime it solved was a 13-year-old boy who opened two delivered packages, decided he didn't like what was inside, and rode away on his bike. "Eventually the boy was sent to a state diversion program for first-time offenders in lieu of being formally charged in court."

Ring promises to "make neighborhoods safer" by deterring and helping to solve crimes, citing its own research that says an installation of its doorbell cameras reduces burglaries by more than 50 percent. But an NBC News Investigation has found -- after interviews with 40 law enforcement agencies in eight states that have partnered with Ring for at least three months -- that there is little concrete evidence to support the claim. Three agencies said the ease with which the public can share Ring videos means officers spend time reviewing clips of non-criminal issues such as racoons and petty disagreements between neighbors. Others noted that the flood of footage generated by Ring cameras rarely led to positive identifications of suspects, let alone arrests.

Thirteen of the 40 jurisdictions reached, including Winter Park, said they had made zero arrests as a result of Ring footage. Thirteen were able to confirm arrests made after reviewing Ring footage, while two offered estimates. The rest, including large cities like Phoenix, Miami, and Kansas City, Missouri, said that they don't know how many arrests had been made as a result of their relationship with Ring -- and therefore could not evaluate its effectiveness -- even though they had been working with the company for well over a year... None of the departments said they collect data to measure the impact of their Ring partnership in terms of reducing or deterring crimes, nor did they consistently record when Ring footage was helpful in identifying or arresting a suspect...

"There's a deafening lack of evidence that any city has been made safer," Liz O'Sullivan, the technology director of the Surveillance Technology Oversight Project, a nonprofit that fights excessive local and state-level surveillance, told NBC News. The lack of evidence that Ring reduces crime adds to a list of concerns that have plagued the company in recent months, ranging from bad security practices to privacy questions surrounding the company's plans to incorporate facial recognition, among other biometric characteristics.
NBC News also spoke to Ben Stickle, a professor of criminal justice at Middle Tennessee State University (and a former police officer) who published an academic study analyzing the effectiveness of Ring cameras as a deterrent. "If you expect the camera to deter people, you're assuming that they see it and that they care. Those are two big assumptions."

Ring's claim that its doorbell cameras reduce crime seem to be based on a 2015 report by a police captain in Los Angeles' wealthy Wilshire Park neighborhood of a 55% drop in burglaries after Ring cameras were installed on 10% of the doors. But in an overlooked follow-up, MIT's Technology Review reported that in 2017, Wilshire Park "suffered more burglaries than in any of the previous seven years."

The UK's National Crime Agency (NCA) has publicly said it has nothing to do with a misleading poster designed to put fear into the hearts of parents and urge them to call the police if their children are using Kali Linux. From a report: The poster, made public by Twitter user @G_IW, has reportedly been distributed by local authorities on behalf of the West Midlands Regional Organised Crime Unit (WMROCU). It appears the creators of the poster are aiming to inform parents of what dubious software to look out for if they suspect their children are up to no good on the computer. While a good and reasonable intention, the disinformation on the poster, as described by @G_IW, is "staggering." Virtual machines, the Tor Browser, Kali Linux, WiFi Pineapple, Discord, and Metasploit are all deemed terrible finds and the poster urges parents to call the cops "so we can give advice and engage them into positive diversions."

U.S. authorities have arrested Larry Harmon of Akron, Ohio, for running a "Bitcoin mixer" service on the dark web that helped criminals disguise the origin of Bitcoin transactions. Harmon is "accused in a three-count indictment (PDF) for operating Helix, an online website located on the dark web," reports ZDNet. It is the first case the DOJ has brought against a Bitcoin mixer. From the report: Helix functioned as a Bitcoin mixer (Bitcoin tumbler), a type of service that takes funds from a user, split the sum into small parts, and using thousands of transactions, sends and reassembles the original funds at a new Bitcoin address, in an effort to hide the original funds under a cloud of micro-transactions. "The sole purpose of Harmon's operation was to conceal criminal transactions from law enforcement on the Darknet, and because of our growing expertise in this area, he could not make good on that promise," Don Fort, Chief, IRS Criminal Investigation, said today in a DOJ press release. "Working in tandem with other sites, he sought to be the 'go-to' money launderer on the Darknet, but our investigators once again played the role of criminal disrupters, unraveling the interlinked web from one tentacle to another," Fort said.

According to DOJ documents, Harmon ran Helix as a secondary project attached to his primary service called Grams, a search engine that aggregated listings from multiple dark web drugs-related marketplaces. Grams allowed users to search for drugs and find the cheapest offers in their areas. Helix was provided as a way for potential buyers to hide their identity when buying products. The DOJ says Harmon operated Helix since 2014 and helped launder more than 350,000 bitcoins, valued at around $300 million at the time of their transactions -- valued $3.5 billion today. Investigators say that as the service grew, Harmon also partnered with other dark web services. According to the indictment, Harmon joined forces with AlphaBay, the biggest dark web marketplace for illegal products at the time, with AlphaBay recommending Helix to its users as a safe Bitcoin tumbling option.

An anonymous reader quotes a report from Ars Technica: A Philadelphia man has been freed after a federal appeals court ruled that his continued detention was violating federal law. Francis Rawls, a former police officer, had been in jail since 2015, when a federal judge held him in contempt for failing to decrypt two hard drives taken from his home. The government believes they contain child pornography.

After losing that appeal, Rawls raised another challenge: the federal statute that allows judges to hold witnesses in contempt for refusing to testify, passed in 1970, states that "in no event shall such confinement exceed eighteen months." The government argued that this provision didn't apply to Rawls because he was a suspect, not a witness. Also, the rule applies to a "proceeding before or ancillary to any court or grand jury." But because the government hadn't formally charged Rawls with a crime, the government argued, there was no court proceeding under way. Last week, a three-judge panel of the 3rd Circuit rejected this argument in a 2-1 vote. The court's two-judge majority held that Congress had intended for the 18-month limitation to apply broadly to any legal proceeding, not just a formal trial. And while Rawls was a suspect in the case, he was also a witness. The practical result is that, at least in federal court, someone can only be imprisoned for 18 months for refusing to open an encrypted device. The government says it has other evidence suggesting that Rawls possessed child pornography, "so prosecutors may be able to piece together enough evidence to convict him, even without access to his encrypted hard drives," the report adds. "One of the two judges who formed the 3rd Circuit's majority urged the trial court judge to consider the four years of imprisonment Rawls has already served if he eventually has to sentence Rawls after a child pornography conviction."

In recent months, researchers have caught ransomware "intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely," reports Ars Technica. According to researchers at the security firm Drago, the ransomware tries to kill 64 different processes, the names of which are all hard-coded within the malware.

Long-time Slashdot reader Garabito shared Ars Technica's report: It remains unclear precisely what effect the killing of those processes would have on the safety of operations inside infected facilities... Monday's report described Ekans' ICS targeting as minimal and crude because the malware simply kills various processes created by widely used ICS programs. That's a key differentiator from ICS-targeting malware discovered over the past few years with the ability to do much more serious damage. One example is Industroyer, the sophisticated malware that caused a power outage in Ukraine in December 2016 in a deliberate and well-executed attempt to leave households without electricity in one of the country's coldest months...

Another reason Dragos considers Ekans to be a "relatively primitive attack" is that the ransomware has no mechanism to spread. That makes Ekans much less of a threat than ransomware such as Ryuk, which quietly collects credentials for months on infected systems so it can eventually proliferate widely through almost all parts of a targeted network.

Amazon's Ring doorbell has rolled out a new update that lets users add and remove shared users on an account, restrict third-party access, view two-factor authentication settings, and (perhaps, most importantly) opt out of all video request notifications from law enforcement. Mashable reports: Uncovered in reporting by Motherboard and Gizmodo in 2019, the scale of Amazon's Neighbor Portal program is much larger than originally believed -- and its various affiliations with law enforcement has raised alarming ethical questions. In the new update, users will be able to see an "Active Law Enforcement Map" clarifying which local institutions are part of the Neighbor Portal network. They will also be able to disable requests for video from officials, whether or not they have received one in the past. (This feature was available previously, but an account had to have received one request for the opt-out option to appear.)

That said, Ring is suggesting users allow video request notifications -- citing specific instances where such evidence helped solve criminal cases. According to Ring's official press release, the control center update will be made available to all Android and iOS users within "the next few days." Per the same release, this is the first of numerous security and privacy updates planned for the system.

Writing in Analytical Chemistry, Paige Hinners and Young Jin Lee of Iowa State University say they have figured out an accurate way to data to within 24 hours when a fingerprint under a week old was made -- and thus whether it is associated with a crime temporally, as well as spatially. The Economist reports: They knew from work conducted by other laboratories that the triglyceride oils contained in fingerprints change by oxidation over the course of time. That provides an obvious way to date prints. The problem is that the techniques which have been applied to analyze these oils are able to distinguish age only crudely. In practice, they can determine whether or not a print is over a week old, but nothing else. Dr Hinners and Dr Lee wondered if higher precision could be obtained by thinking a bit more about oxidation. Oxygen molecules in the air come in two varieties. Most have a pair of atoms but some, known as ozone, have three. Though far rarer than diatomic oxygen, ozone is more reactive and also reacts in ways different from those of its two-atomed cousin. The two researchers therefore decided to focus their attentions on ozonolysis, as triatomic oxidation is known.

Triglycerides, as their name suggests, are three-tailed molecules. Each tail is a chain of carbon atoms, with hydrogen atoms bonded to the carbons. The chains are held together by bonds between the carbon atoms. These are of two varieties, known as single and double bonds. Single bonds are, in chemistry-speak, saturated, and double bonds unsaturated. By extension, molecules with one or more double bonds in them are also referred to as unsaturated, while those with only single bonds are called saturated. Unsaturated bonds are more reactive, and it is here that ozonolysis does its work. Ozone breaks up triglycerides at their double bonds, with one or more of the ozone's oxygen atoms becoming attached to the carbon chain, to create new chemical species. In principle, this should result in a gradual loss of unsaturated triglycerides and a concomitant rise in the reaction products of ozonolysis. And that, in practice, is what Dr Hinners and Dr Lee found.

Ahead of the Democratic presidential primaries that begin Monday with the Iowa caucus, presidential candidate Andrew Yang called for a global ban on the use of autonomous weaponry. In a tweet, Yang called for U.S. leadership to implement a ban on automated killing machines, then shared a link to a Future of Life Institute video titled "Slaughterbots," which offers a cautionary and dystopian vision of the future. From a report: [...] In the video, the fictional CEO promises the ability to target and wipe out "the bad guys" or people with "evil ideology" or even entire cities. The video then imagines the breaking out of partisan political warfare. The drones are used to assassinate 11 U.S. Senators of one political party at the U.S. Capitol building. In the wake of the hypothetical attack, it's unclear after assessment from the intelligence community what state, group, or individual carried it out, but in the confusion calls for war and violent crime ratchet up.

There is some precedent in reality. Russian company Kalishnakov is developing a kamikaze drone, and though it was most likely piloted by a human, the world saw one of the first targeted political assassination attempts with a drone in history in 2018 in Venezuela. DARPA is developing ways for swarms of drones to take part in military missions, and the U.S. Department of Defense developed hardware to guard against weaponized drone attacks.

Starting today, companies across the world have a new free web service at their disposal that will automatically send out email notifications if one of their employees gets phished. From a report: The service is named "I Got Phished" and is managed by Abuse.ch, a non-profit organization known for its malware and cyber-crime tracking operations. Just like all other Abuse.ch services, I Got Phished will be free to use. Any company can sign-up via the I Got Phished website. Signing up only takes a few seconds. Subscribing for email notifications is done on a domain name basis, and companies don't have to expose a list of their employee email addresses to a third-party service. Once a company's security staff has subscribed to the service, I Got Phished will check its internal database for email addresses for the company's email domain. This database contains logs from phishing operations, with emails for phished victims.

An anonymous reader quotes a report from Krebs on Security: In late December 2019, fuel and convenience store chain Wawa said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

On the evening of Monday, Jan. 27, a popular fraud bazaar known as Joker's Stash began selling card data from "a new huge nationwide breach" that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S. states. Two sources that work closely with financial institutions nationwide tell KrebsOnSecurity the new batch of cards that went on sale Monday evening -- dubbed "BIGBADABOOM-III" by Joker's Stash -- map squarely back to cardholder purchases at Wawa. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019. "We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information," Wawa said in a statement released to KrebsOnSecurity. "We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data."

"We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorized use to the bank or financial institution that issued their payment card by calling the number on the back of the card," the statement continues. "Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges."

A proposed law introduced in Maryland's state senate last week would criminalize the possession of ransomware and other criminal activities with a computer. However, CEO of Luta Security Katie Moussouris warns that the current bill "would prohibit vulnerability disclosure unless the specific systems or data accessed by the helpful security researcher were explicitly authorized ahead of time and would prohibit public disclosure if the reports were ignored." Ars Technica reports: The bill, Senate Bill 3, covers a lot of ground already covered by U.S. Federal law. But it classifies the mere possession of ransomware as a misdemeanor punishable by up to 10 years of imprisonment and a fine of up to $10,000. The bill also states (in all capital letters in the draft) that "THIS PARAGRAPH DOES NOT APPLY TO THE USE OF RANSOMWARE FOR RESEARCH PURPOSES."

Additionally, the bill would outlaw unauthorized intentional access or attempts to access "all or part of a computer network, computer control language, computer, computer software, computer system, computer service, or computer database; or copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed." It also would criminalize under Maryland law any act intended to "cause the malfunction or interrupt the operation of all or any part" of a network, the computers on it, or their software and data, or "possess, identify, or attempt to identify a valid access code; or publicize or distribute a valid access code to an unauthorized person." There are no research exclusions in the bill for these provisions. "While access or attempted access would be a misdemeanor (punishable by a fine of $1,000, three years of imprisonment, or both), breaching databases would be a felony if damages were determined to be greater than $10,000 -- punishable by a sentence of up to 10 years, a fine of $10,000, or both," the report adds. "The punishments go up if systems belonging to the state government, electric and gas utilities, or public utilities are involved, with up to 10 years of imprisonment and a $25,000 fine if more than $50,000 in damage is done."