An anonymous reader quotes a report from Gizmodo: The NYPD says it wants to reimagine its current police communication system and transition to encrypted messages by 2024, according to a recent amNY report confirmed by Gizmodo. While law enforcement has spent years fighting to make encryption less accessible for everyday people, police think they need a little more privacy. Critics worry a turn towards encryption by law enforcement could reduce transparency, hamstring the news media, and potentially jeopardize the safety of protestors looking to stay a step ahead.

According to amNY, the NYPD's new plan would allow law enforcement officers discretion on whether or not to publicly disclose newsworthy incidents. That means the NYPD essentially would get to dictate the truth unchallenged in a number of potentially sensitive local stories. The report suggests police are floating the idea of letting members of the news media monitor certain radio transmissions through an NYPD-controlled mobile app. There's a catch though. According to the report, the app would send radio information with a delay. Users may also have to pay a subscription fee to use the service, the paper said.

The NYPD confirmed its planning a "systems upgrade" in the coming years in an email to Gizmodo. "The NYPD is undergoing a systems upgrade that is underway and that will be complete after 2024," a spokesperson for the Deputy Commissioner of Public Information said. "This infrastructure upgrade allows the NYPD to transmit in either an encrypted or non-encrypted format," the NYPD said. "Some parts of the city have had the necessary equipment installed and the Department will begin testing the technology in these areas later this year. We are currently evaluating encryption best practices and will communicate new policies and procedures as we roll out this upgraded technology." The spokesperson claimed the department intends to listen to and consider the needs of the news media during the transition process. "The entire public safety news coverage system depends on scanners, and if scanners and scanner traffic are no longer available to newsrooms then news reporting about crime, fire -- it's going to be very hit or miss," CaliforniansAware General Counsel Terry Francke told the Reporters Committee in a blog post.

"Cutting off the media from getting emergency transmissions represents the clearest regression of the NYPD policy of transparency in its history," New York Press Photographers Association President Bruce Cotler said in an interview with amNY. "We believe shutting down radio transmissions is a danger to the public and to the right of the public to know about important events."

Gizmodo notes that New York joins a growing list of cities considering encrypting radio communications. "Denver, Baltimore, Virginia Beach, Sioux City, Iowa, and Racine, Wisconsin have all moved to implement the technology in recent years."

An anonymous reader quotes a report from TechCrunch: Dubbed the Facial Recognition Act, the bill would compel law enforcement to obtain a judge-authorized warrant before using facial recognition. By adding the warrant requirement, law enforcement would first have to show a court it has probable cause that a person has committed a serious crime, rather than allowing largely unrestricted use of facial recognition under the existing legal regime. The bill also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone's arrest.

If passed, the bill would also require law enforcement to annually test and audit their facial recognition systems, and provide detailed reports of how facial recognition systems are used in prosecutions. It would also require police departments and agencies to purge databases of photos of children who were subsequently released without charge, whose charges were dismissed or were acquitted. [...] The bill has so far received glowing support from privacy advocates, rights groups and law enforcement-adjacent groups and organizations alike. Woodrow Hartzog, a law professor at Boston University, praised the bill for strengthening baseline rules and protections across the U.S. "without preempting more stringent limitations elsewhere."

A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Nextgov reports: Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer. Dalke allegedly used an encrypted email account to leak sensitive and classified documents he obtained while working at the NSA to an individual who claimed to have worked for a foreign government.

The individual who received the documents was later revealed to be an undercover FBI agent. Dalke was arrested in September upon arriving at the location where he and the undercover agent agreed to exchange documentation for $85,000 in compensation. "Dalke told that individual that he had taken highly sensitive information relating to foreign targeting of U.S. systems, and information on U.S. cyber operations, among other topics," the press release from the Department of Justice reads. "To prove he had access to sensitive information, Dalke transmitted excerpts of three classified documents to the undercover FBI agent. Each excerpt contained classification markings." "Should Dalke be found guilty, his sentence could include the dealth penalty or any term of years up to life imprisonment," notes the report.

Oracle has paid $23 million to the US Securities and Exchange Commission to settle corruption charges that subsidiaries in Turkey, United Arab Emirates and India used "slush funds" to bribe foreign officials to win business. The Register reports: The SEC said on Tuesday that Big Red violated provisions of the Foreign Corrupt Practices Act (FCPA) during a three-year period between 2016 and 2019. The cash that was apparently surreptitiously set aside was also spent on paying for foreign officials to attend technology conferences, which breaks Oracle's own internal policies and procedures. And the SEC said that in some instances, it found Oracle staff at the Turkish subsidiary had spent the funds on taking officials' families with them on International conferences or side trips to California.

"The creation of off-books slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle's Turkey, UAE, and India subsidiaries," said Charles Cain, FCPA unit chief at the SEC. "This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company's operations," he added. Oracle, without admitting or denying the findings of the SEC's investigation, has agreed to "cease and desist from committing violations" of the anti-bribery, books and records, and internal accounting controls of the FCPA, said the Commission.

Interpol has issued a red notice for Do Kwon, requesting law enforcement agencies worldwide to search and arrest the Terraform Labs founder whose blockchain startup collapsed earlier this year. From a report: The collapse of Terra cryptocurrency (Luna) and the so-called stablecoin TerraUSD (UST) wiped out investors' $40 billion, prompting an uproar that caused the prosecutors to launch investigations into Kwon and his colleagues. He faces charges in South Korea, the prosecutors said Monday.

An anonymous reader quotes a report from Ars Technica: Earlier this year, the International Organization for Migration reported that more than 3 million refugees fleeing war-torn Ukraine were "at heightened risk of exploitation." Human trafficking cases, they warned, involved refugees more likely to leave home suddenly without secure financial resources and "less likely to be identified in the immediate aftermath of mass displacement." Since February, the European Union announced (PDF) that the number is even larger, counting more than 5.4 million people who "have arrived in the European Union since the beginning of the war in Ukraine." "All relevant stakeholders have recognized that the threat of trafficking in human beings is high and imminent," EU's human trafficking plan states. Since women and children represent the majority of refugees fleeing, the plan says they are believed to be most at risk.

To respond, the EU began monitoring online and offline human trafficking risks, and experts called for countries across Europe to start working together to shield refugees during this uncertain time of conflict. This week, the EU's law enforcement agency focused on cybercrimes, Europol, reported that it had done exactly that by coordinating the first online EU-wide hackathon. By bringing together law enforcement authorities from 20 countries to aid in their investigations, the hackathon targeted criminal networks using social platforms and websites to map out the online criminal landscape of human trafficking across Europe. In particular, Europol noted in its report, "investigators targeted human traffickers attempting to lure Ukrainian refugees."

"The Internet and human trafficking are interlinked," Europol stated in its report, which identified 30 online platforms "related to vulnerable Ukrainian refugees," 10 specifically targeting refugees for human trafficking. Europol identified 80 persons/usernames (with 30 possibly exploiting Ukrainian refugees), 11 suspected human traffickers (five believed to be targeting Ukrainian refugees), and 45 possible victims, 25 of which were Ukrainian. Countries involved in the hackathon were Austria, Albania, Belgium, Denmark, France, Finland, Germany, Greece, Hungary, Lithuania, Netherlands, Portugal, Poland, Romania, Slovenia, Slovakia, Spain, Sweden, the United Kingdom, and Ukraine. Online platforms probed during the hackathon included "a wide range of websites" and "social media, dating platforms, advertising and aid platforms, forums and messaging applications."

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it." From the report: On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master's identity on the cybercrime forums to Kloster's personal blog, which featured musings on the challenges of running a company that sells "security and anonymity services to customers around the world." Kloster's blog even included a group photo of RSOCKS employees.

The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities. "I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges," Kloster reportedly told the Bulgarian court this week. "I am not a criminal and I will prove it in an American court." 24Chasa said the defendant's surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother's maiden name. As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. [...] Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.

Police in the UK have arrested a 17-year-old suspected hacker. Reports suggest the arrest is connected to the Rockstar Games hack that led to a major Grand Theft Auto VI leak. The individual may have been involved with an intrusion on Uber as well. From a report: According to journalist Matthew Keys' sources, the arrest is the result of an investigation involving the City of London Police, the UK's National Cyber Crime Unit and the FBI. Keys noted that the police and/or the FBI will reveal more details about the arrest later today. The City of London Police told Engadget it had "no further information to share at this stage."

The GTA VI leak is unquestionably one of the biggest in video game history. Last weekend, the hacker shared a trove of footage from a test build of the game, which is one of the most hotly anticipated titles around. Rockstar, which tends to keep a tight lid on its development process, confirmed on Monday that the leak was legitimate. It said the incident won't impact work on the game and that it will "properly introduce" fans to the next title in the blockbuster series once it's ready.

Five luxury cars, including two BMWs, two McLarens, and a Lamborghini, have been seized from 23-year-old Aiden Pleterski, the self-described "crypto king" of Canada, during bankruptcy proceedings according to a new report from the CBC. But those cars are only worth a fraction of the $35 million that Pleterski allegedly took from investors who thought he'd make them rich in the cryptocurrency market, and it's not clear whether they'll ever see their money again. Gizmodo reports: Pleterski and his company AP Private Equity Limited are facing at least two civil lawsuits after 140 people have come forward to say they invested a combined $35 million with Pleterski. Those people believed they were investing in cryptocurrency, and Pleterski's online presence -- including photos of the 23-year-old on private jets and next to luxury cars-- helped create the image that he knew what he was doing.

Pleterski's YouTube channel and Instagram account have been deleted but it appears he purchased articles on websites like Forbes.mc (the top level domain for Monaco) and the far-right news outlet Daily Caller to get his name associated with success in crypto investment. The Daily Caller article from December 2021 includes a photo of Pleterski looking at his phone in what appears to be a private jet. Notably, December 2021 was a time when cryptocurrencies like bitcoin and ethereum were trading near all-time highs. The headline reads, "Aiden Pleterski: Meet the Young Canadian Investor Who Is Taking the World of Crypto By Storm."

The question remains whether Pleterski actually invested any of the money in crypto to begin with, and speaks to just how strange the crypto market has been over the past year. For all anyone knows, Pleterski may have actually invested the money and lost it like so many others since the peak of November 2021. Bitcoin is down 56% since its price a year ago, while ethereum is down 57%. Pleterski insists he invested the money but that he's just bad with record-keeping. But some investors suspect Pleterski didn't even bother investing the money, instead pocketing it for himself, according to people who spoke with the CBC. Investors are trying to get their money back through the bankruptcy court and two civil lawsuits, but criminal charges haven't been pursued, even though some have reported their incidents to Toronto police, according to the CBC.

Charter Communications must pay over $1.1 billion to the estate and family of an 83-year-old woman murdered in her home by a Spectrum cable technician, a Dallas County Court judge ruled yesterday. Ars Technica reports: A jury in the same court previously ordered Charter to pay $7 billion in punitive damages and $337.5 million in compensatory damages. Judge Juan Renteria lowered the award in a ruling issued yesterday. The damages are split among the estate and four adult children of murder victim Betty Thomas. Renteria did not change the compensatory damages but lowered the punitive damages awarded to the family to $750 million. Pre-judgment interest on the damages pushes Charter's total liability to over $1.1 billion.

It isn't surprising that the judge lowered the payout, in which the jury decided punitive damages should be over 20 times higher than what Charter is liable for in compensatory damages. A nine-to-one ratio is often used as a maximum because of a 2003 US Supreme Court ruling that said: "In practice, few awards exceeding a single-digit ratio between punitive and compensatory damages, to a significant degree, will satisfy due process." Former Spectrum technician Roy Holden pleaded guilty to the 2019 murder of customer Betty Thomas and was sentenced to life in prison in April 2021. Charter was accused of hiring Holden without verifying his employment history and ignoring a series of red flags about his behavior, which included stealing credit cards and checks from elderly female customers.

An anonymous reader quotes a report from Reuters: Germany's general data retention law violates EU law, Europe's top court ruled on Tuesday, dealing a blow to member states banking on blanket data collection to fight crime and safeguard national security. The law may only be applied in circumstances where there is a serious threat to national security defined under very strict terms, the Court of Justice of the European Union (CJEU) said. The ruling comes after major attacks by Islamist militants in France, Belgium and Britain in recent years. Governments argue that access to data, especially that collected by telecoms operators, can help prevent such incidents, while operators and civil rights activists oppose such access.

The latest case was triggered after Deutsche Telekom unit Telekom Deutschland and internet service provider SpaceNet AG challenged Germany's data retention law arguing it breached EU rules. The German court subsequently sought the advice of the CJEU which said such data retention can only be allowed under very strict conditions. "The Court of Justice confirms that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security," the judges said. "However, in order to combat serious crime, the member states may, in strict compliance with the principle of proportionality, provide for, inter alia, the targeted or expedited retention of such data and the general and indiscriminate retention of IP addresses," they said.

A Maryland judge has overturned the murder conviction of Adnan Syed, in the latest twist to the case at the center of the hit podcast series Serial. From a report: Baltimore City Circuit Judge Melissa Phinn vacated the 41-year-old's conviction and granted him a new trial on Monday, ordering his release after more than 23 years behind bars. The move came after prosecutors made a request for his release on Wednesday saying that "the state no longer has confidence in the integrity of the conviction." Prosecutors said that an almost year-long investigation had cast doubts about the validity of cellphone tower data and uncovered new information about the possible involvement of two alternate unnamed suspects.

Syed was convicted in 2000 of first-degree murder, robbery, kidnapping and imprisonment of his ex-girlfriend Hae Min Lee. Lee, 18, vanished after leaving her high school on 13 January 1999. Her strangled body was found in a shallow grave in a Baltimore park around a month later. Syed has always maintained his innocence. In a tweet shortly after the ruling was made, Serial tweeted: "Sarah was at the courthouse when Adnan was released, a new episode is coming tomorrow morning."

South Korean prosecutors have refuted Do Kwon's claim from over the weekend that he is not on the run and asked Interpol to issue a red notice against the Terraform Labs' co-founder, escalating the publicly playing out drama following the $40 billion wipeout on his cryptocurrency startup in May this year. From a report: The Seoul Southern District Prosecutor's Office said that Kwon was not cooperating with the investigation and had told them (through his lawyer last month) that he had no intention to appear for questioning, according to official statements cited by local media Yonhap. The prosecutors have asked Seoul's foreign ministry to revoke Kwon's passport and said they have "circumstantial evidence" that Kwon is attempting to escape. An Interpol red notice, which is a call to law enforcement worldwide, can prevent individuals from being issues visas, restrict their cross border travels, and "provisionally arrest a person pending extradition, surrender or similar legal action." Over the weekend, Kwon claimed he was not on the run from any government agency that had "shown interest to communication." He added in a tweet: "We are in full cooperation and we don't have anything to hide."

The world's freight-carrying trucks and ships use GPS-based satellite tracking and navigation systems, reports ZDNet. But "Criminals are turning to cheap GPS jamming devices to ransack the cargo on roads and at sea, a problem that's getting worse...." Jammers work by overpowering GPS signals by emitting a signal at the same frequency, just a bit more powerful than the original. The typical jammers used for cargo hijackings are able to jam frequencies from up to 5 miles away rendering GPS tracking and security apparatuses, such as those used by trucking syndicates, totally useless. In Mexico, jammers are used in some 85% of cargo truck thefts. Statistics are harder to come by in the United States, but there can be little doubt the devices are prevalent and widely used. Russia is currently availing itself of the technology to jam commercial planes in Ukraine.

As we've covered, the proliferating commercial drone sector is also prey to attack.... During a light show in Hong Kong in 2018, a jamming device caused 46 drones to fall out of the sky, raising public awareness of the issue.
While the problem is getting worse, the article also notes that companies are developing anti-jamming solutions for drone receivers, "providing protection and increasing the resiliency of GPS devices against jamming attacks.

"By identifying and preventing instances of jamming, fleet operators are able to prevent cargo theft."

Long-time Slashdot reader n3hat writes: The BBC reports that a thief has been emptying gym patrons' accounts by stealing their bank card and mobile phone, registering the account to the thief's own mobile, and emptying the victims' bank accounts. The thief works around 2-factor authentication by taking advantage of the victim's phone having been configured to show notifications on the lock screen, so the thief can view the 2FA credential even though they don't have the unlock code.

The article gives instructions on how to disable notifications on the lock screen, for both iPhone and Android.

SpzToid writes: U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they've compiled from cellphones, iPads and computers seized from travelers at the country's airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer. The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant -- two details not previously known about the database -- have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.

Details of the database were revealed Thursday in a letter to CBP Commissioner Chris Magnus from Sen. Ron Wyden (D-Ore.), who criticized the agency for "allowing indiscriminate rifling through Americans' private records" and called for stronger privacy protections. The revelations add new detail to what's known about the expanding ways that federal investigators use technology that many Americans may not understand or consent to. Agents from the FBI and Immigration and Customs Enforcement, another Department of Homeland Security agency, have run facial recognition searches on millions of Americans' driver's license photos. They have tapped private databases of people's financial and utility records to learn where they live. And they have gleaned location data from license-plate reader databases that can be used to track where people drive.

A court in South Korea has issued an arrest warrant for Do Kwon, the founder of Terraform Labs, escalating its probe into the crypto ecosystem whose two tokens lost $40 billion in value in a span of days earlier this year. From a report: LUNA, the new token of the revived ecosystem, dropped as high as 48.4% to $2.23 apiece on the news, which was earlier reported by local media Yonhap, before recovering slightly. The South Korean court has issued arrest warrants for six people, the news outlet reported, adding that the prosecutors believe the individuals have violated the nation's capital market rules.

Bruce66423 shares a report from the Associated Press: A rape victim whose DNA from her sexual assault case was used by San Francisco police to arrest her in an unrelated property crime on Monday filed a lawsuit against the city. During a search of a San Francisco Police Department crime lab database, the woman's DNA was tied to a burglary in late 2021. Her DNA had been collected and stored in the system as part of a 2016 domestic violence and sexual assault case, then-District Attorney Chesa Boudin said in February in a shocking revelation that raised privacy concerns. "This is government overreach of the highest order, using the most unique and personal thing we have -- our genetic code -- without our knowledge to try and connect us to crime," the woman's attorney, Adante Pointer, said in a statement.

The revelation prompted a national outcry from advocates, law enforcement, legal experts and lawmakers. Advocates said the practice could affect victims' willingness to come forward to law enforcement authorities. Federal law already prohibits the inclusion of victims' DNA in the national Combined DNA Index System. There is no corresponding law in California to prohibit local law enforcement databases from retaining victims' profiles and searching them years later for entirely different purposes.

Boudin said the report was found among hundreds of pages of evidence against a woman who had been recently charged with a felony property crime. After learning the source of the DNA evidence, Boudin dropped the felony property crime charges against the woman. The police department's crime lab stopped the practice shortly after receiving a complaint from the district attorney's office and formally changed its operating procedure to prevent the misuse of DNA collected from sexual assault victims, Police Chief Bill Scott said. Scott said at a police commission meeting in March that he had discovered 17 crime victim profiles, 11 of them from rape kits, that were matched as potential suspects using a crime victims database during unrelated investigations. Scott said he believes the only person arrested was the woman who filed the lawsuit Monday.

Nikhil Wahi, brother of former Coinbase product manager Ishan Wahi, pleaded guilty in a Monday hearing to one count of conspiracy to commit wire fraud in connection with an alleged insider trading scheme. Decrypt reports: "Less than two months after he was charged, Nikhil Wahi admitted in court today that he traded in crypto assets based on Coinbase's confidential business information to which he was not entitled," said Damien Williams of the U.S. Attorney's Office in New York in a statement. "For the first time ever, a defendant has admitted his guilt in an insider trading case involving the cryptocurrency markets," Williams continued. "Today's guilty plea should serve as a reminder to those who participate in the cryptocurrency markets that the Southern District of New York will continue to steadfastly police frauds of all stripes and will adapt as technology evolves."

Nikhil now awaits sentencing in December, which could mean up to 20 years in prison. He has also been ordered to give back the money earned as a result of the illicit Coinbase trading, Williams said. Back in July, the Justice Department charged Ishan, Nikhil, and their friend Sameer Ramani with wire fraud conspiracy and wire fraud as it relates to cryptocurrency insider trading. The Securities and Exchange Commission also filed charges against the trio. While he was working at Coinbase, Ishan allegedly shared his insider knowledge of upcoming Coinbase listing announcements with Nikhil and Sameer to then profit from the listings by purchasing the tokens before they went live on Coinbase. In August, Ishan pled not guilty to the DOJ's charges. Now that his brother has pleaded guilty, it's unclear how Ishan's case will proceed and whether he will continue to fight the insider trading case.

According to the DOJ's statement released Monday, Nikhil implicated his brother Ishan and admitted to receiving tips from him. Nikhil then reportedly used numerous different crypto wallets in others' names to anonymize his insider trading. Concerns of insider trading at cryptocurrency exchanges extend beyond just this case, which is considered the first of its kind and is likely to set a precedent. Three Australian finance academics have posited that up to 25% of Coinbase listings in the past four years may have involved some insider trading.

An anonymous reader quotes a report from TorrentFreak: Prosecutors in Taiwan have indicted five men for running an operation that uploaded movies to the internet and then extorted cash settlements from the BitTorrent users who downloaded them. One of the men is former ultramarathon runner Kevin Lin, who founded a copyright consultancy company after graduating from law school in 2020. According to reports, Lin's company enticed users to download the torrents, tracked their IP addresses, and then filed copyright lawsuits in an effort to profit from cash settlements. Lin said that due to his support for the opposition government and his criticism of its handling of the COVID-19 pandemic, the investigation against him is politically motivated.

In May 2021, licenses were obtained from Vie Vision Pictures Co. and Applause Entertainment Ltd, which led to 18 movies being uploaded to BitTorrent networks, to tempt users into downloading them. After capturing their IP addresses, Lin's company obtained their identities from ISPs and sued them. The goal was to obtain out-of-court settlements. Since August 2021, Lin's company filed 937 lawsuits for copyright infringement. In just 25 of those cases, the company managed to "extort" settlements of $29,207, FocusTaiwan reports. In addition to Lin, several other people have also been indicted for their part in the operation.