Category: crime

HFCs, which are also used in building insulation, fire extinguishing systems and aerosols, are banned from import into the US without permission from the Environmental Protection Agency. These greenhouse gases are short-lived in the atmosphere,” but powerful — some are thousands of times more potent than carbon dioxide in the near-term. “The illegal smuggling of hydrofluorocarbons, a highly potent greenhouse gas, undermines international efforts to combat climate change,” said David M. Uhlmann, the assistant administrator for the EPA’s Office of Enforcement and Compliance Assurance. “Anyone who seeks to profit from illegal actions that worsen climate change must be held accountable,” he added. “Today is a significant milestone for our country,” said US Attorney Tara McGrath in a statement. “This is the first time the Department of Justice is prosecuting someone for illegally importing greenhouse gases, and it will not be the last.”

NPR reports that “The identity of the young woman remained a mystery — until Thursday.”

State authorities identified the woman as Sandra Young, a teenager from Portland who went missing between 1968 and 1969. Her identity was discovered through advanced DNA technology, which has helped solve stubborn cold cases in recent years. The case’s breakthrough came last year in January, when a person uploaded their DNA to the genealogy database GEDMatch and the tool immediately determined that the DNA donor was a distant family member of Young….

From there, a genetic genealogist working with local law enforcement helped track down other possible relatives and encouraged them to provide their DNA. That work eventually led to Young’s sister and other family members, who confirmed that Young went missing around the same time.

Thanks to Slashdot reader Tony Isaac for sharing the news.

With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor’s clients stored on that database server. That info is said to have included personal details of those customers’ own customers. And we’re told that Modern Solution’s program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords. The contractor’s findings were discussed in a June 23, 2021 report by Mark Steier, who writes about e-commerce. That same day Modern Solution issued a statement [PDF] — translated from German — summarizing the incident […]. The statement indicates that sensitive data about Modern Solution customers was exposed: last names, first names, email addresses, telephone numbers, bank details, passwords, and conversation and call histories. But it claims that only a limited amount of data — names and addresses — about shoppers who made purchases from these retail clients was exposed. Steier contends that’s incorrect and alleged that Modern Solution downplayed the seriousness of the exposed data, which he said included extensive customer data from the online stores operated by Modern Solution’s clients.

In September 2021 police in Germany seized the IT consultant’s computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge â” he worked previously for a related firm — and the biz claimed he was a competitor. Hendrik H. was charged with unlawful data access under Section 202a of Germany’s Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation’s cybersecurity law. In June, 2023, a Julich District Court in western Germany sided with the IT consultant because the Modern Solution software was insufficiently protected. But the Aachen regional court directed the district court to hear the complaint. Now, the district court has reversed its initial decision. On January 17, a Julich District Court fined Hendrik H. and directed him to pay court costs.

The Indian national tried to flee the country after being quizzed by Coinbase, the Department of Justice said. But he was stopped from boarding a flight to India by American cops. Wahi pleaded guilty in February to two counts of conspiracy to commit wire fraud brought against him by prosecutors in the Southern District of New York. Wahi, his brother and his friend, Sameer Ramani, were also hit with civil charges by the U.S. Securities and Exchange Commission. “[Wahi] violated the trust placed in him by his employer” by sharing the secret listings,” said U.S. Attorney Damian Williams. “Today’s sentence should send a strong signal to all participants in the cryptocurrency markets that the laws decidedly do apply to them.”

What his life will look like in Canada remains uncertain. However, in federal prison, Bowser has shown that he doesn’t shy away from putting in work and helping other people in need. Aside from his prison job, he spent several nightly hours on suicide watch. The prison job brought in some meager income, a large part of which went to pay for the outstanding restitution he has to pay, which is $14.5 million in total. Thus far, less than $200 has been paid off. “I’ve been making payments of $25 per month, which they’ve been taking from my income because I had a job in federal prison. So far I paid $175,” Bowser tells Nick Moses.

If Bowser manages to find a stable source of income in Canada, Nintendo will get a chunk of that as well. As part of a consent judgment, he agreed to pay $10 million to Nintendo, which is the main restitution priority. “The agreement with them is that the maximum they can take is 25 to 30 percent of your gross monthly income. And I have up to six months before I have to start making payments,” Bowser notes. At that rate, it is unlikely that Nintendo will ever see the full amount. Or put differently, Bowser will carry the financial consequences of his Team-Xecuter involvement for the rest of his life.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. […]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. “While some infostealers are designed to remove themselves after execution, others create persistent access,” reads a March 2023 report from cybersecurity firm SpyCloud. “That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems’ fingerprints up to date. “According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year — and there are many other marketplaces like this one,” the SpyCloud report concludes.

Norwalk police said they arrested Asheville, North Carolina, residents Jillian Persons and Austin Geddings on Saturday during a surveillance operation. Both were charged with larceny and criminal mischief crimes, as well as interfering with police. Persons also was accused of giving a false statement to police. Both were detained on $200,000 bail….The outages caused by the cable cutting have since been restored, according to Optimum’s website.

The Stamford Advocate investigated how many people were affected:
Norwalk Deputy Police Chief Terry Blake said Sunday more than 40,000 customers in the area were left without internet service as a result of the vandalism. However, an Optimum spokesperson claimed at the time the outages only affected roughly 16,000 customers and the inflated numbers were inaccurate because of an issue with the company’s online outage map.

“Surrounded by student co-ops, fraternity houses and other faculty homes, he’s the talk of the neighborhood.”

Bankman-Fried, the son of two Stanford law professors, was released on a $250 million bond secured by the Craftsman-style house. While awaiting his fraud trial later this year, Bankman-Fried wears an ankle bracelet to track his movements and plays with his new dog, Sandor, according to a Puck News report…. It remains to be seen what consequences Bankman-Fried, who pleaded “not guilty,” might face. So far, his ability to be detained at home, instead of held in prison, is an exception to how most federal defendants are treated. The quiet, traffic-light Stanford neighborhood is quite the upgrade from Fox Hill, a notoriously rough prison in the Bahamas where Bankman-Fried was briefly held before being extradited.

If Bankman-Fried violates the terms of his bail agreement, his parents could lose their house, which they’ve owned since 1991 and is worth over $3.5 million, according to public property records….

The U.S. government has tried to restrict his access to virtual private networks and certain apps where messages disappear, but a final ruling has not been made. The judge presiding over his case asked in a hearing last month, “Why am I being asked to turn him loose in this garden of electronic devices?,” highlighting that despite any restrictions the court might place on Bankman-Fried’s use of technology, he remains in a home with his parents who also have a plethora of ways to be wired. On Friday, prosecutors proposed limiting Bankman-Fried to a flip-phone or “non-smartphone” that cannot access the internet, and that he be issued a new laptop “with limited functionalities.” Prosecutors also want to place strict limits and monitoring tools on his parents’ devices.
But meanwhile, among the student population, “There are party fliers with his likeness. He’s a punchline in campus comedy sketches. Students ride their bikes by on dates…. When asked whether they could confirm a rumor that a nearby student co-op had attacked the Bankman-Fried home with eggs, Stanford campus police did not respond.”
And one freshman/cryptocurrency enthusiast even stole a sign from in front of Bankman-Fried’s house, then “paraded it around for selfies at a cryptocurrency networking event. The sign is currently growing mold in his dorm-room closet.”

Bankman-Fried, who grew up on campus, “certainly fits into what I regard as the kind of culture of Stanford,” says Richard White, a retired Stanford history professor — even if the 30-year-old former billionaire left Silicon Valley to attend MIT. White and others characterize Stanford’s culture as a place where faculty and students are emboldened to take big risks in conceiving the next hot start-up or breakthrough innovation, often with easy access to capital, the conviction that they’re changing the world — and few consequences if things go south.
“Through his spokesman Mark Botnick, Bankman-Fried declined to comment for this article….”

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022’s total ransomware revenue “fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%.” And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes “signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts,” including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal:
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware…. “It reflects, I think, the pivot that we have made to a posture where we’re on our front foot,” Deputy Attorney General Lisa Monaco said in an interview. “We’re focusing on making sure we’re doing everything to prevent the attacks in the first place.”

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands…. And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group’s decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.