Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Crime

Western Union Pays $586M Fine Over Wire Fraud Charges (reuters.com) 112

The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters: The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...

Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.

Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."
Databases

Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 67

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Crime

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 359

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.

In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Crime

South Korean Court Dismisses Arrest Warrant For Samsung Chief (reuters.com) 17

An anonymous reader quotes a report from Reuters: A South Korean court on Thursday dismissed an arrest warrant against the head of Samsung Group, the country's largest conglomerate, amid a graft scandal that has led to the impeachment of President Park Geun-hye. But the reprieve for Jay Y. Lee, 48, may only be temporary, as the special prosecutor's office said it would pursue the case. Lee, who has led Samsung since his father, Lee Kun-hee, suffered a heart attack in 2014, was still likely to face the same charges of bribery, embezzlement and perjury, legal analysts said, even if he is not detained. The special prosecutor's office said it would be continuing its probe but had not decided whether to make another arrest warrant request, and the setback would not change its plans to investigate other conglomerates. Spokesman Lee Kyu-chul said the prosecution was unconvinced by the Samsung chief's argument that he was a victim of coercion due to pressure from Park. The office has accused Lee of paying multi-million dollar bribes to Park's confidant, Choi Soon-sil, the woman at the heart of the scandal, to win support from the National Pension Service for a controversial 2015 merger of two Samsung Group affiliates. The merger helped cement Lee's control over the smartphones-to-biopharmaceuticals business empire.
Government

Julian Assange Will Not Hand Himself In Because Chelsea Manning's Release Won't Happen Immediately, Lawyer Says (independent.co.uk) 560

President Obama commuted Chelsea Manning's prison sentence yesterday, reducing her time required to serve behind bars from 35 years to just over seven years. Prior to the commutation, WikiLeaks' Julian Assange pledged to surrender himself to U.S. authorities if Manning was pardoned. Roughly 24 hours have passed since the news broke and it appears that Assange will not hand himself in to the Department of Justice. The Independent reports: Mr Assange's lawyers initially seemed to suggest that promise would be carried through -- telling reporters that he stood by his earlier comments -- but it appears now that Mr Assange will stay inside the embassy. The commitment to accept extradition to the U.S. was based on Ms Manning being released immediately, Mr Assange's lawyer told The Hill. Ms Manning won't actually be released until May -- to allow for a standard 120-day transition period, which gives people time to prepare and find somewhere to live, an official told The New York Times for its original report about Ms Manning's clemency. "Mr. Assange welcomes the announcement that Ms. Manning's sentence will be reduced and she will be released in May, but this is well short of what he sought," Barry Pollack, Assange's U.S.-based attorney, told the site. "Mr. Assange had called for Chelsea Manning to receive clemency and be released immediately."
Crime

Ukraine's Power Outage Was a Cyber Attack, Says Power Supplier (reuters.com) 59

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday. From the report: When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine. Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters. "The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.
Crime

Dutch Developer Added Backdoor To Websites He Built, Phished Over 20,000 Users (bleepingcomputer.com) 123

An anonymous reader quotes a report from BleepingComputer: A Dutch developer illegally accessed the accounts of over 20,000 users after he allegedly collected their login information via backdoors installed on websites he built. According to an official statement, Dutch police officials are now in the process of notifying these victims about the crook's actions. The hacker, yet to be named by Dutch authorities, was arrested on July 11, 2016, at a hotel in Zwolle, the Netherlands, and police proceeded to raid two houses the crook owned, in Leeuwarden and Sneek. According to Dutch police, the 35-years-old suspect was hired to build e-commerce sites for various companies. After doing his job, the developer also left backdoors in those websites, which he used to install various scripts that allowed him to collect information on the site's users. Police say that it's impossible to determine the full breadth of his hacking campaign, but evidence found on his laptop revealed he gained access to over 20,000 email accounts. Authorities say the hacker used his access to these accounts to read people's private email conversations, access their social media profiles, sign-up for gambling sites with the victim's credentials, and access online shopping sites to make purchases for himself using the victim's funds.
Government

President Obama Commutes Chelsea Manning's Sentence (theverge.com) 797

The New York Times is reporting that President Obama has commuted Chelsea Manning's sentence. What this translates to is a reduced sentence for Manning, from 35 years to just over seven years. Since Manning has already served a majority of those years, she is due to be released from federal custody on May 17th. The Verge reports: While serving as an intelligence analyst in Iraq, Manning leaked more than 700,000 documents to Wikileaks, including video of a 2007 airstrike in Baghdad that killed two Reuters employees. In 2013, Manning was sentenced to 35 years in prison for her role in the leak and has been held at the U.S. Disciplinary Barracks at Fort Leavenworth for the past three years. Julian Assange, who has long been sought by U.S. and EU authorities for extradition on Swedish rape charges, had previously pledged to surrender himself to U.S. authorities if Manning was pardoned. Born Bradley Manning, Chelsea announced her gender transition the day after the verdict was handed down. "I am Chelsea Manning. I am a female," she said in a statement. "Given the way that I feel, and have felt since childhood, I want to begin hormone therapy as soon as possible." Obtaining the resulting medical treatments was extremely difficult for Manning, and was the subject of significant and sustained activism. After a lawsuit, Manning was approved for hormone therapy in 2015. In September 2016, she launched a hunger strike, demanding access to gender reassignment surgery; the military complied five days later.
Businesses

Oculus Accused of Destroying Evidence, Zuckerberg To Testify In $2 Billion Lawsuit (arstechnica.com) 136

An anonymous reader quotes a report from Ars Technica: ZeniMax Media, the parent company of both Bethesda Softworks and Id Software, says it will prove at trial that John Carmack and others at Oculus stole trade secrets to "misappropriate" virtual reality technology that was first developed while Carmack was working at Id Software. What's more, ZeniMax is now accusing Oculus of "intentional destruction of evidence to cover up their wrongdoing." Mark Zuckerberg, CEO of Oculus parent company Facebook, is scheduled to respond to those accusations in testimony starting tomorrow, according to a report by Business insider. ZeniMax's statement comes after Carmack testified at trial last week, saying the case was "ridiculous and absurd." His testimony echoed Oculus' initial reaction when ZeniMax's accusations first surfaced in 2014. In court filings leading up to the trial, ZeniMax detailed its case that Carmack, while still an employee at Id Software, "designed the specifications and functionality embodied in the Rift SDK and directed its development." Carmack's technology and guidance allegedly "literally transformed" Oculus founder Palmer Luckey's early Rift prototype from a "primitive virtual reality headset" that was "little more than a display panel." Carmack allegedly used "copyrighted computer code, trade secret information, and technical know-how" from his time at ZeniMax after he moved to Oculus as CTO in 2013. As the trial began last week (as reported by a Law360 summary, registration required), Carmack told the court of his development of a virtual reality demo for Doom 3 in 2012 and his search for a VR headset that would be suitable to run it. That's when he says he got in touch with Luckey, leading to the now legendary E3 2012 demo that introduced Oculus to the public. ZeniMax is seeking $2 billion in damage, which matches the value that Facebook paid for Oculus in 2014. The trial is expected to last three weeks.
Government

Amateur Scientists Find New Clue In D.B. Cooper Case, Crowdsource Their Investigation (kare11.com) 139

Six months after the FBI closed the only unsolved air piracy in American aviation history -- after a 45-year investigation -- there's a new clue. An anonymous reader quotes Seattle news station KING: A band of amateur scientists selected by the Seattle FBI to look for clues in the world's most infamous skyjacking may have found new evidence in the 45-year-old case. They're asking for the public's help because of new, potential leads that could link DB Cooper to the Puget Sound aerospace industry in the early 1970s. The scientific team has been analyzing particles removed from the clip-on tie left behind by Cooper after he hijacked a Northwest Orient passenger jet in November 1971. A powerful electron microscope located more than 100,000 particles on old the JCPenny tie. The team has identified particles like Cerium, Strontium Sulfide, and pure titanium.

Tom Kaye, lead researcher for the group calling itself Citizen Sleuths, says the group is intrigued by the finding, because the elements identified were rarely used in 1971, during the time of Cooper's daring leap with a parachute from a passenger jet. One place they were being used was for Boeing's high-tech Super Sonic Transport plane...

Interestingly, it was even a Boeing aircraft that Cooper hijacked, and witnesses say he wasn't nervous on the flight, and seemed familiar with the terrain below.
Security

Student Hacker Faces 10 Years in Prison For Spyware That Hit 16,000 Computers (vice.com) 181

An anonymous reader quotes Motherboard: A 21-year-old from Virginia plead guilty on Friday to writing and selling custom spyware designed to monitor a victim's keystrokes. Zachary Shames, from Great Falls, Virginia, wrote a keylogger, malware designed to record every keystroke on a computer, and sold it to more than 3,000 people who infected more than 16,000 victims with it, according to a press release from the U.S. Department of Justice.

Shames, who appears to be a student at James Madison University, developed the first version of the spyware while he was still a high school student in 2013, "and continued to modify and market the illegal product from his college dorm room," according to the feds... While the feds only vaguely referred to it as "some malicious keylogger software," it appears the spyware was actually called "Limitless Keylogger Pro," according to evidence found by a security researcher who asked to remain anonymous... According to what appears to be Shames Linkedin page, he was an intern for the defense contractor Northrop Grumman from May 2015 until August 2016.

The Department of Justice announced that he'll be sentenced on June 16, and faces a maximum of 10 years in prison.
Government

Petition With Over 1 Million Signatures Urges President Obama To Pardon Snowden (cnet.com) 273

An anonymous reader quotes a report from CNET: More than 1 million people signed onto a petition asking President Barack Obama to pardon Edward Snowden, proponents of the pardon said Friday. The campaign began in September, when Snowden, his attorney Ben Wizner from the ACLU, and other privacy activists announced they would formally petition Obama for a pardon. Snowden leaked classified NSA documents detailing surveillance programs run by the U.S. and its allies to journalists in 2013, kicking off a heated debate on whether Americans should be willing to sacrifice internet privacy to help the government protect the country from terrorist attacks. Obama and White House representatives have said repeatedly that Snowden must face the charges against him and that he'll be afforded a fair trial. In the U.S., a pardon is "an expression of the president's forgiveness and ordinarily is granted in recognition of the applicant's acceptance of responsibility for the crime and established good conduct for a significant period of time after conviction or completion of sentence," according to the Office of the Pardon Attorney. It does not signify innocence. Also on Friday, David Kaye urged Obama to consider a pardon for Snowden. Kaye, the special rapporteur to the United Nations Human Rights Council on the freedom of expression, said U.S. law doesn't allow Snowden to argue that his disclosures were made for the benefit of the public. The jury would merely be asked to decide whether Snowden stole government secrets and distributed them -- something Snowden himself concedes he did. In response to the petition, Edward Snowden tweeted: "Whether or not this President ends the war on whistleblowers, you've sent a message to history: I feared no one would care. I was wrong."
Privacy

Why You Shouldn't Trust Geek Squad (networkworld.com) 389

An anonymous reader quotes a report from Network World: The Orange County Weekly reports that Best Buy's "Geek Squad" repair technicians routinely search devices brought in for repair for files that could earn them $500 reward as FBI informants. This revelation came out in a court case, United States of America v. Mark A. Rettenmaier. Rettenmaier is a prominent Orange County physician and surgeon who took his laptop to the Mission Viejo Best Buy in November 2011 after he was unable to start it. According to court records, Geek Squad technician John "Trey" Westphal found an image of "a fully nude, white prepubescent female on her hands and knees on a bed, with a brown choker-type collar around her neck." Westphal notified his boss, who was also an FBI informant, who alerted another FBI informant -- as well as the FBI itself. The FBI has pretty much guaranteed the case will be thrown out by its behavior, this illegal search aside. According to Rettenmaier's defense attorney, agents conducted two additional searches of the computer without obtaining necessary warrants, lied to trick a federal magistrate judge into authorizing a search warrant for his home, then tried to cover up their misdeeds by initially hiding records. Plus, the file was found in the unallocated "trash" space, meaning it could only be retrieved by "carving" with sophisticated forensics tools. Carving (or file carving) is defined as searching for files or other kinds of objects based on content, rather than on metadata. It's used to recover old files that have been deleted or damaged. To prove child pornography, you have to prove the possessor knew what he had was indeed child porn. There has been a court case where files found on unallocated space did not constitute knowing possession because it's impossible to determine who put the file there and how, since it's not accessible to the user under normal circumstances.
Crime

Two Triple-Screen Laptops Were Stolen From Razer's CES Booth (theverge.com) 165

In a Facebook post, Razer CEO Min-Liang Tan said two of their prototype laptops shown off at CES 2017 were stolen. "We treat theft/larceny, and if relevant to this case, industrial espionage, very seriously -- it is cheating, and cheating doesn't sit well with us," Tan wrote. "Penalties for such crimes are grievous and anyone who would do this clearly isn't very smart." Both items were prototype models of a laptop, called Project Valerie, that has three 4K displays. The Verge reports: Tan says that Razer is working with law enforcement and CES management to investigate. He's also asking show attendees to email legal@razerzone.com with any info they might have on what happened. A company representative added that a $25,000 reward is being offered for information leading to a conviction. The alleged theft occurred "after official show hours," says Allie Fried, director of global events communications for the Consumer Technology Association, which runs CES. "The security of our exhibitors, attendees and their products and materials are our highest priority," Fried wrote in an email to The Verge. "We look forward to cooperating with law enforcement and Razer as the incident is investigated."
Crime

FBI Arrests Volkswagen Executive On Charges Related To Dieselgate (cnet.com) 106

According to CNET, the FBI has arrested Volkswagen executive Oliver Schmidt over the weekend on charges of conspiracy to defraud the U.S. relating to the ongoing Dieselgate emissions scandal. From the report: Schmidt headed VW's regulatory compliance office in the U.S. from 2014 to March 2015. The FBI's official Criminal Complaint states that during that time VW employees -- Schmidt included -- knowingly installed secret "defeat device" software in 475,000 diesel cars in the U.S., hiding during emissions testing the fact that those cars emitted up to 40 times the legally allowable pollution levels when on the road. The complaint asserts that by knowingly installing this secret cheat software, Schmidt and VW conspired to defraud the U.S. by impairing and impeding the Environmental Protection Agency and violating the Clean Air Act, leading to the arrest on Saturday. Schmidt is due to appear before a Federal Court in Miami on Monday.
Crime

Macbook Saves Man's Life During Fort Lauderdale Airport Shooting (chron.com) 175

A 37-year-old credits his MacBook Pro laptop with saving his life during a shooting at the baggage claim of the Fort Lauderdale-Hollywood International Airport. An anonymous reader quotes WPLG Miami: He placed it in his backpack, but didn't think of it when he felt an impact on his back during the shooting... When the bloodshed was over, he said he went to the men's restroom and saw a bullet hole on the laptop. He gave it to FBI agents. And he was in shock when they found a 9 mm bullet in his backpack. That was when he realized a gunman aimed to kill him, but the laptop took the bullet for him. "If I didn't have that backpack on, the bullet would have shot me between the shoulders," Frappier said.
Government

FBI Releases (Redacted) Documents About The San Bernardino iPhone Case (go.com) 35

The FBI released 100 pages of documents about the unidentified vendor who unlocked the iPhone used by the San Bernardino shooter, but "censored critical details that would have shown how much the FBI paid, whom it hired and how it opened the phone." An anonymous reader quotes the Associated Press: The files make clear that the FBI signed a nondisclosure agreement with the vendor. The records also show that the FBI received at least three inquiries from companies interested in developing a product to unlock the phone, but none had the ability to come up with a solution fast enough for the FBI. The FBI also said in contracting documents that it did not solicit competing bids or proposals because it thought widely disclosing the bureau's needs could harm national security... The suit by the media organizations argued there was no legal basis to withhold the information and challenged the adequacy of the FBI's search for relevant records. It also said the public had a right to know whether the vendor has adequate security measures, is a proper recipient of government funds and will act only in the public interest. In refusing to provide the records, the FBI said the records had been compiled for law enforcement purposes and might interfere with ongoing enforcement proceedings, even though at the time the shooters were both dead and there were no indications others were involved.
Crime

How A Massive India Call Center Swindled 15,000 Americans (nytimes.com) 104

An FBI agent based in India says the country has now become a major hub for call-center fraud, blaming "a demographic bulge of computer-savvy, young, English-speaking job seekers; a vast call-center culture; super-efficient technology; and what can only be described as ingenuity." The Justice Depatment recently indicted one company for scamming "hundreds of millions of dollars" from over 15,000 victims, placing more than 1.8 million phone calls to Americans, and Slashdot reader retroworks brings an update: The New York Times has an interesting blow-by-blow story on two India tech center employees who informed on their call center fraud operation, which targeted Americans (especially recent immigrants) with fraudulent IRS calls and other scams. [May be paywalled; free version here.] The building was surrounded by police, phone lines cut. Eventually 630 of the employees were released, and charges were brought against 70 managers and executives of the call center.
The operation filled a seven-story high-rise, and the Times reports that after the raid, "fraudulent IRS calls to Americans dropped 95% percent, according to the Better Business Bureau." But they add that one former employee believes the scams will continue. Within weeks of the raid, he'd been offered a nearly identical job: calling Americans and claiming that their computer was infected with a virus.
Crime

New California Law Finally Makes Ransomware Illegal 128

Reader Trailrunner7 writes: It was nice to see the calendar turn over to 2017, for a lot of reasons, not the least of which is that on Jan. 1 a new law went into effect in California that outlaws the use of ransomware. The idea of needing a new law to make a form of hacking illegal may seem counterintuitive, but ransomware is a case of criminals outflanking the existing laws. Ransomware emerged in a big way a few years ago and the law enforcement community was not prepared for the explosion of infections. While there have been takedowns of ransomware gangs, they often involve charges of money laundering or other crimes, not the installation of the ransomware itself. In September, California Gov. Jerry Brown signed into law a bill that made the use of ransomware a crime, essentially a form of extortion. The law went into effect on Jan. 1.
Transportation

Eavesdropping Uber Driver Helps Rescue 16-Year-Old From Her Pimps (washingtonpost.com) 219

Slashdot reader sabri writes "In California, an Uber driver saved a 16 year old girl from human traffickers after he overheard them talk about delivering the girl to a customer." The Washington Post reports: Uber driver Keith Avila picked up a passenger who looked like a 12-year-old girl in a short skirt Monday night. That was the first sign that something was off, he would say later. Two women got into his car with the girl outside a house in Sacramento. Halfway to their destination -- a Holiday Inn in Elk Grove, California -- they asked Avila to turn up the music, he said. Then the women turned to the girl. Avila listened in.

"They were describing what they were going to do when they get there: 'Check for guns. Get the money before you start touching up on the guy,'" Avila said on Facebook Live minutes after he dropped off the passengers, then called police to report the women whom he suspected of prostituting the child. The girl was 16, not 12, Elk Grove police told local news outlets. But Avila's suspicions were right, they said. The teen was being sold for sex at the Holiday Inn, and her eavesdropping Uber driver had saved her.

The teen girl was returned to her family, while the two women with her were charged with multiple felonies. The driver had only joined Uber a few weeks earlier, but his Facebook Live video from outside his fare's house has now been viewed more than 240,000 times.

Slashdot Top Deals