Former Google Engineer Indicted For Stealing AI Secrets To Aid Chinese Companies

Linwei Ding, a former Google software engineer, has been indicted for stealing trade secrets related to AI to benefit two Chinese companies. He faces up to 10 years in prison and a $250,000 fine on each criminal count. Reuters reports: Ding’s indictment was unveiled a little over a year after the Biden administration created an interagency Disruptive Technology Strike Force to help stop advanced technology being acquired by countries such as China and Russia, or potentially threaten national security. “The Justice Department just will not tolerate the theft of our trade secrets and intelligence,” U.S. Attorney General Merrick Garland said at a conference in San Francisco.

According to the indictment, Ding stole detailed information about the hardware infrastructure and software platform that lets Google’s supercomputing data centers train large AI models through machine learning. The stolen information included details about chips and systems, and software that helps power a supercomputer “capable of executing at the cutting edge of machine learning and AI technology,” the indictment said. Google designed some of the allegedly stolen chip blueprints to gain an edge over cloud computing rivals and Microsoft, which design their own, and reduce its reliance on chips from Nvidia.

Hired by Google in 2019, Ding allegedly began his thefts three years later, while he was being courted to become chief technology officer for an early-stage Chinese tech company, and by May 2023 had uploaded more than 500 confidential files. The indictment said Ding founded his own technology company that month, and circulated a document to a chat group that said “We have experience with Google’s ten-thousand-card computational power platform; we just need to replicate and upgrade it.” Google became suspicious of Ding in December 2023 and took away his laptop on Jan. 4, 2024, the day before Ding planned to resign. A Google spokesperson said: “We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets. After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement.”

Read more of this story at Slashdot.

Man Charged With Smuggling Greenhouse Gases Into US

In a first-of-its-kind prosecution, a California man was arrested and charged Monday with allegedly smuggling potent, greenhouse gases from Mexico. From a report: Michael Hart, a 58-year-old man from San Diego, pleaded not guilty to smuggling hydrofluorocarbons, or HFCs — commonly used in air conditioning and refrigeration — and selling them for profit, in a federal court hearing Monday. According to the indictment, Hart allegedly purchased the HFCs in Mexico and smuggled them into the US in the back of his truck, concealed under a tarp and tools. He is then alleged to have sold them for a profit on sites including Facebook Marketplace and OfferUp. […] Hart has pleaded not guilty to 13 charges including conspiracy, importation contrary to law and sale of merchandise imported contrary to law. The charges carry potential prison sentences ranging from five to 20 years.

HFCs, which are also used in building insulation, fire extinguishing systems and aerosols, are banned from import into the US without permission from the Environmental Protection Agency. These greenhouse gases are short-lived in the atmosphere,” but powerful — some are thousands of times more potent than carbon dioxide in the near-term. “The illegal smuggling of hydrofluorocarbons, a highly potent greenhouse gas, undermines international efforts to combat climate change,” said David M. Uhlmann, the assistant administrator for the EPA’s Office of Enforcement and Compliance Assurance. “Anyone who seeks to profit from illegal actions that worsen climate change must be held accountable,” he added. “Today is a significant milestone for our country,” said US Attorney Tara McGrath in a statement. “This is the first time the Department of Justice is prosecuting someone for illegally importing greenhouse gases, and it will not be the last.”

Read more of this story at Slashdot.

IT Consultant Fined For Daring To Expose Shoddy Security

Thomas Claburn reports via The Register: A security researcher in Germany has been fined $3,300 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.

With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor’s clients stored on that database server. That info is said to have included personal details of those customers’ own customers. And we’re told that Modern Solution’s program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords. The contractor’s findings were discussed in a June 23, 2021 report by Mark Steier, who writes about e-commerce. That same day Modern Solution issued a statement [PDF] — translated from German — summarizing the incident […]. The statement indicates that sensitive data about Modern Solution customers was exposed: last names, first names, email addresses, telephone numbers, bank details, passwords, and conversation and call histories. But it claims that only a limited amount of data — names and addresses — about shoppers who made purchases from these retail clients was exposed. Steier contends that’s incorrect and alleged that Modern Solution downplayed the seriousness of the exposed data, which he said included extensive customer data from the online stores operated by Modern Solution’s clients.

In September 2021 police in Germany seized the IT consultant’s computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge â” he worked previously for a related firm — and the biz claimed he was a competitor. Hendrik H. was charged with unlawful data access under Section 202a of Germany’s Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation’s cybersecurity law. In June, 2023, a Julich District Court in western Germany sided with the IT consultant because the Modern Solution software was insufficiently protected. But the Aachen regional court directed the district court to hear the complaint. Now, the district court has reversed its initial decision. On January 17, a Julich District Court fined Hendrik H. and directed him to pay court costs.

Read more of this story at Slashdot.

Nintendo ‘Hacker’ Gary Bowser Released From Federal Prison

An anonymous reader quotes a report from TorrentFreak: Last year, a U.S. federal court handed a 40-month prison sentence to Gary Bowser. The Canadian pleaded guilty to being part of the Nintendo hacking group “Team Xecuter” and has now served his time. In part due to his good behavior, Bowser got an early release from federal prison. […] In a recent video interview with Nick Moses, Bowser explains that he was released from federal prison on March 28th. He is currently in processing at the Northwest Detention Center in Tacoma, Washington, to prepare for his return to Canada.

What his life will look like in Canada remains uncertain. However, in federal prison, Bowser has shown that he doesn’t shy away from putting in work and helping other people in need. Aside from his prison job, he spent several nightly hours on suicide watch. The prison job brought in some meager income, a large part of which went to pay for the outstanding restitution he has to pay, which is $14.5 million in total. Thus far, less than $200 has been paid off. “I’ve been making payments of $25 per month, which they’ve been taking from my income because I had a job in federal prison. So far I paid $175,” Bowser tells Nick Moses.

If Bowser manages to find a stable source of income in Canada, Nintendo will get a chunk of that as well. As part of a consent judgment, he agreed to pay $10 million to Nintendo, which is the main restitution priority. “The agreement with them is that the maximum they can take is 25 to 30 percent of your gross monthly income. And I have up to six months before I have to start making payments,” Bowser notes. At that rate, it is unlikely that Nintendo will ever see the full amount. Or put differently, Bowser will carry the financial consequences of his Team-Xecuter involvement for the rest of his life.

Read more of this story at Slashdot.

FBI Seizes Bot Shop ‘Genesis Market’

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. KrebsOnSecurity reports: Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Active since 2018, Genesis Market’s slogan has long been, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. […]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. “While some infostealers are designed to remove themselves after execution, others create persistent access,” reads a March 2023 report from cybersecurity firm SpyCloud. “That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems’ fingerprints up to date. “According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year — and there are many other marketplaces like this one,” the SpyCloud report concludes.

Read more of this story at Slashdot.

Sam Bankman-Fried is Under House Arrest – at Stanford. Students are Fascinated

FTX founder Sam Bankman-Fried “has been under house arrest at his parents’ home on the Stanford campus since December,” writes the Washington Post, “making the elite university the unlikely host to one of America’s most notorious alleged white-collar criminals.

“Surrounded by student co-ops, fraternity houses and other faculty homes, he’s the talk of the neighborhood.”

Bankman-Fried, the son of two Stanford law professors, was released on a $250 million bond secured by the Craftsman-style house. While awaiting his fraud trial later this year, Bankman-Fried wears an ankle bracelet to track his movements and plays with his new dog, Sandor, according to a Puck News report…. It remains to be seen what consequences Bankman-Fried, who pleaded “not guilty,” might face. So far, his ability to be detained at home, instead of held in prison, is an exception to how most federal defendants are treated. The quiet, traffic-light Stanford neighborhood is quite the upgrade from Fox Hill, a notoriously rough prison in the Bahamas where Bankman-Fried was briefly held before being extradited.

If Bankman-Fried violates the terms of his bail agreement, his parents could lose their house, which they’ve owned since 1991 and is worth over $3.5 million, according to public property records….

The U.S. government has tried to restrict his access to virtual private networks and certain apps where messages disappear, but a final ruling has not been made. The judge presiding over his case asked in a hearing last month, “Why am I being asked to turn him loose in this garden of electronic devices?,” highlighting that despite any restrictions the court might place on Bankman-Fried’s use of technology, he remains in a home with his parents who also have a plethora of ways to be wired. On Friday, prosecutors proposed limiting Bankman-Fried to a flip-phone or “non-smartphone” that cannot access the internet, and that he be issued a new laptop “with limited functionalities.” Prosecutors also want to place strict limits and monitoring tools on his parents’ devices.
But meanwhile, among the student population, “There are party fliers with his likeness. He’s a punchline in campus comedy sketches. Students ride their bikes by on dates…. When asked whether they could confirm a rumor that a nearby student co-op had attacked the Bankman-Fried home with eggs, Stanford campus police did not respond.”
And one freshman/cryptocurrency enthusiast even stole a sign from in front of Bankman-Fried’s house, then “paraded it around for selfies at a cryptocurrency networking event. The sign is currently growing mold in his dorm-room closet.”

Bankman-Fried, who grew up on campus, “certainly fits into what I regard as the kind of culture of Stanford,” says Richard White, a retired Stanford history professor — even if the 30-year-old former billionaire left Silicon Valley to attend MIT. White and others characterize Stanford’s culture as a place where faculty and students are emboldened to take big risks in conceiving the next hot start-up or breakthrough innovation, often with easy access to capital, the conviction that they’re changing the world — and few consequences if things go south.
“Through his spokesman Mark Botnick, Bankman-Fried declined to comment for this article….”

Read more of this story at Slashdot.