Telegram CEO Pavel Durov is heading to court for a possible indictment after being released from police custody, authorities in France said on Wednesday. From a report: "An investigating judge has ended Pavel Durov's police custody and will have him brought to court for a first appearance and a possible indictment," according to a statement from the Paris prosecutor's office that was quoted in an Associated Press article. Durov was arrested in Paris on Saturday and questioned by police for several days. The French investigative judge will "decide whether to place him under formal investigation following his arrest as part of a probe into organized crime on the messaging app," Reuters wrote today.

"Being placed under formal investigation in France does not imply guilt or necessarily lead to trial, but indicates that judges consider there is enough to the case to proceed with the probe. Investigations can last years before being sent to trial or shelved," Reuters wrote. The judge's decision on a formal investigation is expected today, the article said. On Monday, prosecutor Laure Beccuau issued a statement saying Durov was arrested "in the context of a judicial investigation" into a "person unnamed." The wording leaves open the possibility that the unnamed person is someone else, but the prosecutor's statement listed a raft of potential charges that may indicate what Durov could be charged with. Update: Telegram CEO Indicted in Paris Court .

Telegram founder and CEO Pavel Durov was arrested Saturday night by French authorities on allegations that his social media platform was being used for child pornography, drug trafficking and organized crime. The move sparked debate over free speech worldwide from prominent anti-censorship figures including Elon Musk, Robert F. Kennedy. Jr. and Edward Snowden. However, "the immediate freakout came from Russia," reports Politico. "That's because Telegram is widely used by the Russian military for battlefield communications thanks to problems with rolling out its own secure comms system. It's also the primary vehicle for pro-war military bloggers and media -- as well as millions of ordinary Russians." From the report: "They practically detained the head of communication of the Russian army," Russian military blogger channel Povernutie na Z Voine said in a Telegram statement. The blog site Dva Mayora said that Russian specialists are working on an alternative to Telegram, but that the Russian army's Main Communications Directorate has "not shown any real interest" in getting such a system to Russian troops. The site said Durov's arrest may actually speed up the development of an independent comms system. Alarmed Russian policymakers are calling for Durov's release.

"[Durov's] arrest may have political grounds and be a tool for gaining access to the personal information of Telegram users," the Deputy Speaker of the Russian Duma Vladislav Davankov said in a Telegram statement. "This cannot be allowed. If the French authorities refuse to release Pavel Durov from custody, I propose making every effort to move him to the UAE or the Russian Federation. With his consent, of course." Their worry is that Durov may hand over encryption keys to the French authorities, allowing access to the platform and any communications that users thought was encrypted.

French President Emmanuel Macron said Monday that the arrest of Durov was "in no way a political decision." The Russian embassy has demanded that it get access to Durov, but the Kremlin has so far not issued a statement on the arrest. "Before saying anything, we should wait for the situation to become clearer," said Kremlin spokesperson Dmitry Peskov. However, officials and law enforcement agencies were instructed to clear all their communication from Telegram, the pro-Kremlin channel Baza reported. "Everyone who is used to using the platform for sensitive conversations/conversations should delete those conversations right now and not do it again," Kremlin propagandist Margarita Simonyan said in a Telegram post. "Durov has been shut down to get the keys. And he's going to give them."

Pavel Durov, the Russian-born billionaire co-founder of the Telegram messaging app, was arrested in France in connection with an investigation into criminal activity on the platform and a lack of cooperation with law enforcement, prosecutors announced on Monday. From a report: Durov, who has French citizenship, was detained at Le Bourget airport, just outside Paris, on Saturday evening after arriving from Azerbaijan on his private jet. His surprise arrest has sparked debate over free speech worldwide and led to an outcry in Moscow. The Paris prosecutor Laure Beccuau said the investigation concerned crimes related to illicit transactions, child sexual abuse, fraud and the refusal to communicate information to authorities.

Earlier in the day the French president, Emmanuel Macron, gave the first confirmation that Durov had been arrested as part of a judicial inquiry in relation to Telegram. "In a state governed by the rule of law, freedoms are upheld within a legal framework, both on social media and in real life, to protect citizens and respect their fundamental rights," Macron wrote on X, adding that the arrest was "in no way a political decision." "It is up to the judiciary, in full independence, to enforce the law," he said. A senior official at Ofmin, a French agency set up last year to prevent violence against children, said Durov's arrest was linked to Telegram's failure to properly fight crime on the app, including the spread of child sexual abuse material.

Google may be the most successful company in the world. But a Washington Post reporter argues that Google "makes you largely responsible for dodging the criminals who are hurting legitimate businesses and swindling people." On Monday, I found what appeared to be impostors of customer service for Delta and Coinbase, the cryptocurrency company, in the "People also ask" section high up in Google. A group of people experienced in Google's intricacies also said this week that it took about 22 minutes to fool Google into highlighting a bogus business phone number in a prominent spot in search results...

If you look at the two impostor phone numbers in Google for Delta and Coinbase, there are red flags. There are odd fonts and a website below the bogus numbers that wasn't for either company. (I notified Google about the apparent scams on Monday and I still saw them 24 hours later.) The correct customer help numbers did appear at the very top, and Google says businesses have clear instructions to make their customer service information visible to people searching Google.
The larger issue is "a persistent pattern of bad guys finding ways to trick Google into showing scammers' numbers for airlines, hotels, local repair companies, banks or other businesses." The toll can be devastating when people are duped by these bogus business numbers. Fortune recently reported on a man who called what a Google listing said was Coinbase customer support, and instead it was an impostor who Fortune said tricked the man and stole $100,000...

Most of the time, you will find correct customer service numbers by Googling. But the company doesn't say how often people are tricked out of time and money by bogus listings — nor why Google can't stop the scams from recurring.
The article makes two points.

• Google says when they identify listings violating their rules, they move quickly against them.

• "Impostor numbers pop up so persistently that I am once again begging you to be wary of Google or Google Maps listings for business phone numbers... You still might see bogus phone numbers in some spots in Google. And if you're stressed trying to find help with a flight or a financial problem, you might overlook warning signs. Scams work because humans make errors in judgment, especially when we're confused or panicky. And business impostors aren't always obvious."

An anonymous reader shared this story from the blog Decrypt: Michael Lewis, author of Going Infinite, an account of the rise and fall of Sam Bankman-Fried, has argued that the disgraced FTX founder didn't have "the character of a thief" in a new The Washington Post article. "His crime was of a piece with his character. The character wasn't the character of a thief. It was the character of a person numb to risk." Lewis explained in the final paragraphs of a 4,500 word essay adapted from a new introduction to his book. "Unable to feel risk himself, he can't really imagine other people feeling much at all about the risk he has subjected them to...."

Lewis doubled down on previous claims that Bankman-Fried wasn't running a Ponzi scheme, arguing that "The crime was unnecessary to the business in a way that, say, Bernie Madoff's was not," and that "The crime made no sense." The collapse of FTX, he added, "might have been avoided and FTX might have survived."

"That doesn't mean I think that Sam Bankman-Fried is innocent. It merely informs how I feel about him," Lewis explained. "I think the truth is closer to 'young person with an intellectually defensible but socially unacceptable moral code makes a huge mistake in trying to live by it' than "criminal on the loose in the financial system.'"
From from The Daily Beast: Lewis also pointed to bankruptcy court filings from FTX in the weeks after Bankman-Fried's sentencing showing that "against the $8.7 billion in missing customer deposits, FTX was now sitting on something like $14.5 to $16.3 billion." "Whatever the exact sum, it was enough to repay all depositors and various other creditors at least 118 cents on the dollar — that is, everyone who imagined they had lost money back in November 2022 would get their money back, with interest," Lewis writes.
Michael Lewis's article offers some vivid details: Inside of three years, he'd gone from socially and emotionally isolated 25-year-old with an upper-middle-class bank account to leader of a small army of math nerds and (according to Forbes magazine) not merely the world's richest person under 30 but maybe the fastest creator of wealth in recorded history... He'd gone from having no friends as a child to having too many as an adult without ever developing a capacity for friendship....

The prosecutors didn't need Sam's help. Sam helped them anyway by ignoring the counsel of his lawyers and testifying on his own behalf... As Lewis Kaplan, the federal judge who presided over the case, said later: "When he wasn't outright lying, he was often evasive, hairsplitting, dodging questions and trying to get the prosecutor to reword questions in ways that he could answer in ways he thought less harmful than a truthful answer to the question that was posed would have been. I've been doing this job for close to 30 years. I've never seen a performance quite like that...." [T]he judge ordered Sam to rise so that he might address him directly. Two hours or so earlier, Sam had shuffled into the courtroom in prison khakis with his head down and his hands oddly clasped behind his back. Just before he'd entered, his guards had told him he was meant to be wearing handcuffs and asked if he could create the impression that he was doing so...

"There is a risk that this man will be in a position to do something very bad in the future, and it's not a trivial risk, not a trivial risk at all," said the judge. "So, in part, my sentence will be for the purpose of disabling him." He then sentenced Sam to 25 years in prison, with no possibility of parole.

A few minutes later, Sam dutifully clasped his hands behind his back and shuffled out of the courtroom.
Lewis adapted his 4,500-word article from the upcoming (updated) paperback edition of his book — which was originally published in 2023 on the same day jurors were selected for Bankman-Fried's trial...

The nonprofit American Radio Relay League — founded in 1914 — has approximately 161,000 members, according to Wikipedia (with over 7,000 members outside the U.S.)

But sometime in early May its systems network was compromised, "by threat actors using information they had purchased on the dark web," the nonprofit announced this week. The attackers accessed the ARRL's on-site systems — as well as most of its cloud-based systems — using "a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers." Despite the wide variety of target configurations, the threat actors seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system... The FBI categorized the attack as "unique" as they had not seen this level of sophistication among the many other attacks, they have experience with.

Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President... [R]ansom demands were dramatically weakened by the fact that they did not have access to any compromising data. It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment. After days of tense negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That payment, along with the cost of restoration, has been largely covered by our insurance policy...

Today, most systems have been restored or are waiting for interfaces to come back online to interconnect them. While we have been in restoration mode, we have also been working to simplify the infrastructure to the extent possible. We anticipate that it may take another month or two to complete restoration under the new infrastructure guidelines and new standards.
ARRL's called the attack "extensive", "sophisticated", "highly coordinated" and "an act of organized crime". And tlhIngan (Slashdot reader #30335) shared this detail from BleepingComputer.

"While the organization has not yet linked the attack to a specific ransomware operation, sources told BleepingComputer that the Embargo ransomware gang was behind the breach."

An anonymous reader quotes a report from NBC News: The former CEO of a small Kansas bank was sentenced to more than 24 years in prison for looting the bank of $47 million -- which he sent to cryptocurrency wallets controlled by scammers who had duped him in a "pig butchering" scheme that appealed to his greed, federal prosecutors said. The massive embezzlement by ex-CEO Shan Hanes in a series of wire transfers over just eight weeks last year led to the collapse and FDIC takeover of Heartland Tri-State Bank in Elkhart, one of only five U.S. banks that failed in 2023. Hanes, 53, also swindled funds from a local church and investment club -- and a daughter's college savings account -- to transfer money, purportedly to buy cryptocurrency as the scammers insisted they needed more funds to unlock the supposed returns on his investments, according to records from U.S. District Court in Wichita, Kansas. But Hanes never realized any profit and lost all of the money he stole as a result of the scam. Judge John Broomes on Monday sentenced Hanes to 293 months in prison -- 29 months more than what prosecutors requested after he pleaded guilty in May to a single count of embezzlement by a bank officer. [...]

[P]rosecutors and bank regulators said that Hanes, who has three daughters with his school teacher wife, began stealing after being targeted in a pig-butchering scheme in late 2022. That scheme was described in a court filing as "a scammer convincing a victim (a pig) to invest in supposedly legitimate virtual currency investment opportunities and then steals the victim's money -- butchering the pig." Hanes, who had served on the board of the American Bankers Association, and been chairman of the Kansas Bankers Association, in December 2022 began making transactions to buy cryptocurrency, which "appeared to be precipitated by communication with an unidentified co-conspirator on the electronic messaging app 'WhatsApp,'" prosecutors wrote in a court filing. "To date, the true identity of the co-conspirator, or conspirators, remain unknown," the filing notes. Hanes initially used personal funds to buy crypto, but in early 2023 he stole $40,000 from Elkhart Church of Christ and $10,000 from the Santa Fe Investment Club, according to prosecutors and a defense filing. He also used $60,000 taken from a daughter's college fund, and nearly $1 million in stock from the Elkhart Financial Corporation, his lawyer said in a filing.

In May 2023, he began to make wire transfers from Heartland Tri-State Bank to accounts controlled by scammers, at first with a $5,000 transfer. Two weeks later, on May 30, Hanes wired $1.5 million and a day after that, he sent another transfer of the same amount the following day, filings show. Three days later he directed two wire transfers totaling $6.7 million to be sent by the bank to the crypto wallet, and a whopping $10 million less than two weeks later, and another $3.3 million days afterward. Hanes told bank employees to execute the wire transfers, and "made many misrepresentations to various people" to get access to the funds so they could be transferred, prosecutors wrote. Heartland Tri-State employees circumvented the bank's own wire policy and daily limits to approve Hanes' wire transfers, according to a report by the Office of the Inspector General of the Board of Governors of the Federal Reserve System.

An anonymous reader shares a report: U.S. agencies are increasingly accessing parts of a half-billion encrypted chat message haul that has rocked the global organized crime underground, using the chats as part of multiple drug trafficking prosecutions, according to a 404 Media review of U.S. court records. In particular, U.S. authorities are using the chat messages to prosecute alleged maritime drug smugglers who traffic cocaine using speedboats and commercial ships.

The court records show the continued fallout of the massive hack of encrypted phone company Sky in 2021, in which European agencies obtained the intelligence goldmine of messages despite Sky being advertised as end-to-end encrypted. European authorities have used those messages as the basis for many prosecutions and drug seizures across the continent. Now, it's clear that the blast radius extends to the United States.

A 43-year-old Jordanian national, Hashem Younis Hashem Hnaihen, was arrested in Orlando, Florida, and charged with threatening to use explosives and destroying a solar power facility. According to the U.S. Department of Justice, the charges could result in up to 60 years in prison. Gizmodo reports: Hashem Younis Hashem Hnaihen allegedly smashed windows at local businesses in Florida, leaving behind threatening letters about their perceived support of Israel, and broke into a solar power generation facility in Wedgefield, Florida back in June. Hnaihen allegedly spent hours smashing solar panels, cutting various wires, and destroying critical electronic equipment, according to a press release from the DOJ issued Thursday.

Hnaihen was wearing a mask when he allegedly smashed the glass front doors of businesses that he thought supported Israel in June, the DOJ says, leaving behind "warning letters" that included lines like a desire to, "destroy or explode everything here in whole America. Especially the companies and factories that support the racist state of Israel." [...] Hnaihen was arrested on July 11, though news of his arrest was only made public today. Hnaihen entered a plea of not guilty and faces a maximum of 10 years in prison for each threat made against the Florida businesses and a maximum of 20 years for the destruction of an energy facility, according to the DOJ.

Longtime Slashdot reader schwit1 shares a report from Axios: Locking up merchandise at drugstores and discount retailers hasn't curbed retail theft but is driving frustrated consumers to shop online more, retail experts tell Axios. Retail crime is eating into retailers' profits and high theft rates are also leading to a rise in store closures. Secured cases can cause sales to drop 15% to 25%, Joe Budano, CEO of anti-theft technology company Indyme, previously told Axios. Barricading everything from razors to laundry detergent has largely backfired and broken shopping in America, Bloomberg reports.

Aisles full of locked plexiglass cases are common at many CVS and Walgreens stores where consumers have to wait for an employee to unlock them. Target, Walmart, Dollar General and other retailers have also pulled back on self-checkout to deter shoplifting. "Locking up products worsens the shopping experience, and it makes things inconvenient and difficult," GlobalData retail analyst Neil Saunders said, adding it pushes shoppers to other retailers or to move purchases online.

Driving the news: Manmohan Mahajan, Walgreens global chief financial officer, said in a June earnings call that the retailer was experiencing "higher levels of shrink." Amazon CEO Andy Jassy spoke of the "speed and ease" of ordering online versus walking into pharmacies on a call with investors last week. "It's a pretty tough experience with how much is locked behind cabinets, where you have to press a button to get somebody to come out and open the cabinets for you," Jassy said. schwit1 adds: "The American-style retail shopping experience was invented in a high-trust environment. As trust erodes, so does the experience."

An anonymous reader quotes a report from the Electronic Frontier Foundation (EFF): In a major decision on Friday, the federal Fifth Circuit Court of Appeals held (PDF) that geofence warrants are "categorically prohibited by the Fourth Amendment." Closely following arguments EFF has made in a number of cases, the court found that geofence warrants constitute the sort of "general, exploratory rummaging" that the drafters of the Fourth Amendment intended to outlaw. EFF applauds this decision because it is essential that every person feels like they can simply take their cell phone out into the world without the fear that they might end up a criminal suspect because their location data was swept up in open-ended digital dragnet. The new Fifth Circuit case, United States v. Smith, involved an armed robbery and assault of a US Postal Service worker at a post office in Mississippi in 2018. After several months of investigation, police had no identifiable suspects, so they obtained a geofence warrant covering a large geographic area around the post office for the hour surrounding the crime. Google responded to the warrant with information on several devices, ultimately leading police to the two defendants.

On appeal, the Fifth Circuit reached several important holdings. First, it determined that under the Supreme Court's landmark ruling in Carpenter v. United States, individuals have a reasonable expectation of privacy in the location data implicated by geofence warrants. As a result, the court broke from the Fourth Circuit's deeply flawed decision last month in United States v. Chatrie, noting that although geofence warrants can be more "limited temporally" than the data sought in Carpenter, geofence location data is still highly invasive because it can expose sensitive information about a person's associations and allow police to "follow" them into private spaces. Second, the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search "the entirety" of its reserve of location data "while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result." Therefore, "the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient."

Unsurprisingly, however, the court found that in 2018, police could have relied on such a warrant in "good faith," because geofence technology was novel, and police reached out to other agencies with more experience for guidance. This means that the evidence they obtained will not be suppressed in this case.

"Zelle payments can't be reversed once they're sent," notes the Los Angeles Times — which could be why they're popular with scammers. "You can't simply stop the payment (like a check) or dispute it (like a credit card). Now, the federal regulator overseeing financial products is probing whether banks that offer Zelle to their account holders are doing enough to protect them against scams. Two major banks — JPMorgan Chase and Wells Fargo — disclosed in their security filings in the last week that they'd been contacted by the Consumer Financial Protection Bureau. According to the Wall Street Journal, which reported the filings Wednesday, the CFPB is exploring whether banks are moving quickly enough to shut down scammers' accounts and whether they're doing enough to identify and prevent scammers from signing up for accounts in the first place...

A J.D. Power survey this year found that 3% of the people who'd used Zelle said they had lost money to scammers, which was less than the average for peer-to-peer money transfer services such as Venmo, CashApp and PayPal. The chief executive of Early Warning Services, which runs Zelle, told a Senate subcommittee in July that only 0.1% of the transactions on Zelle involved a scam or fraud; in 2023, the company said, that percentage was 0.05%. But Zelle operates at such a large scale — 120 million users, 2.9 billion transactions and $806 billion transferred in 2023, according to Early Warning Services — that even a tiny percentage of scam and fraud problems translates into a large number of users and dollars... From 2022 to 2023, Zelle cut the rate of scams by nearly 50% even as the volume of transactions grew 28%, resulting in less money scammed in 2023 than in 2022, said Ben Chance, the chief fraud risk management officer for Zelle. The company didn't disclose the amounts involved, but if 0.05% of the $806 billion transferred in 2023 involved scam or fraud, that would translate to $403 million.

Do Zelle users get reimbursed for scams? Only in certain cases, and this is where the banks that offer Zelle have drawn the most heat. If you use Zelle to pay a scammer, banks say, that's a payment you authorized, so they're not obliged under law to refund your money... Some banks, such as Bank of America, say they will put a freeze on transfers by a suspected scammer as soon as a report comes in, then investigate and, if the report is substantiated, seize and return the money. But that works only if the scam is reported right away, before the scammer has the chance to withdraw the funds — which many will do immediately, said Iskander Sanchez-Rola, director of innovation at the cybersecurity company Gen.

The New York Times visits the downtown of one of America's biggest tech cities to explore San Francisco's "Vacant to Vibrant" initiative, where "city and business leaders provide free rent for up to six months" to "entrepreneurs who want to set up shop in empty spaces, many of which are on the ground floor of office buildings."

The program also offers funding for business expenses (plus technical and business permit assistance) — and it seems to be working. One cafe went on to sign a five-year lease for a space in the financial district's iconic One Embarcadero Center building — and the building's landlord says the program also resulted in another three long leases. Can the progress continue? The hope is that these pop-up operations will pay rent and sign longer leases after the free-rent period is over, and that their presence will regenerate foot traffic in the area. Some 850 entrepreneurs initially applied for a slot, and 17 businesses were chosen to occupy nine storefront spaces in the fall. Out of those businesses, seven extended their leases and now pay rent. Eleven businesses were selected in May for the program's second cohort, which started operating their storefronts this summer...

The city's office vacancy rate hit 33.7%, a record high, in the second quarter this year, according to JLL, a commercial real estate brokerage. That's one of the bleakest office markets in the nation, which has an average vacancy rate of about 22%. For the moment, however, San Francisco has a silver lining in Vacant to Vibrant. Rod Diehl, the BXP executive vice president who oversees its West Coast properties, said the pop-up strategy was good not just for local business owners to test their concepts and explore growth opportunities, but also for office leasing efforts... Beyond free rent, which is typically given for three months with a possibility for another three months, Vacant to Vibrant provides up to $12,000 to the businesses to help cover insurance and other expenses. The program also offers grants up to $5,000 for building owners to cover costs for tenant improvements in the spaces as well as for other expenses like utilities...

In addition to the Vacant to Vibrant program — which received $1 million from the city initially and is set to receive another $1 million for the current fiscal year, which began July 1 — the city is directing nearly $2 million toward a similar pop-up program. This new program would help businesses occupy larger empty spaces along Powell Street, as crime and other retail pressures have driven out several retailers, including Anthropologie, Banana Republic and Crate & Barrel, in the Union Square area.
One business owner who joined "Vacant to Vibrant" in May says they haven't decided yet whether to sign a lease. "It's not as crowded as before the pandemic." But according to the article, "she was hopeful that more businesses opening nearby would attract more people."

"In addition to filling empty storefronts, the program has the opportunity to bring in a fresher and more localized downtown shopping vibe, said Laurel Arvanitidis, director for business development at San Francisco's Office of Economic and Workplace Development." Victor Gonzalez, an entrepreneur who founded GCS Agency to stage showings for artists, is embracing the opportunity to get a foothold downtown despite the city's challenges. When he opened a storefront as part of the first Vacant to Vibrant cohort in the Financial District last year, he immediately knew that he wanted to stay there as long as possible. He has since signed a three-year lease. "San Francisco is no stranger to big booms and busts," he said. "So if we're in the midst of a bust, what's next? It's a boom. And I want to be positioned to be part of it."

An anonymous reader shared this report from CNN: More than a year after Hyundai and Kia released new anti-theft software updates, thefts of vehicles with the new software are falling — even as thefts overall remain astoundingly high, according to a new analysis of insurance claim data. The automakers released the updates starting last February, after a tenfold increase in thefts of certain Hyundai and Kia models in just the past three years — sparked by a series of social media posts that showed people how to steal the vehicles. "Whole vehicle" theft claims — insurance claims for the loss of the entire vehicle — are 64% lower among the Hyundai and Kia cars that have had the software upgrade, compared to cars of the same make, model and year without the upgrade, according to the Highway Loss Data Institute. "The companies' solution is extremely effective," Matt Moore, senior vice president of HLDI, an industry group backed by auto insurers, said in a statement...

Between early 2020 and the first half of 2023, thefts of Hyundai and Kia models rose more than 1,000%.
The article points out that HDLI's analysis covered 2023, and "By the end of that year, only about 30% of vehicles eligible for the security software had it installed. By now, around 61% of eligible Hyundai vehicles have the software upgrade, a Hyundai spokesperson said."

The car companies told CNN that more than 2 million Hyundai and Kia vehicles have gotten the update (part of a $200 million class action settlement reached in May of 2023).

"A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information," reports the Register, "which was subsequently stolen from the biz and sold on an online criminal marketplace." California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks' criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack. According to the suit, filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.

If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.
Hofmann's lawsuit says he 'believes that his personally identifiable information was scraped from non-public sources," according to the article — which adds that Hofmann "claims he never provided this sensitive info to National Public Data...

"The Florida firm stands accused of negligently storing the database in a way that was accessible to the thieves, without encrypting its contents nor redacting any of the individuals' sensitive information." Hofmann, on behalf of potentially millions of other plaintiffs, has asked the court to require National Public Data to destroy all personal information belonging to the class-action members and use encryption, among other data protection methods in the future... Additionally, it seeks unspecified monetary relief for the data theft victims, including "actual, statutory, nominal, and consequential damages."

"CrowdStrike has continued doing what gave it such an expansive footprint in the first place," writes CSO Online — "detecting cyber threats and protecting its clients from them."

They interviewed Adam Meyers, CrowdStrike's SVP of counter adversary operations, whose team produced their 2024 Threat Hunting Report (released this week at the Black Hat conference). Of seven case studies presented in the report, the most daring is that of a group CrowdStrike calls Famous Chollima, an alleged DPRK-nexus group. Starting with a single incident in April 2024, CrowdStrike discovered that a group of North Koreans, posing as American workers, had been hired for multiple remote IT worker jobs in early 2023 at more than thirty US-based companies, including aerospace, defense, retail, and technology organizations.

CrowdStrike's threat hunters discovered that after obtaining employee-level access to victim networks, the phony workers performed at minimal enough levels to keep their jobs while attempting to exfiltrate data using Git, SharePoint, and OneDrive and installing remote monitoring and management (RMM) tools RustDesk, AnyDesk, TinyPilot, VS Code Dev Tunnels, and Google Chrome Remote Desktop. The workers leveraged these RMM tools with company network credentials, enabling numerous IP addresses to connect to victims' systems.

CrowdStrike's OverWatch hunters, a team of experts conducting analysis, hunted for RMM tooling combined with suspicious connections surfaced by the company's Falcon Identity Protection module to find more personas and additional indicators of compromise. CrowdStrike ultimately found that over 100 companies, most US-based technology entities, had hired Famous Chollima workers. The OverWatch team contacted victimized companies to inform them about potential insider threats and quickly corroborated its findings.
Thanks to Slashdot reader snydeq for sharing the news.

This week America's Securities and Exchange Commission filed fraud charges against the former CEO of the startup social media site "IRL"

The BBC reports: IRL — which was once considered a potential rival to Facebook — took its name from its intention to get its online users to meet up in real life. However, the initial optimism evaporated after it emerged most of IRL's users were bots, with the platform shutting in 2023...

The SEC says it believes [CEO Abraham] Shafi raised about $170m by portraying IRL as the new success story in the social media world. It alleges he told investors that IRL had attracted the vast majority its supposed 12 million users through organic growth. In reality, it argues, IRL was spending millions of dollars on advertisements which offered incentives to prospective users to download the IRL app. That expenditure, it is alleged, was subsequently hidden in the company's books.
IRL received multiple rounds of venture capital financing, eventually reaching "unicorn status" with a $1.17 billion valuation, according to TechCrunch. But it shut down in 2023 "after an internal investigation by the company's board found that 95% of the app's users were 'automated or from bots'."

TechCrunch notes it's the second time in the same week — and at least the fourth time in the past several months — that the SEC has charged a venture-backed founder on allegations of fraud... Earlier this week, the SEC charged BitClout founder Nader Al-Naji with fraud and unregistered offering of securities, claiming he used his pseudonymous online identity "DiamondHands" to avoid regulatory scrutiny while he raised over $257 million in cryptocurrency. BitClout, a buzzy crypto startup, was backed by high-profile VCs such as a16z, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.

In June, the SEC charged Ilit Raz, CEO and founder of the now-shuttered AI recruitment startup Joonko, with defrauding investors of at least $21 million. The agency alleged Raz made false and misleading statements about the quantity and quality of Joonko's customers, the number of candidates on its platform and the startup's revenue.

The agency has also gone after venture firms in recent months. In May, the SEC charged Robert Scott Murray and his firm Trillium Capital LLC with a fraudulent scheme to manipulate the stock price of Getty Images Holdings Inc. by announcing a phony offer by Trillium to purchase Getty Images.

Slashdot reader Applehu Akbar shared this report from MacRumors: Epic Games CEO Tim Sweeney commented on Apple's 'Find My' service, referring to it as "super creepy surveillance tech" that "shouldn't exist." Sweeney went on to explain that several years ago, "a kid" stole a Mac laptop out of his car. Years later, Sweeney was checking Find My, and as the Mac was still connected to his Apple ID account, it showed him the location where the thief lived.
When someone asked Sweeney if he'd at least gotten his laptop back, Sweeney answered "No. I was creeped the hell out by having unexpectedly received the kid's address, and turned off Find My iPhone on all of my devices."

Slashdot reader crmarvin42 quipped "Tell me you are stupidly rich, without telling me you are stupidly rich... Next someone will be saying that it is 'Creepy' to have security footage of someone taking your Amazon packages off of your porch." And they also questioned Sweeney's sincerity, suggesting that he's "just saying that to try and make Apple look bad because of all the lawsuits going on."

MacRumors followed the ensuing discussion: Sweeney said that the location of a device in someone's possession can't be tracked without tracking the person, and "people have a right to privacy." ["This right applies to second hand device buyers and even to thieves."] He claims that detection and recovery of a lost or stolen device should be "mediated by due process of law" and not exposed to the device owner "in vigilante fashion."
Some responded to Sweeney's comments by sharing the headline of a Vox news story about Epic's own privacy polices. ("Fortnite maker Epic Games has to pay $520 million for tricking kids and violating their privacy.")

MacRumors cited a 2014 report that thefts of iPhones dropped after the introduction of Apple's "Activation Lock" feature (which prevents the disabling of 'Find My' without a password).

But when the blog AppleInsider accused Sweeney of "an incredibly bad leap of logic" — Sweeney responded. "You're idealizing this issue as good guys tracking criminals to their lairs, but when Find My or Google's similar tech points a device owner to a device possessor's home, one must anticipate the presence of families and kids and innocent used device buyers, and ask whether it's really appropriate for a platform to use GPS and shadowy mesh network tech to set up physical confrontations among individuals."

Sweeney also posted a quote from Steve Jobs about how at Apple, "we worry that some 14-year-old is going to get stalked and something terrible is going to happen because of our phone."

Argentina's security forces have announced plans to use AI to "predict future crimes" in a move experts have warned could threaten citizens' rights. From a report: The country's far-right president Javier Milei this week created the Artificial Intelligence Applied to Security Unit, which the legislation says will use "machine-learning algorithms to analyse historical crime data to predict future crimes." It is also expected to deploy facial recognition software to identify "wanted persons," patrol social media, and analyse real-time security camera footage to detect suspicious activities.

While the ministry of security has said the new unit will help to "detect potential threats, identify movements of criminal groups or anticipate disturbances," the Minority Report-esque resolution has sent alarm bells ringing among human rights organisations. Experts fear that certain groups of society could be overly scrutinised by the technology, and have also raised concerns over who -- and how many security forces -- will be able to access the information.

An anonymous reader shared this report from PC World: According to a tweet sent out by the Los Angeles Police Department's Wilshire division (spotted by Tom's Hardware), a small band of burglars is using Wi-Fi jamming devices to nullify wireless security cameras before breaking and entering.

The thieves seem to be well above the level of your typical smash-and-grab job. They have lookout teams, they enter through the second story, and they go for small, high-value items like jewelry and designer purses. Wireless signal jammers are illegal in the United States. Wireless bands are tightly regulated and the FCC doesn't allow any consumer device to intentionally disrupt radio waves from other devices. Similar laws are in place in most other countries. But signal jammers are electronically simple and relatively easy to build or buy from less-than-scrupulous sources.
The police division went on to recommend tagging value items like a vehicle or purse with Apple Air Tags — and "talk to your Wi-Fi provider about hard-wiring your burglar alarm system."

And among their other suggestions: Don't post on social media that you're going on vacation...