An anonymous reader quotes a report from Motherboard: Two developers have used OpenAI's DALL-E 2 image generation model to create a forensic sketch program that can create "hyper-realistic" police sketches of a suspect based on user inputs. The program, called Forensic Sketch AI-rtist, was created by developers Artur Fortunato and Filipe Reynaud as part of a hackathon in December 2022. The developers wrote that the program's purpose is to cut down the time it usually takes to draw a suspect of a crime, which is "around two to three hours," according to a presentation uploaded to the internet. "We haven't released the product yet, so we don't have any active users at the moment, Fortunato and Reynaud told Motherboard in a joint email. "At this stage, we are still trying to validate if this project would be viable to use in a real world scenario or not. For this, we're planning on reaching out to police departments in order to have input data that we can test this on."

AI ethicists and researchers told Motherboard that the use of generative AI in police forensics is incredibly dangerous, with the potential to worsen existing racial and gender biases that appear in initial witness descriptions. "The problem with traditional forensic sketches is not that they take time to produce (which seems to be the only problem that this AI forensic sketch program is trying to solve). The problem is that any forensic sketch is already subject to human biases and the frailty of human memory," Jennifer Lynch, the Surveillance Litigation Director of the Electronic Frontier Foundation, told Motherboard. "AI can't fix those human problems, and this particular program will likely make them worse through its very design."

The program asks users to provide information either through a template that asks for gender, skin color, eyebrows, nose, beard, age, hair, eyes, and jaw descriptions or through the open description feature, in which users can type any description they have of the suspect. Then, users can click "generate profile," which sends the descriptions to DALL-E 2 and produces an AI-generated portrait. "Research has shown that humans remember faces holistically, not feature-by-feature. A sketch process that relies on individual feature descriptions like this AI program can result in a face that's strikingly different from the perpetrator's," Lynch said. "Unfortunately, once the witness sees the composite, that image may replace in their minds, their hazy memory of the actual suspect. This is only exacerbated by an AI-generated image that looks more 'real' than a hand-drawn sketch."

A former Coinbase product manager pleaded guilty on Tuesday in what U.S. prosecutors have called the first insider trading case involving cryptocurrency, his defense lawyer said in a court hearing. From a report: Ishan Wahi, 32, pleaded guilty to two counts of conspiracy to commit wire fraud, after initially pleading not guilty last year. Prosecutors said Wahi shared confidential information with his brother Nikhil and their friend Sameer Ramani about forthcoming announcements of new digital assets that Coinbase would let users trade. "I knew that Sameer Ramani and Nikhil Wahi would use that information to make trading decisions," Ishan Wahi said during Tuesday's hearing in federal court in Manhattan. "It was wrong to misappropriate and disseminate Coinbase's property." Nikhil Wahi and Ramani were charged with using ethereum blockchain wallets to acquire digital assets and trading at least 14 times before Coinbase announcements between June 2021 and April 2022.

An anonymous reader quotes a report from The Guardian: Consumers could be using a new digital pound as an alternative to cash by the end of the decade under plans being drawn up by the Bank of England and the Treasury. The government is speeding up its response to the rise of privately issued cryptocurrencies and stable coins with a four-month public consultation process on a "Britcoin" starting on Tuesday. After the volatility of cryptocurrencies and the collapse of the crypto exchange FTX, the Bank and the Treasury will seek to reassure the public that a state-backed digital currency would be as safe as cash. Officials will explore the technical issues involved in creating a central bank digital currency before a final decision is taken by the middle of the decade.

Jeremy Hunt, the chancellor of the exchequer, and Andrew Bailey, the Bank of England governor, say the government could still decide against going ahead but momentum is building behind the idea. The consultation paper argues that a digital pound will be needed at some point in the future. Assuming the go-ahead is given, the earliest date cash could be held in digital wallets offered to consumers by the private sector through smartphones or smartcards would be the end of the 2020s, the Bank and the Treasury say. Bailey said: "As the world around us and the way we pay for things becomes more digitalized, the case for a digital pound in the future continues to grow. A digital pound would provide a new way to pay, help businesses, maintain trust in money and better protect financial stability. However, there are a number of implications which our technical work will need to carefully consider. This consultation and the further work the Bank will now do will be the foundation for what would be a profound decision for the country on the way we use money."

If introduced, the digital pound would be issued by the Bank of England and could be used to make payments in person or online. It would be interchangeable with cash and bank deposits, and -- as with the current system of notes -- be issued in denominations of pounds sterling. No interest would be paid on pounds held in digital form. The Bank and the Treasury say a digital pound would be subject to rigorous standards of privacy and data protection. "Like current digital payments and bank accounts, the digital pound would not be anonymous because the ability to identify and verify users is necessary to prevent financial crime," they said. "This is essential for trust and confidence in money and therefore wide use of the digital pound." Hunt added: "While cash is here to stay, a digital pound issued and backed by the Bank of England could be a new way to pay that's trusted, accessible and easy to use."

"That's why we want to investigate what is possible first, while always making sure we protect financial stability."

An anonymous reader quotes a report from KrebsOnSecurity: Julius "Zeekill" Kivimaki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimaki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. [...] According to the French news site actu.fr, Kivimaki was arrested around 7 a.m. on Feb. 3, after authorities in Courbevoie responded to a domestic violence report. Kivimaki had been out earlier with a woman at a local nightclub, and later the two returned to her home but reportedly got into a heated argument. Police responding to the scene were admitted by another woman -- possibly a roommate -- and found the man inside still sleeping off a long night. When they roused him and asked for identification, the 6 3 blonde, green-eyed man presented an ID that stated he was of Romanian nationality. The French police were doubtful. After consulting records on most-wanted criminals, they quickly identified the man as Kivimaki and took him into custody.

Kivimaki initially gained notoriety as a self-professed member of the Lizard Squad, a mainly low-skilled hacker group that specialized in DDoS attacks. But American and Finnish investigators say Kivimaki's involvement in cybercrime dates back to at least 2008, when he was introduced to a founding member of what would soon become HTP. Finnish police said Kivimaki also used the nicknames "Ryan", "RyanC" and "Ryan Cleary" (Ryan Cleary was actually a member of a rival hacker group -- LulzSec -- who was sentenced to prison for hacking). Kivimaki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivimaki's alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. Kivimaki was 15 years old at the time. In 2013, investigators going through devices seized from Kivimaki found computer code that had been used to crack more than 60,000 web servers using a previously unknown vulnerability in Adobe's ColdFusion software.

Multiple law enforcement sources told KrebsOnSecurity that Kivimaki was responsible for making an August 2014 bomb threat against former Sony Online Entertainment President John Smedley that grounded an American Airlines plane. That incident was widely reported to have started with a tweet from the Lizard Squad, but Smedley and others said it started with a call from Kivimaki. Kivimaki also was involved in calling in multiple fake bomb threats and "swatting" incidents -- reporting fake hostage situations at an address to prompt a heavily armed police response to that location.

The Washington Post looks at the effectiveness — and the implications — of "citywide surveillance" networks, including Memphis's SkyCop , "built on 2,100 cameras that broadcast images back to a police command center every minute of every day." Known for their blinking blue lights, the SkyCop cameras now blanket many of the city's neighborhoods, gas stations, sidewalks and parks. The company that runs SkyCop, whose vice president of sales previously worked for the Memphis police, promotes it as a powerful crime deterrent that can help "neighborhoods take back their streets." But after a decade in which Memphis taxpayers have paid $10 million to expand the surveillance system, crime in the city has gone up....

No agency tracks nationwide camera installation statistics, but major cities have invested heavily in such networks. Police in Washington, D.C., said they had deployed cameras at nearly 300 intersections by 2021, up from 48 in 2007. In Chicago, more than 30,000 cameras are viewable by police; in parts of New York City, the cameras watch every block. Yet researchers have found no substantive evidence that the cameras actually reduce crime....

In federal court, judges have debated whether round-the-clock police video recording could constitute an unreasonable search as prohibited by the Fourth Amendment. Though the cameras are installed in public areas, they also capture many corners of residential life, including people's doors and windows. "Are we just going to put these cameras in front of everybody's house and monitor them and see if anybody's up to anything?" U.S. Circuit Judge O. Rogeriee Thompson said during oral arguments for one such case in 2021....

Dave Maass, a director at the digital rights group Electronic Frontier Foundation who researches police surveillance technology, said these systems have expanded rapidly in the United States without real evidence that they have led to a drop in crime. "This often isn't the community coming in and asking for it, it's police going to conferences where ... vendors are promising the world and that they'll miraculously solve crimes," Maass said. "But it's just a commercial thing. It's just business."
Nonetheless, the Post notes that in Memphis many SkyCop cameras are even outfitted "with license-plate recognition software that records the time and location of every passing car."

Slashdot reader lexios shares this report from the French international news agency Agence France-Press: European police arrested 42 suspects and seized guns, drugs and millions in cash, after cracking another encrypted online messaging service used by criminals, Dutch law enforcement said Friday. Police launched raids on 79 premises in Belgium, Germany and the Netherlands following an investigation that started back in September 2020 and led to the shutting down of the covert Exclu Messenger service.

After police and prosecutors got into the Exclu secret communications system, they were able to read the messages passed between criminals for five months before the raids, said Dutch police. Those arrested include users of the app, as well as its owners and controllers. Police in France, Italy and Sweden, as well as Europol and Eurojust, its justice agency twin, also took part in the investigation. The police raids uncovered at least two drugs labs, one cocaine-processing facility, several kilograms of drugs, four million euros in cash, luxury goods and guns, Dutch police said.
The "secure" messaging app was used by around 3 000 people who paid 800 euros (roughly $866 USD) for a six-month subscription.

A former employee of network technology provider Ubiquiti pleaded guilty to multiple felony charges after posing as an anonymous hacker in an attempt to extort almost $2 million worth of cryptocurrency while employed at the company. From a report: Nickolas Sharp, 37, worked as a senior developer for Ubiquiti between 2018 and 2021 and took advantage of his authorized access to Ubiquiti's network to steal gigabytes worth of files from the company during an orchestrated security breach in December 2020.

Prosecutors said that Sharp used the Surfshark VPN service to hide his home IP address and intentionally damaged Ubiquiti's computer systems during the attack in an attempt to conceal his unauthorized activity. Sharp later posed as an anonymous hacker who claimed to be behind the incident while working on an internal team that was investigating the security breach. While concealing his identity, Sharp attempted to extort Ubiquiti, sending a ransom note to the company demanding 50 Bitcoin (worth around $1.9 million at that time) in exchange for returning the stolen data and disclosing the security vulnerabilities used to acquire it. When Ubiquiti refused the ransom demands, Sharp leaked some of the stolen data to the public. The FBI was prompted to investigate Sharp's home around March 24th, 2021, after it was discovered that a temporary internet outage had exposed Sharp's IP address during the security breach.

Further reading:
Ubiquiti Files Case Against Security Blogger Krebs Over 'False Accusations';
Former Ubiquiti Dev Charged For Trying To Extort His Employer.

In the past year, a new term has arisen to describe an online scam raking in millions, if not billions, of dollars per year. It's called "pig butchering," and now even Apple is getting fooled into participating. From a report: Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams. At least one of those apps also made it into Google Play, but that market is notorious for the number of malicious apps that bypass Google vetting. Sophos said this was the first time it had seen such apps in the App Store and that a previous app identified in these types of scams was a legitimate one that was later exploited by bad actors.

Pig butchering relies on a rich combination of apps, websites, web hosts, and humans -- in some cases human trafficking victims -- to build trust with a mark over a period of weeks or months, often under the guise of a romantic interest, financial adviser, or successful investor. Eventually, the online discussion will turn to investments, usually involving cryptocurrency, that the scammer claims to have earned huge sums of money from. The scammer then invites the victim to participate. Once a mark deposits money, the scammers will initially allow them to make withdrawals. The scammers eventually lock the account and claim they need a deposit of as much as 20 percent of their balance to get it back. Even when the deposit is paid, the money isn't returned, and the scammers invent new reasons the victim should send more money. The pig-butchering term derives from a farmer fattening up a hog months before it's butchered.

Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."

An anonymous reader quotes a report from NPR: Aerospace giant Boeing entered a plea of not guilty to a criminal charge at an arraignment in federal court in Texas Thursday. The company is charged with felony fraud related to the crashes of two of its 737 Max airplanes that killed a total of 346 people. About a dozen relatives of some of those who were killed in the crashes gave emotional testimony during the three-hour arraignment hearing about how they've been affected by what they call "the deadliest corporate crime in U.S. history." They testified after Boeing's chief aerospace safety officer Mike Delaney entered a plea of not guilty on behalf of the airplane manufacturer to the charge of conspiracy to commit fraud. The company is accused of deceiving and misleading federal regulators about the safety of a critical automated flight control system that investigators found played a major role in causing the crashes in Indonesia in 2018 and in Ethiopia in 2019.

Boeing and the Justice Department had entered into a deferred prosecution agreement to settle the charge two years ago but many of the families of the crash victims objected to the agreement, saying that they were not consulted about what they called a "secret, sweetheart deal." Under the terms of the agreement, Boeing admitted to defrauding the FAA by concealing safety problems with the 737 Max, but pinned much of the blame on two technical pilots who they say misled regulators while working on the certification of the aircraft. Only one of those pilots was prosecuted and a jury acquitted him at trial last year. Boeing also agreed to pay $2.5 billion, including $1.7 billion in compensation to airlines that had purchased 737 Max planes but could not use them while the plane was grounded for 20 months after the second plane crashed. The company also agreed to pay $500 million in compensation to the families of those killed in the two Max plane crashes, and to pay a $243 million fine. The agreement also required Boeing to make significant changes to its safety policies and procedures, as well as to the corporate culture, which many insiders have said had shifted in recent years from a safety first focus to one that critics say put profits first.

After three years, if the aerospace giant and defense contractor lived up to the terms of the deferred prosecution agreement, the criminal charge against Boeing would be dismissed and the company would be immune from further prosecution. But last fall, U.S. District Court Judge Reed O'Connor agreed that under the Crime Victims' Rights Act, the relatives' rights had been violated and they should have been consulted before the DOJ and Boeing reached the agreement. Last week, he ordered Boeing to appear Thursday to be arraigned. On Thursday, the families asked Judge O'Connor to impose certain conditions on Boeing as a condition of release, including appointing an independent monitor to oversee Boeing's compliance with the terms of the previous deferred prosecution agreement, and that the company's compliance efforts "be made public to the fullest extent possible." O'Connor did not rule on whether to impose those conditions yet, as Boeing and the Justice Department opposed the request. But he did impose a standard condition that Boeing commit no new crimes.

The FBI revealed today that it had shut down the prolific ransomware gang called Hive, "a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims," reports Reuters. Slashdot readers wiredmikey and unimind shared the news. From the report: At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations' data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. "Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."

News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.

The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."

Federal agencies are questioning Snapchat's role in the spread and sale of fentanyl-laced pills in the United States as part of a broader probe into the deadly counterfeit drugs crisis. The Los Angeles Times reports: FBI agents and Justice Department attorneys are zeroing in on fentanyl poisoning cases where the sales were arranged to young buyers via Snapchat [...]. The agents have interviewed parents of children who died and are working to access their social media accounts to trace the suppliers of the lethal drugs, according to the people. In many cases, subpoenaed records from Snapchat have shown that the teenagers thought they were buying prescription painkillers, but the pill they swallowed was pure fentanyl -- a synthetic opioid 100 times more potent than morphine.

On Wednesday, the involvement of technology companies in the ongoing fentanyl crisis will be discussed on Capitol Hill at a House Energy and Commerce Committee roundtable. One of the listed speakers, Laura Marquez-Garrett, an attorney with the Social Media Victims Law Center, said Snapchat will be the focus. "The death of American children by fentanyl poisoning is not a social media issue -- it's a Snapchat issue," she said. [...] While dealers use many social media platforms to advertise their drugs, experts, lawyers and families say Snapchat is the platform of choice for arranging sales. Dealers prefer to use Snapchat because of its encrypted technology and disappearing messages -- features that have given the platform an edge over its rivals for fully legitimate reasons and helped it become one of the world's most popular social media apps for teens.

Former White House drug czar Jim Carroll said drug traffickers are always going to flock to where the young people are. "From everything I have read, I do believe that Snapchat has been more widely used for facilitating drug sales," than other platforms, said Carroll, who serves on Snap's safety advisory council and now works for Michael Best Consulting. "I think that's because of its popularity among the young." In December, Snap reported 363 million daily active users in its quarterly earnings report. That same month, the National Crime Prevention Council wrote a letter to Atty. Gen. Merrick Garland, urging the Justice Department to investigate Snap and its business practices. "Snapchat has become a digital open-air drug market allowing drug dealers to market and to sell fake pills to unsuspecting tweens and teens," the letter said. Garland didn't respond, but federal investigators have started to ask questions, multiple people said. Santa Monica-based Snap, which makes Snapchat, said it has worked with law enforcement for years to clamp down on illegal activity on its platform and has boosted moderation efforts to detect illegal drug sales. Last year, Snap said it removed more than 400,000 user accounts that posted drug-related content.

"We are committed to doing our part to fight the national fentanyl poisoning crisis, which includes using cutting-edge technology to help us proactively find and shut down drug dealers' accounts," Rachel Racusen, a Snap spokeswoman, said in an emailed statement.

CNN remembers how in 2016 Ruja Ignatova "touted her company, OneCoin, as a lucrative rival to Bitcoin in the growing cryptocurrency market." As OneCoin's co-founder, Ignatova told one audience in 2016 that "In two years, nobody will speak about Bitcoin anymore.

"Sixteen months later, Ignatova boarded a plane in Sofia, Bulgaria, and vanished. She hasn't been seen since." Authorities say OneCoin was a pyramid scheme that defrauded people out of more than $4 billion as Ignatova convinced investors in the US and around the globe to throw fistfuls of cash at her company. Federal prosecutors describe OneCoin as one of the largest international fraud schemes ever perpetrated. She is now one of the FBI's 10 most-wanted fugitives, alongside accused gang leaders and murderers, and is the only woman currently on that list....

Ignatova and her partners "conned unsuspecting victims out of billions of dollars, claiming that OneCoin would be the 'Bitcoin killer,'" US Attorney Damian Williams, New York's top prosecutor, said in a statement last month. "In fact, OneCoins were entirely worthless ... (Their) lies were designed with one goal, to get everyday people all over the world to part with their hard-earned money."
One subheading of CNN's story reads "She knew it was a scam from the start, court documents say." While [co-founder] Greenwood and Ignatova were working on the concept for OneCoin, they referred to it in emails as a "trashy coin," federal officials said in court documents. The documents show Greenwood described their investors as "idiots" and "crazy" in an email to Ignatova's brother, Konstantin Ignatov, who also took part in the scam and assumed OneCoin leadership after his sister vanished, according to prosecutors.... She also proposed an exit strategy should the company fail, saying in a 2014 email to Greenwood that they should "take the money and run and blame somebody else for this...."

Ignatova and her partners promised buyers a fivefold or even tenfold return on their investment, according to court documents. A buying frenzy ensued. Between the fourth quarter of 2014 and the fourth quarter of 2016 alone, investors gave OneCoin more than $4 billion, federal prosecutors said, citing records obtained in the course of their investigation. Some $50 million came from investors in the US, according to court documents. "She timed her scheme perfectly, capitalizing on the frenzied speculation of the early days of cryptocurrency," said Williams, the top federal prosecutor in Manhattan.
The FBI is now offering a $100,000 reward for information leading to her arrest, according to the article, which notes this line appearing at the bottom of her FBI wanted poster.

"Ignatova is believed to travel with armed guards and/or associates. Ignatova may have had plastic surgery or otherwise altered her appearance."

Department of Justice: A complaint was unsealed this morning in federal court in Brooklyn charging Anatoly Legkodymov, a Russian national and senior executive of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange, with conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements. Legkodymov was arrested last night in Miami and is scheduled to be arraigned this afternoon in the U.S. District Court for the Southern District of Florida. French authorities and the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) are taking concurrent enforcement actions.

According to court documents, Legkodymov is a senior executive and the majority shareholder of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange that operates globally. Bitzlato has marketed itself as requiring minimal identification from its users, specifying that "neither selfies nor passports [are] required." On occasions when Bitzlato did direct users to submit identifying information, it repeatedly allowed them to provide information belonging to "straw man" registrants. As a result of these deficient know-your-customer (KYC) procedures, Bitzlato allegedly became a haven for criminal proceeds and funds intended for use in criminal activity. Bitzlato's largest counterparty in cryptocurrency transactions was Hydra Market, an anonymous, illicit online marketplace for narcotics, stolen financial information, fraudulent identification documents, and money laundering services that was the largest and longest running darknet market in the world. Hydra Market users exchanged more than $700 million in cryptocurrency with Bitzlato, either directly or through intermediaries, until Hydra Market was shuttered by U.S. and German law enforcement in April 2022. Bitzlato also received more than $15 million in ransomware proceeds.

An anonymous reader quotes a report from TorrentFreak: GitHub has taken down a popular Pirate Bay proxy information portal from Github.io. The developer platform took action in response to a takedown request sent by City of London Police's Intellectual Property Crime Unit (PIPCU). The takedown notice concludes that the site, which did not link to any infringing content directly, is illegal. [...] "This site is in breach of UK law, namely Copyright, Design & Patents Act 1988, Offences under the Fraud Act 2006 and Conspiracy to Defraud," PIPCU writes. "Suspension of the domain(s) is intended to prevent further crime. Where possible we request that domain suspension(s) are made within 48 hours of receipt of this Alert," the notice adds. This takedown request was honored by GitHub, meaning that people who try to access the domain now get a 404 error instead.

While GitHub's swift response is understandable, it's worth pointing out how these blocking efforts are evolving and expanding, far beyond blocking the original Pirate Bay site. The Proxy Bay doesn't link to infringing content directly. The site links to other proxy sites which serve up the Pirate Bay homepage. From there, users may search for or browse torrent links that, once loaded, can download infringing content. Does this mean that simply linking to The Pirate Bay can be considered a crime in itself? If that's the case, other sites such as Wikipedia and Bing are in trouble too.

A more reasonable middle ground would be to consider the intent of a site. The Proxy Bay was launched to facilitate access to The Pirate Bay, which makes court orders less effective. In 2015 UK ISPs began blocking proxy and proxy indexing sites, so that explains why thepirateproxybay.com and others are regularly blocked. Whether this constitutes criminal activity is ultimately for the court to decide, not the police. In this regard, it's worth noting that City of London Police previously arrested the alleged operator of a range of torrent site proxies. The then 20-year-old defendant, who also developed censorship circumvention tool Immunicity, was threatened with a hefty prison sentence but the court disagreed and dismissed the case.

Bloomberg reports: After five people were killed in a 2020 arson in Colorado, law enforcement officials failed to turn up any leads through their initial investigative techniques. So they served a warrant to Google for anyone who had searched for the address of the fire, according to a court motion.

Google eventually complied with the data request, helping law enforcement find suspects. Three teenagers who had searched the address were charged with murder. But the technique also drew a challenge from defense lawyers, who are calling reverse keyword search warrants "a digital dragnet of immense proportions." It's the first case to challenge the constitutionality of the method, the attorneys say.

Defense lawyers filed a motion Wednesday to challenge the judge's decision to use evidence from the warrant to charge their client, Gavin Seymour. They're asking the Colorado Supreme Court to review the matter, after the judge earlier denied their motion to suppress the evidence. The keyword search warrant "is profoundly different from traditional search warrants seeking data belonging to a suspect," the defense argued in the court filing. "Instead, the process operates in reverse — search everyone first, and identify suspects later."
One defendant's lawyer points out Google must review the activities of billions of innocent searchers to respond to keyword search warrants, arguing this has "tremendous implications...for everyone in the country who uses Google to run searches."

Downing Street has said it is considering a Tory-backed amendment to the online safety bill that would allow for the imposing of jail sentences on social media bosses who are found not to have protected children's safety. The Guardian reports: No 10 said on Thursday it was open to the proposal, which is backed by at least 36 Conservative MPs including the former home secretary Priti Patel and the former work and pensions secretary Iain Duncan Smith. The amendment would give Ofcom, the communications watchdog, the power to prosecute executives at social media companies that are found to have breached the law. If ministers include it in the bill, it will mark the third time the prime minister, Rishi Sunak, has bowed to the demands of his backbenchers, after U-turns on planning and onshore windfarms.

The bill is aimed at cracking down on a range of online content that ministers believe is causing serious harm to users and was informed in part by the testimony of Frances Haugen, a former Facebook employee who accused the company of repeatedly putting profits ahead of user safety. The bill will force companies to remove any content promoting self-harm, depicting sexual violence or facilitating suicide. It will also require companies to impose and enforce strict age limits and to publish assessments of the risks their platforms pose to young people. As it is currently written, the bill gives Ofcom the power to levy fines on companies of up to 10% of their global turnover for breaches in the law. Ofcom will be able to prosecute executives only if they fail to cooperate with an investigation. This has upset many Conservative MPs, however, who believe the regulator should be given tougher powers.

The amendment, which has been signed by 37 MPs overall, would allow Ofcom to prosecute individual executives if they were proved to have connived with or consented to breaking the elements of the bill designed to protect children's safety. Judges would be allowed to impose prison sentences of up to two years. [...] Other changes to the bill, which has its report and third reading stage in the House of Commons next week, include altering earlier plans to tackle content seen by adults that is harmful but falls below the threshold of criminality, such as cyberbullying and sexist and racist material. Tech companies will be required to state clearly in their terms and conditions how they will moderate such content. Users will also be given the option of asking to have such content screened out when they are on social media platforms. A Downing Street spokesperson said on Thursday: "Our aim is to hold to account social media platforms for harmful content, while also ensuring the UK remains a great place to invest and grow a tech business. We are confident we can achieve both of these things. We will carefully consider all the proposed amendments to the online safety bill and set out the position when report stage continues."

JPMorgan Chase is suing the 30-year-old founder of Frank, a buzzy fintech startup it acquired for $175 million, for allegedly lying about its scale and success by creating an enormous list of fake users to entice the financial giant to buy it. Forbes: Frank, founded by former CEO Charlie Javice in 2016, offers software aimed at improving the student loan application process for young Americans seeking financial aid. Her lofty goals to build the startup into "an Amazon for higher education" won support from billionaire Marc Rowan, Frank's lead investor according to Crunchbase, and prominent venture backers including Aleph, Chegg, Reach Capital, Gingerbread Capital and SWAT Equity Partners. The lawsuit, which was filed late last year in U.S. District Court in Delaware, claims that Javice pitched JP Morgan in 2021 on the "lie" that more than 4 million users had signed up to use Frank's tools to apply for federal aid.

When JP Morgan asked for proof during due diligence, Javice allegedly created an enormous roster of "fake customers -- a list of names, addresses, dates of birth, and other personal information for 4.265 million 'students' who did not actually exist." In reality, according to the suit, Frank had fewer than 300,000 customer accounts at that time. [...] Frank's chief growth officer Olivier Amar is also named in the JP Morgan complaint. It alleges that Javice and Amar first asked a top engineer at Frank to create the fake customer list; when he refused, Javice approached "a data science professor at a New York City area college" to help. Using data from some individuals who'd already started using Frank, he created 4.265 million fake customer accounts -- for which Javice paid him $18,000 -- and had it validated by a third-party vendor at her direction, JP Morgan alleges. Amar, meanwhile, spent $105,000 buying a separate data set of 4.5 million students from the firm ASL Marketing, per the complaint.

The brother of a former Coinbase product manager was sentenced on Tuesday to 10 months in prison after pleading guilty in what U.S. prosecutors have called the first insider trading case involving cryptocurrency. Reuters reports: Nikhil Wahi admitted to making trades based on confidential information from Coinbase, one of the world's largest cryptocurrency exchanges, when he pleaded guilty in September to a wire fraud conspiracy charge. Prosecutors said Ishan Wahi, the former product manager, shared the information with his brother and their friend Sameer Ramani about new digital assets that Coinbase was planning to let users trade. Ishan Wahi has pleaded not guilty, and Ramani is at large.

Prosecutors said Wahi made nearly $900,000 of profit by illegally trading ahead of 40 different Coinbase announcements. They recommended a 10- to 16-month sentence. At a sentencing hearing in Manhattan federal court, U.S. District Judge Loretta Preska said his crime was "not an isolated error in judgment." "Today's sentence makes clear that the cryptocurrency markets are not lawless," Damian Williams, the top federal prosecutor in Manhattan, said in a statement. Further reading: Coinbase To Cut 20% Jobs, Abandon 'Several' Projects To Weather Downturns in Crypto Market

The company behind Ciphr, an encrypted messaging platform that was especially popular among organized criminals and high tier drug traffickers, is beta testing a new app in an apparent rebrand from its long running reputation as a tech tool of the underground. From a report: The news shows the continuing ruptures across the underground encrypted phone industry after an escalating series of law enforcement hacks and investigations. The rebrand by OnyxCorp, the company that made Ciphr, is the latest episode in that fallout. Other companies in the space have died altogether, had their founders arrested and imprisoned, and had thousands of their criminal users arrested and charged. "There was talk of reinventing the app with a focus on enterprise customers," a former employee told Motherboard. Motherboard granted the source anonymity because they said they had signed an NDA. The new app is called Mode. "Privacy & Protection for Team Communication," the app's website reads. The website says Mode protects chats with end-to-end encryption and disappearing messages, and also includes video calling and file sharing.