Though Kia and Hyundai represent a tenth of U.S. auto sales, the New York Times reports that "Of the nearly 11,000 cars stolen in Memphis last year — about twice as many as in 2021 — roughly a third were late-model Kias and Hyundais, according to the police."

"It doesn't take much to rip them off: just a screwdriver, a USB cord and hot-wiring know-how found in videos proliferating on social media." Many of the culprits are teenagers or young adults stealing cars for kicks or to use them for other crimes, such as robberies, the police say. More than half of the 175 people arrested and accused of car theft this year in Memphis were teenagers, who often abandon the vehicles after a joyride.... [A]uto thefts have continued to rise, even as other forms of lawbreaking have leveled out or fallen....

[T]he surge has continued, fueled in part by social media videos that show, step by step, how to steal Kias and Hyundais that are not equipped with an engine immobilizer — an electronic security device that keeps a car from being started without a key.... [Kia and Hyundai] recently issued statements saying they had fixed the problem that makes their vehicles relatively easy to steal in their latest models, and were introducing free software upgrades for vulnerable cars — about 4.5 million Kias and 3.8 million Hyundais, the federal government estimated. At the same time, the companies have shipped steering wheel locks to police departments across the country, to be provided free of charge to car owners who drive at-risk models. And executives say they are constantly monitoring TikTok and YouTube for new videos that show how to steal their vehicles, and then alerting the social media companies so those videos can be removed....

Officials say the social media-driven rise in Kia and Hyundai thefts began about two years ago in Milwaukee, and then spread nationwide. City attorneys for Seattle and Columbus recently sued the automakers for not installing anti-theft technology, and other cities, including Cleveland, Milwaukee and St. Louis, have threatened litigation.

An anonymous reader shares this report from Dark Reading: In recent weeks, hackers have been deploying the "IceFire" ransomware against Linux enterprise networks, a noted shift for what was once a Windows-only malware.

A report from SentinelOne suggests that this may represent a budding trend. Ransomware actors have been targeting Linux systems more than ever in cyberattacks in recent weeks and months, notable not least because "in comparison to Windows, Linux is more difficult to deploy ransomware against, particularly at scale," Alex Delamotte, security researcher at SentinelOne, tells Dark Reading....

"[M]any Linux systems are servers," Delamotte points out, "so typical infection vectors like phishing or drive-by download are less effective." So instead, recent IceFire attacks have exploited CVE-2022-47986 — a critical remote code execution (RCE) vulnerability in the IBM Aspera data transfer service, with a CVSS rating of 9.8.

Delamotte posits a few reasons for why more ransomware actors are choosing Linux as of late. For one thing, she says, "Linux-based systems are frequently utilized in enterprise settings to perform crucial tasks such as hosting databases, Web servers, and other mission-critical applications. Consequently, these systems are often more valuable targets for ransomware actors due to the possibility of a larger payout resulting from a successful attack, compared to a typical Windows user."

A second factor, she guesses, "is that some ransomware actors may perceive Linux as an unexploited market that could yield a higher return on investment."
While previous reports had IceFire targetting tech companies, SentinelLabs says they've seen recent attacks against organizations "in the media and entertainment sector," impacting victims "in Turkey, Iran, Pakistan, and the United Arab Emirates, which are typically not a focus for organized ransomware actors."

Chronic pain patients were implanted with "dummy" pieces of plastic and told it would ease their pain, according to an indictment charging the former CEO of the firm that made the fake devices with fraud. Motherboard reports: Laura Perryman, the former CEO of Stimwave LLC, was arrested in Florida on Thursday. According to an FBI press release, Perryman was indicted "in connection with a scheme to create and sell a non-functioning dummy medical device for implantation into patients suffering from chronic pain, resulting in millions of dollars in losses to federal healthcare programs." According to the indictment, patients underwent unnecessary implanting procedures as a result of the fraud. Perryman was charged with one count of conspiracy to commit wire fraud and health care fraud, and one count of healthcare fraud. Stimwave received FDA approval in 2014, according to Engadget, and was positioned as an alternative to opioids for pain relief.

The Stimwave "Pink Stylet" system consisted of an implantable electrode array for stimulating the target nerve, a battery worn externally that powered it, and a separate, 9-inch long implantable receiver. When doctors told Stimwave that the long receiver was difficult to place in some patients, Perryman allegedly created the "White Stylet," a receiver that doctors could cut to be smaller and easier to implant -- but was actually just a piece of plastic that did nothing. "To perpetuate the lie that the White Stylet was functional, Perryman oversaw training that suggested to doctors that the White Stylet was a 'receiver,' when, in fact, it was made entirely of plastic, contained no copper, and therefore had no conductivity," the FBI stated. "In addition, Perryman directed other Stimwave employees to vouch for the efficacy of the White Stylet, when she knew that the White Stylet was actually non-functional." Stimwave charged doctors and medical providers approximately $16,000 for the device, which medical insurance providers, including Medicare, would reimburse the doctors' offices for.

The United States Federal Bureau of Investigation has acknowledged for the first time that it purchased US location data rather than obtaining a warrant. Wired reports: While the practice of buying people's location data has grown increasingly common since the US Supreme Court reined in the government's ability to warrantlessly track Americans' phones nearly five years ago, the FBI had not previously revealed ever making such purchases. The disclosure came [Wednesday] during a US Senate hearing on global threats attended by five of the nation's intelligence chiefs.

Senator Ron Wyden, an Oregon Democrat, put the question of the bureau's use of commercial data to its director, Christopher Wray: "Does the FBI purchase US phone-geolocation information?" Wray said his agency was not currently doing so, but he acknowledged that it had in the past. He also limited his response to data companies gathered specifically for advertising purposes. To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising," Wray said. "I understand that we previously -- as in the past -- purchased some such information for a specific national security pilot project. But that's not been active for some time." He added that the bureau now relies on a "court-authorized process" to obtain location data from companies."

It's not immediately clear whether Wray was referring to a warrant -- that is, an order signed by a judge who is reasonably convinced that a crime has occurred -- or another legal device. Nor did Wray indicate what motivated the FBI to end the practice. In its landmark Carpenter v. United States decision, the Supreme Court held that government agencies accessing historical location data without a warrant were violating the Fourth Amendment's guarantee against unreasonable searches. But the ruling was narrowly construed. Privacy advocates say the decision left open a glaring loophole that allows the government to simply purchase whatever it cannot otherwise legally obtain. [...] Asked during the Senate hearing whether the FBI would pick up the practice of purchasing location data again, Wray replied: "We have no plans to change that, at the current time."

Last month, Volkswagen garnered plenty of bad publicity when it emerged that the company's connected car service refused to help track a stolen car -- with a 2-year-old child still on board -- until someone paid to reactivate the service. Now, the automaker says it's very sorry this happened, and it's making its connected vehicle emergency service free to most model-year 2020-2023 Volkswagens. Ars Technica reports: "The family was thankfully reunited, but the crime and the process failure are heartbreaking for me," said Rachael Zaluzec, VW's SVP for customer experience and brand and marketing. "As a mom and an aunt, I can imagine how painful this incident must have been. Words can't adequately express how truly sorry I am for what the family endured."

"Volkswagen must and will do better for everyone that trusts our brand and for the law enforcement officials tasked with protecting us. In addition to a full investigation of what went wrong and actions taken to address the failure, we want to make it right for the future. Today, we are setting a new standard for customer peace of mind. As of June 1, we will make these connected vehicle emergency services free for five years as one significant step we can take as a commitment to our owners and their families," Zaluzec said in a statement sent to Ars.

Most MY2020 or newer VWs can use connected services, apart from MY2020 Passats. From June, owners can sign up for five years of free Car-Net Safe and Secure, which uses the vehicle's onboard modem to connect to the emergency services via the car's SOS button. In gasoline-powered VWs, there is also an anti-theft alert. VW says it will make Car-Net Remote Access free for five years as well. This lets owners interact with their car via a mobile app and can lock and unlock the doors, honk the horn and flash the lights, and, if fitted, remote-start the vehicle.

A YouTube star who built a sizable following with slickly produced videos flaunting his fleet of luxury and sports cars, collection of diamond-encrusted bling, and his spacious Swedesboro home will be forced to give up nearly all of it after he was sentenced Tuesday to 5 and a half years in prison for the illegal business that allowed him to amass those trappings of success. From a report: Bill Omar Carrasquillo -- better known to his more than 800,000 online followers as "Omi in a Hellcat" -- pleaded guilty last year to running one of the most brazen and successful cable TV piracy schemes ever prosecuted by the U.S. government. As part of his sentencing Tuesday, he was ordered to forfeit more than $30 million in assets, including nearly $6 million in cash; cars including Lamborghinis, Porsches, Bentleys, and McLarens; and a portfolio of more than a dozen properties he'd amassed across Philadelphia and its suburbs.

"Thirty million dollars is a lot of money [but] tangible objects aren't everything," U.S. District Judge Harvey Bartle III said in announcing the punishment during a hearing in federal court. "You have a large following and there may be people who think if you can get away with it, they can too." Carrasquillo, 36, apologized to his family, his employees, and the cable companies he'd cheated through his business, which illegally sold content hijacked from cable boxes to thousands of online subscribers paying fees as low as $15 a month. "I really didn't know the significance of this crime until I was picked up [by the FBI] at my home," he said. "I feel like I let everybody down." But while prosecutors described Carrasquillo's crimes -- which included counts of conspiracy, copyright infringement, fraud, money laundering, and tax evasion -- as serious, much of Tuesday's hearing focused on Carrasquillo's remarkable rags-to-riches story.

Police were investigating his neighbor. A judge gave officers access to all his security-camera footage, including inside his home. From a report: The week of last Thanksgiving, Michael Larkin, a business owner in Hamilton, Ohio, picked up his phone and answered a call. It was the local police, and they wanted footage from Larkin's front door camera. Larkin had a Ring video doorbell, one of the more than 10 million Americans with the Amazon-owned product installed at their front doors. His doorbell was among 21 Ring cameras in and around his home and business, picking up footage of Larkin, neighbors, customers and anyone else near his house. The police said they were conducting a drug-related investigation on a neighbor, and they wanted videos of "suspicious activity" between 5 and 7 p.m. one night in October. Larkin cooperated, and sent clips of a car that drove by his Ring camera more than 12 times in that time frame. He thought that was all the police would need. Instead, it was just the beginning.

They asked for more footage, now from the entire day's worth of records. And a week later, Larkin received a notice from Ring itself: The company had received a warrant, signed by a local judge. The notice informed him it was obligated to send footage from more than 20 cameras -- whether or not Larkin was willing to share it himself. As networked home surveillance cameras become more popular, Larkin's case, which has not previously been reported, illustrates a growing collision between the law and people's own expectation of privacy for the devices they own -- a loophole that concerns privacy advocates and Democratic lawmakers, but which the legal system hasn't fully grappled with. Questions of who owns private home security footage, and who can get access to it, have become a bigger issue in the national debate over digital privacy. And when law enforcement gets involved, even the slim existing legal protections evaporate. "It really takes the control out of the hands of the homeowners, and I think that's hugely problematic," said Jennifer Lynch, the surveillance litigation director of the Electronic Frontier Foundation, a digital rights advocacy group.

In the debate over home surveillance, much of the concern has focused on Ring in particular, because of its popularity, as well as the company's track record of cooperating closely with law enforcement agencies. The company offers a multitude of products such as indoor cameras or spotlight cameras for homes or businesses, recording videos based on motion activation, with the footage stored for up to 180 days on Ring's servers. They amount to a large and unregulated web of eyes on American communities -- which can provide law enforcement valuable information in the event of a crime, but also create a 24/7 recording operation that even the owners of the cameras aren't fully aware they've helped to build.

"Cities across the nation face a dilemma," writes the Washington Post's editoral board," warning local leaders to respond to "the urgency and scale of the downtown crisis in many major metro areas..."

"Downtown office buildings are empty as workers prefer to stay home." Nearly all local leaders agree part of the solution is an office-to-apartment conversion boom. Cities have started rolling out tax incentives to encourage developers to begin this transformation. This strategy is straight out of the playbook that revived center city Philadelphia and Lower Manhattan in the past quarter century. But there's a problem: City leaders aren't doing enough...

Consider the nation's capital city. Downtown D.C. is more than 90 percent commercial buildings. The vibrancy and workers are largely gone. Crime and grime are increasing, while property tax revenue is quickly decreasing as building values plummet. Mayor Muriel E. Bowser (D) has put out an ambitious "Comeback Plan" that calls for 15,000 new residents living downtown by 2028. To make that a reality, the city needs developers to convert roughly 7 million square feet of office space to apartments and condos. Her team estimates about 1 million square feet is on track for conversion so far. There's a long way to go. The situation is similar in Chicago, San Francisco, New York and Atlanta, among other cities....

The longer cities wait to get conversions underway, the more tax values drop and crime goes up, and the more people see no value in living in the heart of the city — or even visiting. One way or another, cities are going to pay. D.C. is already staring at $464 million in lower revenue for 2024 to 2026 mainly due to lower commercial property taxes downtown. San Francisco is facing a $728 million shortfall over the next two fiscal years for similar reasons. Buildings constructed in the 1980s, 1990s and early 2000s are quickly becoming distressed. It's far better to invest now than to spend years overseeing stagnation and decline. As D.C.'s Chief Financial Officer Glen Lee warned, this is "a serious long-term risk to the District's economy and its tax base."

The sooner these buildings can convert to residential, the sooner the city can generate some tax revenue again from an area that once brought in hefty commercial property revenue. Cities will have to rely much more on residential income tax revenue from downtowns.

The BBC reports: Journalists have been forced to temporarily take down articles critical of powerful oil lobbyists due to the exploitation of US copyright law, according to a new report.

At least five such articles have been subject to fake copyright claims, including one by the respected South African newspaper Mail & Guardian, according to the Organized Crime and Corruption Reporting Project (OCCRP). The claims — which falsely assert ownership of the stories — have been made by mystery individuals under the US Digital Millennium Copyright Act (DMCA), a law meant to protect copyright holders. Just last month, three separate false copyright claims were made against Diario Rombe, an investigative news outlet that focusses on Equatorial Guinea. The articles under attack are about the president of Equatorial Guinea's son, Gabriel Mbaga Obiang Lima, and his close associate, Cameroonian businessman and lawyer NJ Ayuk.

The OCCRP claimed in a report published on Wednesday that the DMCA process was often abused by "unknown parties" who create backdated fake articles to target critical news reports....

Climate Home editor Megan Darby told the OCCRP: "These bogus allegations look like a devious tactic to suppress independent journalism."
Thanks to Slashdot reader Bruce66423 for sharing the story.

San Diego Union-Tribune: Almost three years ago, the city of San Diego cut off access to its broad network of Smart Streetlights -- more than 3,000 devices perched atop light poles that could collect images and other data, some of which the Police Department used to solve criminal cases. The city removed that access, at least without a warrant, because of concerns from the public about surveillance and privacy issues. On Wednesday, the San Diego Police Department said it wants access to 500 of those devices to be restored -- and they want to add another crime-solving tool to the network: automated license plate readers.

The controversy surrounding the Smart Streetlights began in 2019 when it was revealed that the cameras had been installed without public input. Police started accessing the camera footage in 2018 for investigations. Direct access was cut off in 2020 as a result of public outcry. Because the Smart Streetlight cameras had not been well maintained over the years, the city would need to install new cameras. Adding the license plate reader technology would mark the first time the city of San Diego would have the readers in fixed locations. This is the first big push for surveillance technology in San Diego since the city approved ordinances last year specifically setting rules to govern this kind of technology in light of privacy concerns.

A man who rented out servers configured for BitTorrent file-sharing use has been handed a three-month suspended sentence in Denmark. Known as 'seedboxes', these pre-configured servers are not illegal per se, but when customers used the devices to break copyright law on known pirate sites, rightsholders held the server provider liable. TorrentFreak reports: Local anti-piracy group Rights Alliance (Rettigheds Alliancen) mitigates all types of piracy but for the past few years, has maintained a keen focus on torrent sites. Working in partnership with the Danish government's SOIK IP-Task Force, Rights Alliance forced several sites to close down and successfully prosecuted site operators, staff members, and users who uploaded content to those sites. In 2021, Rights Alliance targeted specialized servers that not only supply content to torrent sites but also play a role in boosting download times while improving security.

In 2021, news broke that six people had been arrested in Denmark due to their alleged connections to several local torrent sites. Among them was Kasper Nielsen of internet services company HNielsen Networks, a supplier of servers under various brands that could be configured for 'seedbox' purposes. Available information indicated that the servers had been used by an unknown number of users to share content on private torrent sites ShareUniversity, Superbits and DanishBytes. [...] When Rights Alliance filed its criminal complaint against HNielsen Networks, the anti-piracy group referenced the landmark Filmspeler case which involved the sale of piracy-configured media players.

According to statements published by Rights Alliance and NSK (Saerlig Kriminalitet) Denmark's Special Crime Unit, Nielsen was convicted yesterday for selling seedboxes in the knowledge they were being used by others to share movies, TV shows, eBooks and other content, without permission from rightsholders. "On February 28, the Court in Aalborg ruled against the Danish owner behind a seedbox company for, in the period November 2020 to May 2021, having sold seedboxes and server capacity to an unknown number of people, knowing that they were used for illegal sharing of no less than 3,838 copyright-protected works on the Danish and Nordic file sharing services ShareUniversity, Superbits and DanishBytes," Rights Alliance reports. Nielsen was handed a three-month conditional (suspended) sentence and a confiscation order for DKK 300,000 (around $42,600), the amount users had paid his company to access the seedbox servers. The 35-year-old must also pay compensation of DKK 298,660 to Rights Alliance. "Providers of seedboxes have a responsibility to ensure that their services are not used for illegal uploading and downloading of copyrighted content, which the Rights Alliance can clearly see that they are doing," says Maria Fredenslund, Director of Rights Alliance. "Therefore, this case helps to send a signal to other providers that you cannot deliberately sell services to the illegal market."

Since Neilsen took a plea deal at an early stage, none of the claims made by Rights Alliance were needed to be proven in court. "The 3,838 figure and any evidence related to 'knowledge' of infringement carried out by seedbox customers on the sites, were accepted as true," reports TorrentFreak.

FTX ex-engineering head Nishad Singh pleaded guilty to criminal charges in New York on Tuesday, becoming the latest member of Sam Bankman-Fried's former leadership team to agree to a deal. CNBC reports: The six charges against Singh include conspiracy to commit securities fraud, conspiracy to commit money laundering and conspiracy to violate campaign finance laws. FTX spiraled into bankruptcy in November after the crypto exchange, founded by Bankman-Fried, couldn't meet customers' withdrawal demands.

"Today's guilty plea underscores once again that the crimes at FTX were vast in scope and consequence," Manhattan U.S. Attorney Damian Williams said in a statement. "They rocked our financial markets with a multibillion dollar fraud. And they corrupted our politics with tens of millions of dollars in illegal straw campaign contributions. These crimes demand swift and certain justice and that is exactly what we are seeking in the Southern District of New York."

The Securities and Exchange Commission, as well as the Commodity Futures Trading Commission both filed related civil complaints against Singh on Tuesday. The SEC said in a release that Singh is cooperating with the agency's ongoing investigation, and he has separately agreed to settle with the CFTC. Two of the criminal charges against Singh are related to wire fraud and another is conspiracy to commit commodities fraud.

After an iPhone was stolen, $10,000 vanished from the owner's bank account — and they were locked out of their Apple account's photos, contacts and notes. The thieves "stole thousands of dollars through Apple Pay" and "opened an Apple Card to make fraudulent charges," writes 9 to 5 Mac, citing a report from the Wall Street Journal. These thieves often work in groups with one distracting a victim while another records over a shoulder as they enter their passcode. Others have been known to even befriend victims, asking them to open social media or other apps on their iPhones so they can watch and memorize the passcode before stealing it. A 12-person crime ring in Minnesota was recently taken down after targeting iPhones like this in bars. Almost $300,000 was stolen from 40 victims by this group before they were caught.
The Journal adds that "similar stories are piling up in police stations around the country," while one of their article's authors has tweeted Apple's official response. "We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare.... We will continue to advance the protections to help keep user accounts secure."

The reporter suggests alphanumeric passwords are harder to steal, while MacRumors offers some other simple fixes. "Use Face ID or Touch ID as much as possible when in public to prevent thieves from spying... In situations where entering the passcode is necessary, users can hold their hands over their screen to hide passcode entry."

FTX co-founder Sam Bankman-Fried was hit Thursday with four new criminal charges, including ones related to commodities fraud and making unlawful political contributions, in a superseding indictment filed in New York federal court. A source familiar with the new counts said that SBF, as he is popularly known, could face an additional 40 years in prison if convicted in the case, where he is accused of "multiple schemes to defraud." CNBC reports: The charging document lays out how Bankman-Fried allegedly operated an illegal straw donor scheme as he moved to use customers funds to run a multimillion-dollar political influence campaign. Bankman-Fried and fellow FTX executives combined to contribute more than $70 million toward the 2022 midterm elections, according to campaign finance watchdog OpenSecrets. The indictment claims that Bankman-Fried and his co-conspirators "made over 300 political contributions, totaling tens of millions of dollars, that were unlawful because they were made in the name of a straw donor or paid for with corporate funds." "To avoid certain contributions being publicly reported in his name, Bankman-Fried conspired to and did have certain political contributions made in the names of two other FTX executives," the new filing claims.

The document refers to one such example, in 2022, when Bankman-Fried and "others agreed that he and his co-conspirators should contribute at least a million dollars to a super PAC that was supporting a candidate running for a United States Congressional seat and appeared to be affiliated with pro-LGBTQ issues." The group of conspirators, according to the document, selected an individual only identified in the document as "CC-1" or co-conspirator 1, to be the donor. However, in 2022, then-FTX Director of Engineering Nishad Singh contributed $1.1 million to the LGBTQ Victory Fund Federal PAC, according to Federal Election Commission filings.

SBF's alleged campaign finance scheme included efforts to keep his contributions to Republicans "dark," according to the new indictment. And, the alleged straw donor scheme was coordinated, at least in part, "through an encrypted, auto-deleting Signal chat called 'Donation Processing,'" according to the indictment. The document says another unnamed co-conspirator "who publicly aligned himself with conservatives, made contributions to Republican candidates that were directed by Bankman-Fried and funded by Alameda," the crypto tycoon's hedge fund. Again, the document does do not name the alleged second FTX co-conspirator who contributed to Republican candidates.

The indictment alleges that Bankman-Fried and his allies allegedly tried to "further conceal the scheme" by recording "the outgoing wire transfers from Alameda to individuals' bank accounts for purposes of making contributions as Alameda 'loans' or 'expenses.'" The document says that "while employees at Alameda generally tracked loans to executives, the transfers to Bankman-Fried, CC-1, and CC-2 in the months before the 2022 midterm elections were not recorded on internal Alameda tracking spreadsheets." The internal Alameda spreadsheets, however, "noted over $100 million in political contributions, even though FEC records reflect no political contributions by Alameda for the 2022 midterm elections to candidates or PACs."

A former employee of a Massachusetts town is facing charges of allegedly setting up a secret cryptocurrency mining operation in a remote crawl space at a school, police said. The Associated Press reports: Nadeam Nahas, 39, was scheduled to be arraigned Thursday on charges of fraudulent use of electricity and vandalizing a school, but he did not show up and a judge issued a default warrant after rejecting a defense motion to reschedule, a spokesperson for the Norfolk district attorney's office said. Police responded to Cohasset Middle/High School in December 2021 after the town's facilities director found electrical wires, temporary duct work, and numerous computers that seemed out of place while conducting a routine inspection of the school, Chief William Quigley of the Cohasset Police Department said in a statement Wednesday.

He contacted the town's IT director, who determined that it was a cryptocurrency mining operation unlawfully hooked up to the school's electrical system, Quigley said. The Coast Guard Investigative Service and the Department of Homeland Security assisted with safely removing and examining the equipment. Nahas, the town's assistant facilities director, was identified as a suspect after a three-month investigation. After a show-cause hearing, a criminal complaint was issued. Nahas subsequently resigned from his job with the town in early 2022, police said.

An anonymous reader quotes a report from Ars Technica: Two Republican lawmakers in Idaho have introduced a bill that would make it a misdemeanor for anyone in the state to administer mRNA-based vaccines -- namely the lifesaving and remarkably safe COVID-19 vaccines made by Pfizer-BioNTech and Moderna. If passed as written, it would also preemptively ban the use of countless other mRNA vaccines that are now in development, such as shots for RSV, a variety of cancers, HIV, flu, Nipah virus, and cystic fibrosis, among others. The bill is sponsored by Sen. Tammy Nichols of Middleton and Rep. Judy Boyle of Midvale, both staunch conservatives who say they stand for freedom and the right to life. But their bill, HB 154, proposes that "a person may not provide or administer a vaccine developed using messenger ribonucleic acid [mRNA] technology for use in an individual or any other mammal in this state." If passed into law, anyone administering lifesaving mRNA-based vaccines would be guilty of a misdemeanor, which could result in jail time and/or a fine.

While presenting the bill to the House Health & Welfare Committee last week, Nichols said their anti-mRNA stance stems from the fact that the COVID-19 vaccines were initially allowed under emergency use authorizations (EUAs) from the Food and Drug Administration, not the agency's full regulatory approval. "We have issues that this was fast-tracked," she told fellow lawmakers, according to reporting from local news outlet KXLY.com. [...] "They ultimately were approved under the ordinary approval process and did ultimately, you know, survive the scrutiny of being subjected to all the normal tests," Rep. Ilana Rubel, a democrat from Boise, said. Nichols seemed unswayed by the point, however, with KTVB7 reporting that she responded that the FDA's approval "may not have been done like we thought it should've been done."

To date, more than 269 million people in the US have received at least one COVID-19 vaccine, and over 700 million doses of mRNA-based vaccines have gone into American arms, according to data from the Centers for Disease Control and Prevention. The agency keeps close tabs on safety through various national surveillance systems. Although the shots do carry some risk (as is the case for any medical intervention), they have proven remarkably safe amid widespread use of hundreds of millions of doses in the US and worldwide. A study released late last year found that COVID-19 vaccination in the US alone averted more than 18 million additional hospitalizations and more than 3 million additional deaths from the pandemic coronavirus, SARS-CoV-2. The National Human Genome Research Institute notes that mRNA "is a type of single-stranded RNA involved in protein synthesis. mRNA is made from a DNA template during the process of transcription. The role of mRNA is to carry protein information from the DNA in a cell's nucleus to the cell's cytoplasm (watery interior), where the protein-making machinery reads the mRNA sequence and translates each three-base codon into its corresponding amino acid in a growing protein chain."

mRNA-based vaccines made their public debut amid the COVID-19 pandemic, but researchers have been "working toward these vaccines for decades beforehand," adds Ars.

Police use of automated data analysis to prevent crime in some German states was unconstitutional, a top German court said on Thursday, ruling in favour of critics of software provided by the CIA-backed Palantir. From a report: Provisions regulating the use of the technology in Hesse and Hamburg violate the right to informational self-determination, a statement from the constitutional court said. Hesse has been given a Sept. 30 deadline to rewrite its provisions, while legislation in Hamburg -- where the technology was not yet in use -- was nullified. "Given the particularly broad wording of the powers, in terms of both the data and the methods concerned, the grounds for interference fall far short of the constitutionally required threshold of an identifiable danger," the court said. However, court president Stephan Harbarth said states had the option "of shaping the legal basis for further processing of stored data files in a constitutional manner."

An existential fight over the US government's ability to spy on its own citizens is brewing in Congress. And as this fight unfolds, the Federal Bureau of Investigation's biggest foes on Capitol Hill are no longer reformers merely interested in reining in its authority. Many lawmakers, elevated to new heights of power by the recent election, are working to dramatically curtail the methods by which the FBI investigates crime. From a report: New details about the FBI's failures to comply with restrictions on the use of foreign intelligence for domestic crimes have emerged at a perilous time for the US intelligence community. Section 702 of the Foreign Intelligence Surveillance Act (FISA), the so-called crown jewel of US intelligence, grants the government the ability to intercept the electronic communications of overseas targets who are unprotected by the Fourth Amendment. That authority is set to expire at the end of the year. But errors in the FBI's secondary use of the data -- the investigation of crimes on US soil -- are likely to inflame an already fierce debate over whether law enforcement agents can be trusted with such an invasive tool.

Central to this tension has been a routine audit by the Department of Justice's (DOJ) national security division and the office of the director of national intelligence (ODNI) -- America's "top spy" -- which unearthed new examples of the FBI failing to comply with rules limiting access to intelligence ostensibly gathered to protect US national security. Such "errors," they said, have occurred on a "large number" of occasions. A report on the audit, only recently declassified, found that in the first half of 2020, FBI personnel unlawfully searched raw FISA data on numerous occasions. In one incident, agents reportedly sought evidence of foreign influence linked to a US lawmaker. In another, an inappropriate search pertained to a local political party. In both cases, these "errors" were attributed to a "misunderstanding" of the law, the report says. At some point between December 2019 and May 2020, FBI personnel conducted searches of FISA data using "only the name of a US congressman," the report says, a query that investigators later found was "noncompliant" with legal procedures. Further reading: NSA Director Urges Congress To Renew Controversial Intelligence Authority.

An anonymous reader quotes a report from KrebsOnSecurity: Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into "a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks," the Treasury Department said.

"During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States," the sanctions notice continued. "In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group."

Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. According to the Treasury Department, the alleged senior leader of the Trickbot group is 34-year-old Russian national Vitaly "Bentley" Kovalev. A New Jersey grand jury indicted Kovalev in 2012 after an investigation by the U.S. Secret Service determined that he ran a massive "money mule" scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States. The 2012 indictment against Kovalev relates to cybercrimes he allegedly perpetrated prior to the creation of Trickbot. A copy of the now-unsealed 2012 indictment of Kovalev is here (PDF).

An anonymous reader quotes a report from Motherboard: A section of the UK government has proposed making the sale or possession of bespoke encrypted phones for crime a criminal offense in its own right. The measure is intended to help the country's law enforcement agencies tackle organized crime and those who facilitate it, but civil liberties experts tell Motherboard the proposal is overbroad and poorly defined, meaning it could sweep up other forms of secure communication used by the wider population if not adjusted. "At the moment the government proposal appears to be vague and overly broad. While it states that the provisions 'will not apply to commercially available mobile phones nor the encrypted messaging apps available on them' it is difficult to see how it will not result in targeting devices used on a daily [basis] by human rights defenders, protesters and pretty much all of us who want to keep our data secure," Ioannis Kouvakas, senior legal officer and assistant general counsel at UK-based activism organization Privacy International, told Motherboard in an email.

The proposal is included in a document published by the Home Office (PDF). In that document, the Home Office proposes two legislative measures that it says could be used to improve law enforcement's response to serious and organized crime, and is seeking input from law enforcement, businesses, lawyers, civil liberties NGOs, and the wider public. [...] The first measure looks to create new criminal offenses on the "making, modifying, supply, offering to supply and possession of articles for use in serious crime." The document points to several specific items: vehicle concealments used to hide illicit goods; digital templates for 3D-printing firearms; pill presses used in the drug trade; and "sophisticated encrypted communication devices used to facilitate organized crime." In other words, this change would criminalize owning an encrypted phone, selling one, or making one for use in crime, a crime in itself. [...]

With encrypted phones, the Home Office writes that both the encryption itself and modifications made to the phones are creating "considerable barriers" to law enforcement. Typically, phones from this industry use end-to-end encryption, meaning that messages are encrypted before leaving the device, rendering any interception by law enforcement ineffective. (Multiple agencies have instead found misconfigurations in how companies' encryption works, or hacked into firms, to circumvent this protection). Encrypted phone companies sometimes physically remove the microphone, camera, and GPS functionality from handsets too. Often distributors sell these phones for thousands of dollars for yearly subscriptions. Given that price, the Home Office says it is "harder to foresee a need for anyone to use them for legitimate, legal reasons." The Home Office adds that under one option for legislation, laws could still criminalize people who did not suspect the technology would be used for serious crime, simply because the technology is so "closely associated with serious crime." Potential signs could include someone paying for a phone "through means which disguise the identity of the payer," the document reads. Often distributors sell phones for Bitcoin or cash, according to multiple encrypted phone sellers that spoke to Motherboard. The document says "the provisions will not apply to commercially available mobile phones nor the encrypted messaging apps available on them." But the Home Office does not yet have a settled definition of what encompasses "sophisticated encrypted communication devices," leaving open the question of what exactly the UK would be prepared to charge a person for possessing or selling.