In 2004 NBC's news show "Dateline" began airing "To Catch a Predator" segments, in which a vigilante group posed online as minors to lure sex predators into in-person meetings — where they were then arrested by police.

The New Yorker looks at its cultural impact: Although there were only twenty episodes of the series, in three years, it's "this touchstone that I grew up with and that millions of people grew up with," Paul Renfro, a professor of history at Florida State University and the author of "Stranger Danger: Family Values, Childhood, and the American Carceral State," said. "It shaped how people think about sexual violence in ways that we haven't fully grappled with." The show focussed on the threat from strangers on the Internet, even though most victims of child sexual abuse are harmed by someone known to them. "On the show, it's not the family, it's not priests or rabbis or other authority figures who pose a threat to children, it's this devious stranger," Renfro said. The show's influence helped spur the passage of the Adam Walsh Act, in 2006, which created publicly searchable databases of people convicted of certain sex crimes. (There's little evidence that sex-offender registries have been effective at reducing sexual offenses.)
But today, "amateur predator hunting has come back into style," the article notes, citing the proliferation of online groups. "Recently, the Washington Post found more than a hundred and sixty, which have been responsible for nearly a thousand stings this year."

And then the New Yorker interviewed a woman named Cam, who with her husband and her brother-in-law decided to form "the Permian Basin Predator Patrol" — broadcasting their sting operations and humiliations of potential perpetrators on YouTube: [S]oon after the channel started drawing attention, they were called to a meeting at the Odessa Police Department. According to Cam, officers made it clear that they disapproved of their activities. "We were told we can't be involved with them, and that we can't send them anything directly," she said. "One, we're endangering ourselves, and, two, we're giving them more work — that's what it seemed like they were saying."

"We are very mindful of not trying to entrap a suspect," Lieutenant Brad Cline, who works in the Odessa Police Department's Crimes Against Persons Unit, said. "Taking a predator into custody can be very dangerous as well."
The article points out that "To Catch a Predator" was cancelled when Texas man Bill Conradt decided not to follow-up on his online messages — but "When a SWAT team burst into his house, trailed by a camera crew, Conradt shot himself."

So what did Cam's group do when the Odessa Police Department declined their help? The Permian Basin Predator Patrol continued to make videos. If she couldn't contribute to an arrest, Cam thought, at least she could get the word out to the public. She became an expert at figuring out the identities of the men she was chatting with, even when they used fake names.... Sometimes she'd find a man's family on Facebook and send his mother screenshots of the obscene messages he'd sent, or call his employer. "I believe three of them have been let go from their jobs," she said.

A sting by the Predator Catchers Indianapolis led to a man's conviction for child solicitation.... Although YouTube's predator hunters tend to portray themselves as the unequivocal good guys (Cam is an exception — most are men), their track record is more mixed.... The Ohio-based group Dads Against Predators has reportedly been banned from local grocery stores for causing disturbances. In 2018, a twenty-year-old in Connecticut hanged himself after a confrontation with a predator-hunter group. One video by the Permian Basin Predator Patrol ends with a man weeping, then running into traffic. (Cam said that she asked police to perform a welfare check on him, but she's not sure if it occurred.)

"THIS WEBSITE HAS BEEN SEIZED," declares the home page of three different domains, attributing the seizure to the America's Federal Bureau of Investigation "in accordance with a warrant."

Bleeping Computer reports the domains were seized early Friday morning — and that the domains belong to the popular Z-Library online eBook repository. Z-Library is ranked in the top 10k most visited websites on the Internet, offering over 11 million books and 84 million articles for free via its website....

WHOIS information initially showed that the U.S. government seized the domains and switched their DNS servers to NS1.SEIZEDSERVERS.COM and NS2.SEIZEDSERVERS.COM, two DNS servers commonly used by the U.S and law enforcement in domain seizures. However, since then, the DNS servers for these domains have been switched to Njalla, an anonymizing hosting provider. It is unclear how Z-Library could transfer the domains to the new hosting provider....

While the court order for the seizure is unavailable at this time, the site's domains were likely seized because many of the files were uploaded without the license of the original authors. Complaints to copyright protection offices in the past have resulted in legal actions forcing the platform's registrar to seize the Z-Library domains in 2015 and further domain blockages and DMCA notices in the U.S. and France in 2021. The USTR (United States Trade Representative) has recently launched an investigation on the platform... As reported by TorrentFreak last week, TikTok decided to block hashtags related to Z-Library, reportedly responding to copyright holder's complaints.
Thanks to Slashdot reader joshuark for suggesting the story.

Mitch Lowe and Ted Farnsworth already settled with the FTC over fraudulent activity affecting MoviePass customers, but now the former heads of MoviePass and its parent company, Helios and Matheson Analytics (HMNY), are facing criminal allegations of securities fraud and wire fraud. The Verge reports: The Department of Justice announced the charges today, saying false statements made by both men defrauded investors in HMNY when the execs pretended like the company's money-losing $9.95 "unlimited" moviegoing plan had any hope of profitability. HMNY's own auditor cast doubt on the company's viability in a report in 2018, but at the time, Farnsworth downplayed the advisory, telling Insider that "pretty much most" companies running at a loss would have a similar warning.

But the big problem is his claims that HMNY's analytics prowess could somehow monetize data generated from MoviePass simply didn't hold up: prosecutors now allege "Farnsworth and Lowe knew HMNY did not possess these technologies or capabilities to monetize MoviePass's subscriber data or incorporate these technologies into the MoviePass application." [...] The DOJ says each man is facing one count of securities fraud and three counts of wire fraud over the lies they allegedly told in "press releases, SEC filings, interviews on podcasts and on television, and in print and online media."

The New York Police Department has joined Ring Neighbors, the neighborhood surveillance network built around Amazon's Ring security cameras. The Verge reports: The partnership, announced yesterday, means the NYPD will view people's posts on Neighbors and be able to post directly to it, including requests for public help on "active police matters." Neighbors is a Nextdoor-like extension of Ring's security camera business, allowing residents of a neighborhood to discuss crime and safety as well as post footage from their cameras. While many law enforcement departments have joined Neighbors in recent years, this marks its adoption by America's largest police force. (Police could separately request Ring footage for criminal investigations without the app.) It's part of an increasingly tight integration between Amazon and police -- one that's raised both concerns about privacy and questions about its crime-solving value.

Delhi's 20 million residents were effectively breathing smoke on Thursday as the air quality index (AQI) breached the "severe" and "hazardous" categories in nearly all monitoring stations of the Indian capital, raising calls to close schools. From a report: The AQI exceeded 450 at many places early in the day, according to data from the Central Pollution Control Board. A reading over 400 affects healthy people, with serious impacts on those with existing diseases, the federal government says. The index was over 800 in some pockets of the city, according to data from the Delhi Pollution Control Committee. "What is happening with air pollution in Delhi is nothing short of a crime against humanity!" author and socialite Suhel Seth wrote on Twitter. "There's a total collapse of accountability!" The world's most polluted capital is blanketed in smog every winter as cold, heavy air traps construction dust, vehicle emissions and smoke from the burning of crop stubble in the neighbouring states to clear the fields for the next crop.

Today ProPublica published "the largest-ever analysis of Google's ad practices on non-English-language websites," saying their report shows Google "is funneling revenue to some of the web's most prolific purveyors of false information in Europe, Latin America and Africa," and "reveals how the tech giant makes disinformation profitable...." The company has publicly committed to fighting disinformation around the world, but a ProPublica analysis, the first ever conducted at this scale, documented how Google's sprawling automated digital ad operation placed ads from major brands on global websites that spread false claims on such topics as vaccines, COVID-19, climate change and elections.... The resulting ad revenue is potentially worth millions of dollars to the people and groups running these and other unreliable sites — while also making money for Google.

Platforms such as Facebook have faced stark criticism for failures to crack down on disinformation spread by people and governments on their platforms around the world. But Google hasn't faced the same scrutiny for how its roughly $200 billion in annual ad sales provides essential funding for non-English-language websites that misinform and harm the public. Google's publicly announced policies bar the placement of ads on content that makes unreliable or harmful claims on a range of issues, including health, climate, elections and democracy. Yet the investigation found Google regularly places ads, including those from major brands, on articles that appear to violate its own policy.

ProPublica's examination showed that ads from Google are more likely to appear on misleading articles and websites that are in languages other than English, and that Google profits from advertising that appears next to false stories on subjects not explicitly addressed in its policy, including crime, politics, and such conspiracy theories as chemtrails. A former Google leader who worked on trust and safety issues acknowledged that the company focuses heavily on English-language enforcement and is weaker across other languages and smaller markets....
The former Google leader suggests Google focuses on English-language problems partly because they're sensitive to bad PR and the posibility of regulatory scrutiny (and because English-language markets have the biggest impact).

Google is spending more money to patrol non-English content, a spokesperson told ProPublica, touting the company's "extensive measures to tackle misinformation... In 2021, we removed ads from more than 1.7 billion publisher pages and 63,000 sites globally. We know that our work is not done, and we will continue to invest in our enforcement systems to better detect unreliable claims and protect users around the world."

But in some cases Google's ads appeared on false online article published years ago, the article points out, "suggesting that the company's failure to block ads on content that appears to violate its rules is a long-standing and ongoing problem... [T]he investigation shows that as one arm of Google helps support fact-checkers, its core ad business provides critical revenue that ensures the publication of falsehoods remains profitable."

Slashdot reader storagedude writes: Ransomware groups have been busy improving their data exfiltration tools, and with good reason: As ransomware decryption fails to work most of the time, victims are more likely to pay a ransom to keep their stolen data from being publicly leaked.

But some security researchers think the trend suggests that ransomware groups may change their tactics entirely and abandon ransomware in favor of a combined approach of data destruction and exfiltration, stealing the data before destroying it and any backups, thus leaving the stolen copy of the data as the only hope for victims to recover their data. After all, if ransomware just destroys data anyway, why waste resources developing it?

"With data exfiltration now the norm among threat actors, developing stable, secure, and fast ransomware to encrypt files is a redundant and costly endeavor compared to corrupting files and using the exfiltrated copies as the means of data recovery," Cyderes researchers wrote after analyzing an attack last month.

"Eliminating the step of encrypting the data makes the process faster and eliminates the risk of not getting the full payout, or that the victim will find other ways to decrypt the data," they added. "Data destruction is rumored to be where ransomware is going to go, but we haven't actually seen it in the wild. During a recent incident response, however, Cyderes and Stairwell discovered signs that threat actors are actively in the process of staging and developing this capability."

That incident – involving BlackCat/ALPHV ransomware – turned up an exfiltration tool with hardcoded sftp credentials that was analyzed by Stairwell's Threat Research Team, which found partially-implemented data destruction functionality.

"The use of data destruction by affiliate-level actors in lieu of RaaS deployment would mark a large shift in the data extortion landscape and would signal the balkanization of financially-motivated intrusion actors currently working under the banners of RaaS affiliate programs," the Stairwell researchers wrote.

An anonymous reader quotes a report from Reuters: Australia's biggest health insurer, said on Wednesday a cyber hack had compromised the data of all of its of its nearly 4 million customers, as it warned of a $16 million to $22.3 million hit to first-half earnings. It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow.

Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses. The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity. "Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday. "Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," chief executive David Koczkar said in a statement. "I apologize unreservedly to our customers. This is a terrible crime -- this is a crime designed to cause maximum harm to the most vulnerable members of our community."

"A U.S. judge in Texas ruled on Friday that people killed in two Boeing 737 MAX crashes are legally considered 'crime victims,'" reports Reuters, "a designation that will determine what remedies should be imposed." In December, some crash victims' relatives said the U.S. Justice Department violated their legal rights when it struck a January 2021 deferred prosecution agreement with the planemaker over two crashes that killed 346 people. The families argued the government "lied and violated their rights through a secret process" and asked U.S. District Judge Reed O'Connor to rescind Boeing's immunity from criminal prosecution — which was part of the $2.5 billion agreement — and order the planemaker publicly arraigned on felony charges.

O'Connor ruled on Friday that "in sum, but for Boeing's criminal conspiracy to defraud the (Federal Aviation Administration), 346 people would not have lost their lives in the crashes."

Paul Cassell, a lawyer for the families, said the ruling "is a tremendous victory" and "sets the stage for a pivotal hearing, where we will present proposed remedies that will allow criminal prosecution to hold Boeing fully accountable."

Boeing did not immediately comment.

The International Criminal Police Organization (Interpol) has announced the launch of its fully operational metaverse, initially designed for activities such as immersive training courses for forensic investigations. Decrypt reports: Unveiled at the 90th Interpol General Assembly in New Delhi, the INTERPOL Metaverse is described as the "first-ever Metaverse specifically designed for law enforcement worldwide." Among other things, the platform will also help law enforcement across the globe to interact with each other via avatars. "For many, the Metaverse seems to herald an abstract future, but the issues it raises are those that have always motivated INTERPOL -- supporting our member countries to fight crime and making the world, virtual or not, safer for those who inhabit it," Jurgen Stock, Interpol's secretary general said in a statement.

One of the challenges identified by organizations is that something that is considered a crime in the physical world may not necessarily be the same in the virtual world. "By identifying these risks from the outset, we can work with stakeholders to shape the necessary governance frameworks and cut off future criminal markets before they are fully formed," said Madan Oberoi, Interpol's executive director of Technology and Innovation. "Only by having these conversations now can we build an effective response."

In a live demonstration at the event, Interpol experts took to a Metaverse classroom to deliver a training course on travel document verification and passenger screening using the capabilities of the newly-launched platform. Students were then teleported to an airport where they were able to apply their newly-acquired skills at a virtual border point. Additionally, Interpol has created an expert group that will be tasked with ensuring new virtual worlds are "secure by design." The report notes that Interpol has also joined "Defining and Building the Metaverse," a World Economic Forum initiative around metaverse governance.

Bruce66423 shares a report from the BBC: A hacker who stole two unreleased songs from Ed Sheeran and sold them on the dark web has been jailed for 18 months. Adrian Kwiatkowski traded the music by Sheeran and 12 songs by rapper Lil Uzi Vert in exchange for cryptocurrency. The 23-year-old, from Ipswich, managed to get hold of them after hacking the performers' digital accounts, the Crown Prosecution Service said. Kwiatkowski admitted 19 charges, including copyright infringement and possessing criminal property. He had made 131,000 pounds ($148,000) from the music, City of London Police said.

According to police, seven devices, including a hard drive that contained 1,263 unreleased songs by 89 artists, were seized. A document saved on the hard drive summarised the method he had used to obtain them along with a stash of Bitcoin which was seized. In August, Kwiatkowski pleaded guilty at Ipswich Magistrates Court to three charges of unauthorised access to computer material, 14 charges of selling copyrighted material, one charge of converting criminal property and two charges of possession of criminal property. Chief crown prosecutor Joanne Jakymec said Kwiatkowski had "complete disregard" for the musicians' creativity, hard work and lost earnings. "He selfishly stole their music to make money for himself by selling it on the dark web," she said. "We will be pursuing ill-gotten gains from these proceeds of crime."

"Hackers are on a roll in 2022, stealing over $3 billion in cryptocurrency," writes Slashdot reader quonset (citing figures from blockchain analytics firm Chainalysis). "And the year isn't over yet.

"For comparison, in 2021, only $2.1 billion in crypto currency was stolen during the entire year."

CBS News reports: A big chunk of that $3 billion, around $718 million, was taken this month in 11 different hacks, Chainalysis said in a series of tweets posted Wednesday. ctober is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go," the company tweeted.

In past years, hackers focused their efforts on attacking crypto exchanges, but those companies have since strengthened their security, Chainalysis said. These days, cybercriminals are targeting "cross-chain bridges," which allow investors to transfer digital assets and data among different blockchains.... Cross-chain bridges remain a major target for hackers, with three bridges breached this month and nearly $600 million stolen, accounting for 82% of losses this month and 64% of losses all year," Chainalysis said....

All told, Chainalysis said there have been 125 hacks so far this year.
"Cryptocurrency is not federally regulated or FDIC insured like a bank account," the article concludes, "which means if an account gets hacked, the government will not work to restore a customer's funds."

Trevor Milton, the founder and former chairman and CEO of electric heavy truck maker Nikola, was found guilty in federal court on Friday of three of four counts of fraud relating to false statements he made to drive up the value of Nikola's stock. CNBC reports: Milton was charged with two counts of securities fraud and two counts of wire fraud, all related to statements he made about Nikola's business while he was chairman and CEO of the company. Jurors found him guilty on one count of securities fraud and both of the wire fraud counts. Milton faced up to 25 years in prison if convicted on all four counts.

The U.S. Attorney's Office in Manhattan had alleged that Milton lied about "nearly all aspects of the business" he founded in 2014 during his time leading the company. Those lies, prosecutors said, were intended to induce investors to bid up the price of Nikola's stock. "On the backs of those innocent investors taken in by his lies, he became a billionaire virtually overnight," Assistant U.S. Attorney Nicolas Roos said in his opening statement in September. Timeline of events:

June, 2016: Nikola Motor Receives Over 7,000 Preorders Worth Over $2.3 Billion For Its Electric Truck
December, 2016: Nikola Motor Company Reveals Hydrogen Fuel Cell Truck With Range of 1,200 Miles
February, 2020: Nikola Motors Unveils Hybrid Fuel-Cell Concept Truck With 600-Mile Range
June, 2020: Nikola Founder Exaggerated the Capability of His Debut Truck
September, 2020: Nikola Motors Accused of Massive Fraud, Ocean of Lies
September, 2020: Nikola Admits Prototype Was Rolling Downhill In Promo Video
September, 2020: Nikola Founder Trevor Milton Steps Down as Chairman in Battle With Short Seller
October, 2020: Nikola Stock Falls 14 Percent After CEO Downplays Badger Truck Plans
November, 2020: Nikola Stock Plunges As Company Cancels Badger Pickup Truck
July, 2021: Nikola Founder Trevor Milton Indicted on Three Counts of Fraud
December, 2021: EV Startup Nikola Agrees To $125 Million Settlement
September, 2022: Nikola Founder Lied To Investors About Tech, Prosecutor Says in Fraud Trial

Turkey criminalized the spread of what authorities describe as false information on digital platforms, giving the government new powers in the months remaining before elections. From a report: The measure, proposed by the governing AK Party and its nationalist ally MHP, is part of a broader "disinformation" law that was adopted by parliament on Thursday. It mandates a jail term of one to three years for users who share online content that contains "false information on the country's security, public order and overall welfare in an attempt to incite panic or fear." Media groups and opposition parties have decried the bill as censorship, seeing it as a move to stifle critics and journalists in the run-up to elections set for next year. "The crime is defined with rather vague and open-ended terms," said Mustafa Kuleli, vice president of the European Federation of Journalists. "It is not clear how prosecutors will take action against those who allegedly spread false information." Other articles in the law range from amendments to issuance of press cards to the procedure of correcting "false" information online.

An anonymous reader quotes a report from The Register: On June 8, 2020, an individual claiming to be billionaire film producer and philanthropist Sidney Kimmel contacted brokerage Charles Schwab by phone and stated that he had uploaded a wire disbursement form using the service's secure email service. The only problem was the call apparently came from prison. Still, the caller made reference to a transfer verification inquiry earlier that day by his wife -- a role said to have been played by a female co-conspirator. The individual allegedly posing as Kimmel had contacted a Schwab customer service representative three days earlier -- on June 5, 2020 -- about opening a checking account, and was told that a form of identification and a utility bill would be required. On June 6, a co-conspirator is alleged to have provided a picture of Kimmel's driver's license and a Los Angeles Water and Power utility bill. According to court documents [PDF] filed by the US Attorney's Office in the Northern District of Georgia, the uploaded documents consisted of a request for funds to be wired to an external bank and a forged letter of authorization -- both of which appeared to be signed by Kimmel.

On June 9, satisfied that Kimmel had been adequately authenticated, the brokerage sent $11 million from Kimmel's Schwab account to a Zions Bank account for Money Metal Exchange, LLC, an Eagle, Idaho-based seller of gold coins and other precious metals. The real Kimmel had no knowledge of the transaction, which resulted in the purchase of 6,106 American Eagle gold coins. The individual who orchestrated the fraudulent purchase of the coins is alleged to have hired a private security firm on June 13, 2020 to transport the coins from Boise, Idaho to Atlanta, Georgia on a chartered plane. An associate of the fraudster allegedly took possession of the coins three days later. All the while the alleged mastermind, Arthur Lee Cofield Jr, was incarcerated in a maximum security prison in Butts County, Georgia, according to the government. Cofield is serving a 14-year sentence for armed robbery and is also under indictment in Fulton County, Georgia for attempted murder.

The day after the coins were purchased, prison staff are said to have searched Cofield's cell and recovered a blue Samsung cellphone hidden under his arm. The prison forensic unit apparently determined that Cofield had been using an account on free voice and messaging service TextNow and matched the phone number with calls made to Money Metals Exchange. On December 8, 2020, a federal grand jury indicted Cofield and two co-conspirators for conspiracy to commit bank fraud and money laundering. Cofield's attorney, Steven Sadow, subsequently sought to suppress the cellphone evidence on Fourth Amendment grounds, arguing that the warrantless search of the device by prison officials was unrelated to the legitimate function of prison security and maintenance. The government said otherwise, insisting that Cofield does not have standing to contest the search, having no "legitimate expectation of privacy in the contents of a contraband cell phone." The judge overseeing the case sided with the government [PDF] and certified the case to proceed to trial.

"Scammers are leveraging the vulnerabilities in the global supply chain, as well as the public's continuing need for new batteries, to sell a wide variety of counterfeits or unauthorized replicas online," warns America's FBI.

"Do not fall victim to online fraudsters or unauthorized dealers or manufacturers." Counterfeit batteries do not go through the same standardized testing as original equipment manufacturer batteries and can adversely impact the safety and health of the consumer....

Avoid aftermarket batteries when possible because they may be dangerous.... Consumers should avoid all third-party purchases of batteries, as they can appear to be legitimate OEM batteries but are likely counterfeit.... [B]atteries sold at deep discounts or at significantly lower-than-average prices are likely counterfeit.
The FBI warns you should always avoid batteries that:

• are not properly packaged;
• have misprinted or misspelled labels;
• have labels that peel off; or
• do not have official manufacturer batch numbers.

"The FBI's warning is not specific to laptops or smartphones," notes ZDNet, "which makes sense given that batteries are now found in everything from cars, scooters, e-bikes, e-cigarettes and trains to drones and more."

Thanks to Slashdot reader joshuark for sharing the story.

"One of the largest hospital chains in the U.S. was hit with a suspected ransomware cyberattack this week," reports NBC News, "leading to delayed surgeries, hold ups in patient care and rescheduled doctor appointments across the country." CommonSpirit Health, ranked as the fourth-largest health system in the country by Becker's Hospital Review, said Tuesday that it had experienced "an IT security issue" that forced it to take certain systems offline. While CommonSpirit declined to share specifics, a person familiar with its remediation efforts confirmed to NBC News that it had sustained a ransomware attack.

CommonSpirit, which has more than 140 hospitals in the U.S., also declined to share information on how many of its facilities were experiencing delays. Multiple hospitals, however, including CHI Memorial Hospital in Tennessee, some St. Luke's hospitals in Texas, and Virginia Mason Franciscan Health in Seattle all have announced they were affected.

One Texas woman, who spoke to NBC News on the condition of anonymity to protect her family's medical privacy, said that she and her husband had arrived at a CommonSpirit-affiliated hospital on Wednesday for long-scheduled major surgery, only for his doctor to recommend delaying it until the hospital's technical issues were resolved.

The surgeon "told me it could potentially delay post-op care, and he didn't want to risk it," she said.
Wednesday the company confirmed that "We have taken certain systems offline."

"John Galvan was arrested at 18 and spent 35 years in prison for a crime he didn't commit," writes the Innocence Project, a nonprofit specializing in legal exoneration.

"In 2007, John Galvan was about 21 years into a life sentence for a crime he didn't commit when he saw something on the prison television he thought might finally help him prove his innocence and secure his freedom: A re-run of an episode of the Discovery Channel's MythBusters."

At the time of his arrest, they write, Galvan had been handcuffed to a wall for hours, physically beaten, and ultimately "agreed to give a confession that was completely fabricated by the detectives to end the abuse" — that Galvan had started a fire in an apartment building "by throwing a bottle filled with gasoline at the building and then tossing a cigarette into the pool of gasoline on the porch to ignite it." And then 21 years later... In his cell, a 39-year-old John watched as the hosts of MythBusters struggled repeatedly to ignite a pool of gasoline with a lit cigarette, despite fervent attempts. Based on the ignition temperature of gasoline and the temperature range of a lit cigarette, the show's hosts had initially hypothesized that a lit cigarette might be able to ignite spilled gasoline as they had seen on TV and in movies. But after several failed attempts to start a fire, including rolling a lit cigarette directly into a pool of gasoline, the team determined it was highly unlikely that dropping a cigarette into gasoline could cause a fire....

The show's findings were confirmed in 2007, by experiments conducted by the U.S. Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), which made more than 2,000 attempts to ignite gasoline with a cigarette under various conditions. The bureau's experiments even included a vacuum that increased the cigarette's temperature to the level it would typically reach when being sucked and spraying a mist of gasoline directly onto the lit cigarette. All of the attempts failed. "Despite what you see in action movies, dropping a lit cigarette on to a trail of gasoline won't ignite it, assuming normal oxygen levels and no unusual circumstances," said Richard Tontarski, a forensic scientist and then chief of the ATF's fire research laboratory.

In 2017, when John finally had his evidentiary hearing on his post-conviction claims, [his attorney Tara] Thompson and his legal team presented multiple alibi witnesses, in addition to seven witnesses who testified to being tortured by the same officers who had coerced his confession, documents showing that police had fabricated probable cause to arrest him, and an arson expert who testified that John's false confession was scientifically impossible.... In 2019, the appellate court granted John post-conviction relief on the grounds of actual innocence — a rarity in Illinois — largely based on the abuse used to coerce a false confession from John.

The court concluded that without John's false confession, which he did not give voluntarily, "the State's case was nonexistent."
Thanks to long-time Slashdot reader Sleeping Kirby for sharing the story!

According to the New York Times, former chief security officer of Uber, Joe Sullivan, has been found guilty of hiding a 2016 data breach from authorities and obstructing an investigation by the FTC into the company's security practices. The breach affected more than 57 million Uber riders and drivers. From the report: Mr. Sullivan was deposed by the F.T.C. as it investigated a 2014 breach of Uber's online systems. Ten days after the deposition, he received an email from a hacker who claimed to have found another security vulnerability in its systems. Mr. Sullivan learned that the hacker and an accomplice had downloaded the personal data of about 600,000 Uber drivers and additional personal information associated with 57 million riders and drivers, according to court testimony and documents. The hackers pressured Uber to pay them at least $100,000. Mr. Sullivan's team referred them to Uber's bug bounty program, a way of paying "white hat" researchers to report security vulnerabilities. The program capped payouts at $10,000, according to court testimony and documents. Mr. Sullivan and his team paid the hackers $100,000 and had them sign a nondisclosure agreement.

During his testimony, one of the hackers, Vasile Mereacre, said he was trying to extort money from Uber. Uber did not publicly disclose the incident or inform the F.T.C. until a new chief executive, Dara Khosrowshahi, joined in the company in 2017. The two hackers pleaded guilty to the hack in October 2019. States typically require companies to disclose breaches if hackers download personal data and a certain number of users are affected. There is no federal law requiring companies or executives to reveal breaches to regulators. Federal prosecutors argued that Mr. Sullivan knew that revealing the new hack would extend the F.T.C. investigation and hurt his reputation and that he concealed the hack from the F.T.C. Mr. Sullivan did not reveal the 2016 hack to Uber's general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark.

Mr. Sullivan did not reveal the 2016 hack to Uber's general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark. Like Mr. Sullivan, Mr. Clark was fired by Mr. Khosrowshahi after the new Uber chief executive learned about the details of the breach. Mr. Clark was given immunity by federal prosecutors in exchange for testifying against Mr. Sullivan. Mr. Clark testified that Mr. Sullivan told the Uber security team that they needed to keep the breach secret and that Mr. Sullivan changed the nondisclosure agreement signed by the hackers to make it falsely seem that the hack was white-hat research. Mr. Sullivan said he would discuss the breach with Uber's "A Team" of top executives, according to Mr. Clark's testimony. He shared the matter with only one member of the A Team: then chief executive Travis Kalanick. Mr. Kalanick approved the $100,000 payment to the hackers, according to court documents. The case is "believed to be the first time a company executive faced criminal prosecution over a hack," notes the report.

"The way responsibilities are divided up is going to be impacted by this. What's documented is going to be impacted by this The way bug bounty programs are designed is going to be impacted by this," said Chinmayi Sharma, a scholar in residence at the Robert Strauss Center for International Security and Law and a lecturer at the University of Texas at Austin School of Law.

Incidents of fraud and scams are occurring more often on the popular peer-to-peer payment service Zelle, according to a report issued Monday by the office of Sen. Elizabeth Warren, giving the public its first glimpse into the growing problems at Zelle. From a report: The report also found that the large banks that partly own Zelle have been reluctant to compensate customers who have been victims of fraud or scams. For instance, less than half of the money customers reported being sent via Zelle without authorization was being reimbursed. Warren, D-Massachusetts, a long-time critic of the big banks, requested data on fraud and scams on Zelle from seven banks starting in April. The report cites data from four banks that tallied 192,878 cases worth collectively $213.8 million in 2021 and the first half of 2022 where a customer claimed they had been fraudulently tricked into making a payment. In only roughly 3,500 cases did those banks reimburse the customer, the report found.

Further, in the cases where it's clear funds had been taken out of customers' accounts without authorization, only 47% of those dollars were ever reimbursed. Since being launched in June 2017, Zelle has become a popular way for bank customers to send money to friends and family. Almost $500 billion in funds were sent via Zelle in 2021, according to Early Warning Services, the company that operates Zelle. Zelle is the banking industry's answer to the growing popularity of peer-to-peer payment services like PayPal, Venmo and the Cash App. The service allows a bank customer to instantaneously send money to a person via their email or phone number, and it will go from one bank account to another. More than 1,700 banks and credit unions offer the service. But the service has also grown more popular with scammers and criminals. Once money is sent via Zelle, it requires a bank's intervention to attempt to get that money back.