JPMorgan Chase is suing the 30-year-old founder of Frank, a buzzy fintech startup it acquired for $175 million, for allegedly lying about its scale and success by creating an enormous list of fake users to entice the financial giant to buy it. Forbes: Frank, founded by former CEO Charlie Javice in 2016, offers software aimed at improving the student loan application process for young Americans seeking financial aid. Her lofty goals to build the startup into "an Amazon for higher education" won support from billionaire Marc Rowan, Frank's lead investor according to Crunchbase, and prominent venture backers including Aleph, Chegg, Reach Capital, Gingerbread Capital and SWAT Equity Partners. The lawsuit, which was filed late last year in U.S. District Court in Delaware, claims that Javice pitched JP Morgan in 2021 on the "lie" that more than 4 million users had signed up to use Frank's tools to apply for federal aid.

When JP Morgan asked for proof during due diligence, Javice allegedly created an enormous roster of "fake customers -- a list of names, addresses, dates of birth, and other personal information for 4.265 million 'students' who did not actually exist." In reality, according to the suit, Frank had fewer than 300,000 customer accounts at that time. [...] Frank's chief growth officer Olivier Amar is also named in the JP Morgan complaint. It alleges that Javice and Amar first asked a top engineer at Frank to create the fake customer list; when he refused, Javice approached "a data science professor at a New York City area college" to help. Using data from some individuals who'd already started using Frank, he created 4.265 million fake customer accounts -- for which Javice paid him $18,000 -- and had it validated by a third-party vendor at her direction, JP Morgan alleges. Amar, meanwhile, spent $105,000 buying a separate data set of 4.5 million students from the firm ASL Marketing, per the complaint.

The brother of a former Coinbase product manager was sentenced on Tuesday to 10 months in prison after pleading guilty in what U.S. prosecutors have called the first insider trading case involving cryptocurrency. Reuters reports: Nikhil Wahi admitted to making trades based on confidential information from Coinbase, one of the world's largest cryptocurrency exchanges, when he pleaded guilty in September to a wire fraud conspiracy charge. Prosecutors said Ishan Wahi, the former product manager, shared the information with his brother and their friend Sameer Ramani about new digital assets that Coinbase was planning to let users trade. Ishan Wahi has pleaded not guilty, and Ramani is at large.

Prosecutors said Wahi made nearly $900,000 of profit by illegally trading ahead of 40 different Coinbase announcements. They recommended a 10- to 16-month sentence. At a sentencing hearing in Manhattan federal court, U.S. District Judge Loretta Preska said his crime was "not an isolated error in judgment." "Today's sentence makes clear that the cryptocurrency markets are not lawless," Damian Williams, the top federal prosecutor in Manhattan, said in a statement. Further reading: Coinbase To Cut 20% Jobs, Abandon 'Several' Projects To Weather Downturns in Crypto Market

The company behind Ciphr, an encrypted messaging platform that was especially popular among organized criminals and high tier drug traffickers, is beta testing a new app in an apparent rebrand from its long running reputation as a tech tool of the underground. From a report: The news shows the continuing ruptures across the underground encrypted phone industry after an escalating series of law enforcement hacks and investigations. The rebrand by OnyxCorp, the company that made Ciphr, is the latest episode in that fallout. Other companies in the space have died altogether, had their founders arrested and imprisoned, and had thousands of their criminal users arrested and charged. "There was talk of reinventing the app with a focus on enterprise customers," a former employee told Motherboard. Motherboard granted the source anonymity because they said they had signed an NDA. The new app is called Mode. "Privacy & Protection for Team Communication," the app's website reads. The website says Mode protects chats with end-to-end encryption and disappearing messages, and also includes video calling and file sharing.

Saturday night in the Silicon Valley city of San Jose, the assistant police chief tweeted out praise for their recently-upgraded Automatic License Plate Readers: Officers in Air3 [police helicopter], monitoring the ALPR system, got alerted to 3 stolen cars. They directed ground units to the cars. All 3 drivers in custody! No dangerous vehicle pursuits occurred, nor were they needed.

2 drivers tried to run away. But, you can't outrun a helicopter!"
There's photos — one of the vehicles appears to be a U-Haul pickup truck — and the tweet drew exactly one response, from San Jose mayor Matt Mahan: "Nice job...! Appreciate the excellent police work and great to see ALPRs having an impact. Don't steal cars in San Jose!"
Some context: The San Jose Spotlight (a nonprofit local news site) noted that prior to last year license plate readers had been mounted exclusively on police patrol cars (and in use since 2006). But last year the San Jose Police Department launched a new "pilot program" with four cameras mounted at a busy intersection, that "captured nearly 300,000 plate scans in just the last month, according to city data."

By August this had led to plans for 150 more stationary ALPR cameras, a local TV station reported. "Just this week, police said they solved an armed robbery and arrested a suspected shooter thanks to the cameras." During a forum to update the community, San Jose police also mentioned success stories in other cities like Vallejo where they've reported a 100% increase in identifying stolen vehicles. San Jose is now installing hundreds around the city and the first batch is coming in the next two to three months....

The biggest concern among those attending Wednesday's virtual forum was privacy. But the city made it clear the data is only shared with trained police officers and certain city staff, no out-of-state or federal agencies. "Anytime that someone from the San Jose Police Department accesses the ALPR system, they have to input a reason, the specific plates they are looking for and all of that information is logged so that we can keep track of how many times its being used and what its being used for," said Albert Gehami, Digital Privacy Officer for San Jose.
More privacy concerns were raised in September, reports the San Jose Spotlight: The San Jose City Council unanimously approved a policy Tuesday that formally bans the police department from selling any license plate data, using that information for investigating a person's immigration status or for monitoring legally protected activities like protests or rallies.

Even with these new rules, some privacy advocates and community groups are still opposed to the technology. Victor Sin, chair of the Santa Clara Valley Chapter of ACLU of Northern California, expressed doubt that the readers are improving public safety. He made the comments in a letter to the council from himself and leaders of four other community organizations. "Despite claims that (automated license plate reader) systems can reduce crime, researchers have expressed concerns about the rapid acquisition of this technology by law enforcement without evidence of its efficacy," the letter reads. Groups including the Asian Law Alliance and San Jose-Silicon Valley NAACP also said the city should reduce the amount of time it keeps license plate data on file down from one year.....

Mayor Sam Liccardo said he's already convinced the readers are useful, but added the council should try to find a way to measure their effect. "It's probably not a bad idea for us to decide what are the outcomes we're trying to achieve, and if there is some reasonable metric that captures that outcome in a meaningful way," Liccardo said. "Was this used to actually help us arrest anybody, or solve a crime or prevent an accident?"
An EFF position paper argues that "ALPR data is gathered indiscriminately, collecting information on millions of ordinary people." By plotting vehicle times and locations and tracing past movements, police can use stored data to paint a very specific portrait of drivers' lives, determining past patterns of behavior and possibly even predicting future ones — in spite of the fact that the vast majority of people whose license plate data is collected and stored have not even been accused of a crime.... [ALPR technology] allows officers to track everyone..."
Maybe the police officer's tweet was to boost public support for the technology? It's already led to a short report from another local news station: San Jose police recovered three stolen cars using their automated license-plate recognition technology (ALPR) on Saturday, according to officials with the San Jose Police Department.

Officers inside of Air3, one of SJPD's helicopters, spotted three stolen cars using ALPR before directing ground units their way. Police say no pursuits occurred, though two of the drivers tried to run away.

CNN reports that 32-year-old Katelyn McClure "has been sentenced to three years in state prison for her role in scamming more than $400,000 from GoFundMe donors, by claiming to be collecting money for a homeless man."
In 2017, McClure claimed she ran out of gas and was stranded on Interstate 95 in Philadelphia. The homeless man, Johnny Bobbitt Jr., supposedly saw her and gave her his last $20 for gas. McClure and her then-boyfriend, Mark D'Amico, posted about the "good deed" on social media, including a picture of her with Bobbitt on a highway ramp. They also started a GoFundMe campaign to raise money for the homeless veteran, saying they wanted to pay it forward to the good Samaritan and get him off the streets.

The story went viral and made national headlines, with more than 14,000 donors contributing. The scammers netted around $367,000 after fees, according to court documents.... Bobbitt, who received $75,000 from the fundraiser, according to prosecutors, took civil action against D'Amico and McClure and the scam soon became public.... D'Amico and Bobbitt were charged in 2018 alongside McClure for concocting the scheme, prosecutors said. McClure pleaded guilty to one count of theft by deception in the second degree in 2019, according to the Burlington County prosecutor.

Bobbitt pleaded guilty to conspiracy to commit theft by deception in 2019 and was sentenced to a five-year special probation period which includes drug treatment. D'Amico also pleaded guilty and agreed to a five-year term in New Jersey state prison, as well as restitution of GoFundMe and the donors, in 2019.
"The gas part is completely made up, but the guy isn't," McClure texted a friend (according to CNN). "I had to make something up to make people feel bad." So what happened to "the guy" from the highway ramp? Prosecutors note that if Bobbitt "fails to adhere to the tightly-structured regimen of treatment and recovery services, which includes frequent testing for drug use, he could be sentenced to five years in state prison."

And they add that the judge "also ruled that McClure, a former state Department of Transportation worker, is permanently barred from ever holding another position as a public employee."

Their statement points out that the 2017 campaign was at the time the largest fraud ever perpetrated through GoFundMe — which voluntarily reimbursed the 14,000-plus donors.

CNN reports: Two men were arrested on New Year's Eve for allegedly shutting down four Washington state power substations in late December that led to power outages for thousands across Pierce County. Matthew Greenwood and Jeremy Crahan have been charged with conspiracy to damage energy facilities and Greenwood faces a separate charge of possessing illegal short-barreled rifles.... The two cut off power to thousands of locals and caused at least $3 million worth of damage, according to charging documents.

Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Surveillance images cited in the court documents also showed images of one of the men and of the getaway car....

The two face up to 20 years behind bars if convicted of conspiring to attack energy facilities.
In addition, possession of an unregistered firearm is punishable by up to ten years in prison, according to a statement from the Department of Justice. But identifying the suspects was apparently pretty simple.

"When law enforcement served a search warrant on the home of the suspects, they recovered distinctive clothing pictured in the surveillance photos."

Thanks to long-time Slashdot reader schwit1 for sharing the story.

New York's attorney general on Thursday filed a civil lawsuit accusing Celsius Network founder Alex Mashinsky of scheming to defraud hundreds of thousands of investors by inducing them to deposit billions of dollars in digital assets with his cryptocurrency company. From a report: The lawsuit filed in a New York state court in Manhattan accuses Mashinsky of violating the state's Martin Act, which gives Attorney General Letitia James broad power to pursue civil and criminal cases over securities fraud, and other laws. Mashinsky was accused of promoting Celsius as a safe alternative to banks, while concealing that Celsius was actually engaged in risky investment strategies that contributed to its collapse and bankruptcy. "Alex Mashinsky promised to lead investors to financial freedom but led them down a path of financial ruin," James said in a statement. "Making false and unsubstantiated promises and misleading investors is illegal."

An anonymous reader shares a report: The investment bank B Riley is so determined to persuade the troubled bitcoin miner Core Scientific to avoid filing for bankruptcy that it has offered as much as $72mn in fresh financing to keep the company from seeking a court-supervised Chapter 11 restructuring. "Bankruptcy is not the answer and would be a disservice to the Company's investors," B Riley wrote in a letter from early December. "It will destroy value for the Company's shareholders, reduce potential recoveries for the Company's lenders, deplete its limited resources and create massive uncertainty for all its stakeholders."

Core Scientific filed for bankruptcy anyway last week. Still, B Riley's aversion should be understandable. A series of players have succumbed to the ongoing crypto winter including FTX, BlockFi, Voyager Digital and Celsius with customer accounts largely frozen. The novel legal issues about digital asset ownership, the continuing problems in the sector and the deliberative nature of US bankruptcy proceedings have kept any of the major companies from exiting court protection yet. The costs are piling up and account holders are noticing. Lawyers, bankers and other advisers in the Celsius case that began in July recently submitted detailed fee requests to the New York federal bankruptcy court totalling $53mn.

Per US law, these official advisers will have these so-called "administrative expenses," subject to court approval, paid by the "estate" or the company which will naturally eat into the recoveries of account holders. Law firms involved including Kirkland & Ellis and White & Case which are usual powerhouses in corporate and private equity bankruptcies are involved in Celsius and have top lawyers billing more than $1,800 per hour. (This may remain a bargain as top lawyers in the FTX bankruptcy at Sullivan & Cromwell are charging in excess of $2,000 per hour).

An anonymous reader shares a column: Every major phone manufacturer is guilty of a serious crime, and I won't be quiet about it any longer: they stole the power button from us. Apple, Google, Samsung: guilty, guilty, guilty. Long-pressing the power button used to bring up an option to turn your phone off, but then these companies decided to get cute and make this a shortcut to summon their digital assistant. This is bad and wrong, and I'm politely demanding that these companies return what they took from us.

Look, I get the logic. When phone screens got bigger, physical buttons like Apple's home button were axed, and existing buttons had to pick up the slack. In the iPhone X, Apple re-homed the Siri function to the power button. Since then, turning your iPhone off has required pressing a combination of buttons. If you make the fatal mistake of long-pressing the power button in hopes of turning your phone off, Siri will start listening to you as you curse about how the power button doesn't work how it should anymore. And woe to you if you don't hold down the right button combination long enough -- you'll take a screenshot that you didn't want and will have to delete later. It's just as bad on Samsung and Google phones.

Long-pressing the power button on the Pixel 7 Pro just now brought up the Google Assistant and a prompt to ask it how to say sorry in Spanish. No, Google. It is you who should be apologizing. And the Galaxy S22 phones I used this year all bid me to set up Bixby whenever I made the mistake of long-pressing the power button. Both Google and Samsung let you change it back to the power menu -- and Samsung has the decency to put a shortcut to side key options on its shutdown screen -- but enough is enough. Long-pressing the power button should, by default, just turn the phone off. The thing that really adds salt to the wound is that the button combination to turn your phone off isn't even the same on every phone. On an iPhone, you can press and hold the power button and either volume key to get to shutdown options. On a Pixel phone, it's a short press of the volume up key and power button. If you screw up and press the volume down key, you'll take a screenshot, which will make you feel stupid when you find it in your photo gallery later. Samsung makes you press and hold the volume down key and power button.

This week America passed a $1.7 trillion federal spending bill — and it includes a big win for retailrs reporters the Associated Press. It forces online marketplaces like Amazon and Facebook "to verify high-volume sellers on their platforms amid heightened concerns about retail crime...." The bill, called the INFORM ACT, also seeks to combat sales of counterfeit goods and dangerous products by compelling online marketplaces to verify different types of information — including bank account, tax ID and contact details — for sellers who make at least 200 unique sales and earn a minimum of $5,000 in a given year.

It's difficult to parse out how much money retailers are losing due to organized retail crime — or if the problem has substantially increased. But the issue has received more notice in the past few years as high-profile smash-and-grab retail thefts and mass shoplifting events grabbed national attention. Some retailers have also said in recent weeks they're seeing more items being taken from stores. Target executives said in November the number of thefts has gone up more than 50%, resulting in more than $400 million in losses. Its expected to be more than $600 million for the full fiscal year.... Walgreens, Best Buy and Home Depot have also pointed out similar problems.

The National Retail Federation, the nation's largest retail trade group, said its latest security survey of roughly 60 retailers found that inventory loss — called shrink — clocked in at an average rate of 1.4% last year, representing $94.5 billion in losses [included damaged products and theft by employees] ... It also noted retailers, on average, saw a 26.5% uptick in organized theft incidents last year.

A Valero gas station sells approximately 5,000 gallons of gas a day, one employee estimates.

But local police arrested six men who, in a series of robberies, tricked the pumps out of 30,000 gallons of gasoline, reports the Mercury News, "a haul authorities estimated was worth at least $180,000." Upon further inspection of surveillance video, authorities said, police saw one of the suspects activate a gas-pump computer, allowing another suspect to pump fuel into his vehicle.... An employee from the Valero station, who declined to give their name, called the process the gas thieves used "nearly untraceable."

"You must have a deep understanding of how the pump system works," the person said. "There is a time frame anywhere from 75 seconds to two minutes for the authorization to go through the network [after sliding a credit card into a gas pump]. In this (time period), there's an opportunity to manipulate the pump ... You're able to manipulate the pump and confuse the programming to an extent that the pump starts dispensing gas...."

In a Facebook post, authorities said the three suspects had been "conspiring together in a sophisticated operation to thwart security devices and pump electronics to steal large amounts of gasoline from the business...."

Authorities say $20,000 of damage was done to gas pumps.
Thanks to Slashdot reader k6mfw for submitting the story.

North Korean hackers have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years, more than half of it this year alone, South Korea's spy agency said Thursday. From a report: Experts and officials say North Korea has turned to crypto hacking and other illicit cyber activities as a source of badly needed foreign currency to support its fragile economy and fund its nuclear program following harsh U.N. sanctions and the COVID-19 pandemic. South Korea's main spy agency, the National Intelligence Service, said North Korea's capacity to steal digital assets is considered among the best in the world because of the country's focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.

The U.N. sanctions imposed in 2016-17 ban key North Korean exports such as coal, textiles and seafood and also led member states to repatriate North Korean overseas workers. Its economy suffered further setbacks after it imposed some of the world's most draconian restrictions against the pandemic. The NIS said state-sponsored North Korean hackers are estimated to have stolen 1.5 trillion won ($1.2 billion) in virtual assets around the world since 2017, including about 800 billion won ($626 million) this year alone. It said more than 100 billion won ($78 million) of the total came from South Korea.

Karl Sebastian Greenwood, co-founder of sham "Bitcoin-killer" OneCoin, pleaded guilty in Manhattan federal court to charges of conspiring to defraud investors and to launder money. "Greenwood was arrested in Thailand in July 2018 and subsequently extradited to the US," reports The Register. "OneCoin's other co-founder, 'Cryptoqueen' Ruja Ignatova (Dr. Ruja Ignatova -- she has a law degree), remains a fugitive on the FBI's Ten Most Wanted list and on Europol's Most Wanted list." From the report: "As a founder and leader of OneCoin, Karl Sebastian Greenwood operated one of the largest international fraud schemes ever perpetrated," said US Attorney Damian Williams in a statement. "Greenwood and his co-conspirators, including fugitive Ruja Ignatova, conned unsuspecting victims out of billions of dollars, claiming that OneCoin would be the 'Bitcoin killer.' In fact, OneCoins were entirely worthless." The US has charged at least nine individuals across four related cases, including Greenwood and Ignatova, with fraud charges related to OneCoin. Authorities in China have prosecuted 98 people accused of trying to sell OneCoin. Police in India arrested 18 for pitching the Ponzi scheme.

According to the Justice Department, Greenwood and Ignatova founded OneCoin in Sofia, Bulgaria, in 2014. Until 2017 or so, they're said to have marketed OneCoin as a cryptocurrency to investors. The OneCoin exchange was shut down in January 2017, but trades evidently continued among affiliated individuals for some time. The OneCoin.eu website remained online until 2019. In fact, OneCoin was a multi-level marketing (MLM) pyramid scheme in which network members received commissions when they managed to recruit people to buy OneCoin. The firm's own promotional materials claim more than three million people invested. And between Q4 2014 and Q4 2016, company records claim OneCoin generated more than $4.3 billion in revenue and $2.9 billion in purported profits. At the top of the MLM pyramid, Greenwood is said to have earned $21 million per month. Greenwood and others claimed that OneCoin was mined using computing power like BitCoin and recorded on a blockchain. But it wasn't. As Ignatova allegedly put it in an email to Greenwood, "We are not mining actually -- but telling people shit."

OneCoin's value, according to the Feds, was simply set by those managing the company -- they manipulated the OneCoin exchange to simulate trading volatility but the price of OneCoin always closed higher than it opened. In an August 1, 2015 email, Ignatova allegedly told Greenwood that one of the goals for the OneCoin trade exchange was "always close on a high price end of day open day with high price, build confidence -- better manipulation so they are happy." According to the Justice Department, the value assigned to OneCoin grew steadily from $0.53 to approximately $31.80 per coin and never declined.

An anonymous reader quotes a report from Ars Technica: Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday in the Central District of California. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor's home. When police arrived at the residence, Nelson allegedly accessed the residence's Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond. It's not clear how the defendants allegedly obtained the Yahoo account credentials. A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals. Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.

An anonymous reader quotes a report from TorrentFreak: The UK Government's Intellectual Property Office published new piracy guidance today, and it contains a small, easily missed detail. People who share their Netflix, Amazon Prime, or Disney+ passwords are violators of copyright law. And it gets worse. The IPO informs TorrentFreak that password sharing could also mean criminal liability for fraud. [...] In a low-key announcement today, the UK Government's Intellectual Property Office announced a new campaign in partnership with Meta, aiming to help people avoid piracy and counterfeit goods online. Other than in the headline, there is zero mention of Meta in the accompanying advice, and almost no advice that hasn't been issued before. But then this appears: "Piracy is a major issue for the entertainment and creative industries. Pasting internet images into your social media, password sharing on streaming services and accessing the latest films, tv series or live sports events through kodi boxes, fire sticks or Apps without paying a subscription all break copyright laws. Not only are you breaking the law but stopping someone earning a living from their hard work."

TorrentFreak immediately contacted the Intellectual Property Office for clarification on the legal side, particularly since password sharing sits under a piracy heading. The IPO's response was uncompromising, to put it mildly. "There are a range of provisions in criminal and civil law which may be applicable in the case of password sharing where the intent is to allow a user to access copyright protected works without payment," the IPO informs TorrentFreak. "These provisions may include breach of contractual terms, fraud or secondary copyright infringement depending on the circumstances." Given that using the "services of a members' club without paying and without being a member" is cited as an example of fraud in the UK, the bar for criminality is set very low, unless the Crown Prosecution Service decides otherwise, of course.

Slashdot reader lowvisioncomputing shares a story from the CBC about an elaborate heist discovered "when the chief administrative officer of a southwestern Manitoba rural municipality [population: 3,300] noticed the series of unusual cash withdrawals from its bank account...." It began with a job advertisement. A seemingly legitimate company, with a professional website and a Nova Scotia address, claimed it was looking for cash processors. The contract was for one month. Employees could work from home.

They were told they would receive payments to their credit cards, which they would be expected to move to their bank accounts. They would then withdraw the payments, convert them into bitcoin, and send that to another account.... The majority of the 18 people hired were young and lived in various communities across the country.... Anyone who did an internet search for the company would find a professional website, with information matching what was provided in the employment agreement.

In early December 2019, the cybercriminals sent a phishing email to multiple people at the municipal office of WestLake-Gladsone, a municipality about 150 kilometres west of Winnipeg, on the southwestern shore of Lake Manitoba. At least one person clicked on the link, which allowed the hackers to get into the municipality's computers and bank accounts. But weeks went by and nothing happened, so the municipality didn't report it to the police. It was only after the money disappeared that the municipality discovered the two incidents were connected, said Kate Halashewski, who at the time was the assistant chief administrative officer for the Municipality of WestLake-Gladstone....

Court documents say that on Dec. 19, 2019, a person logged into the municipality's bank account and changed the password, along with the personal verification questions. Over the next 17 days, the cyberattackers added the 18 "employees" hired as payees and began systematically making withdrawals, transferring the money to the employees' credit cards. Dozens of withdrawals were made, totalling $472,377, according to court documents — a considerable amount for a municipality with an entire annual budget of $7 million.

Those withdrawals weren't discovered until Jan. 6, when Halashewski saw 48 bank transfers — each less than $10,000 — going to unfamiliar accounts.... Once they'd completed the initial transfers and conversion, the bitcoin was then sent to the private account of the scammers — who cybersecurity experts say likely aren't in Canada....

The municipality finally announced it had lost nearly half a million dollars in an Oct. 12, 2020, news release.... No arrests have been made in connection with the WestLake-Gladstone cyberattack and RCMP say it is no longer under active investigation.

Long-time Slashdot reader wattersa is a lawyer in Redwood City, California, "and a Slashdot reader since 1998.

"I recently concluded a three-year missing person investigation that unfortunately turned into an overseas homicide in Taiwan. I was authorized by my client to publish the case study on my website, which is based on our recent court filings..." And yes, he writes that the case was solved with a subpoena to Google: I filed that case in late 2019 and then used the subpoena power to try to solve the disappearance, which seemed appropriate. We solved the case in late 2020 due to a fake "proof of life" email that the suspect sent from the victim's email account, which he sent from a hotel where he testified he was staying alone on the night of the disappearance — after (according to him) dropping off the victim at the local train station. The victim could not have sent the email from the other side of Taiwan, which is where the email indicated it was from.... The suspect in my case is a Tony Stark-level supergenius with a Ph.D. and dozens of patents, who works at a prominent engineering company in California. He is currently wanted in Taiwan.

The case was solved with a subpoena to Google for the login/logout history of the victim's Gmail account and the originating IP address of the proof of life email. Although Google does not include the originating IP address in the email headers, it turns out that they retain the IP address for some unknown length of time and we were able to get it. When it became clear that this case was a homicide, co-counsel and I dismissed the conservatorship case and filed a wrongful death case against the suspect in 2021.

We continue to gather information through subpoenas, depositions, and interviews, all of which show that the victim died in a 10-hour window on November 29, 2019. The wrongful death case goes to trial in late 2023 in Santa Clara County. This is a rare case in which the family can afford an expensive, lengthy, attorney-led private investigation.
The original submission includes additional details about a rarely used statute in California that allows conservatorship of a missing person's estate — and apparently grants subpoena power. And it was in response to such a subpoena that Google produced the originating IP address of that crucial proof of life email.

"This obscure statute in the Probate Code was instrumental in solving the case because we didn't have to wait for law enforcement to take action, and we were able to aggressively pursue our own leads. This gave the family a sense of agency and closure, as well as the obvious benefit of solving the disappearance. Also, Taiwan law enforcement could not do subpoenas from Taiwan, so we ended up contributing to their investigation to some extent as well."

U.S. prosecutors on Wednesday said they have charged eight individuals in a securities fraud scheme, alleging they reaped about $114 million from by using Twitter and Discord to manipulate stocks. Reuters reports: The eight men allegedly purported to be successful traders on the social media platforms and then engaged in a so-called "pump and dump" scheme by hyping particular stocks to their followers with the intent to dump them once prices had risen, according to prosecutors in the Southern District of Texas.

The U.S. Securities and Exchange Commission (SEC) said it has filed related civil charges against the defendants in the scheme, claiming that seven of the defendants used Twitter and Discord to boost stocks. It said the eighth was charged with aiding and abetting the scheme with his podcast. The individuals charged were Texas residents Edward Constantinescu, Perry Matlock, John Rybarczyk and Dan Knight, along with California residents Gary Deel and Tom Cooperman, Stefan Hrvatin of Miami and Mitchell Hennessey of Hoboken, New Jersey.

An anonymous reader shares a report: In mid-2020, FTX's chief engineer made a secret change to the cryptocurrency exchange's software. He tweaked the code to exempt Alameda Research, a hedge fund owned by FTX founder Sam Bankman-Fried, from a feature on the trading platform that would have automatically sold off Alameda's assets if it was losing too much borrowed money. In a note explaining the change, the engineer, Nishad Singh, emphasized that FTX should never sell Alameda's positions. "Be extra careful not to liquidate," Singh wrote in the comment in the platform's code, which it showed he helped author. Reuters reviewed the code base, which has not been previously reported.

The exemption allowed Alameda to keep borrowing funds from FTX irrespective of the value of the collateral securing those loans. That tweak in the code got the attention of the U.S. Securities and Exchange Commission, which charged Bankman-Fried with fraud on Tuesday. The SEC said the tweak meant Alameda had a "virtually unlimited line of credit." Furthermore, the billions of dollars that FTX secretly lent to Alameda over the next two years didn't come from its own reserves, but rather were other FTX customers' deposits, the SEC said.

The auto-liquidation exemption written into FTX code allowed Alameda to continually increase its line of credit until it "grew to tens of billions of dollars and effectively became limitless," the SEC complaint said. It was one of two ways that Bankman-Fried diverted customer funds to Alameda. The other was a mechanism whereby FTX customers deposited over $8 billion in traditional currency into bank accounts secretly controlled by Alameda. These deposits were reflected in an internal account on FTX that was not tied to Alameda, which concealed its liability, the complaint said.

The Royal Bahamas Police Force arrested FTX founder Sam Bankman-Fried, a press statement said. CoinDesk reports: The arrest came after the U.S. filed criminal charges against Bankman-Fried, the statement said, and the nation expects the U.S. to request The Bahamas extradite Bankman-Fried in short order. "As a result of the notification received and the material provided therewith, it was deemed appropriate for the Attorney General to seek SBF's arrest and hold him in custody pursuant to our nation's Extradition Act," the statement, attributed to Attorney General Ryan Pinder, said. "At such time as a formal request for extradition is made, The Bahamas intends to process it promptly, pursuant to Bahamian law and its treaty obligations with the United States."

A tweet from the U.S. Attorney's Office for the Southern District of New York confirmed that prosecutors in the U.S. indicted Bankman-Fried, though the indictment remains under seal. In the Bahamas' statement, Bahamas Prime Minister Philip Davis said the country would continue pursuing its own investigation into FTX's collapse, alongside the U.S.'s criminal charges. Bankman-Fried was set to testify virtually before the House Financial Services Committee about the exchange's collapse on Tuesday.