The Courts

Sam Bankman-Fried Files Appeal For Fraud Conviction (cointelegraph.com) 58

Former FTX CEO Sam Bankman-Fried's legal team has filed an appeal challenging his conviction on seven felony counts and his 25-year prison sentence. They argue that he was not presumed innocent, that the jury received incomplete information about FTX user funds, and that the prosecution's narrative was biased. CoinTelegraph reports: In a Sept. 13 filing in the United States Court of Appeals for the Second Circuit, SBF's lawyers filed a 102-page brief claiming that the former FTX CEO was "never presumed innocent," subject to scrutiny that allegedly affected prosecutors, the presiding judge, and treatment by the media. Bankman-Fried's legal team announced in April -- a few weeks after a federal judge sentenced him to 25 years in prison -- that they intended to appeal. According to the appeal, SBF's lawyers alleged the jury was "only allowed to see half the picture" with FTX user funds, claiming prosecutors had "presented a false narrative" that the money was permanently lost and Bankman-Fried intentionally caused that loss. They also claimed that counsel for the FTX debtors worked with the US government in a way that was above and beyond "cooperation," providing information allegedly as an "arm of the prosecution."

"From day one, the prevailing narrative -- initially spun by the lawyers who took over FTX, quickly adopted by their contacts at the US Attorney's Office -- was that Bankman-Fried had stolen billions of dollars of customer funds, driven FTX to insolvency, and caused billions in losses," said the appeal. "Now, nearly two years later, a very different picture is emerging -- one confirming FTX was never insolvent, and in fact had assets worth billions to repay its customers. But the jury at Bankman-Fried's trial never got to see that picture." The legal team requested the appellate court grant SBF a new trial with a different judge. It's unclear whether the Second Circuit could rule to affirm Bankman-Fried's conviction in the US District Court for the Southern District of New York or reverse the decision and set the groundwork for a new trial.

Japan

Japan Rethinks 24/7 Police Boxes With Rise of Cybercrime (nikkei.com) 12

Japan is overhauling how its ubiquitous 24-hour mini-police stations are operated nationwide as more crime fighting moves from the streets to the web. From a report: Called koban in Japanese, officers at these small police boxes handle a variety of tasks from responding to crime and patrolling neighborhoods to handling lost items. There are also chuzaisho outposts where police officers live full-time. The National Police Agency will update operational rules on Friday to allow some outposts to shut down at night if necessary. It will also allow greater flexibility on the use of mobile or temporary outposts, depending on local needs and staffing considerations.

Prefectural police will decide on changes involving specific outposts. Japan's koban system dates back to 1874 and is believed to have started operating around the clock in the 1880s. There were 6,215 kobans and 5,923 live-in outposts across Japan as of April. They have inspired countries like Singapore and Brazil to set up similar outposts focused on community policing. The change comes amid shifting crime patterns. Roughly 700,000 crime cases were reported in 2023, down more than 70% from the post-World War II peak in 2002. Street crime, like purse-snatching and car break-ins, were down around 80% to 240,000 cases. Instead, online and phone-based crimes, like impersonation scams and romance scams, are on the rise.

Crime

Former Samsung Execs Arrested For Using Stolen Tech To Build Chip Factory In China (tomshardware.com) 18

South Korean police have arrested two former Samsung executives for allegedly leaking $3.2 billion worth of Samsung secrets to China to aid in building 20nm DRAM chips. Tom's Hardware reports: The authorities reported that one of the arrested suspects, 66-year-old Mr. Choi, set up a joint venture building chips in China alongside some local officials and served as its CEO. He was allegedly assisted by a plant designer, Mr. Oh, in this venture, while he also attempted to recruit other South Korean experts to work for him. However, Choi's arrest comes after being suspected of leaking Samsung memory technologies to build 20nm DRAM chips at the Chinese factory, Chengdu Gaozhen.

Samsung is one of the leading memory manufacturers, working with other major companies like Nvidia to produce VRAM while offering its own storage and memory solutions. The police said Choi's move "weakened the nation's competitiveness when the countries are in a global chip war." With the capture of the company's head, the authorities claim that this will stop the operation of the Chinese venture. However, investigators are still looking into the case to determine if other cases of industrial espionage will spring up from this case.

Crime

Pacific Islands Submit Court Proposal For Recognition of Ecocide As a Crime 58

Vanuatu, Fiji, and Samoa have proposed a change to the International Criminal Court (ICC) to recognize ecocide as a crime, allowing for the prosecution of individuals responsible for significant environmental harm. If successful, the change would recognize ecocide as a crime alongside genocide and war crimes. The Guardian reports: Vanuatu, Fiji and Samoa have proposed a formal recognition by the court of the crime of ecocide, defined as "unlawful or wanton acts committed with knowledge that there is a substantial likelihood of severe and either widespread or long-term damage to the environment being caused by those acts." The proposal was tabled before the ICC in New York on Monday afternoon, and will have to be discussed in full at a later date. Holding full discussions on the proposal is a process likely to take some years, and will face fierce opposition, though much of it will be behind the scenes as most countries will not wish to openly speak out against it.

Philippe Sands KC, a prominent international lawyer and professor of law at University College London, acted as a co-chair of the independent expert panel for the legal definition of ecocide, convened by the Stop Ecocide Foundation. He told the Guardian he was "100% certain" that ecocide would eventually be recognized by the court. "The only question is when," he said. "I was skeptical at first, but now I am a true believer. There has already been real change, as some countries have put it in domestic law. I think this is the right idea at the right time." Belgium recently adopted ecocide as a crime, and the EU has changed some of its guidance on international crime to include it as a "qualified" offense. Mexico is also considering such a law. [...]

Getting to the point where the ICC will consider the proposal has taken years. Stop Ecocide International has been campaigning on the issue since 2017, and Vanuatu made the first call for the crime to be recognized by the ICC in 2019. Although it could take as long as a decade from now before anyone is charged with ecocide even if the changes were implemented by the ICC, the proposal tabled on Monday was vital to gaining broader acceptance of the concept, according to [Jojo Mehta, a co-founder of the Stop Ecocide International campaigning group, which is an observer to the ICC]. "There has been growing progress, as people are increasingly aware of the threat of climate [breakdown]," she said. "People are saying that this much harm to the planet is just not acceptable."
Crime

US Government Asks 3D Printing Industry to Help Stop the Printing of Machine Gun Conversion Devices (apnews.com) 348

U.S. Justice Department officials "are turning to the 3D-printing industry to help stop the proliferation of tiny pieces of plastic transforming weapons into illegal homemade machine guns," reports the Associated Press: "Law enforcement cannot do this alone," [U.S. Deputy Attorney General Lisa Monaco said Friday] during a gathering in Washington of federal law enforcement officials, members of the 3D-printing industry and academia. "We need to engage software developers, technology experts and leaders in the 3-D-printing industry to identify solutions in this fight...."

Guns with conversion devices have been used in several mass shootings, including one that left four dead at a sweet sixteen party in Alabama last year... Monaco on Friday also announced several other efforts designed to crack down on the devices, including a national training initiative for law enforcement and prosecutors.

The deputy attorney general is also launching a committee designed to help spot trends and gather intelligence.

Crime

How an Engineer Exposed an International Bike Theft Ring - By Its Facebook Friends (msn.com) 50

Security engineer Bryan Hance co-founded the nonprofit Bike Index, back in 2013, reports the Los Angeles Times, "where cyclists can register their bikes and contact information, making it easier to reunite lost or stolen bikes with their owners." It now holds descriptions and serial numbers of about 1.3 million bikes worldwide.

"But in spring 2020, Hance was tipped to something new: Scores of high-end bikes that matched the descriptions of bikes reported stolen from locations across the Bay Area were turning up for sale on Facebook Marketplace and Instagram pages attached to someone in Mexico, thousands of miles away..." The Facebook page he first spotted disappeared, replaced by pages that were blocked to U.S. computers; Hance managed to get in anyway, thanks to creative use of a VPN. He started reaching out to the owners whose stolen bikes he suspected he was seeing for sale. "Can you tell me a little bit about how your bike was stolen," he would ask. Often, the methods were sophisticated and selective. Thieves would break into a bicycle room at an apartment complex with a specialized saw and leave minutes later with only the fanciest mountain bikes...

Over time, he spoke to more than a dozen [police] officers in jurisdictions across the Bay Area, including Alameda, Santa Clara, Santa Cruz, Marin, Napa and Sonoma counties... [H]ere was Hance, telling officers that he believed he had located a stolen bike, in Mexico. "That's gone," the officer would inform him. Or, one time, according to Hance: "We're not Interpol." Hance also tried to get Meta to do something. After all, he had identified what could be hundreds of stolen bikes being sold on its platforms, valued, he estimated, at well over $2 million. He said he got nowhere...

[Hance] believed he'd figured out the identity of the seller in Jalisco, and was monitoring that person's personal social media accounts. In early 2021, he had spotted something that might break open the case: the name of a person who was sending the Jalisco seller photos of bikes that matched descriptions of those reported stolen by Bay Area cyclists. Hance theorized that person could be a fence who was collecting stolen bikes on this side of the border and sending photos to Jalisco so they could be posted for sale. Hance hunted through the Jalisco seller's Facebook friends until he found the name there: Victor Romero, of San Jose. More sleuthing revealed that a man by the name of Victor Romero ran an auto shop in San Jose, and, judging by his own Facebook photos, was an avid mountain biker. There was something else: Romero's auto shop in San Jose had distinctive orange shelves. One photo of a bike listed for sale on the Jalisco seller's site had similar orange shelves in the backdrop.

Hance contacted a San Francisco police detective who had seemed interested in what he was doing. Check out this guy's auto shop, he advised. San Francisco police raided Romero in the spring of 2021. They found more than $200,000 in cash, according to a federal indictment, along with screenshots from his phone they said showed Romero's proceeds from trafficking in stolen bikes. They also found a Kona Process 153 mountain bike valued at about $4,700 that had been reported stolen from an apartment garage in San Francisco, according to the indictment. It had been disassembled and packaged for shipment to Jalisco.

In January, a federal grand jury indicted Victoriano Romero on felony conspiracy charges for his alleged role in a scheme to purchase high-end stolen bicycles from thieves across the Bay Area and transport them to Mexico for resale.

But bikes continue to be stolen, and "The guy is still operating," Hance told the Los Angeles Times.

"We could do the whole thing again."
Crime

During Georgia School Shooting, Newly-Installed Tech Spread Warnings and Called Police (cnn.com) 255

A schoolteacher using an interactive whiteboard is surprised by an alert. Their school is in "hard lockdown." They knew — instantly — something was about to happen, and "got everybody into a corner," they later told CNN. Classroom doors at the school are always locked, so they then "turned off the lights. And just kind of held everyone nice and tight, and just said, 'Wait for everything to happen, everything to pass.'"

The school was Apalachee High School in Winder, Georgia, where on Wednesday 11 students were shot and two killed. Two schoolteachers were also killed. But according to CNN, social studies teacher Stephen Kreyenbuhl "said the school's new alert system bought him critical time to prepare and protect his students before a shooter opened fire just down the hall..." The CrisisAlert system, designed by Centegix, includes a device the size of an ID badge. It's equipped with a button that, when pressed rapidly, can quietly notify administrators and local law enforcement to the exact location of an active emergency. The company works with school districts and law enforcement agencies to integrate the system into their current safety procedures and automate as much as possible. Barrow County Sheriff Jud Smith told CNN Apalachee High School had the system for less than a week and had tested it for the first time only the day before the shooting... Brent Cobb, the company's CEO, told CNN in an interview earlier this year that their CrisisAlert technology was designed following the 2018 Parkland high school shooting in Florida to give teachers and administrators a fast and discreet way to call for help.... "[Y]ou need everyone to know immediately" that a crisis is taking place.

Once a lockdown is activated, the CrisisAlert system is designed to trigger a series of responses: Pre-recorded warnings sound over the intercom system to alert the entire campus to the lockdown, while on-site safety administrators, like school resource officers [a law-enforcement officer with arrest powers, usually armed], are notified of the location of the incident. Cobb told CNN in some school districts the system is also integrated with local law enforcement agencies and can automatically call 911 and send messages to officers of the exact location of the incident. This is what happened in Barrow County. The goal, he said, is to help decrease police response times, an issue that has come under scrutiny in recent years following the shooting at Robb Elementary School in Uvalde, Texas, where it took officers 77 minutes to adequately respond to a shooter.

In an exclusive interview with CNN Thursday, Smith scrolled through the series of alerts and the detailed map his officers received to guide them to where the shooting was happening... [Social studies teacher] Kreyenbuhl said he is grateful the district implemented a system that enabled him to protect his students. "I actually saw the lockdown initiate before I even heard the gunshots, so I had time to prepare," he said.... "It's insane the technology we have access to."

Social Networks

'Thousands" of Telegram Channels Sell Stolen Identities, Reports WSJ (msn.com) 91

The Wall Street Journal writes that Telegram "has become the premier internet platform to buy everything from hacked data and weapons to illicit drugs and child sexual abuse material, according to current and former law-enforcement officials and cybercrime researchers..."

And it's also being used by identity thieves: There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto... There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto.

In Russia, where Durov launched Telegram in 2013, it is also the go-to platform where middlemen arrange deals that get around U.S. sanctions, such as smuggling in weapons parts, the Journal previously reported. Several groups advertise the sale of drones and Starlinks — small antennas to access the satellite internet network run by Elon Musk's SpaceX — to Russian combat units in Ukraine. In February, Musk tweeted that no Starlinks had been directly or indirectly sold to Russia, to the best of the company's knowledge. "It's ground zero for every illicit activity you can think of," said Evan Kohlmann, founder of Cloudburst Technologies, which monitors cybercrime on Telegram and elsewhere, and a frequent adviser to U.S. agencies.

Crime

New York Times Calls Telegram 'A Playground for Criminals, Extremists and Terrorists' (yahoo.com) 107

The New York Times analyzed over 3.2 million Telegram messages from 16,220 channels. Their conclusion? Telegram "offers features that enable criminals, terrorists and grifters to organize at scale and to sidestep scrutiny from the authorities" — and that Telegram "has looked the other way as illegal and extremist activities have flourished openly on the app."

Or, more succinctly: "Telegram has become a global sewer of criminal activity, disinformation, child sexual abuse material, terrorism and racist incitement, according to a four-month investigation." Look deeper, and a dark underbelly emerges. Uncut lumps of cocaine and shards of crystal meth are for sale on the app. Handguns and stolen checks are widely available. White nationalists use the platform to coordinate fight clubs and plan rallies. Hamas broadcast its Oct. 7 attack on Israel on the site... The Times investigation found 1,500 channels operated by white supremacists who coordinate activities among almost 1 million people around the world. At least two dozen channels sold weapons. In at least 22 channels with more than 70,000 followers, MDMA, cocaine, heroin and other drugs were advertised for delivery to more than 20 countries.

Hamas, the Islamic State and other militant groups have thrived on Telegram, often amassing large audiences across dozens of channels. The Times analyzed more than 40 channels associated with Hamas, which showed that average viewership surged up to 10 times after the Oct. 7 attacks, garnering more than 400 million views in October. Telegram is "the most popular place for ill-intentioned, violent actors to congregate," said Rebecca Weiner, the deputy commissioner for intelligence and counterterrorism at the New York Police Department. "If you're a bad guy, that's where you will land...." [Telegram] steadfastly ignores most requests for assistance from law enforcement agencies. An email inbox used for inquiries from government agencies is rarely checked, former employees said...

"It is easy to search and find channels selling guns, illicit narcotics, prescription drugs and fraudulent ATM cards, called clone cards..." according to the article. The Times "found at least 50 channels openly selling contraband, including guns, drugs and fraudulent debit cards." In December 2022, Hayden Espinosa began serving a 33-month sentence in federal prison in Louisiana for buying and selling illegal firearms and weapon parts he made with 3D printers. That did not stop his business. Using cellphones that had been smuggled into prison, Espinosa continued his illicit trade on a Telegram channel... Espinosa's gun market on Telegram might never have been uncovered except that one of its members was Payton Gendron, who massacred 10 people at a supermarket in Buffalo, New York, in 2022. Investigators scouring his life online for motives for the shooting discovered the channel, which also featured racist and extremist views he had shared.
"Operating like a stateless organization, Telegram has long behaved as if it were above the law," the article concludes — though it adds that "In many democratic countries, patience with the app is wearing thin.

"The European Union is exploring new oversight of Telegram under the Digital Services Act, a law that forces large online platforms to police their services more aggressively, two people familiar with the plans said."
Social Networks

Telegram Disables 'Misused' Features As CEO Faces Criminal Charges (theverge.com) 33

Following the arrest of its CEO Pavel Durov last month, the encrypted messaging service said it has disabled some "outdated" and "misused" features used by anonymous users. The Verge reports: The first changes to the app following his arrest in France last month affect its built-in blog posts and a "People Nearby" location-based feature. [...] Durov's first post-arrest statement Thursday said, "Telegram's abrupt increase in user count to 950M caused growing pains that made it easier for criminals to abuse our platform. That's why I made it my personal goal to ensure we significantly improve things in this regard." He also said that during the four-day interview after his arrest, "I was told I may be personally responsible for other people's illegal use of Telegram, because the French authorities didn't receive responses from Telegram."

Telegram has since reworked some of its language surrounding private chats and moderation and followed up with these new updates. It's also adding Star giveaways and enabling a reading mode for its in-app browser. "While 99.999% of Telegram users have nothing to do with crime, the 0.001% involved in illicit activities creates a bad image for the entire platform," Durov's message says. "That's why this year we are committed to turn moderation on Telegram from an area of criticism into one of praise."

Durov says the service has stopped new media uploads to its standalone blogging tool, Telegraph, because it was "misused by anonymous actors." Telegram has also removed its People Nearby feature, which lets you find and message other users in your area. Durov says the feature has "had issues with bots and scammers" and was only used by less than 0.1 percent of users. Telegram will replace this feature with "Businesses Nearby" instead, allowing "legitimate, verified businesses" to display products and accept payments.

Crime

Fake CV Lands Top 'Engineer' In Jail For 15 Years (bbc.com) 90

Daniel Mthimkhulu, former chief "engineer" at South Africa's Passenger Rail Agency (Prasa), was sentenced to 15 years in prison for claiming false engineering degrees and a doctorate. His fraudulent credentials allowed him to rise rapidly within Prasa, contributing to significant financial losses and corruption within the agency. The BBC reports: Once hailed for his successful career, Daniel Mthimkhulu was head of engineering at the Passenger Rail Agency of South Africa (Prasa) for five years -- earning an annual salary of about [$156,000]. On his CV, the 49-year-old claimed to have had several mechanical engineering qualifications, including a degree from South Africa's respected Witwatersrand University as well as a doctorate from a German university. However, the court in Johannesburg heard that he had only completed his high-school education.

Mthimkhulu was arrested in July 2015 shortly after his web of lies began to unravel. He had started working at Prasa 15 years earlier, shooting up the ranks to become chief engineer, thanks to his fake qualifications. The court also heard how he had forged a job offer letter from a German company, which encouraged Prasa to increase his salary so the agency would not lose him. He was also at the forefront of a 600m rand deal to buy dozens of new trains from Spain, but they could not be used in South Africa as they were too high. [...] In an interview from 2019 with local broadcaster eNCA, Mthimkhulu admitted that he did not have a PhD. "I failed to correct the perception that I have it. I just became comfortable with the title. I did not foresee any damages as a result of this," he said.

Politics

'Error' Causes Alexa To Endorse Kamala Harris, Refuse To Discuss Trump (theregister.com) 288

An anonymous reader shares a report: It would be perfectly reasonable to expect Amazon's digital assistant Alexa to decline to state opinions about the 2024 presidential race, but up until recently, that assumption would have been incorrect. When asked to give reasons to vote for former President Donald Trump, Alexa demurred, according to a video from Fox Business. "I cannot provide responses that endorse any political party or its leader," Alexa responded. When asked the same about Vice President Kamala Harris, the Amazon AI was more than willing to endorse the Democratic candidate.

"There are many reasons to vote for Kamala Harris," Alexa said. Among the reasons given was that Harris has a "comprehensive plan to address racial injustice," that she promises a "tough on crime approach," and that her record on criminal justice and immigration reform make her a "compelling candidate." Harris has been dividing Silicon Valley since she took up the Democratic nomination from President Joe Biden, with some leaders in the tech industry touting her potential as a pro-tech president, and others diving head-first into the misinformation circus that's being driven by new tools like AI.
An Amazon spokesperson said this "was an error that was quickly fixed."
The Military

Navy Chiefs Conspired To Get Themselves Illegal Warship Wi-Fi (navytimes.com) 194

During a 2023 deployment, senior enlisted leaders aboard the Navy ship USS Manchester secretly installed a Starlink Wi-Fi network, allowing them exclusive internet access in violation of Navy regulations. "Unauthorized Wi-Fi systems like the one [then-Command Senior Chief Grisel Marrero] set up are a massive no-no for a deployed Navy ship, and Marrero's crime occurred as the ship was deploying to the West Pacific, where such security concerns become even more paramount among heightened tensions with the Chinese," reports Navy Times. From the report: As the ship prepared for a West Pacific deployment in April 2023, the enlisted leader onboard conspired with the ship's chiefs to install the secret, unauthorized network aboard the ship, for use exclusively by them. So while rank-and-file sailors lived without the level of internet connectivity they enjoyed ashore, the chiefs installed a Starlink satellite internet dish on the top of the ship and used a Wi-Fi network they dubbed "STINKY" to check sports scores, text home and stream movies. The enjoyment of those wireless creature comforts by enlisted leaders aboard the ship carried serious repercussions for the security of the ship and its crew. "The danger such systems pose to the crew, the ship and the Navy cannot be understated," the investigation notes.

Led by the senior enlisted leader of the ship's gold crew, then-Command Senior Chief Grisel Marrero, the effort roped in the entire chiefs mess by the time it was uncovered a few months later. Marrero was relieved in late 2023 after repeatedly misleading and lying to her ship's command about the Wi-Fi network, and she was convicted at court-martial this spring in connection to the scheme. She was sentenced to a reduction in rank to E-7 after the trial and did not respond to requests for comment for this report. The Navy has yet to release the entirety of the Manchester investigation file to Navy Times, including supplemental enclosures. Such records generally include statements or interview transcripts with the accused.

But records released so far show the probe, which wrapped in November, found that the entire chiefs mess knew about the secret system, and those who didn't buy into it were nonetheless culpable for not reporting the misconduct. Those chiefs and senior chiefs who used, paid for, helped hide or knew about the system were given administrative nonjudicial punishment at commodore's mast, according to the investigation. All told, more than 15 Manchester chiefs were in cahoots with Marrero to purchase, install and use the Starlink system aboard the ship. "This agreement was a criminal conspiracy, supported by the overt act of bringing the purchased Starlink onboard USS MANCHESTER," the investigation said. "Any new member of the CPO Mess which then paid into the services joined that conspiracy following the system's operational status."

Records obtained by Navy Times via a Freedom of Information Act request reveal a months-long effort by Marrero to obtain, install and then conceal the chiefs Wi-Fi network from superiors, including the covert installation of a Starlink satellite dish on the outside of the Manchester. When superiors became suspicious about the existence of the network and confronted her about it, Marrero failed to come clean on multiple occasions and provided falsified documents to further mislead Manchester's commanding officer, the investigation states. "The installation and usage of Starlink, without the approval of higher headquarters, poses a serious risk to mission, operational security, and information security," the investigation states.

Crime

Was the Arrest of Telegram's CEO Inevitable? (platformer.news) 174

Casey Newton, former senior editor at the Verge, weighs in on Platformer about the arrest of Telegram CEO Pavel Durov.

"Fending off onerous speech regulations and overzealous prosecutors requires that platform builders act responsibly. Telegram never even pretended to." Officially, Telegram's terms of service prohibit users from posting illegal pornographic content or promotions of violence on public channels. But as the Stanford Internet Observatory noted last year in an analysis of how CSAM spreads online, these terms implicitly permit users who share CSAM in private channels as much as they want to. "There's illegal content on Telegram. How do I take it down?" asks a question on Telegram's FAQ page. The company declares that it will not intervene in any circumstances: "All Telegram chats and group chats are private amongst their participants," it states. "We do not process any requests related to them...."

Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data. Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. [...] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM.... The company's refusal to answer almost any law enforcement request, no matter how dire, has enabled some truly vile behavior. "Telegram is another level," Brian Fishman, Meta's former anti-terrorism chief, wrote in a post on Threads. "It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It's not 'light' content moderation; it's a different approach entirely.

The article asks whether France's action "will embolden countries around the world to prosecute platform CEOs criminally for failing to turn over user data." On the other hand, Telegram really does seem to be actively enabling a staggering amount of abuse. And while it's disturbing to see state power used indiscriminately to snoop on private conversations, it's equally disturbing to see a private company declare itself to be above the law.

Given its behavior, a legal intervention into Telegram's business practices was inevitable. But the end of private conversation, and end-to-end encryption, need not be.

Transportation

Inside Boeing's Factory Lapses That Led To the Alaska Air Blowout (seattletimes.com) 52

Remember when a door-sized panel blew off a Boeing aircraft back in January? The Seattle Times reports that the "door plug" incident "was caused by two distinct manufacturing errors by different crews" in a Boeing assembly plant in Renton, Washington last fall. (And that Boeing's quality control system "failed to catch the faulty work.")

But the details tell a larger story. The newspaper bases their conclusion on "transcripts of federal investigators' interviews of a dozen Boeing workers, synchronized with an internal Boeing document obtained by The Seattle Times," tracing the whole history of that panel's production. Within a day of its fuselage arriving at the factory, "a small defect was discovered: Five rivets installed by Spirit on the door frame next to the door plug were damaged." That day, the Friday before the Labor Day weekend, repair of those rivets was handed to Spirit, which has contract mechanics on-site in Renton to do any rework on its fuselage. In the meantime, inspectors gave mechanics the OK to install insulation blankets, which covered the door plug. By the following Thursday, a Spirit mechanic had logged an entry in the official Federal Aviation Administration-required record of this aircraft's assembly — the Common Manufacturing Execution System or CMES, pronounced "sea-mass" by the mechanics — that the rivet repair was complete: "removed and replaced rivets." But that day, a Boeing inspector responded with a scathing rebuttal, stating that the rivets had not been replaced but just painted over. "Not acceptable," read the work order. On Sept. 10, records show Spirit was ordered a second time to remove and replace the rivets...

["Shipside Action Tracker"] entries show that after several days, the still-unfinished work order was elevated to higher-level Boeing managers. On Sept. 15, Boeing cabin interiors manager Phally Meas, who needed the work finished so he could get his crew to install cabin walls and seats, texted on-site Spirit manager Tran Nguyen to ask why the rivet work hadn't been done, NTSB interview transcripts show. Spirit mechanics couldn't get to the rivets unless the plug door was opened, Nguyen responded. He sent Meas a photo from his phone showing it was closed, according to the transcripts. It wasn't Spirit's job to open the sealed door plug. Boeing's door team would have to do that, the records show. "He kept asking me how come there wasn't work yet," Nguyen told the NTSB. "The door was not open. That's why there wasn't work yet."

By Sept. 17, the door was still closed, the rivets still unrepaired. The job was elevated again, to the next level of managers. On that day, according to the SAT record, senior managers worked with Ken McElhaney, the door crew manager in Renton, "to determine if the door can just merely be opened or if it needs removal...." [On September 18] at 6:48 a.m., a Boeing mechanic identified as a Door Master Lead texted a young Trainee mechanic on his team to come to the Alaska jet and open the door. The NTSB interviewed but did not name the Trainee or the Door Master Lead, who had almost 16 years at Boeing.

Filling in for the veteran mechanic on vacation, the Trainee was perhaps the least equipped to do this atypical job. He'd been at Boeing for about 17 months, his only previous jobs being at KFC and Taco Bell. "He's just a young kid," the Door Master Lead said...

More key quotes from the article:
  • Boeing put both employees on paid administrative leave.
  • "A company investigator accused one of them of lying. That employee told the NTSB that Boeing has set the pair up as scapegoats."
  • "A 35-year veteran on the door team told NTSB investigators that he is 'the only one that can work on all the doors' and he was typically the only mechanic who would work on door plugs. That mechanic was on vacation on the two critical days, September 18 and 19 last year, when the door plug on the Alaska MAX 9 had to be opened and closed..."
  • "No quality inspection of the door plug was conducted, since no record of its opening and closing was ever entered in the system, documents show."

Thanks to long-time Slashdot reader schwit1 for sharing the news.


Crime

Woman Mailed Herself an Apple AirTag To Help Catch Mail Thieves (cnn.com) 103

Several items were stolen from a woman's P.O. box. So she mailed herself a package containing an Apple AirTag, according to the Santa Barbara County Sheriff's office: Her mail was again stolen on Monday morning, including the package with the AirTag that she was able to track.

It is important to note that the victim did not attempt to contact the suspects on her own... The Sheriff's Office would like to commend the victim for her proactive solution, while highlighting that she also exercised appropriate caution by contacting law enforcement to safely and successfully apprehend the suspects.

CNN reports on what the authorities found: The suspected thieves were located in nearby Santa Maria, California, with the victim's mail — including the package containing the AirTag — and other items authorities believe were stolen from more than a dozen victims, according to the sheriff's office. Virginia Franchessca Lara, 27, and Donald Ashton Terry, 37, were arrested in connection with the crime, authorities said.

Lara was booked on felonies including possession of checks with intent to commit fraud, fictitious checks, identity theft, credit card theft and conspiracy, and remains held on a $50,000 bail as of Thursday, jail records show. Terry faces felony charges including burglary, possession of checks with intent to commit fraud, credit card theft, identity theft and conspiracy and was held on a $460,000 bail, according to jail records...

Authorities said they're working on contacting other victims of theft in this case.

Thanks to long-time Slashdot reader schwit1 for sharing the news.
The Courts

City of Columbus Sues Man After He Discloses Severity of Ransomware Attack (arstechnica.com) 37

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city's data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group's dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a "breakthrough" in the city's forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them "unusable" to the thieves. Ginther went on to say the data's lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him "interacting" with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. "Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so," city attorneys wrote. "The dark web-posted data is not readily available for public consumption. Defendant is making it so." The same day, a Franklin County judge granted the city's motion for a temporary restraining order (PDF) against Ross. It bars the researcher "from accessing, and/or downloading, and/or disseminating" any city files that were posted to the dark web. The motion was made and granted "ex parte," meaning in secret before Ross was informed of it or had an opportunity to present his case.

Encryption

Feds Bust Alaska Man With 10,000+ CSAM Images Despite His Many Encrypted Apps (arstechnica.com) 209

A recent indictment (PDF) of an Alaska man stands out due to the sophisticated use of multiple encrypted communication tools, privacy-focused apps, and dark web technology. "I've never seen anyone who, when arrested, had three Samsung Galaxy phones filled with 'tens of thousands of videos and images' depicting CSAM, all of it hidden behind a secrecy-focused, password-protected app called 'Calculator Photo Vault,'" writes Ars Technica's Nate Anderson. "Nor have I seen anyone arrested for CSAM having used all of the following: [Potato Chat, Enigma, nandbox, Telegram, TOR, Mega NZ, and web-based generative AI tools/chatbots]." An anonymous reader shares the report: According to the government, Seth Herrera not only used all of these tools to store and download CSAM, but he also created his own -- and in two disturbing varieties. First, he allegedly recorded nude minor children himself and later "zoomed in on and enhanced those images using AI-powered technology." Secondly, he took this imagery he had created and then "turned to AI chatbots to ensure these minor victims would be depicted as if they had engaged in the type of sexual contact he wanted to see." In other words, he created fake AI CSAM -- but using imagery of real kids.

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have "created his own public Telegram group to store his CSAM." He also joined "multiple CSAM-related Enigma groups" and frequented dark websites with taglines like "The Only Child Porn Site you need!" Despite all the precautions, Herrera's home was searched and his phones were seized by Homeland Security Investigations; he was eventually arrested on August 23. In a court filing that day, a government attorney noted that Herrera "was arrested this morning with another smartphone -- the same make and model as one of his previously seized devices."

The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera "tried to access a link containing apparent CSAM." Presumably, this "apparent" CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it. In the end, given that fatal click, none of the "I'll hide it behind an encrypted app that looks like a calculator!" technical sophistication accomplished much. Forensic reviews of Herrera's three phones now form the primary basis for the charges against him, and Herrera himself allegedly "admitted to seeing CSAM online for the past year and a half" in an interview with the feds.

Crime

Backpage.com Founder Michael Lacey Sentenced To 5 Years In Prison, Fined $3 Million (apnews.com) 59

Three former Backpage executives, including co-founder Michael Lacey, were sentenced to prison for promoting prostitution and laundering money while disguising their activities as a legitimate classified business. The Associated Press reports: A jury convicted Lacey, 76, of a single count of international concealment money laundering last year, but deadlocked on 84 other prostitution facilitation and money laundering charges. U.S. District Judge Diane Humetewa later acquitted Lacey of dozens of charges for insufficient evidence, but he still faces about 30 prostitution facilitation and money laundering charges. Authorities say the site generated $500 million in prostitution-related revenue from its inception in 2004 until it was shut down by the government in 2018.

Lacey's lawyers say their client was focused on running an alternative newspaper chain and wasn't involved in day-to-day operations of Backpage. But Humetewa told Lacey during Wednesday's sentencing he was aware of the allegations against Backpage and did nothing. "In the face of all this, you held fast," Humetewa said. "You didn't do a thing." Two other Backpage executives, Chief Financial Officer John Brunst and Executive Vice President Scott Spear, also were convicted last year and were each sentenced on Wednesday to 10 years in prison. The judge ordered Lacey and the two executives to report to the U.S. Marshals Service in two weeks to start serving their sentences.

The Internet

South Korea Faces Deepfake Porn 'Emergency' 54

An anonymous reader quotes a report from the BBC: South Korea's president has urged authorities to do more to "eradicate" the country's digital sex crime epidemic, amid a flood of deepfake pornography targeting young women. Authorities, journalists and social media users recently identified a large number of chat groups where members were creating and sharing sexually explicit "deepfake" images -- including some of underage girls. Deepfakes are generated using artificial intelligence, and often combine the face of a real person with a fake body. South Korea's media regulator is holding an emergency meeting in the wake of the discoveries.

The spate of chat groups, linked to individual schools and universities across the country, were discovered on the social media app Telegram over the past week. Users, mainly teenage students, would upload photos of people they knew -- both classmates and teachers -- and other users would then turn them into sexually explicit deepfake images. The discoveries follow the arrest of the Russian-born founder of Telegram, Pavel Durov, on Saturday, after it was alleged that child pornography, drug trafficking and fraud were taking place on the encrypted messaging app.
South Korean President Yoon Suk Yeol on Tuesday instructed authorities to "thoroughly investigate and address these digital sex crimes to eradicate them."

"Recently, deepfake videos targeting an unspecified number of people have been circulating rapidly on social media," President Yoon said at a cabinet meeting. "The victims are often minors and the perpetrators are mostly teenagers." To build a "healthy media culture," President Yoon said young men needed to be better educated. "Although it is often dismissed as 'just a prank,' it is clearly a criminal act that exploits technology to hide behind the shield of anonymity," he said.

The Guardian notes that making sexually explicit deepfakes with the intention of distributing them is punishable by five years in prison or a fine of $37,500.

Further reading: 1 in 10 Minors Say Their Friends Use AI to Generate Nudes of Other Kids, Survey Finds (Source: 404 Media)

Slashdot Top Deals