In the past year, a new term has arisen to describe an online scam raking in millions, if not billions, of dollars per year. It's called "pig butchering," and now even Apple is getting fooled into participating. From a report: Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams. At least one of those apps also made it into Google Play, but that market is notorious for the number of malicious apps that bypass Google vetting. Sophos said this was the first time it had seen such apps in the App Store and that a previous app identified in these types of scams was a legitimate one that was later exploited by bad actors.

Pig butchering relies on a rich combination of apps, websites, web hosts, and humans -- in some cases human trafficking victims -- to build trust with a mark over a period of weeks or months, often under the guise of a romantic interest, financial adviser, or successful investor. Eventually, the online discussion will turn to investments, usually involving cryptocurrency, that the scammer claims to have earned huge sums of money from. The scammer then invites the victim to participate. Once a mark deposits money, the scammers will initially allow them to make withdrawals. The scammers eventually lock the account and claim they need a deposit of as much as 20 percent of their balance to get it back. Even when the deposit is paid, the money isn't returned, and the scammers invent new reasons the victim should send more money. The pig-butchering term derives from a farmer fattening up a hog months before it's butchered.

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. The Register reports: The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device from the network," Microsoft wrote in a blog post. "This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature." Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.

According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they're behind a full VPN tunnel, they won't be able to reach Microsoft's Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network. Isolating the system is done via APIs. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions. Microsoft has outlined the APIs for both isolating the device and releasing it from lock down.

Celsius Network misled its investors -- and on occasion used new customer funds to pay for other customers' withdrawals, the usual definition of a Ponzi scheme, an independent examiner (PDF) for the U.S. bankruptcy court in New York said in a Tuesday filing. CoinDesk reports: In September, Shoba Pillay was asked by the court to offer an outside view of goings-on at the crypto lender, has now published an account of the firm's operations in the runup to bankruptcy being declared in July. "In every key respect -- from how Celsius described its contract with its customers to the risks it took with their crypto assets -- how Celsius ran its business differed significantly from what Celsius told its customers," Pillay wrote, after interviewing staffers, including former Chief Executive Officer Alex Mashinsky, as well as customers of and vendors to the company. [...]

Despite repeatedly saying he was not selling CEL, and despite employees internally saying the token's true value was zero, Mashinsky sold 25 million tokens to the value of at least $68.7 million between 2018 and bankruptcy, Pillay said. Co-founders Nuke Goldstein and S. Daniel Leon are cited as making CEL sales valued at $2.8 million and $9.74 million respectively. Pillay said Mashinsky's claims to the media and on social media to "always have 200% collateral" were "far off the mark," with 14% of Celsius' institutional loans wholly unsecured in December 2020. That figure rose to nearly 36% by mid-2021 -- and even then some of the collateral was in unstable assets such as FTX's FTT token, Pillay said.

"What Celsius and Mr. Mashinsky never did was correct the record after the fact for the thousands of live audience members who heard these misstatements or for those who watched the recorded videos on YouTube before they were edited," Pillay said. Pillay also uncovered "significant tax compliance deficiencies" in the company, saying that its mining arm may owe over $23.1 million in use taxes, and has reserved $3.7 million in liability in U.K. value-added tax.

Google's cell network provider Google Fi has confirmed a data breach, likely related to the recent security incident at T-Mobile, which allowed hackers to steal millions of customers' information. From a report: In an email sent to customers on Monday, obtained by TechCrunch, Google said that the primary network provider for Google Fi recently informed the company that there had been suspicious activity relating to a third party support system containing a "limited amount" of Google Fi customer data.

The timing of the notice -- and the fact that Google Fi uses a combination of T-Mobile and U.S. Cellular for network connectivity -- suggests the breach is linked to the most recent T-Mobile hack. This breach, disclosed on January 19, allowed intruders access to a trove of personal data belonging to 37 million customers, including billing addresses, dates of birth and T-Mobile account details. The incident marked the eighth time T-Mobile has been hacked since 2018. In the case of the Google Fi's breach, Google says the hackers accessed limited customer information, including phone numbers, account status, SIM card serial numbers, and information related to details about customers' mobile service plan, such as whether they have selected unlimited SMS or international roaming.

Why does it feel like Amazon is making itself worse? From a report: Efforts to find independent reviews of Amazon-exclusive products rarely turn up high-quality content; many sites just summarize Amazon reviews in an effort to collect search traffic from Google and eventually affiliate commissions from Amazon itself. You read a little feedback to quell your doubts or ease your mind, then eventually, or quickly, you pluck a spatula out of the cascade. There's a good chance, however, that it won't actually be sold by Amazon but rather by a third-party seller that has spent months or years and many thousands of dollars hustling for search placement on the platform -- its "store," to use Amazon's term, is where you will have technically bought this spatula. There's an even better chance you won't notice this before you order it. In any case, it'll be at your door in a couple of days.

The system worked. But what system? In your short journey, you interacted with a few. There was the '90s-retro e-commerce interface, which conceals a marketplace of literally millions of sellers, each scrapping for relevance, using Amazon as a sales channel for their own semi-independent businesses. It subjected you to the multibillion-dollar advertising network planted between Amazon users and the things they browse and buy. It was shipped to you through a sprawling, submerged logistics empire with nearly a million employees and contractors in the United States alone. You were guided almost entirely by an idiosyncratic and unreliable reputation system, initially designed to review books, that has used years of feedback from hundreds of millions of customers to help construct an alternative universe of sometimes large but often fleeting brands that have little identity or relevance outside of the platform. You found what you were looking for, sort of, through a process that didn't feel much like shopping at all.

This is all normal in that Amazon is so dominant that it sets norms. But its essential weirdness -- its drift from anything resembling shopping or informed consumption -- is becoming harder for Amazon's one-click magic trick to hide. Interacting with Amazon, for most of its customers, broadly produces the desired, expected, and generally unrivaled result: They order all sorts of things; the prices are usually reasonable, and they don't have to think about shipping costs; the things they order show up pretty quickly; returns are no big deal. But, at the core of that experience, something has become unignorably worse. Late last year, The Wall Street Journal reported that Amazon's customer satisfaction had fallen sharply in a range of recent surveys, which cited COVID-related delivery interruptions but also poor search results and "low-quality" items. More products are junk. The interface itself is full of junk. The various systems on which customers depend (reviews, search results, recommendations) feel like junk. This is the state of the art of American e-commerce, a dominant force in the future of buying things. Why does it feel like Amazon is making itself worse? Maybe it's slipping, showing its age, and settling into complacency. Or maybe -- hear me out -- everything is going according to plan.

Frontier, an internet service provider (ISP) that services 25 US states, has just launched 5 Gig fiber internet service across its entire network. The Verge reports: Frontier launched 2 Gig fiber internet service less than a year ago, and the 5 Gig plan is currently available in all of Frontier's fiber-connected markets, with no phased rollouts. Compared to the cable-bound internet that most of us are familiar with, Frontier's 5 Gig internet is reported to have upload speeds that are up to 125 times faster and up to five times faster downloads, all delivered with less latency. The new 5 Gig network is one of the fastest internet options currently available in the US, with other fiber-enabled ISPs like Verizon Fios and Google Fiber still capped at around 2Gbps.

Right now, the only other 5 Gig network currently available in the US is through AT&T, which offers 2 Gig and 5 Gig plans. Google Fiber is also slated to add 5-gig and 8-gig plans to its lineup sometime this year, despite its numerous setbacks.

Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."

At the UN's COP27 climate summit in November, "observer status" was granted to representatives from the Linux Foundation's nonprofit Green Software Foundation, and from its Hyperledger Foundation, a not-for-profit umbrella project for open source blockchains and related tools.

So what happened? From the Linux Foundation's blog: At COP27, one thing that was clear to many is that the complexity of the climate crisis and the pace of change needed will require open source approaches to problem-solving and information sharing — only then will we achieve the required global collaboration to collectively reduce carbon emissions and adapt our communities to survive extreme climate events. We believe that the Linux and Hyperledger Foundations have a role to play in this quickly evolving ecosystem....

The Linux Foundation is committed to exploring how open source data models, standards, and technologies can enable a decarbonized economy. The lessons we learned at COP27 clarified that there is a crucial opportunity for us to contribute to this effort by developing open source solutions that provide accurate, curated, up-to-date, accessible, and interoperable emissions data, as well as open source tools that enable asset owners, asset managers, banks, and real economy companies to accelerate Net Zero-aligned resilient investment and finance in the companies and projects that are climate-sustainable; enable real economy companies to accelerate their transition through Paris-aligned R&D, product development, and CapEx; provide regulators the information needed to manage systemic risk across the economy; empower policymakers and civil society to press for change more effectively.

We are excited to be part of this important movement! By taking a leadership role in this space with our projects, standards, and protocols, we hope to support global climate action in meaningful ways.
The blog post also shared an update from the representative from the Green Software Foundation, a non-profit creating "a trusted ecosystem of people, standards, tooling and best practices for green software." [T]the tech sector has a significant carbon footprint comparable to the shipping industry. For digital technologies to be true enablers for emissions reductions, there's a clear need to ensure that when we replace a process with a digitized one, it gets us closer to our climate targets.


To support this end, at COP27, Green Software announced several initiatives to support this goal, from a free, certified Green Software for Practitioners course, as well as the Software Carbon Intensity specification, a standardized protocol to measure the carbon emissions of software to achieve wide industry and academic adoption, a pattern library for engineers to adopt in their own software designs, along with a month-long global hackathon, Carbonhack, demonstrating these techniques and the impact they can have in reducing emissions from information technologies.

An anonymous reader shares Reuters' report from earlier this week: Microsoft Corp said on Wednesday it had recovered all of its cloud services after a networking outage took down its cloud platform Azure along with services such as Teams and Outlook used by millions around the globe. Azure's status page showed services were impacted in Americas, Europe, Asia Pacific, Middle East and Africa. Only services in China and its platform for governments were not hit. By late morning Azure said most customers should have seen services resume after a full recovery of the Microsoft Wide Area Network (WAN).

An outage of Azure, which has 15 million corporate customers and over 500 million active users, according to Microsoft data, can impact multiple services and create a domino effect as almost all of the world's largest companies use the platform.... Microsoft did not disclose the number of users affected by the disruption, but data from outage tracking website Downdetector showed thousands of incidents across continents.... Azure's share of the cloud computing market rose to 30% in 2022, trailing Amazon's AWS, according to estimates from BofA Global Research.... During the outage, users faced problems in exchanging messages, joining calls or using any features of Teams application. Many users took to Twitter to share updates about the service disruption, with #MicrosoftTeams trending as a hashtag on the social media site.... Among the other services affected were Microsoft Exchange Online, SharePoint Online, OneDrive for Business, according to the company's status page.

"I think there is a very big debate to be had on resiliency in the comms and cloud space and the critical applications," Symphony Chief Executive Brad Levy said.
From Microsoft's [preliminary] post-incident review: We determined that a change made to the Microsoft Wide Area Network (WAN) impacted connectivity between clients on the internet to Azure, connectivity across regions, as well as cross-premises connectivity via ExpressRoute.

As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them. The command that caused the issue has different behaviors on different network devices, and the command had not been vetted using our full qualification process on the router on which it was executed....

Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network. Due to the pause in these systems, some paths in the network experienced increased packet loss from 09:35 UTC until those systems were manually restarted, restoring the WAN to optimal operating conditions. This recovery was completed at 12:43 UTC.
Thanks to Slashdot reader bobthesungeek76036 for submitting the story.

Intel's disastrous Q4 2022 earnings found the company losing $661 million and its margins crashing to the lowest point in decades, so it isn't surprising that the company announced new cost-cutting measures. From a report: That includes news that it would no longer invest in new products for its networking switch business, effectively sunsetting the unit much like it recently decided to end its Optane Memory business. Surprisingly, Intel also pulled the rug from under its respected RISC-V Pathfinder program without a formal announcement, raising questions about its commitment to its other broad investments in the RISC-V ecosystem.

"NEX continues to do well and is a core part of our strategic transformation, but we will end future investments in our network switching product line, while still fully supporting existing products and customers," said Intel CEO Pat Gelsinger. "Since my return, we have exited seven businesses, providing in excess of $1.5 billion in savings," he added. However, Gelsinger also noted that he is still doing a thorough analysis across Intel's portfolio to look for other cost-saving measures in areas that don't generate strong returns. Intel's networking switch business stems from acquiring Barefoot networks in 2019 for an undisclosed sum (the company had raised $144 million over several investment rounds). The Tofino series of network switches gave Intel yet another tool in its arsenal of data center 'adjacencies' that it could leverage to expand its data center revenue. However, this unit faces stiff competition from entrenched players like Broadcom, Cisco, and Nvidia's Mellanox, making it an easy cost-cutting target.

The FBI revealed today that it had shut down the prolific ransomware gang called Hive, "a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims," reports Reuters. Slashdot readers wiredmikey and unimind shared the news. From the report: At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations' data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. "Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."

News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.

The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."

European Commission: Have you ever struggled to understand whether you were buying directly from Google or from a different brand, or had difficulty finding information about final costs? In order to further align its practices with EU law -- mainly on lack of transparency and clear information to consumers -- Google has committed to introduce changes in several of its products and services. Following a dialogue started in 2021 with the Consumer Protection Cooperation Network (CPC), coordinated by the European Commission and led by the Dutch Authority for Consumers and Markets and the Belgian Directorate-General for Economic Inspection, Google has agreed to address issues raised by the authorities and to introduce changes in Google Store, Google Play Store, Google Hotels and Google Flights to ensure compliance with EU consumer rules.

Following the dialogue, Google has committed to limit its capacity to make unilateral changes related to orders when it comes to price or cancellations, and to create an email address whose use is reserved to consumer protection authorities, so that they can report and request the quick removal of illegal content. Moreover, Google agreed to introduce a series of changes to its practices, such as:

Google Flights and Google Hotels:
1. Make clear to consumers whether they contract directly with Google or whether it is simply acting as an intermediary;
2. Clarify the price used as a reference when discounts are advertised on the platform, as well as the fact that reviews are not verified on Google Hotels;
3. Accept the same transparency commitments as other big accommodation platforms as regards the way it presents information to consumers, for example, on prices or availability.

Google Play Store and Google Store:
1. Provide clear pre-contractual information on delivery costs, right of withdrawal and availability of repair or replacement options. Furthermore, Google will facilitate also information on the company (e.g. legal name and address) and direct and effective contact points (e.g. a live telephone agent);
2. Clarify how to browse different country versions of the Google Play Store and inform developers about their obligations under the Geo-blocking Regulation to make their apps accessible EU-wide, as well as enable consumers to use means of payment from any EU country.

An anonymous reader quotes a report from TechCrunch: If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there's a chance your credit card number and personal information were exposed. Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders' information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses -- and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder's information.

The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: Any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data. Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.

But in this case, Sen wasn't the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database's contents of credit card data and would return it in exchange for a small sum of cryptocurrency. A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. [...] Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later. Many of the stores leaking customers' information claim to operate out of Hong Kong and were set up in the past few weeks. Some of the websites include: spraygroundusa.com, ihuahebuy.com, igoodlinks.com, ibuysbuy.com, lichengshop.com, hzoushop.com, goldlyshop.com, haohangshop.com, twinklebubble.store, and spendidbuy.com.

An anonymous reader quotes a report from The Guardian: Pakistan's national grid suffered a major breakdown, leaving millions of people without electricity for the second time in three months and highlighting the infrastructural weakness of the heavily indebted nation. The energy minister, Khurram Dastgir, said the outage on Monday was caused by a large voltage surge in the south of the grid, which affected the entire network. Supplies were being partially restored from north to the south, he added, nearly six hours after factories, hospitals and schools reported outages. The grid should be fully functioning by 10pm (1700 GMT), Dastgir said, adding: "We are trying our utmost to achieve restoration before that."

Like much of the national infrastructure, Pakistan's grid needs an upgrade that the government says it can ill afford. Pakistan has enough installed power capacity to meet demand, but it lacks resources to run its oil-and-gas powered plants -- and the sector is so heavily in debt that it cannot afford to invest in infrastructure and power lines. "We have been adding capacity, but we have been doing so without improving transmission infrastructure," Fahad Rauf, the head of research at Karachi-based brokerage Ismail Iqbal Industries, said.

New York's chief financial regulator is set to release new guidance on Monday dictating that companies separate customers' crypto assets from their own, after alleged co-mingling of funds at collapsed crypto exchange FTX and its affiliated trading firm Alameda Research led to hefty losses for clients. From a report: The New York State Department of Financial Services (NYDFS), which leads one of the few state agencies with a regulatory system in place for cryptocurrency companies, will also stipulate that state-regulated companies disclose to customers how they account for clients' digital currency. The guidance is the latest in a series of crypto-related directives NYDFS has issued in the past year, which saw a market collapse that wiped about $1.3 trillion off the value of crypto tokens in 2022. The meltdown triggered the bankruptcies of crypto firms such as FTX, Celsius Network and most recently, Genesis Global Capital, whose lending unit filed for U.S. bankruptcy protection on Thursday. It comes as federal regulators such as the U.S. Commodity Futures Trading Commission (CFTC) are warning about the lack of consumer protections in the crypto sector. Federal agencies like the CFTC say much of what they can do is limited without congressional legislation that would give them additional authority.

FTX's new chief executive, John J. Ray III, said he is looking into the possibility of reviving the bankrupt crypto exchange as he works to return money to the failed company's customers and creditors. From a report: In his first interview since taking over FTX in November, Mr. Ray said that he has set up a task force to explore restarting FTX.com, the company's main international exchange. Although top FTX executives have been accused of criminal misconduct, some customers have praised its technology and suggested that there would be value in rebooting the platform, he said. "Everything is on the table," Mr. Ray said. "If there is a path forward on that, then we will not only explore that, we'll do it."

FTX's bankruptcy filing marked the largest of several failures of cryptocurrency platforms last year that froze millions of users' access to their accounts. FTX, Celsius Network, Voyager Digital and BlockFi have used the chapter 11 process to explore restarting their businesses and selling their platforms to stronger rivals. Another option is to simply close up shop and return crypto holdings to customers as quickly as possible. Mr. Ray said he would look into whether reviving FTX's international exchange would recover more value for the company's customers than his team could get from simply liquidating assets or selling the platform. "There are stakeholders we're working with who've identified what they see is a viable business," he said.

Stephen Colbert is joining the team that is adapting Roger Zelazny's "The Chronicles of Amber" for television. Variety reports: Colbert will now executive produce the potential series under his Spartina production banner. Spartina joins Skybound Entertainment and Vincent Newman Entertainment (VNE) on the series version of the beloved fantasy novels, with Skyboudn first announcing their intention to develop the series back in 2016. The books have been cited as an influence on "Game of Thrones," with author George R.R. Martin recently stating he wanted to see the books brought to the screen.

"The Chronicles of Amber" follows the story of Corwin, who is said to "awaken on Earth with no memory, but soon finds he is a prince of a royal family that has the ability to travel through different dimensions of reality (called 'shadows') and rules over the one true world, Amber." The story is told over ten books with two story arcs: "The Corwin Cycle" and "The Merlin Cycle." The series has sold more than fifteen million copies globally. The search is currently on for a writer to tackle the adaptation. No network or streamer is currently attached. Colbert and Spartina are currently under a first-look deal at CBS Studios, but they are not currently the studio behind the series. "George R.R. Martin and I have similar dreams," Colbert said. "I've carried the story of Corwin in my head for over 40 years, and I'm thrilled to partner with Skybound and Vincent Newman to bring these worlds to life. All roads lead to Amber, and I'm happy to be walking them."

An anonymous reader quotes a report from Ars Technica: According to a new study, a little over 70 percent of prescription drugs advertised on television were rated as having "low therapeutic value," meaning they offer little benefit compared with drugs already on the market. The study, appearing in JAMA Open Network, aligns with longstanding skepticism that heavily promoted drugs have high therapeutic value. "One explanation might be that drugs with substantial therapeutic value are likely to be recognized and prescribed without advertising, so manufacturers have greater incentive to promote drugs of lesser value," said the authors, which include researchers at Harvard, Yale, and Dartmouth.

For the new study, researchers led by Aaron Kesselheim, who leads Harvard's Program On Regulation, Therapeutics, And Law (PORTAL), looked at monthly lists of the top-advertised drugs on TV in the US between 2015 and 2021. They also looked up therapeutic value ratings for those drugs from independent health assessment agencies in Canada, France, and Germany. The value ratings were based on drugs' therapeutic benefit, safety profile, and strength of evidence, as compared with existing drugs. Any drug rated "moderate" or above was classified as a "high value" drug for the study. For drugs with multiple ratings, the study authors used the most favorable rating, which they note could overestimate the proportion of higher-benefit drugs.

Of the top advertised drugs, 73 had at least one value rating. Collectively, pharmaceutical companies spent $22.3 billion on advertising for those 73 drugs between 2015 and 2021. Even with the generous ratings, 53 of the 73 drugs (roughly 73 percent) were categorized as low-benefit. Collectively, these low-benefit drugs accounted for $15.9 billion of the ad spending. The top three low-benefit drugs by dollar amount were Dulaglutide (type 2 diabetes), Varenicline (smoking cessation), and Tofacitinib (rheumatoid arthritis). The outlook for change is bleak, the authors note. "Policy makers and regulators could consider limiting direct-to-consumer advertising to drugs with high therapeutic or public health value or requiring standardized disclosure of comparative effectiveness and safety data," Kesselheim and his colleagues concluded, "but policy changes would likely require industry cooperation or face constitutional challenge." The report notes that the U.S. is "one of only two countries that allows direct-to-consumer (DTC) drug advertisements, such as TV commercials." The other is New Zealand.

Researchers at Carnegie Mellon University developed a method for detecting the three dimensional shape and movements of human bodies in a room, using only WiFi routers. From a report: To do this, they used DensePose, a system for mapping all of the pixels on the surface of a human body in a photo. DensePose was developed by London-based researchers and Facebook's AI researchers. From there, according to their recently-uploaded preprint paper published on arXiv, they developed a deep neural network that maps WiFi signals' phase and amplitude sent and received by routers to coordinates on human bodies. Researchers have been working on "seeing" people without using cameras or expensive LiDAR hardware for years. In 2013, a team of researchers at MIT found a way to use cell phone signals to see through walls; in 2018, another MIT team used WiFi to detect people in another room and translate their movements to walking stick-figures.

Department of Justice: A complaint was unsealed this morning in federal court in Brooklyn charging Anatoly Legkodymov, a Russian national and senior executive of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange, with conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements. Legkodymov was arrested last night in Miami and is scheduled to be arraigned this afternoon in the U.S. District Court for the Southern District of Florida. French authorities and the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) are taking concurrent enforcement actions.

According to court documents, Legkodymov is a senior executive and the majority shareholder of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange that operates globally. Bitzlato has marketed itself as requiring minimal identification from its users, specifying that "neither selfies nor passports [are] required." On occasions when Bitzlato did direct users to submit identifying information, it repeatedly allowed them to provide information belonging to "straw man" registrants. As a result of these deficient know-your-customer (KYC) procedures, Bitzlato allegedly became a haven for criminal proceeds and funds intended for use in criminal activity. Bitzlato's largest counterparty in cryptocurrency transactions was Hydra Market, an anonymous, illicit online marketplace for narcotics, stolen financial information, fraudulent identification documents, and money laundering services that was the largest and longest running darknet market in the world. Hydra Market users exchanged more than $700 million in cryptocurrency with Bitzlato, either directly or through intermediaries, until Hydra Market was shuttered by U.S. and German law enforcement in April 2022. Bitzlato also received more than $15 million in ransomware proceeds.