WikiLeaks founder Julian Assange has agreed to a plea deal with the U.S. Justice Department over his alleged role in one of the largest U.S. government breaches of classified material. As a result, he will avoid imprisonment in the United States. CNN reports: Under the terms of the new agreement (PDF), Justice Department prosecutors will seek a 62-month sentence -- which is equal to the amount of time Assange has served in a high-security prison in London while he fought extradition to the US. The plea deal would credit that time served, allowing Assange to immediately return to Australia, his native country. The plea deal must still be approved by a federal judge.

Assange had faced 18 counts from a 2019 indictment for his alleged role in the breach that carried a max of up to 175 years in prison, though he was unlikely to be sentenced to that time in full. Assange was being pursued by US authorities for publishing confidential military records supplied by former Army intelligence analyst Chelsea Manning in 2010 and 2011. US officials alleged that Assange goaded Manning into obtaining thousands of pages of unfiltered US diplomatic cables that potentially endangered confidential sources, Iraq war-related significant activity reports and information related to Guantanamo Bay detainees.

Automated license plate readers "pose risks to public safety," argues the EFF, "that may outweigh the crimes they are attempting to address in the first place." When law enforcement uses automated license plate readers (ALPRs) to document the comings and goings of every driver on the road, regardless of a nexus to a crime, it results in gargantuan databases of sensitive information, and few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security, released an advisory last week that should be a wake up call to the thousands of local government agencies around the country that use ALPRs to surveil the travel patterns of their residents by scanning their license plates and "fingerprinting" their vehicles. The bulletin outlines seven vulnerabilities in Motorola Solutions' Vigilant ALPRs, including missing encryption and insufficiently protected credentials...

Unlike location data a person shares with, say, GPS-based navigation app Waze, ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems... Because drivers don't have control over ALPR data, the onus for protecting the data lies with the police and sheriffs who operate the surveillance and the vendors that provide the technology. It's a general tenet of cybersecurity that you should not collect and retain more personal data than you are capable of protecting. Perhaps ironically, a Motorola Solutions cybersecurity specialist wrote an article in Police Chief magazine this month that public safety agencies "are often challenged when it comes to recruiting and retaining experienced cybersecurity personnel," even though "the potential for harm from external factors is substantial." That partially explains why, more than 125 law enforcement agencies reported a data breach or cyberattacks between 2012 and 2020, according to research by former EFF intern Madison Vialpando. The Motorola Solutions article claims that ransomware attacks "targeting U.S. public safety organizations increased by 142 percent" in 2023.

Yet, the temptation to "collect it all" continues to overshadow the responsibility to "protect it all." What makes the latest CISA disclosure even more outrageous is it is at least the third time in the last decade that major security vulnerabilities have been found in ALPRs... If there's one positive thing we can say about the latest Vigilant vulnerability disclosures, it's that for once a government agency identified and reported the vulnerabilities before they could do damage... The Michigan Cyber Command center found a total of seven vulnerabilities in Vigilant devices; two of which were medium severity and 5 of which were high severity vulnerabilities...

But a data breach isn't the only way that ALPR data can be leaked or abused. In 2022, an officer in the Kechi (Kansas) Police Department accessed ALPR data shared with his department by the Wichita Police Department to stalk his wife.
The article concludes that public safety agencies should "collect only the data they need for actual criminal investigations.

"They must never store more data than they adequately protect within their limited resources-or they must keep the public safe from data breaches by not collecting the data at all."

An anonymous reader quotes a report from Fortune: Ellen Bagley was delighted when she made her first sale on a popular second-hand clothing app, but just a few minutes later, the thrill turned to shock as the 20-year-old from Linkoping in Sweden discovered she'd been robbed. Everything seemed normal when Bagley received a direct message on the platform, which asked her to verify personal details to complete the deal. She clicked the link, which fired up BankID -- the ubiquitous digital authorization system used by nearly all Swedish adults.After receiving a couple of error messages, she started thinking something was wrong, but it was already too late. Over 10,000 Swedish kronor ($1,000) had been siphoned from her account and the thieves disappeared into the digital shadows. "The fraudsters are so skilled at making things look legitimate," said Bagley, who was born after BankID was created. "It's not easy" to identify scams. Although financial crime has garnered fewer headlines than a surge in gang-related gun violence, it's become a growing risk for the country. Beyond its borders, Sweden is an important test case on fighting cashless crime because it's gone further on ditching paper money than almost any other country in Europe.

Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021. Law-enforcement agencies estimate that the size of Sweden's criminal economy could amount to as high as 2.5% of the country's gross domestic product. To counter the digital crime spree, Swedish authorities have put pressure on banks to tighten security measures and make it harder on tech-savvy criminals, but it's a delicate balancing act. Going too far could slow down the economy, while doing too little erodes trust and damages legitimate businesses in the process.Using complex webs of fake companies and forging documents to gain access to Sweden's welfare system, sophisticated fraudsters have made Sweden a "Silicon Valley for criminal entrepreneurship," said Daniel Larson, a senior economic crime prosecutor. While the shock of armed violence has grabbed public attention -- the nation's gun-homicide rate tripled between 2012 and 2022 -- economic crime underlies gang activity and needs to be tackled as aggressively, he added. "That has been a strategic mistake," Larson said. "This profit-generating crime is what's fueling organized crime and, in some cases, leads to these conflicts."

Sweden's switch to electronic cash started after a surge of armed robberies in the 1990s, and by 2022, only 8% of Swedes said they had used cash for their latest purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe's lowest number of ATMs per capita, according to the IMF. The prevalence of BankID play a role in Sweden's vulnerability. The system works like an online signature. If used, it's considered a done deal and the transaction gets executed immediately. It was designed by Sweden's banks to make electronic payments even quicker and easier than handing over a stack of bills. Since it's original rollout in 2001, it's become part of the everyday Swedish life. On average, the service -- which requires a six-digit code, a fingerprint or a face scan for authentication -- is used more than twice a day by every adult Swede and is involved in everything from filing tax returns to paying for bus tickets.Originally intended as a product by banks for their customers, its use exploded in 2005 after Sweden's tax agency adopted the technology as an identification for tax returns, giving it the government's official seal of approval. The launch of BankID on mobile phones in 2010 increased usage even further, along with public perception that associated cash with criminality.The country's central bank has acknowledged that some of those connotations may have gone too far. "We have to be very clear that there are still honest people using cash," Riksbank Governor Erik Thedeen told Bloomberg.

Thousands of people catching trains in the United Kingdom likely had their faces scanned by Amazon software as part of widespread artificial intelligence trials, new documents reveal. Wired: The image recognition system was used to predict travelers' age, gender, and potential emotions -- with the suggestion that the data could be used in advertising systems in the future. During the past two years, eight train stations around the UK -- including large stations such as London's Euston and Waterloo, Manchester Piccadilly, and other smaller stations -- have tested AI surveillance technology with CCTV cameras with the aim of alerting staff to safety incidents and potentially reducing certain types of crime.

The extensive trials, overseen by rail infrastructure body Network Rail, have used object recognition -- a type of machine learning that can identify items in videofeeds -- to detect people trespassing on tracks, monitor and predict platform overcrowding, identify antisocial behavior ("running, shouting, skateboarding, smoking"), and spot potential bike thieves. Separate trials have used wireless sensors to detect slippery floors, full bins, and drains that may overflow. The scope of the AI trials, elements of which have previously been reported, was revealed in a cache of documents obtained in response to a freedom of information request by civil liberties group Big Brother Watch. "The rollout and normalization of AI surveillance in these public spaces, without much consultation and conversation, is quite a concerning step," says Jake Hurfurt, the head of research and investigations at the group.

The Ukraine cyber police, supported by information from the Dutch police, arrested a 28-year-old Russian man in Kyiv for aiding Conti and LockBit ransomware operations by making their malware undetectable and conducting at least one attack himself. He was arrested on April 18, 2024, as part of a global law enforcement operation known as "Operation Endgame," which took down various botnets and their main operators. "As the Conti ransomware group used some of those botnets for initial access on breached endpoints, evidence led investigators to the Russian hacker," reports BleepingComputer. From the report: The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products. The police found that the man was selling his crypting services to both the Conti and LockBit cybercrime syndicates, helping them significantly increase their chances of success on breached networks. The Dutch police confirmed at least one case of the arrested individual orchestrating a ransomware attack in 2021, using a Conti payload, so he also operated as an affiliate for maximum profit.

"As part of the pre-trial investigation, police, together with patrol officers of the special unit "TacTeam" of the TOR DPP battalion, conducted a search in Kyiv," reads the Ukraine police announcement. "Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region." [...] The suspect has already been charged with Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference in the work of information, electronic communication, information and communication systems, electronic communication networks) and faces up to 15 years imprisonment.

British police have arrested two individuals involved in an SMS-based phishing campaign using a unique device police described as a "homemade mobile antenna," "an illegitimate telephone mast," and a "text message blaster." This first-of-its-kind device in the UK was designed to send fraudulent texts impersonating banks and other official organizations, "all while allegedly bypassing network operators' anti-SMS-based phishing, or smishing, defenses," reports The Register. From the report: Thousands of messages were sent using this setup, City of London Police claimed on Friday, with those suspected to be behind the operation misrepresenting themselves as banks "and other official organizations" in their texts. [...] Huayong Xu, 32, of Alton Road in Croydon, was arrested on May 23 and remains the only individual identified by police in this investigation at this stage. He has been charged with possession of articles for use in fraud and will appear at Inner London Crown Court on June 26. The other individual, who wasn't identified and did not have their charges disclosed by police, was arrested on May 9 in Manchester and was bailed. [...]

Without any additional information to go on, it's difficult to make any kind of assumption about what these "text message blaster" devices might be. However, one possibility, judging from the messaging from the police, is that the plod are referring to an IMSI catcher aka a Stingray, which acts as a cellphone tower to communicate with people's handhelds. But those are intended primarily for surveillance. What's more likely is that the suspected UK device is perhaps some kind of SIM bank or collection of phones programmed to spam out shedloads of SMSes at a time.

Copycats are stepping up their attacks on small businesses. Sellers of products including merino socks and hummingbird feeders say they have lost customers to online scammers who use the legitimate business owners' videos, logos and social-media posts to assume their identities and steer customers to cheap knockoffs or simply take their money. WSJ: "We used to think you'd be targeted because you have a brand everywhere," said Alastair Gray, director of anticounterfeiting for the International Trademark Association, a nonprofit that represents brand owners. "It now seems with the ease at which these criminals can replicate websites, they can cut and paste everything." Technology has expanded the reach of even the smallest businesses, making it easy to court customers across the globe. But evolving technology has also boosted opportunities for copycats; ChatGPT and other advances in artificial intelligence make it easier to avoid language or spelling errors, often a signal of fraud.

Imitators also have fine-tuned their tactics, including by outbidding legitimate brands for top position in search results. "These counterfeiters will market themselves just like brands market themselves," said Rachel Aronson, co-founder of CounterFind, a Dallas-based brand-protection company. Policing copycats is particularly challenging for small businesses with limited financial resources and not many employees. Online giants such as Amazon.com and Meta Platforms say they use technology to identify and remove misleading ads, fake accounts or counterfeit products.

Wired visits Chula Vista, California (population: 275,487) — where since 2018 drones have been dispatched by police "teleoperators" monitoring 911 calls. ("Noise complaints, car accidents, overdoses, domestic disputes...") After nearly 20,000 drone flights, it's become the envy of other police departments, according to Wired's article, as other police departments "look to expand their use of unmanned aerial aircraft." The [Chula Vista] department says that its drones provide officers with critical intelligence about incidents they are responding to ahead of initiating in-person contact — which the CVPD says has reduced unnecessary police contacts, decreased response times, and saved lives. But a WIRED investigation paints a complicated picture of the trade-offs between public safety and privacy. In Chula Vista, drone flight paths trace a map of the city's inequality, with poorer residents experiencing far more exposure to the drones' cameras and rotors than their wealthier counterparts, a WIRED analysis of nearly 10,000 drone flight records from July 2021 to September 2023 found. The drones, often dispatched for serious incidents like reports of armed individuals, are also routinely deployed for minor issues such as shoplifting, vandalism, and loud music. [Drones are sent in response to about 1 in every 14 calls.] Early in the Covid-19 pandemic, the city even used drones to broadcast public service announcements to homeless encampments.

Despite the police promoting the benefits of the "Drone as First Responder" program, residents who encounter the technology day-to-day report feeling constantly watched. Some say they are afraid to spend time in their backyards; they fear that the machines are following them down the street, spying on them while they use the public pool or change their clothes. One resident says that he was so worried that the drones were harassing him that he went to the emergency room for severe depression and exhaustion. [A 60-year-old professor told Wired that the sound of drones kept them awake at night.]

The police drones, equipped with cameras and zoom lenses powerful enough to capture faces clearly and constantly recording while in flight, have amassed hundreds of hours of video footage of the city's residents. Their flight paths routinely take them over backyards and above public pools, high schools, hospitals, churches, mosques, immigration law firms, and even the city's Planned Parenthood facility. Privacy advocates argue that the extensive footage captured by the drones makes it difficult to distinguish between flights responding to specific incidents and mass surveillance from the sky. Department secrecy around the recordings remains the subject of ongoing litigation... At the time of our analysis, approximately one in 10 drone flights listed on the department's transparency portal lacked a stated purpose and could not be connected to any relevant 911 call.

America's Justice Department "indicted the creators of an application that helps people spend their bitcoins anonymously," writes Reason.com: They're accused of "conspiracy to commit money laundering." Why "conspiracy to commit" as opposed to just "money laundering"?

Because they didn't hold anyone else's money or do anything illegal with it. They provided a privacy tool that may have enabled other people to do illegal things with their bitcoin... What this tool does is offer what's known as a "coinjoin," a method for anonymizing bitcoin transactions by mixing them with other transactions, as the project's founder, Keonne Rodriguez, explained to Reason in 2022: "I think the best analogy for it is like smelting gold," he said. "You take your Bitcoin, you add it into [the conjoin protocol] Whirlpool, and Whirlpool smelts it into new pieces that are not associated to the original piece."
Reason argues that providing the tool isn't a crime, just like selling someone a kitchen knife isn't a crime: The government's decision to indict Rodriguez and his partner William Lonergan Hill is also an attack on free speech because all they did was write open-source code and make it widely available. "It is an issue of a chilling effect on free speech," attorney Jerry Brito, who heads up the cryptocurrency nonprofit Coin Center, told Reason after the U.S. Treasury went after the creators of another piece of anonymizing software...

The most important thing about bitcoin, and money like it, isn't its price. It's the check it places on the government's ability to devalue, censor, and surviel our money. Creators of open-source tools like Samourai Wallet should be celebrated, not threatened with a quarter-century in a federal prison.
Long-time Slashdot reader SonicSpike shared the article...

"Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments," reports BleepingComputer: In a report Wednesday, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine... Once on the target system, the payload checks if it runs in a VMware ESXi environment by executing the 'uname' command and looking for 'vmkernel.' Next, a "TargetInfo.txt" file is created and sent to the command and control (C2) server. It contains victim information such as hostname, IP address, OS details, logged-in users and privileges, unique identifiers, and details about the encrypted files and directories. The ransomware will encrypt files that have VM-related extensions (vmdk, vmem, vswp, vmx, vmsn, nvram), appending the ".locked" extension to the resulting files.

Finally, a ransom note named "HOW TO DECRYPT.txt" is dropped, containing instructions for the victim on how to pay the ransom and retrieve a valid decryption key. "After all tasks have been completed, the shell script deletes the payload using the 'rm -f x' command so all traces that can be used in post-incident investigations are wiped from impacted machines."

Thanks to long-time Slashdot reader joshuark for sharing the article.

A worker at a retail store in an airport has been charged with stealing thousands of dollars in electronics and clothing, reports the Washington Post. But what's more interesting is what led to his arrest...

A woman showed up at his home looking for the missing luggage that she'd tracked with her Apple Watch. CNN reports: Paola Garcia told CNN affiliate WPLG in Miami that she usually takes her suitcase onboard, but this time, she was told she had to check it. Garcia waited at least two hours for her pink roller bag, which contained an Apple MacBook, Apple iPad, Apple Watch, jewelry, high-end woman's clothing and toiletries. It never came out on the luggage belt. In her WPLG interview, Garcia said that Spirit Airlines told her that her luggage had been sent to her house. The luggage never came.

But Garcia explored another avenue with her own electronic tracker. Garcia, not named in the affidavit, later pinged the electronic items inside the bag to try and locate them, and the ping showed them at an address in Fort Lauderdale, the affidavit said... While at the house, she took video and still pictures, where she saw "several pieces of luggage in the front of the home," none of which were her own, the affidavit said. Garcia told WPLG that she dialed 911. "The first thing I remember the police told me is: 'What are you doing here? This is so dangerous for you to be here.' "

When a detective with the Broward County Sheriff's Office searched the address within the airport's employee databases, he found that Bazile reportedly lived at the address. Bazile was listed as working at a Paradies Lagardère Travel Retail store at the airport and was working on the day of the theft, according to the affidavit.
So apparently when the airline said the luggage had been sent to her house — they were wrong. In fact when police contacted a store manager, "he provided the detective with internal CCTV footage from the day of the incident," CNN reports, "which allegedly showed Bazile entering the store's storage room with a pink shell roller bag, matching the description of the stolen bag, and rummaging through the luggage, the affidavit said.

"He then appeared to take the MacBook and other smaller items out of the luggage and put them in other bags."

Retailers are struggling to rein in the proliferation of scammers tricking Americans into buying thousands of dollars' worth of gift cards. From a report: The Federal Trade Commission estimates that Americans lost at least $217 million to gift card scams last year. That number is likely higher, given many victims are too embarrassed to report to law enforcement. Cracking down on gift card scams was a hot topic this week at the National Retail Federation's (NRF) cybersecurity conference in Long Beach, California.

Some gift card scams start with texts from people pretending to be tech support, your boss, the government or a wrong number. Eventually, those conversations lead to someone asking the victim to buy gift cards on their behalf and send the barcode number to them via text. Others involve criminals in physical locations, tampering with a gift card to access the barcode information and then stealing the funds without taking the actual card. Each scam targets vulnerable populations: elderly, less-tech savvy people; those who are lonely and work from home; and even young kids, experts say.

An anonymous reader quotes a report from BleepingComputer: The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. FBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on Cyber Security. "From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," the FBI Cyber Lead said in a keynote. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov."

This call to action comes after law enforcement took down LockBit's infrastructure in February 2024 in an international operation dubbed "Operation Cronos." At the time, police seized 34 servers containing over 2,500 decryption keys, which helped create a free LockBit 3.0 Black Ransomware decryptor. After analyzing the seized data, the U.K.'s National Crime Agency and the U.S. Justice Department estimate the gang and its affiliates have raked in up to $1 billion in ransoms following 7,000 attacks targeting organizations worldwide between June 2022 and February 2024. However, despite law enforcement efforts to shut down its operations, LockBit is still active and has since switched to new servers and dark web domains. After disrupting LockBit in February, the U.S. State Department said it is offering a reward of up to $15 million for information leading to the identification or location of the leaders of the ransomware group.

US lawmakers accused Nigeria of taking a Binance executive "hostage" and urged President Joe Biden to help secure his release. From a report: Sixteen Republican congressman including Chairman of the House Foreign Affairs Committee Michael McCaul wrote to Biden to have the case of Tigran Gambaryan referred to the Office of the Special Presidential Envoy for Hostage Affairs. A US citizen, Gambaryan is head of financial crime compliance at Binance and has been held at a prison in the Nigerian capital, Abuja, since April.

"The charges against Mr. Gambaryan are baseless and constitute a coercion tactic by the Nigerian government to extort his employer, Binance," the lawmakers wrote in the June 4 letter, a copy of which has been seen by Bloomberg. "Following these charges, Mr. Gambaryan qualifies as a 'U.S. Citizen wrongfully detained by a foreign government,'" they said. The faceoff between Africa's most-populous nation and the world's largest cryptocurrency exchange burst into view in February, when Nigerian authorities detained Gambaryan and a colleague -- who subsequently escaped -- during a visit to discuss the company's compliance issues with the country.

"Within less than a minute, I'm approached by a store worker who comes up to me and says, 'You're a thief, you need to leave the store'."

That's a quote from the BBC by a wrongly accused customer who was flagged by a facial-recognition system called Facewatch. "She says after her bag was searched she was led out of the shop, and told she was banned from all stores using the technology."

Facewatch later wrote to her and acknowledged it had made an error — but declined to comment on the incident in the BBC's report: [Facewatch] did say its technology helped to prevent crime and protect frontline workers. Home Bargains, too, declined to comment. It's not just retailers who are turning to the technology... [I]n east London, we joined the police as they positioned a modified white van on the high street. Cameras attached to its roof captured thousands of images of people's faces. If they matched people on a police watchlist, officers would speak to them and potentially arrest them...

On the day we were filming, the Metropolitan Police said they made six arrests with the assistance of the tech... The BBC spoke to several people approached by the police who confirmed that they had been correctly identified by the system — 192 arrests have been made so far this year as a result of it.
Lindsey Chiswick, director of intelligence for the Met, told the BBC that "It takes less than a second for the technology to create a biometric image of a person's face, assess it against the bespoke watchlist and automatically delete it when there is no match."

"That is the correct and acceptable way to do it," writes long-time Slashdot reader Baron_Yam, "without infringing unnecessarily on the freedoms of the average citizen. Just tell me they have appropriate rules, effective oversight, and a penalty system with teeth to catch and punish the inevitable violators."

But one critic of the tech complains to the BBC that everyone scanned automatically joins "a digital police line-up," while the article adds that others "liken the process to a supermarket checkout — where your face becomes a bar code." And "The error count is much higher once someone is actually flagged. One in 40 alerts so far this year has been a false positive..."

Thanks to Slashdot reader Bruce66423 for sharing the article.

An anonymous reader shared this report from the Washington Post: Twice before, this Virginia carpenter had awoken in the predawn to start his work day only to find one of his vans broken into. Tools he depends on for a living had been stolen, and there was little hope of retrieving them. Determined to shut down thieves, he said, he bought a bunch of Apple AirTags and hid the locator devices in some of his larger tools that hadn't been pilfered. Next time, he figured, he would track them.

It worked.

On Jan. 22, after a third break-in and theft, the carpenter said, he drove around D.C.'s Maryland suburbs for hours, following an intermittent blip on his iPhone, until he arrived at a storage facility in Howard County. He called police, who got a search warrant, and what they found in the locker was far more than just one contractor's nail guns and miter saws.

The storage unit, stuffed with purloined power tools, led detectives to similar caches in other places in the next four months — 12 locations in all, 11 of them in Howard County — and the recovery of about 15,000 saws, drills, sanders, grinders, generators, batteries, air compressors and other portable (meaning easily stealable) construction equipment worth an estimated $3 million to $5 million, authorities said.
Some were stolen as long ago as 2014, a police spokesperson told the Washington Post, coming from "hundreds if not thousands" of victims...

Former FTX executive Ryan Salame has been sentenced to more than seven years in prison, "the first of the lieutenants of failed cryptocurrency mogul Sam Bankman-Fried to receive jail time for their roles in the 2022 collapse of the cryptocurrency exchange," reports the Associated Press. From the report: Salame, 30, was a high-ranking executive at FTX for most of the exchange's existence and, up until its collapse, was the co-CEO of FTX Digital Markets. He pleaded guilty last year to illegally making unlawful U.S. campaign contributions and to operating an unlicensed money-transmitting business. The sentence of 7 1/2 years in prison, plus three years of supervised release, was more than the five to seven years prosecutors had asked Judge Lewis A. Kaplan to impose on Salame in their pre-sentencing memo.

While Salame was a high-level executive at FTX, he was not a major part of the government's case against Bankman-Fried at his trial earlier this year and did not testify against him. In a bid for leniency, Salame said during the sentencing hearing that he cooperated and even provided documents that aided prosecutors in their cross examination of Bankman-Fried, as well as in his own prosecution. Along with helping Bankman-Fried hide the holes in FTX's balance sheet that ultimately led to the exchange's failure, Salame was used as a conduit for Bankman-Fried to make illegal campaign contributions to help shape U.S. policy on cryptocurrencies. On the surface, Bankman-Fried mostly gave political contributions to Democrats and liberal-leaning causes, while Salame gave contributions to Republicans and right-leaning causes. But ultimately the funds that Salame used for those contributions came from Bankman-Fried.

The judge also chastised Salame for pulling $5 million in cryptocurrencies out of FTX as the exchange was failing. "You tried to withdraw tens of millions more," Kaplan said. "It was me first. I'm getting in the lifeboat first. To heck with all those customers."

In 2011 Ross Ulbricht launched an anonymous, Tor-hidden "darknet" marketplace (with transactions conducted in bitcoin). By 2015 he'd been sentenced to life in prison for crimes including money laundering, distributing narcotics, and trafficking in fraudulent identity documents — without the possibility of parole.

Today a U.S. presidential candidate promised to commute that life sentence — Donald Trump, speaking at the national convention of the Libertarian Party as it prepares to nominate its own candidate for president.

Commuting Ulbricht's life sentence is "a top demand" of a political movement that intends to run its own candidate against Trump, reports Semafor: "On day one, we will commute the sentence," Trump said, offering to free the creator of what was once the internet's most infamous drug clearinghouse. "We will bring him home." His speeches more typically include a pledge to execute drug dealers, citing China as a model.

"It's time to be winners," said Trump, asking rhetorically if third party delegates wanted to go on getting single-digit protest votes. "I'm asking for the Libertarian Party's endorsement, or at least lots of your votes...."

"I've been indicted by the government on 91 different things," Trump said. "So if I wasn't a libertarian before, I sure as hell am a libertarian now."
More coverage from NBC News: At times, Trump turned on the crowd, criticizing libertarians' turnout at previous elections. "You can keep going the way you have for the last long decades and get your 3% and meet again, get another 3%," Trump said following jeers from the crowd.
Another high-profile supporter for commuting Ulbricht's sentence is actor-turned documentary maker Alex Winter. Best known for playing slacker Bill S. Preston Esq in Bill & Ted's Excellent Adventure and its sequels, Winter also directed, wrote, and co-produced the 2015 documentary Deep Web: The Untold Story of Bitcoin and the Silk Road (narrated by Keanu Reeves).

Writing earlier this month in Rolling Stone, Winter called Silk Road "inarguably a criminal operation" but also "a vibrant and diverse community of people from around the world. They were not only there for drugs but for the freedom of an encrypted and anonymous space, to convene and discuss everything from politics to literature and art, philosophy and drugs, drug recovery, and the onerous War on Drugs..." It's my firm opinion, and the opinion of many prison-system and criminal-law experts, that [Ulbricht's] sentence is disproportionate to his charges and that he deserves clemency. This case indeed reflects just one of the millions of unjust sentences in the long and failed War on Drugs... No matter what one thinks of Ulbricht, Silk Road, or the crimes that may have been committed, 10 years in prison is more than sufficient and customary punishment for those offenses or sins. Ross Ulbricht should be free.

Political consultant Steven Kramer faces a $6 million fine and over two dozen criminal charges for using AI-generated robocalls mimicking President Joe Biden's voice to mislead New Hampshire voters ahead of the presidential primary. The Associated Press reports: The Federal Communications Commission said the fine it proposed Thursday for Steven Kramer is its first involving generative AI technology. The company accused of transmitting the calls, Lingo Telecom, faces a $2 million fine, though in both cases the parties could settle or further negotiate, the FCC said. Kramer has admitted orchestrating a message that was sent to thousands of voters two days before the first-in-the-nation primary on Jan. 23. The message played an AI-generated voice similar to the Democratic president's that used his phrase "What a bunch of malarkey" and falsely suggested that voting in the primary would preclude voters from casting ballots in November.

Kramer is facing 13 felony charges alleging he violated a New Hampshire law against attempting to deter someone from voting using misleading information. He also faces 13 misdemeanor charges accusing him of falsely representing himself as a candidate by his own conduct or that of another person. The charges were filed in four counties and will be prosecuted by the state attorney general's office. Attorney General John Formella said New Hampshire was committed to ensuring that its elections "remain free from unlawful interference."

Kramer, who owns a firm that specializes in get-out-the-vote projects, did not respond to an email seeking comment Thursday. He told The Associated Press in February that he wasn't trying to influence the outcome of the election but rather wanted to send a wake-up call about the potential dangers of artificial intelligence when he paid a New Orleans magician $150 to create the recording. "Maybe I'm a villain today, but I think in the end we get a better country and better democracy because of what I've done, deliberately," Kramer said in February.

In what's believed to be the first case of its kind, the U.S. Department of Justice arrested a Wisconsin man last week for generating and distributing AI-generated child sexual abuse material (CSAM). Even if no children were used to create the material, the DOJ "looks to establish a judicial precedent that exploitative materials are still illegal," reports Engadget. From the report: The DOJ says 42-year-old software engineer Steven Anderegg of Holmen, WI, used a fork of the open-source AI image generator Stable Diffusion to make the images, which he then used to try to lure an underage boy into sexual situations. The latter will likely play a central role in the eventual trial for the four counts of "producing, distributing, and possessing obscene visual depictions of minors engaged in sexually explicit conduct and transferring obscene material to a minor under the age of 16." The government says Anderegg's images showed "nude or partially clothed minors lasciviously displaying or touching their genitals or engaging in sexual intercourse with men." The DOJ claims he used specific prompts, including negative prompts (extra guidance for the AI model, telling it what not to produce) to spur the generator into making the CSAM.

Cloud-based image generators like Midjourney and DALL-E 3 have safeguards against this type of activity, but Ars Technica reports that Anderegg allegedly used Stable Diffusion 1.5, a variant with fewer boundaries. Stability AI told the publication that fork was produced by Runway ML. According to the DOJ, Anderegg communicated online with the 15-year-old boy, describing how he used the AI model to create the images. The agency says the accused sent the teen direct messages on Instagram, including several AI images of "minors lasciviously displaying their genitals." To its credit, Instagram reported the images to the National Center for Missing and Exploited Children (NCMEC), which alerted law enforcement. Anderegg could face five to 70 years in prison if convicted on all four counts. He's currently in federal custody before a hearing scheduled for May 22.