How an Engineer Exposed an International Bike Theft Ring – By Its Facebook Friends

Security engineer Bryan Hance co-founded the nonprofit Bike Index, back in 2013, reports the Los Angeles Times, “where cyclists can register their bikes and contact information, making it easier to reunite lost or stolen bikes with their owners.” It now holds descriptions and serial numbers of about 1.3 million bikes worldwide.

“But in spring 2020, Hance was tipped to something new: Scores of high-end bikes that matched the descriptions of bikes reported stolen from locations across the Bay Area were turning up for sale on Facebook Marketplace and Instagram pages attached to someone in Mexico, thousands of miles away…”

The Facebook page he first spotted disappeared, replaced by pages that were blocked to U.S. computers; Hance managed to get in anyway, thanks to creative use of a VPN. He started reaching out to the owners whose stolen bikes he suspected he was seeing for sale. “Can you tell me a little bit about how your bike was stolen,” he would ask. Often, the methods were sophisticated and selective. Thieves would break into a bicycle room at an apartment complex with a specialized saw and leave minutes later with only the fanciest mountain bikes…

Over time, he spoke to more than a dozen [police] officers in jurisdictions across the Bay Area, including Alameda, Santa Clara, Santa Cruz, Marin, Napa and Sonoma counties… [H]ere was Hance, telling officers that he believed he had located a stolen bike, in Mexico. “That’s gone,” the officer would inform him. Or, one time, according to Hance: “We’re not Interpol.” Hance also tried to get Meta to do something. After all, he had identified what could be hundreds of stolen bikes being sold on its platforms, valued, he estimated, at well over $2 million. He said he got nowhere…

[Hance] believed he’d figured out the identity of the seller in Jalisco, and was monitoring that person’s personal social media accounts. In early 2021, he had spotted something that might break open the case: the name of a person who was sending the Jalisco seller photos of bikes that matched descriptions of those reported stolen by Bay Area cyclists. Hance theorized that person could be a fence who was collecting stolen bikes on this side of the border and sending photos to Jalisco so they could be posted for sale. Hance hunted through the Jalisco seller’s Facebook friends until he found the name there: Victor Romero, of San Jose. More sleuthing revealed that a man by the name of Victor Romero ran an auto shop in San Jose, and, judging by his own Facebook photos, was an avid mountain biker. There was something else: Romero’s auto shop in San Jose had distinctive orange shelves. One photo of a bike listed for sale on the Jalisco seller’s site had similar orange shelves in the backdrop.

Hance contacted a San Francisco police detective who had seemed interested in what he was doing. Check out this guy’s auto shop, he advised. San Francisco police raided Romero in the spring of 2021. They found more than $200,000 in cash, according to a federal indictment, along with screenshots from his phone they said showed Romero’s proceeds from trafficking in stolen bikes. They also found a Kona Process 153 mountain bike valued at about $4,700 that had been reported stolen from an apartment garage in San Francisco, according to the indictment. It had been disassembled and packaged for shipment to Jalisco.
In January, a federal grand jury indicted Victoriano Romero on felony conspiracy charges for his alleged role in a scheme to purchase high-end stolen bicycles from thieves across the Bay Area and transport them to Mexico for resale.

But bikes continue to be stolen, and “The guy is still operating,” Hance told the Los Angeles Times.

“We could do the whole thing again.”

Read more of this story at Slashdot.

New York Times Calls Telegram ‘A Playground for Criminals, Extremists and Terrorists’

The New York Times analyzed over 3.2 million Telegram messages from 16,220 channels. Their conclusion? Telegram “offers features that enable criminals, terrorists and grifters to organize at scale and to sidestep scrutiny from the authorities” — and that Telegram “has looked the other way as illegal and extremist activities have flourished openly on the app.”

Or, more succinctly: “Telegram has become a global sewer of criminal activity, disinformation, child sexual abuse material, terrorism and racist incitement, according to a four-month investigation.”

Look deeper, and a dark underbelly emerges. Uncut lumps of cocaine and shards of crystal meth are for sale on the app. Handguns and stolen checks are widely available. White nationalists use the platform to coordinate fight clubs and plan rallies. Hamas broadcast its Oct. 7 attack on Israel on the site… The Times investigation found 1,500 channels operated by white supremacists who coordinate activities among almost 1 million people around the world. At least two dozen channels sold weapons. In at least 22 channels with more than 70,000 followers, MDMA, cocaine, heroin and other drugs were advertised for delivery to more than 20 countries.

Hamas, the Islamic State and other militant groups have thrived on Telegram, often amassing large audiences across dozens of channels. The Times analyzed more than 40 channels associated with Hamas, which showed that average viewership surged up to 10 times after the Oct. 7 attacks, garnering more than 400 million views in October. Telegram is “the most popular place for ill-intentioned, violent actors to congregate,” said Rebecca Weiner, the deputy commissioner for intelligence and counterterrorism at the New York Police Department. “If you’re a bad guy, that’s where you will land….” [Telegram] steadfastly ignores most requests for assistance from law enforcement agencies. An email inbox used for inquiries from government agencies is rarely checked, former employees said…

“It is easy to search and find channels selling guns, illicit narcotics, prescription drugs and fraudulent ATM cards, called clone cards…” according to the article. The Times “found at least 50 channels openly selling contraband, including guns, drugs and fraudulent debit cards.”
In December 2022, Hayden Espinosa began serving a 33-month sentence in federal prison in Louisiana for buying and selling illegal firearms and weapon parts he made with 3D printers. That did not stop his business. Using cellphones that had been smuggled into prison, Espinosa continued his illicit trade on a Telegram channel… Espinosa’s gun market on Telegram might never have been uncovered except that one of its members was Payton Gendron, who massacred 10 people at a supermarket in Buffalo, New York, in 2022. Investigators scouring his life online for motives for the shooting discovered the channel, which also featured racist and extremist views he had shared.

“Operating like a stateless organization, Telegram has long behaved as if it were above the law,” the article concludes — though it adds that “In many democratic countries, patience with the app is wearing thin.

“The European Union is exploring new oversight of Telegram under the Digital Services Act, a law that forces large online platforms to police their services more aggressively, two people familiar with the plans said.”

Read more of this story at Slashdot.

Fake CV Lands Top ‘Engineer’ In Jail For 15 Years

Daniel Mthimkhulu, former chief “engineer” at South Africa’s Passenger Rail Agency (Prasa), was sentenced to 15 years in prison for claiming false engineering degrees and a doctorate. His fraudulent credentials allowed him to rise rapidly within Prasa, contributing to significant financial losses and corruption within the agency. The BBC reports: Once hailed for his successful career, Daniel Mthimkhulu was head of engineering at the Passenger Rail Agency of South Africa (Prasa) for five years — earning an annual salary of about [$156,000]. On his CV, the 49-year-old claimed to have had several mechanical engineering qualifications, including a degree from South Africa’s respected Witwatersrand University as well as a doctorate from a German university. However, the court in Johannesburg heard that he had only completed his high-school education.

Mthimkhulu was arrested in July 2015 shortly after his web of lies began to unravel. He had started working at Prasa 15 years earlier, shooting up the ranks to become chief engineer, thanks to his fake qualifications. The court also heard how he had forged a job offer letter from a German company, which encouraged Prasa to increase his salary so the agency would not lose him. He was also at the forefront of a 600m rand deal to buy dozens of new trains from Spain, but they could not be used in South Africa as they were too high. […] In an interview from 2019 with local broadcaster eNCA, Mthimkhulu admitted that he did not have a PhD. “I failed to correct the perception that I have it. I just became comfortable with the title. I did not foresee any damages as a result of this,” he said.

Read more of this story at Slashdot.

Backpage.com Founder Michael Lacey Sentenced To 5 Years In Prison, Fined $3 Million

Three former Backpage executives, including co-founder Michael Lacey, were sentenced to prison for promoting prostitution and laundering money while disguising their activities as a legitimate classified business. The Associated Press reports: A jury convicted Lacey, 76, of a single count of international concealment money laundering last year, but deadlocked on 84 other prostitution facilitation and money laundering charges. U.S. District Judge Diane Humetewa later acquitted Lacey of dozens of charges for insufficient evidence, but he still faces about 30 prostitution facilitation and money laundering charges. Authorities say the site generated $500 million in prostitution-related revenue from its inception in 2004 until it was shut down by the government in 2018.

Lacey’s lawyers say their client was focused on running an alternative newspaper chain and wasn’t involved in day-to-day operations of Backpage. But Humetewa told Lacey during Wednesday’s sentencing he was aware of the allegations against Backpage and did nothing. “In the face of all this, you held fast,” Humetewa said. “You didn’t do a thing.” Two other Backpage executives, Chief Financial Officer John Brunst and Executive Vice President Scott Spear, also were convicted last year and were each sentenced on Wednesday to 10 years in prison. The judge ordered Lacey and the two executives to report to the U.S. Marshals Service in two weeks to start serving their sentences.

Read more of this story at Slashdot.

Locking Up Items To Deter Shoplifting Is Pushing Shoppers Online

Longtime Slashdot reader schwit1 shares a report from Axios: Locking up merchandise at drugstores and discount retailers hasn’t curbed retail theft but is driving frustrated consumers to shop online more, retail experts tell Axios. Retail crime is eating into retailers’ profits and high theft rates are also leading to a rise in store closures. Secured cases can cause sales to drop 15% to 25%, Joe Budano, CEO of anti-theft technology company Indyme, previously told Axios. Barricading everything from razors to laundry detergent has largely backfired and broken shopping in America, Bloomberg reports.

Aisles full of locked plexiglass cases are common at many CVS and Walgreens stores where consumers have to wait for an employee to unlock them. Target, Walmart, Dollar General and other retailers have also pulled back on self-checkout to deter shoplifting. “Locking up products worsens the shopping experience, and it makes things inconvenient and difficult,” GlobalData retail analyst Neil Saunders said, adding it pushes shoppers to other retailers or to move purchases online.

Driving the news: Manmohan Mahajan, Walgreens global chief financial officer, said in a June earnings call that the retailer was experiencing “higher levels of shrink.” Amazon CEO Andy Jassy spoke of the “speed and ease” of ordering online versus walking into pharmacies on a call with investors last week. “It’s a pretty tough experience with how much is locked behind cabinets, where you have to press a button to get somebody to come out and open the cabinets for you,” Jassy said. schwit1 adds: “The American-style retail shopping experience was invented in a high-trust environment. As trust erodes, so does the experience.”

Read more of this story at Slashdot.

Cyber-Heist of 2.9 Billion Personal Records Leads to Class Action Lawsuit

“A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people’s private information,” reports the Register, “which was subsequently stolen from the biz and sold on an online criminal marketplace.”

California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks’ criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack. According to the suit, filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.

If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.

Hofmann’s lawsuit says he ‘believes that his personally identifiable information was scraped from non-public sources,” according to the article — which adds that Hofmann “claims he never provided this sensitive info to National Public Data…
“The Florida firm stands accused of negligently storing the database in a way that was accessible to the thieves, without encrypting its contents nor redacting any of the individuals’ sensitive information.”

Hofmann, on behalf of potentially millions of other plaintiffs, has asked the court to require National Public Data to destroy all personal information belonging to the class-action members and use encryption, among other data protection methods in the future…
Additionally, it seeks unspecified monetary relief for the data theft victims, including “actual, statutory, nominal, and consequential damages.”

Read more of this story at Slashdot.

Alzheimer’s Scientist Indicted For Allegedly Falsifying Data In $16 Million Scheme

“A federal grand jury has indicted an embattled Alzheimer’s researcher for allegedly falsifying data to fraudulently obtain $16 million in federal research funding from the National Institutes of Health for the development of a controversial Alzheimer’s drug and diagnostic test,” writes Beth Mole via Ars Technica. “Wang is charged with one count of major fraud against the United States, two counts of wire fraud, and one count of false statements. If convicted, he faces a maximum penalty of 10 years in prison for the major fraud charge, 20 years in prison for each count of wire fraud, and five years in prison for the count of false statements […].” From the report: Hoau-Yan Wang, 67, a medical professor at the City University of New York, was a paid collaborator with the Austin, Texas-based pharmaceutical company Cassava Sciences. Wang’s research and publications provided scientific underpinnings for Cassava’s Alzheimer’s treatment, Simufilam, which is now in Phase III trials. Simufilam is a small-molecule drug that Cassava claims can restore the structure and function of a scaffolding protein in the brain of people with Alzheimer’s, leading to slowed cognitive decline. But outside researchers have long expressed doubts and concerns about the research.

In 2023, Science magazine obtained a 50-page report from an internal investigation at CUNY that looked into 31 misconduct allegations made against Wang in 2021. According to the report, the investigating committee “found evidence highly suggestive of deliberate scientific misconduct by Wang for 14 of the 31 allegations,” the report states. The allegations largely centered around doctored and fabricated images from Western blotting, an analytical technique used to separate and detect proteins. However, the committee couldn’t conclusively prove the images were falsified “due to the failure of Dr. Wang to provide underlying, original data or research records and the low quality of the published images that had to be examined in their place.” In all, the investigation “revealed long-standing and egregious misconduct in data management and record keeping by Dr. Wang,” and concluded that “the integrity of Dr. Wang’s work remains highly questionable.” The committee also concluded that Cassava’s lead scientist on its Alzheimer’s disease program, Lindsay Burns, who was a frequent co-author with Wang, also likely bears some responsibility for the misconduct.

In March 2022, five of Wang’s articles published in the journal PLOS One were retracted over integrity concerns with images in the papers. Other papers by Wang have also been retracted or had statements of concern attached to them. Further, in September 2022, the Food and Drug Administration conducted an inspection of the analytical work and techniques used by Wang to analyze blood and cerebrospinal fluid from patients in a simufilam trial. The investigation found a slew of egregious problems, which were laid out in a “damning” report (PDF) obtained by Science. In the indictment last week (PDF), federal authorities were explicit about the allegations, claiming that Wang falsified the results of his scientific research to NIH “by, among other things, manipulating data and images of Western blots to artificially add bands [which represent proteins], subtract bands, and change their relative thickness and/or darkness, and then drawing conclusions” based on those false results.

Read more of this story at Slashdot.

New Linux Version of Ransomware Targets VMware ESXi

“Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments,” reports BleepingComputer:

In a report Wednesday, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine… Once on the target system, the payload checks if it runs in a VMware ESXi environment by executing the ‘uname’ command and looking for ‘vmkernel.’ Next, a “TargetInfo.txt” file is created and sent to the command and control (C2) server. It contains victim information such as hostname, IP address, OS details, logged-in users and privileges, unique identifiers, and details about the encrypted files and directories. The ransomware will encrypt files that have VM-related extensions (vmdk, vmem, vswp, vmx, vmsn, nvram), appending the “.locked” extension to the resulting files.

Finally, a ransom note named “HOW TO DECRYPT.txt” is dropped, containing instructions for the victim on how to pay the ransom and retrieve a valid decryption key.

“After all tasks have been completed, the shell script deletes the payload using the ‘rm -f x’ command so all traces that can be used in post-incident investigations are wiped from impacted machines.”

Thanks to long-time Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

Former Google Engineer Indicted For Stealing AI Secrets To Aid Chinese Companies

Linwei Ding, a former Google software engineer, has been indicted for stealing trade secrets related to AI to benefit two Chinese companies. He faces up to 10 years in prison and a $250,000 fine on each criminal count. Reuters reports: Ding’s indictment was unveiled a little over a year after the Biden administration created an interagency Disruptive Technology Strike Force to help stop advanced technology being acquired by countries such as China and Russia, or potentially threaten national security. “The Justice Department just will not tolerate the theft of our trade secrets and intelligence,” U.S. Attorney General Merrick Garland said at a conference in San Francisco.

According to the indictment, Ding stole detailed information about the hardware infrastructure and software platform that lets Google’s supercomputing data centers train large AI models through machine learning. The stolen information included details about chips and systems, and software that helps power a supercomputer “capable of executing at the cutting edge of machine learning and AI technology,” the indictment said. Google designed some of the allegedly stolen chip blueprints to gain an edge over cloud computing rivals Amazon.com and Microsoft, which design their own, and reduce its reliance on chips from Nvidia.

Hired by Google in 2019, Ding allegedly began his thefts three years later, while he was being courted to become chief technology officer for an early-stage Chinese tech company, and by May 2023 had uploaded more than 500 confidential files. The indictment said Ding founded his own technology company that month, and circulated a document to a chat group that said “We have experience with Google’s ten-thousand-card computational power platform; we just need to replicate and upgrade it.” Google became suspicious of Ding in December 2023 and took away his laptop on Jan. 4, 2024, the day before Ding planned to resign. A Google spokesperson said: “We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets. After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement.”

Read more of this story at Slashdot.