Android

Hackers Hit Russian Bank Customers, Planned International Cyber Raids (reuters.com) 19

Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters. From the report: Their campaign raised a relatively small sum by cyber-crime standards -- more than 50 million roubles ($892,000) -- but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations. Russia's relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers. The Kremlin has repeatedly denied the allegation. The gang members tricked the Russian banks' customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programs, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.
Government

Julian Assange Still Faces Legal Jeopardy In Three Countries (chicagotribune.com) 220

Though Sweden dropped an investigation into rape allegations against Julian Assange, "I can conclude, based on the evidence, that probable cause for this crime still exists," chief prosecutor Marianne Ny told reporters in Stockholm. An anonymous reader quotes Newsweek: Ny stressed in her statement Friday that the investigation could be reopened before the statute of limitations on the case expires in 2020. If Assange "went into British custody, then the Swedes may well revisit their decision ⦠as extradition is suddenly easier", tweeted legal expert David Allen Green. Assange failed to answer a bail hearing when he took refuge in the embassy, resulting in an active warrant for his arrest by London's Metropolitan Police, punishable by up to a year in prison. Foremost of Assange's concerns is possible extradition to the U.S., where he he could be detained on espionage charges... Ecuador has offered Assange asylum should he be able to leave Britain.
Meanwhile, The Chicago Tribune reports that "a federal inquiry is widely assumed to be underway by prosecutors in Virginia." According to a former senior Justice Department official, who requested anonymity to discuss the Assange case, American authorities are now presented with a "cat and mouse game." "The decision on whether to indict him rests largely on whether they can get their hands on him," the former official said. Indicting the head of an organization such as WikiLeaks presents a huge number of First Amendment issues, but the Trump White House has indicated such issues may be less of a hurdle than during previous administrations. Prosecutors could seek a sealed indictment -- or may have one already -- to be unveiled if and when Assange strays within reach of American law enforcement, the former official said.
Crime

Sweden Drops Julian Assange Rape Investigation (cnn.com) 187

rmdingler writes: "Sweden is dropping its investigation into WikiLeaks founder Julian Assange on rape allegations, according to a prosecution statement released Friday," reports CNN. "Assange, who has always denied wrongdoing, has been holed up at the Ecuadorian Embassy in London since 2012, in an effort to avoid a Swedish arrest warrant." Despite Friday's announcement, he's unlikely to walk out of the embassy imminently. There is no apparent change in the risk of being detained in the west, particularly in the U.S., but it's definitely a win for Assange. Joshua.Niland adds: The pressure on Julian Assange may have lifted ever so slightly with Swedish prosecutors dropping their investigation into the allegations of rape. A brief statement ahead of a press conference by the prosecutor later on Friday said: "Director of Public Prosecution, Ms Marianne Ny, has today decided to discontinue the investigation regarding suspected rape (lesser degree) by Julian Assange." This will not likely deter the United States from pursuing their own charges against him for publishing tens of thousands of military documents leaked by Army whistleblower Chelsea Manning. After describing the development as "an important victory," Assange said, "[...] it by no means erases seven years of detention without charge under house arrest and almost five years here in this embassy without sunlight. Seven years without charge while my children grow up without me. That is not something I can forgive. It is not something I can forget."
Crime

Chelsea Manning Set To Be Released From Prison, 28 Years Early (nbcnews.com) 540

An anonymous reader quotes a report from NBC News: Army whistleblower Chelsea Manning is set to walk out of prison Wednesday -- but she won't be entirely free. Manning's 35-year sentence for leaking an enormous trove of military intelligence records was commuted by President Barack Obama in January. But Manning is still appealing her conviction in a case that could take years, and the government has yet to respond to the appeal. And all the while, Private First Class Manning, 29, will remain an active duty soldier in the U.S. Army. She won't be paid a salary, and it's highly unlikely that she will be called to serve. But being placed on voluntary excess leave rather than discharged, says one of her attorneys, makes her vulnerable to new military punishment or charges if she steps out of line. Such an offense could be anything from getting into a fistfight to revealing previously unreleased classified information. Manning could even get into trouble with the military for speaking and writing. The Army private then known as Bradley Manning was just 22-year-old when she leaked nearly 750,000 military files and cables to WikiLeaks. Manning was court-martialed and sentenced in 2013 to 35 years in prison, with opportunity for parole after seven years served. n a statement given to the TODAY show the day after sentencing, Manning came out as a transgender woman. Last Tuesday, in Manning's first official statement about her plans after prison, she said, "I can see a future for myself as Chelsea."
Government

Microsoft Blasts Spy Agencies For Leaked Exploits Used By WanaDecrypt0r (engadget.com) 323

An anonymous reader shares Engadget's report about Microsoft's response to the massive WanaDecrypt0r ransomware attack: Company president Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen"... Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos... While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't.
BrianFagioli shared a BetaNews article arguing Microsoft "should absolutely not shoulder any of the responsibility. After all, the vulnerability that led to the disaster was patched back in March." But troublemaker_23 notes that ITwire still faults Microsoft for not planning ahead, since in February 150 million people were still using Windows XP.
The Almighty Buck

WanaDecrypt0r Ransomware Earns Just $26,000 In Ransom Payments (krebsonsecurity.com) 222

An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam...

It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

United Kingdom

Call Center Operator and His Cousin Steal $645,000 From UK Water Supplier (bleepingcomputer.com) 97

An anonymous reader writes: "An unnamed UK-based regional water supply company lost over $645,000 in a sophisticated scam that involved social engineering, an inside man, and international bank transfers," reports BleepingComputer. According to a recently disclosed report, one of the water supplier's call center operators was taking screenshots of customer details and sending this data to his cousin in the UK. This person would trick other call center operators to reset the passwords for those accounts, add his bank account info to the account, and request a refund for previous transactions. Their operation was discovered after customers, usually small-to-medium businesses, discovered they couldn't access their accounts anymore, and also reported new bank account details. A search of the CRM logs revealed that only one call center operator had accessed those profiles, albeit he never initiated or approved refunds. When questioned, the arrogant employee signed an affidavit allowing investigators to search his home PC, thinking they would never discover anything, since he already wiped his hard drive. They did because he forgot to delete his shadow volume copies, where investigators discovered copies of emails sent to his cousin in the UK. These emails contained the screenshots of his work PC with SMB client data. In the end, the call center employee ended up helping authorities secure a conviction for his cousin.
AI

Police To Test App That Assesses Suspects (bbc.com) 92

An anonymous reader writes: Police in Durham are preparing to go live with an artificial intelligence (AI) system designed to help officers decide whether or not a suspect should be kept in custody, BBC is reporting. The system classifies suspects at a low, medium or high risk of offending and has been tested by the force. It has been trained on five years' of offending histories data. One expert said the tool could be useful, but the risk that it could skew decisions should be carefully assessed. Data for the Harm Assessment Risk Tool (Hart) was taken from Durham police records between 2008 and 2012. The system was then tested during 2013, and the results -- showing whether suspects did in fact offend or not -- were monitored over the following two years. Forecasts that a suspect was low risk turned out to be accurate 98% of the time, while forecasts that they were high risk were accurate 88% of the time.
Social Networks

Social Media Giants Sued For Helping ISIS (torontosun.com) 135

Long-time Slashdot reader nnet quotes the Toronto Sun: Social media giants Twitter, Google and Facebook are being sued by the families of victims of the San Bernardino terror attacks. The lawsuit claims those companies aided ISIS by letting them build their online profile and bolster recruitment. Fourteen people were killed in the December 2015 attacks by twisted husband-wife Islamist extremists Syed Rizwan Farook and Tashfeen Malik. "Without defendants Twitter, Facebook and Google (YouTube), the explosive growth of IS over the last few years into the most feared terrorist group in the world would not have been possible," the suit, filed Wednesday in Los Angeles, alleges.
Government

The FBI Defends Deploying Malware From A Tor Child Porn Site (gizmodo.com) 244

An anonymous reader writes: The FBI issued a press release about the 30-year prison sentence for a 58-year-old Florida man running "the world's largest child pornography website, with more than 150,000 users around the world." But their investigation involved what Gizmodo describes as "a decision controversial to this day" -- taking over the child pornography site and running it "for almost two weeks while distributing malware designed to unmask its visitors." Thursday the FBI described it as "a court-approved network investigative technique" which led to more than 1,000 leads in the U.S. and "thousands more" for law enforcement partners in other countries, leading to arrests in the EU, Israel, Turkey, Peru, Malaysia, Chile, and the Ukraine. Those 1,000 U.S. leads led to "at least 350 U.S-based individuals arrested", as well as actual prosecutions of 25 producers of child pornography and 51 hands-on abusers, while 55 children were "identified or rescued" in America, and another 296 internationally who were sexually abused.

Though Motherboard describes it as hacking "over 8,000 computers in 120 countries based on one warrant," the FBI calls it their "most successful effort to date against users of Tor's hidden service sites," adding that the agency "has numerous investigations involving the dark web." Though they'd soon became aware of the site's existence, "given the nature of how Tor hidden services work, there was not much we could do about it" -- until a foreign law enforcement agency discovered the site had "slipped up" by revealing its actual IP address, and notified the U.S. investigators. The FBI also says the investigation "has opened new avenues for international cooperation in efforts to prosecute child abusers around the world."

The site's two other administrators -- both men in their 40s -- were also given 20-year prison sentences earlier this year.
Crime

Cop Fakes Body Cam Footage, Prosecutors Drop Drug Charges (arstechnica.com) 111

An anonymous reader quotes a report from Ars Technica: Prosecutors in Pueblo, Colorado are dropping felony drug and weapon-possession charges after an officer involved in the case said he staged body cam footage so he could walk "the courts through" the vehicle search that led to the arrest. The development means that defendant Joseph Cajar, 36, won't be prosecuted on allegations of heroin possession and of unlawful possession of a handgun. The evidence of the contraband was allegedly found during a search of Cajar's vehicle, which was towed after he couldn't provide an officer registration or insurance during a traffic stop. Officer Seth Jensen said he found about seven grams of heroin and a .357 Magnum in the vehicle at the tow yard. But the actual footage of the search that he produced in court was a reenactment of the search, the officer told prosecutors.
Government

Justice Department Opens Criminal Probe Into Uber (washingtonpost.com) 87

parallel_prankster quotes a report from Washington Post: The Department of Justice has launched a criminal investigation into Uber's use of a secret software that was used to evade authorities in places where its ride-sharing service was banned or restricted, according to a person familiar with the government's probe. The investigation is in its early stages, but deepens the crisis for the embattled company and its chief executive and founder Travis Kalanick, who has faced a barrage of negative press this year in the wake of high-profile sexual harassment complaints, a slew of high-level executive departures, and a consequential trade secrets lawsuit from Google's parent company. The federal criminal probe, first reported by Reuters, focuses on software developed by Uber called "Greyball." The program helped the company evade officials in cities where Uber was not yet approved. The software identified and blocked rides to transportation regulators who were posing as Uber customers to prove that the company was operating illegally.
Piracy

Digital Economy Act: Illegal Kodi Streams Could Now Land Users In Prison For 10 Years (independent.co.uk) 213

An anonymous reader quotes a report from The Independent: The Digital Economy Act has passed into law, meaning people could now face ten-year prison sentences for illegally streaming copyrighted content. It covers a wide number of areas, including broadband speeds, access to online pornography and government data-sharing. However, amid the rising popularity of Kodi, an increase to the maximum prison term -- from two years to ten -- for people guilty of copyright infringement is particularly interesting. Anyone caught streaming TV shows, films and sports events illegally using websites, torrents and Kodi add-ons could technically face a decade behind bars. However, the new law will most likely target individuals and groups making a business out of selling illegal content, FACT CEO Kieron Sharp told the Mirror. The Independent also notes in a separate report that The Digital Economy Act could allow UK police to "remotely disable mobile phones, even before the user actually commits a crime." The Digital Economy Act "contains a section stating that officers will be able to place restrictions on handsets that they believe are being used by drug dealers," reports The Independent.
AMD

AMD and Nvidia Silicon Manufacturing Secrets Allegedly Stolen, Sold To China (pcgamesn.com) 103

According to a report on DigiTimes, a former TSMC engineer has been accused of stealing the secrets of their 28nm manufacturing process and taking them across the Taiwan Straits to Chinese rival, HLMC. "The Taiwan Semiconductor Manufacturing Company (TSMC) produce the chips for the great and the good of the PC hardware market, specifically Nvidia and latterly AMD," reports PCGamesN. From the report: The report claims the former engineer, known only as Hsu, has been accused of taking details and materials relating to TSMC's 28nm manufacturing process and handing them over to Shanghai Huali Microelectronics (HLMC) after being offered a job there. The engineer was arrested before he even had a chance to start his new job on mainland China. This isn't the first reported instance of potentially shady dealings involving HLMC. DigiTimes previously reported that the Chinese foundry had headhunted a team of up to 50 research and development engineers from Taiwan's first semiconductor company, United Microelectronics (UMC), to help them get their 28nm production process up to speed. DigiTimes also alleges that some Chinese memory manufacturers have been doing the same thing, headhunting Taiwanese talent to get their own fabs off the ground, and that Micron are taking legal action against some of their Taiwan partners for allegedly nicking their tech and handing it over to China-based RAM companies.
Crime

Debian Developer Imprisoned In Russia Over Alleged Role In Riots (itwire.com) 93

An anonymous reader writes: "Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the sysadmin.ru forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him."

Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."
Math

Oregon Fines Man For Writing a Complaint Email Stating 'I Am An Engineer' (vice.com) 734

pogopop77 quotes a report from Motherboard: In September 2014, Mats Jarlstrom, an electronics engineer living in Beaverton, Oregon, sent an email to the state's engineering board. The email claimed that yellow traffic lights don't last long enough, which "puts the public at risk." "I would like to present these facts for your review and comments," he wrote. This email resulted not with a meeting, but with a threat from The Oregon State Board of Examiners for Engineering and Land Surveying [stating]: "ORS 672.020(1) prohibits the practice of engineering in Oregon without registration -- at a minimum, your use of the title 'electronics engineer' and the statement 'I'm an engineer' create violations." In January of this year, Jarlstrom was officially fined $500 by the state for the crime of "practicing engineering without being registered." Since the engineering board in Oregon said Jarlstrom should not be free to publish or present his ideas about the fast-turning yellow traffic lights, due to his "practice of engineering in Oregon without registration," he and the Institute for Justice sued them in federal court for violating his First Amendment rights. "I'm not practicing engineering, I'm just using basic mathematics and physics, Newtonian laws of motion, to make calculations and talk about what I found," he said. Sam Gedge, an attorney for the Institute for Justice, told Motherboard: "Mats has a clear First Amendment right to talk about anything from taxes to traffic lights. It's an instance of a licensing board trying to suppress speech."
Crime

Murdered Woman's Fitbit Nails Cheating Husband (nydailynews.com) 131

BarbaraHudson writes: A murdered woman's Fitbit data shows she was still alive an hour after her husband claims she was murdered and he was tied up, contradicting her husband's description of events. New York Daily News reports: "Richard Dabate, 40, was charged this month with felony murder, tampering with physical evidence and making false statements following his wife Connie's December 2015 death at their home in Ellington, Tolland County. Dabate called 911 reporting that his wife was the victim of a home invasion, alleging that she was shot dead by a 'tall, obese man' with a deep voice like actor Vin Diesel's, sporting 'camouflage and a mask,' according to an arrest warrant. Dabate alleged her death took place more than an hour before her Fitbit-tracked movements revealed."
GNU is Not Unix

Richard Stallman Interviewed By Bryan Lunduke (youtube.com) 172

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.
Security

Wall Street IT Engineer Hacks Employer To See If He'll Be Fired (bleepingcomputer.com) 198

An anonymous reader writes: A Wall Street engineer was arrested for planting credentials-logging malware on his company's servers. According to an FBI affidavit, the engineer used these credentials to log into fellow employees' accounts. The engineer claims he did so only because he heard rumors of an acquisition and wanted to make sure he wouldn't be let go. In reality, the employee did look at archived email inboxes, but he also stole encryption keys needed to access the protected source code of his employer's trading platform and trading algorithms.

Using his access to the company's Unix network (which he gained after a promotion last year), the employee then rerouted traffic through backup servers in order to avoid the company's traffic monitoring solution and steal the company's source code. The employee was caught after he kept intruding and disconnecting another employee's RDP session. The employee understood someone hacked his account and logged the attacker's unique identifier. Showing his total lack of understanding for how technology, logging and legal investigations work, the employee admitted via email to a fellow employee that he installed malware on the servers and hacked other employees.

Government

CIA, FBI Launch Manhunt For WikiLeaks Source (cbsnews.com) 199

An anonymous reader quotes CBS: CBS News has learned that a manhunt is underway for a traitor inside the Central Intelligence Agency. The CIA and FBI are conducting a joint investigation into one of the worst security breaches in CIA history, which exposed thousands of top-secret documents that described CIA tools used to penetrate smartphones, smart televisions and computer systems. Sources familiar with the investigation say it is looking for an insider -- either a CIA employee or contractor -- who had physical access to the material... Much of the material was classified and stored in a highly secure section of the intelligence agency, but sources say hundreds of people would have had access to the material. Investigators are going through those names.
Homeland security expert Michael Greenberger told one CBS station that "My best guest is that when this is all said and done we're going to find out that this was done by a contractor, not by an employee of the CIA."

Slashdot Top Deals