Slashdot reader thegarbz writes: In 2019 Maastricht University in the Netherlands was hit with a ransomware attack which locked 25,000 staff and students out of their research data. The university agreed to pay a ransom of €200,000 to unlock the encrypted data, reports German broadcaster DW. It seems that a small part of the ransom has been recovered, but with a twist.

A university official said the money will go into "a fund to help financially strapped students."

Reuters shares the results of its investigation into what it calls "mercenary hackers": Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails. The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets' inboxes and, ultimately, private or attorney-client privileged information.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers' hit list, and it reveals a down-to-the-second look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.... The targets' lawyers were often hit, too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found....

"It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles," said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

The legal cases identified by Reuters varied in profile and importance. Some involved obscure personal disputes. Others featured multinational companies with fortunes at stake. From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or suddenly entered into evidence in the middle of their trials. In several cases, stolen documents shaped the verdict, court records show.
Reuters spoke to email experts including Linkedin, Microsoft and Google to help confirm the authenticity of the data they'd received, and reports that one high-profile victim was WeWork co-founder Adam Neumann. (After Reuters told him he'd been targetted starting in 2017, Neumann hired a law firm.) "Reuters reached out to every person in the database — sending requests for comment to each email address — and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way."

America's FBI has been investigating the breachers since at least early 2018, Reuters reports, adding that pressure is now increasing on private eyes who acted as go-betweens for interested clients.

Meanwhile, Reuters found former employees of the mercenary firms, who told them that the firms employed dozens of workers — though "a month's salary could be as low as 25,000 rupees (then worth about $370), according to two former workers and company salary records...

"Asked about the hacker-for-hire industry, an official with India's Ministry of Justice referred Reuters to a cybercrime hotline, which did not respond to a request for comment."

An anonymous reader quotes a report from NBC News: A teen charged with setting a fire that killed five members of a Senegalese immigrant family in Denver, Colorado, has become the first person to challenge police use of Google search histories to find someone who might have committed a crime, according to his lawyers. In documents filed Thursday in Denver District Court, lawyers for the 17-year-old argue that the police violated the Constitution when they got a judge to order Google to check its vast database of internet searches for users who typed in the address of a home before it was set ablaze on Aug. 5, 2020. Three adults and two children died in the fire.

That search of Google's records helped point investigators to the teen and two friends, who were eventually charged in the deadly fire, according to police records. All were juveniles at the time of their arrests. Two of them, including the 17-year-old, are being tried as adults; they both pleaded not guilty. The defendant in juvenile court has not yet entered a plea. The 17-year-old's lawyers say the search, and all evidence that came from it, should be thrown out because it amounted to a blind expedition through billions of Google users' queries based on a hunch that the killer typed the address into a search bar. That, the lawyers argued, violated the Fourth Amendment, which protects against unreasonable searches. "People have a privacy interest in their internet search history, which is really an archive of your personal expression," said Michael Price, who is lead litigator of the National Association of Criminal Defense Lawyers' Fourth Amendment Center and one of the 17-year-old's attorneys. "Search engines like Google are a gateway to a vast trove of information online and the way most people find what they're looking for. Every one of those queries reveals something deeply private about a person, things they might not share with friends, family or clergy."

Price said that allowing the government to sift through Google's vast trove of searches is akin to allowing the government access to users' "thoughts, concerns, questions, fears." He added: "Every one of those queries reveals something deeply private about a person, things they might not share with friends, family or clergy," Price said. "'Psychiatrists in Denver.' 'Abortion providers near me.' 'Does God exist.' Every day, people pose those questions to Google seeking information."

An anonymous reader quotes a report from PsychNewsDaily: Scientists from the University of Chicago have developed a new algorithm that can predict future crime a week in advance with about 90% accuracy, and within a range of about 1000 feet. It does so by learning patterns from public data on violent and property crimes. The tool was tested and validated using historical data from the City of Chicago around two broad categories of reported events: violent crimes (homicides, assaults, and batteries) and property crimes (burglaries, thefts, and motor vehicle thefts). These data were used because they were most likely to be reported to police in urban areas where there is historical distrust and lack of cooperation with law enforcement. Such crimes are also less prone to enforcement bias, unlike drug crimes, traffic stops, and other misdemeanor infractions.

The new model isolates crime by looking at the time and spatial coordinates of discrete events, and detecting patterns to predict future events. It divides the city into "spatial tiles" roughly 1,000 feet across, and predicts crime within these areas. Previous models relied more on traditional neighborhood or political boundaries, which are subject to bias. The model performed just as well with data from seven other U.S. cities: Atlanta, Austin, Detroit, Los Angeles, Philadelphia, Portland, and San Francisco.

Lead author Ishanu Chattopadhyay is careful to note that the tool's accuracy does not mean it should be used to direct law enforcement policy; police departments, for example, should not use it to swarm neighborhoods proactively to prevent crime, Chattopadhyay said. Instead, it should be added to a toolbox of urban policies and policing strategies to address crime. "We created a digital twin of urban environments. If you feed it data from what happened in the past, it will tell you what's going to happen in the future," he said. "It's not magical; there are limitations, but we validated it and it works really well," Chattopadhyay added. "Now you can use this as a simulation tool to see what happens if crime goes up in one area of the city, or there is increased enforcement in another area. If you apply all these different variables, you can see how the systems evolve in response." The findings have been published in the journal Nature Human Behavior.

An anonymous reader quotes a report from TorrentFreak: Megaupload founder Kim Dotcom does not seem like a happy man right now. After accusing two of his former colleagues [Mathias Ortmann and Bram van der Kolk] of facilitating Chinese spying, Dotcom says that a report is being produced to show that mass infringement is taking place on Mega, a company he co-founded. Surprisingly, he says it will include live pirate links to content posted by Mega users. [...] Turning his attention to former colleagues Ortmann and van der Kolk, last week Dotcom publicly blamed them for his exit from Mega, claiming they had "stolen" the company from him. How this dovetails with previous allegations related to his major falling out with former Mega CEO Tony Lentino, who also founded domain name registrar Instra, is unknown.

Local media reports suggest that Dotcom hasn't spoken to former friends Ortmann and van der Kolk for years but their recent deal to avoid extradition in the Megaupload case by pleading guilty to organized crime charges puts Dotcom in a tough spot. "My co-defendants who claimed to be innocent for 10+ years were offered a sweet exit deal for a false confession," he said last week. And he wasn't finished there. After a research team found that Mega was vulnerable to attacks that allow for a "full compromise of the confidentiality of user files", Ortmann himself responded via a security notification stating that the issues had been fixed. In response, Dotcom accused Ortmann and van der Kolk of creating "backdoors" in Mega so that the Chinese government could decrypt users' files. "Same shady guys who just made a deal with the US and NZ Govt to get out of the US extradition case by falsely accusing me," he added.

Whether this reference to the no-extradition-deal betrayed what was really on Dotcom's mind is up for debate but whatever the motivation, he's not letting it go. In a tweet posted yesterday, he again informed his 850K+ followers that the company he founded "is not safe" and people who think that their files are unreadable by Mega are wrong. Shortly after, Dotcom delivered another message, one even darker in tone. It targeted Mega, the company he co-founded and where his colleagues still work. It's possible to interpret the tweet in several ways but none seem beneficial to his former colleagues, Mega, or its users. "In addition to security vulnerabilities a comprehensive report about mass copyright infringement on Mega with millions of active links and channels is in the works," he said. "[P]erhaps the most worrying thing about this new complication in an escalating dispute is its potential to affect the minority of users that actually store infringing files on Mega," adds TorrentFreak. "Any detailed report of 'mass copyright infringement' will draw negative attention directly to them, especially if the report includes active hyperlinks as Dotcom suggests."

"Couple that with Dotcom's allegations that the content of user files can be read, any conclusion that this upcoming infringement report hasn't been thought through from a user perspective can be easily forgiven..."

An anonymous reader quotes a report from Gizmodo: The FBI wrote to its Internet Crime Complaint Center Tuesday that it has received multiple complaints of people using stolen information and deepfaked video and voice to apply to remote tech jobs. According to the FBI's announcement, more companies have been reporting people applying to jobs using video, images, or recordings that are manipulated to look and sound like somebody else. These fakers are also using personal identifiable information from other people -- stolen identities -- to apply to jobs at IT, programming, database, and software firms. The report noted that many of these open positions had access to sensitive customer or employee data, as well as financial and proprietary company info, implying the imposters could have a desire to steal sensitive information as well as a bent to cash a fraudulent paycheck.

What isn't clear is how many of these fake attempts at getting a job were successful versus how many were caught and reported. Or, in a more nefarious hypothetical, whether someone secured an offer, took a paycheck, and then got caught. These applicants were apparently using voice spoofing techniques during online interviews where lip movement did not match what's being said during video calls, according to the announcement. Apparently, the jig was up in some of these cases when the interviewee coughed or sneezed, which wasn't picked up by the video spoofing software. Companies who suspect a fake applicant can report it to the complaint center site.

Serhat Gumrukcu faces trial in a purported plot to kill an associate who could have exposed him and derailed a drug-development deal worth millions. From a report: Even as a teenager back in Turkey, Serhat Gumrukcu dazzled audiences. In a 2002 video, he opened one of his magic shows dancing with a cane that appeared to be levitating. He was introduced as a medical student and went by the stage name "Dr. No." A little more than a decade later, not long after Mr. Gumrukcu arrived in the U.S., he had his hand in multimillion-dollar oil and real-estate deals. Yet his best-known venture was in medicine. For a time, he thrilled investors with ideas for groundbreaking treatments and drew special notice from the government's top infectious-disease official, Anthony Fauci. In America, the magician had found a new, more lucrative audience.

Enochian Biosciences co-founded by Mr. Gumrukcu in 2018, paid more than $21 million to companies controlled by Mr. Gumrukcu and his husband for consulting, research and the licensing of potential drugs to treat influenza, hepatitis B, HIV and Covid-19, company financial filings show. "Dr. Gumrukcu is one of those rare geniuses that is not bound by scientific discipline or dogma. He sees connections and opportunities often missed," Enochian Vice Chairman Mark Dybul, now chief executive, said in a 2019 news release about Enochian's licensing of a hepatitis B drug from a company controlled by Mr. Gumrukcu. Mr. Gumrukcu's success as a biotech entrepreneur afforded the purchase last year of an $18.4 million office complex in North Hollywood, a neighborhood in Los Angeles, and, earlier, a $5.5 million house in the Hollywood Hills.

Yet much of what people saw in Mr. Gumrukcu was an illusion he cast, misrepresenting himself and his credentials, according to state and federal authorities, court records, former colleagues and those who have sued and won judgments against him over fraudulent medical and financial dealings. Prosecutors now allege that Mr. Gumrukcu arranged the murder of a business associate, Gregory Davis, who threatened to expose him as a fraud. Such a revelation would have put at risk the 39-year-old entrepreneur's deal with Enochian, they said. Mr. Gumrukcu has been in custody at the Metropolitan Detention Center in Los Angeles since his arrest on May 24. A federal grand jury indicted him on murder conspiracy charges, an offense punishable by death.

Celebrity-endorsed cryptocurrency scams in the UK are on pace to almost double this year, Banco Santander SA's local unit said. From a report: "Case volumes" jumped 61% in the first quarter from the prior three months, Santander said in a statement on its website on Tuesday. The average value of the scams was $14,540, up 65% from a year earlier. Around $2.4 million was lost to such schemes in the quarter, according to the bank. "We're seeing a worrying rise in 'celebrity-endorsed' cryptocurrency scams, where familiar faces are being misused on social media in order to con people out of often life-changing sums of money," said Chris Ainsley, Santander UK's head of fraud risk management, said in the statement. Crypto scams are getting increased attention as regulators and politicians grapple with how to encourage technological innovation while at the same time protecting unsuspecting consumers. Santander said it expects the number of celebrity-endorsed crypto scams to rise 87% in 2022 based on the current rate of growth.

"China's ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known," reports the New York Times, after their Visual Investigations team with reporters in Asia "spent more than a year analyzing more than 100,000 government bidding documents." The Chinese government's goal is clear: designing a system to maximize what the state can find out about a person's identity, activities and social connections.... The Times analysis found that the police strategically chose locations to maximize the amount of data their facial recognition cameras could collect.... The police also wanted to install facial recognition cameras inside private spaces, like residential buildings, karaoke lounges and hotels. In the police's own words, the strategy to upgrade their video surveillance system was to achieve the ultimate goal of "controlling and managing people."

Authorities are using phone trackers to link people's digital lives to their physical movements. Devices known as Wi-Fi sniffers and IMSI catchers can glean information from phones in their vicinity, which allow the police to track a target's movements... In a 2017 bidding document from Beijing, the police wrote that they wanted the trackers to collect phone owners' usernames on popular Chinese social media apps.... As of today, all 31 of mainland China's provinces and regions use phone trackers.

DNA, iris scan samples and voice prints are being collected indiscriminately from people with no connection to crime. The police in China are starting to collect voice prints using sound recorders attached to their facial recognition cameras. In the southeast city of Zhongshan, the police wrote in a bidding document that they wanted devices that could record audio from at least a 300-foot radius around cameras. Software would then analyze the voice prints and add them to a database. Police boasted that when combined with facial analysis, they could help pinpoint suspects faster.
The Times also created a separate video summarizing the results of their investigation.

And their article notes estimates that more than half the world's 1 billion surveillance cameras are already in China — but there's more information to be gathered. One of China's largest surveillance contractors also pitched software that to the government displays a person's "movements, clothing, vehicles, mobile device information and social connections," according to the Times. "The Times investigation found that this product was already being used by Chinese police."

Thanks to Slashdot reader nray for sharing the story.

Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, has been found guilty by a Seattle jury on charges of wire fraud and computer hacking. From a report: Thompson, 36, was accused of using her knowledge as a software engineer working in the retail giant's cloud division, Amazon Web Services, to identify cloud storage servers that were allegedly misconfigured to gain access to the cloud stored data used by CapitalOne. That included names, dates of birth, Social Security numbers, email addresses and phone numbers, and other sensitive financial information, such as credit scores, limits and balances. Some one million Canadians were also affected by the CapitalOne breach. Thompson also accessed the cloud stored data of more than 30 other companies, according to a superseding indictment filed by the Justice Department almost two years after Thompson was first charged, which reportedly included Vodafone, Ford, Michigan State University and the Ohio Department of Transportation.

Fraudsters who exploit LinkedIn to lure users into cryptocurrency investment schemes pose a "significant threat" to the platform and consumers, according to Sean Ragan, the FBI's special agent in charge of the San Francisco and Sacramento, California, field offices. From a report: "It's a significant threat," Ragan said in an exclusive interview. "This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims." The scheme works like this: A fraudster posing as a professional creates a fake profile and reaches out to a LinkedIn user. The scammer starts with small talk over LinkedIn messaging, and eventually offers to help the victim make money through a crypto investment. Victims interviewed by CNBC say since LinkedIn is a trusted platform for business networking, they tend to believe the investments are legitimate. Typically, the fraudster directs the user to a legitimate investment platform for crypto, but after gaining their trust over several months, tells them to move the investment to a site controlled by the fraudster. The funds are then drained from the account.

The Los Angeles Times reports on "a massive surge of criminal fraud that has been pummeling crypto users with unknown billions of dollars in losses with little relief in sight." The growth in crypto fraud has turned exponential in recent years. The reported losses from crypto scams in 2021 were 60 times larger than in 2018, the Federal Trade Commission reported earlier this month, with crypto now accounting for 1 out of every 4 dollars lost to fraud in the reports monitored by the agency. Over 46,000 people lost more than $1 billion in crypto to scams since 2021, but the real sum of losses is likely vastly larger because most frauds are not reported, the agency said.... "Since 2021, $575 million of all crypto fraud losses reported to the FTC were about bogus investment opportunities, far more than any other fraud type," the agency reported.

Financial losses specifically from NFT crimes just through May this year were already more than 600% higher than for all of 2021, with the space seeing twice as many hacks and bigger and bigger heists, according to analysis from digital privacy firm Top10VPN.

For many victims, there's little hope of getting their lost art back. The marketplaces where NFTs get sold — crypto exchanges — can't cancel or reverse fraudulent transactions the way a traditional bank or credit card company might; the whole point of crypto was to cut out these sorts of financial middlemen, which many crypto fans greatly distrust. Crypto technology was built out of a "libertarian ethos" in which "there's no nanny state that's going to take care of you," said Jeremy Goldman, an intellectual property attorney who specializes in legal issues involving crypto assets. "These are the consequences when there's a mistake ... there's no one to unwind it, you can't call customer service, you can't go back to the mothership, you can't go back to the bank."

But at the same time, law enforcement agencies in the U.S. have also shown a growing willingness and ability to mount sophisticated investigations into crypto fraud.... [I]n March, federal agents sought a court order to seize roughly $165,000 worth of Ethereum in a digital Binance.US wallet. Officials said the cryptocurrency had been stolen from an Orange County investor, nicknamed "P.M.," who got tricked into giving up his coins by an fraudster pretending to be a Coinbase technical support representative.
On the bright side, BuzzFeed notes that actor Seth Green has recovered his prized Bored Ape NFT from "Mr Cheese" for $297,000 worth of Ether.

But the Los Angeles Times points out that another victim of a Bored Ape heist has sued the creators of Bored Apes. Their lawyer argues the company "refuses to police their own community. They're the gatekeepers, they can lock out the thieves if they wanted to, and they won't do it."

Over the past year, large-scale robberies have swept through stores like Louis Vuitton in San Francisco's Union Square and a nearby Nordstrom, which was robbed by 80 people. Law enforcement and retailers have warned the public that this isn't traditional shoplifting. Rather, what they're seeing is theft organized by criminal networks. And there's a reason it's on the rise. From a report: "What fuels this as an enterprise is the ease of reselling stolen merchandise on online marketplaces," said Illinois Attorney General Kwame Raoul, who convened a national task force of state attorneys to make it easier to investigate across state lines. "It's no longer the age where it's done at flea markets or in the alley or in parking lots." Retailers say a total of $68.9 billion of products were stolen in 2019. In 2020, three-quarters said they saw an increase in organized crime and more than half reported cargo theft. Some big chains blame organized theft for recent store closures or for their decisions to limit hours.

For the U.S. Government's Homeland Security Investigations unit, organized retail crime probes are on the rise. Arrests and indictments increased last year from 2020, along with the value of stolen goods that was seized. While data is imprecise about the perpetrators, there's growing consensus that an entirely different group should be held accountable: e-commerce sites. Amazon, eBay and Facebook are the places where these stolen goods are being sold, and critics say they're not doing enough to put an end to the racket. The companies disagree.

Japan's parliament has passed legislation making "online insults" punishable by imprisonment amid rising public concern over cyberbullying sparked by the suicide of a reality television star who had faced social media abuse. From a report: Under the amendment to the country's penal code -- set to take effect later this summer -- offenders convicted of online insults can be jailed for up to one year, or fined 300,000 yen (about $2,200). It's a significant increase from the existing punishments of detention for fewer than 30 days and a fine of up to 10,000 yen ($75). The bill proved controversial in the country, with opponents arguing it could impede free speech and criticism of those in power. However, supporters said the tougher legislation was needed to crack down on cyberbullying and online harassment. It was only passed after a provision was added, ordering the law be re-examined three years after it goes into effect to gauge its impact on freedom of expression.

Under Japan's penal code, insults are defined as publicly demeaning someone's social standing without referring to specific facts about them or a specific action, according to a spokesperson from the Ministry of Justice. The crime is different to defamation, defined as publicly demeaning someone while pointing to specific facts. Both are punishable under the law.

"Paige Thompson worked as a software engineer in Seattle and ran an online community for other programmers," remembers the New York Times. [Alternate URL here and here.]

"In 2019, she downloaded personal information belonging to more than 100 million Capital One customers, the Justice Department said..." It included 140,000 Social Security numbers and 80,000 bank account numbers (drawn from applications for credit cards). Nearly three years after the disclosure of one of the largest data breaches in the United States, the former Amazon employee accused of stealing customers' personal information from Capital One is standing trial in a case that will test the power of a U.S. anti-hacking law.... She faces 10 counts of computer fraud, wire fraud and identity theft in a federal trial that began Tuesday in Seattle.... Thompson, 36, is accused of violating an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. Thompson has pleaded not guilty, and her lawyers say her actions — scanning for online vulnerabilities and exploring what they exposed — were those of a "novice white-hat hacker."

Critics of the computer fraud law have argued that it is too broad and allows for prosecutions against people who discover vulnerabilities in online systems or break digital agreements in benign ways, such as using a pseudonym on a social media site that requires users to go by their real names. In recent years, courts have begun to agree. The Supreme Court narrowed the scope of the law last year, ruling that it could not be used to prosecute people who had legitimate access to data but exploited their access improperly. And in April, a federal appeals court ruled that automated data collection from websites, known as web scraping, did not violate the law. Last month, the Justice Department told prosecutors that they should no longer use the law to pursue hackers who engaged in "good-faith security research."

Thompson's trial will raise questions about how far security researchers can go in their pursuit of cybersecurity flaws before their actions break the law. Prosecutors said Thompson had planned to use the information she gathered for identity theft and had taken advantage of her access to corporate servers in a scheme to mine cryptocurrency... The Justice Department has argued that Thompson had no interest in helping Capital One plug the holes in its security and that she cannot be considered a "white hat" hacker. Instead, she chatted with friends online about how she might be able to profit from the breach, according to legal filings.... Some security researchers said Thompson had ventured too far into Capital One's systems to be considered a white-hat hacker.... "Legitimate people will push a door open if it looks ajar," said Chester Wisniewski, a principal research scientist at Sophos, a cybersecurity firm.... But downloading thousands of files and setting up a cryptocurrency mining operation were "intentionally malicious actions that do not happen in the course of testing security," Wisniewski said....

"Thompson scanned tens of millions of AWS customers looking for vulnerabilities," Brown wrote in a legal filing.
The article notes that Capitol One ultimately agreed to pay $80 million in 2020 "to settle claims from federal bank regulators that it lacked the security protocols needed to protect customers' data" and another $190 million to settle a class-action lawsuit representing people whose data was exposed.

IRA Financial Trust, a platform that lets users save for retirement in alternative assets like cryptocurrency, is suing the Gemini cryptocurrency exchange over an alleged failure to protect its customers from a heist that resulted in the theft of $36 million in crypto. The financial platform partners with Gemini, owned by the Winklevoss twins, Cameron and Tyler, to allow customers to trade and store cryptocurrency. From a report: In February, IRA was the victim of a major attack that drained the millions in funds customers had stored with Gemini. The company was reportedly swatted, the act of calling the police to report a fake crime at someone's location, when the cyberattack occurred. Police showed up at IRA's South Dakota headquarters after false reports of a robbery, while bad actors made off with millions in crypto. At the time, a source close to Gemini told CoinDesk it wasn't hacked and that it makes various security controls available to its partners. "Gemini knew about the risks attendant to crypto assets," IRA's complaint states. "In fact, it built its public image around purportedly mitigating those risks. But like so much else in the world of crypto, Gemini's image is just that: an image. In reality, Gemini brushes security aside when there is a chance to earn more revenue."

Nintendo described the sentencing of a hacker earlier this year as a "unique opportunity" to send a message to all gamers about video game piracy. Axios reports: A newly released transcript of the Feb. 10 sentencing of Gary Bowser provides rare insight, directly from Nintendo, about the company's grievances. Bowser, a Canadian national, pled guilty last year to U.S. government cybercrime charges over his role as a top member of Team Xecuter. The group sold tech that circumvented copyright protections and enabled the Nintendo Switch and other systems to play pirated games. Authorities estimated the piracy cost Nintendo upward of $65 million over nearly a decade and even compelled the company to spend resources releasing a more secure model of the Switch.

"This is a very significant moment for us," Nintendo lawyer Ajay Singh told the court at the time, as he laid out the company's case against piracy and awaited the sentencing. "It's the purchase of video games that sustains Nintendo and the Nintendo ecosystem, and it is the games that make the people smile," Singh said. "It's for that reason that we do all we can to prevent games on Nintendo systems from being stolen." He noted Nintendo's losses from Team Xecuter's piracy and sounded a note of sympathy for smaller non-Nintendo game makers whose works are also pirated. And he wove in a complaint about cheating, which he said Team Xecuter's hacks enabled. Cheating could scare off honest players and upset families: "Parents should not be forced to explain to their children why people cheat and why sometimes games are not fair, just because one person wants an unfair advantage."

At the hearing, U.S. District Judge Robert Lasnik noted that TV and movies glorify hackers as "sticking it to the man," suggesting that "big companies are reaping tremendous profits and it's good for the little guy to have this." "What do you think?" Lasnik asked Nintendo's lawyer at one point. "What else can we do to convince people that there's no glory in this hacking/piracy?" "There would be a large benefit to further education of the public," Singh replied. In brief remarks directly to Lasnik, Bowser said longer prison time wouldn't scare off hackers. "There's so much money to be made from piracy that it's insignificant," he said.

Denmark-based Poul-Henning Kamp describes himself as the "author of a lot of FreeBSD, most of Varnish and tons of other Open Source Software." And he shares this message in June's Communications of the ACM.

"The software industry is still the problem." If any science fiction author, famous or obscure, had submitted a story where the plot was "modern IT is a bunch of crap that organized crime exploits for extortion," it would have gotten nowhere, because (A) that is just not credible, and (B) yawn!

And yet, here we are.... As I write this, 200-plus corporations, including many retail chains, have inoperative IT because extortionists found a hole in some niche, third-party software product most of us have never heard of.
But he's also proposing a solution. In Denmark, 129 jobs are regulated by law. There are good and obvious reasons why it is illegal for any random Ken, Brian, or Dennis to install toilets or natural-gas furnaces, perform brain surgery, or certify a building is strong enough to be left outside during winter. It may be less obvious why the state cares who runs pet shops, inseminates cattle, or performs zoological taxidermy, but if you read the applicable laws, you will learn that animal welfare and protection of endangered species have many and obscure corner cases.

Notably absent, as in totally absent, on that list are any and all jobs related to IT; IT architecture, computers, computer networks, computer security, or protection of privacy in computer systems. People who have been legally barred and delicensed from every other possible trade — be it for incompetence, fraud, or both — are entirely free to enter the IT profession and become responsible for the IT architecture or cybersecurity of the IT system that controls nearly half the hydrocarbons to the Eastern Seaboard of the U.S....

With respect to gas, water, electricity, sewers, or building stability, the regulations do not care if a company is hundreds of years old or just started this morning, the rules are always the same: Stuff should just work, and only people who are licensed — because they know how to — are allowed to make it work, and they can be sued if they fail to do so.

The time is way overdue for IT engineers to be subject to professional liability, like almost every other engineering profession. Before you tell me that is impossible, please study how the very same thing happened with electricity, planes, cranes, trains, ships, automobiles, lifts, food processing, buildings, and, for that matter, driving a car.

As with software product liability, the astute reader is apt to exclaim, "This will be the end of IT as we know it!" Again, my considered response is, "Yes, please, that is precisely my point!"

"Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers," reports CSO Online. (They describe the ESXi servers as "a bare-metal hypervisor for creating and running several virtual machines that share the same hard drive storage.") Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs — such as LockBit, Hive and RansomEXX — that have found ESXi an efficient way to infect many computers at once with malicious payloads.

Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server — the VMware server — and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."

"Most VM shops use some sort of VM backup product to back up all guest servers, so finding and deleting or corrupting one backup repository kills the backup image for all the hosted guest servers all at once," Grimes adds....

The gang behind Cheerscrypt uses a "double extortion" technique to extract money from its targets, the researchers explain. "Security Alert!!!" the attackers' ransom message declares. "We hacked your company successfully. All files have been stolen and encrypted by us. If you want to restore your files or avoid file leaks, please contact us."

"Russia is advancing a new law allowing it to take control of the local businesses of western companies that decide to leave in the wake of Moscow's invasion of Ukraine," reports Reuters, "raising the stakes for multinationals trying to exit." The law, which could be in place within weeks, will give Russia sweeping powers to intervene where there is a threat to local jobs or industry, making it more difficult for western companies to disentangle themselves quickly unless they are prepared to take a big financial hit. The law to seize the property of foreign investors follows an exodus of western companies, such as Starbucks, McDonald's and brewer AB InBev, and increases pressure on those still there.

It comes as the Russian economy, increasingly cut-off due to western sanctions, plunges into recession amid double-digit inflation.... The bill paves the way for Russia to appoint administrators over companies owned by foreigners in "unfriendly" countries, who want to quit Russia as the conflict with Ukraine drags down its economy. Moscow typically refers to countries as "unfriendly" if they have imposed economic sanctions on Russia, meaning any firms in the European Union or United States are at risk.

The European Commission proposed toughening its own stance on Wednesday to make breaking EU sanctions against Russia a crime, allowing EU governments to confiscate assets of companies and individuals that evade restrictions against Moscow.
Thanks to long-time Slashdot reader schwit1 for submitting the story.