Businesses

Vungle CEO Arrested For Child Rape and Attempted Murder (axios.com) 59

Freshly Exhumed writes: Axios is working to get details about a revelation on a government website that Vungle CEO Zain Jaffer is facing charges at the Maple Street Correctional Center in Redwood City, California of attempted murder, a lewd act on a child, oral copulation of a person under 14, child abuse, assault with a deadly weapon and battery upon an officer and emergency personnel. Vungle is self-described on its website as "the leading in-app video advertising platform for performance marketers," and was founded by Jaffer in 2011. Vungle has since issued a statement: "While we do not have any information that is not in the public record at this point, these are extremely serious allegations, and we are shocked beyond words. While these are only preliminary charges, they are obviously so serious that it led to the immediate removal of Mr. Jaffer from any operational responsibility at the company. The company stressed that this matter has nothing to do with Mr. Jaffer's former role at the company." Axios notes that "the San Francisco-based company has raised over $25 million in VC funding from firms like Google Ventures, Thomvest Ventures, Crosslink Capital, SoftTech VC and 500 Startups."
Media

Body Camera Giant Wants Police To Collect Your Videos Too (fastcompany.com) 40

tedlistens shares a report from Fast Company: Axon, the police supplier formerly known as Taser and now a leading maker of police body cameras, has also charged into police software with a service that allows police to manage and eventually analyze increasingly large caches of video, like a Dropbox for cops. Now it wants to add the public's video to the mix. An online tool called Citizen, set to launch later this year, will allow police to solicit the public for photos or video in the aftermath of suspected crimes and ingest them into Axon's online data platform. Todd Basche, Axon's executive vice president for worldwide products, said the tool was designed after the company conducted surveys of police customers and the public and found that potentially valuable evidence was not being collected. "They all pointed us to the need to collect evidence that's out there in the community."

[But] systems like Citizen still raise new privacy and policy questions, and could test the limits of already brittle police-community relations. Would Citizen, for instance, also be useful for gathering civilian evidence of incidents of police misconduct or brutality? [And how would ingesting citizen video into online police databases, like Axon's Evidence.com, allow police to mine it later for suspicious activity, in a sort of dragnet fashion?] "It all depends," says one observer, "on how agencies use the tool."

Government

'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS (thehill.com) 105

An anonymous reader quotes a report from The Hill: The IRS does not expect the Equifax data breach to have a major effect on the upcoming tax filing season, Commissioner John Koskinen said Tuesday, adding that the agency believes a "significant" number of the victims already had their information stolen by cyber criminals. "We actually think that it won't make any significantly or noticeable difference," Koskinen told reporters during a briefing on the agency's data security efforts. "Our estimate is a significant percent of those taxpayers already had their information in the hands of criminals." The IRS estimates that more than 100 million Americans have had their personally identifiable information stolen by criminal hackers, he said.

The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."

Transportation

Dubai Police Get Hoverbikes (mashable.com) 118

An anonymous reader quotes Mashable: The Dubai police, which already has luxury patrol cars, self-driving pursuit drones, and a robot officer, just announced it will soon have officers buzzing around on hoverbikes, which look like an early version of the speeder bikes used by the scout troopers on Endor in Return of the Jedi. The force (see what I did there?) unveiled its new Hoversurf Scorpion craft at the Gitex Technology Week conference, according to UAE English language publication Gulf News. The police force will use the hoverbike for emergency response scenarios, giving officers the ability to zoom over congested traffic conditions by taking to the air... The Scorpion can also fly autonomously for almost four miles at a time for other emergencies.
The fully-electric hoverbike stays aloft for about 25 minutes per charge at a top speed around 43 mph.

Gulf News also reported that Dubai police "unveiled robotic vehicles which will be equipped with biometric software to scan for wanted criminals and undesirable elements."
Crime

Pizza Hut Leaks Credit Card Info On 60,000 Customers (kentucky.com) 76

An anonymous reader quotes McClatchy: Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.

"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."
Bitcoin

Ransomware Sales On the Dark Web Spike 2,502% In 2017 (carbonblack.com) 23

Slashdot reader rmurph04 writes: Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black.
While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"
Crime

Dutch Police Build a Pokemon Go-Style App For Hunting Wanted Criminals (csoonline.com) 62

"How can the police induce citizens to help investigate crime? By trying to make it 'cool' and turning it into a game that awards points for hits," reports CSO. mrwireless writes: Through their 'police of the future' innovation initiative, and inspired by Pokemon Go, the Dutch police are building an app where you can score points by photographing the license plates of stolen cars. When a car is reported stolen the app will notify people in the neighbourhood, and then the game is on! Privacy activists are worried this creates a whole new relationship with the police, as a deputization of citizens blurs boundaries, and institutionalizes 'coveillance' -- citizens spying on citizens. It could be a slippery slope to situations that more resemble the Stasi regime's, which famously used this form of neighborly surveillance as its preferred method of control.
CSO cites Spiegel Online's description of the unofficial 189,000 Stasi informants as "totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees and Communist bosses denouncing party members."

The Dutch police are also building another app that allows citizens to search for missing persons.
Sci-Fi

Why Is 'Blade Runner' the Title of 'Blade Runner'? (vulture.com) 221

Why is Blade Runner called Blade Runner? Though the viewer is told in the opening text of Ridley Scott's 1982 original that "special Blade Runner units" hunt renegade replicants -- and though the term "Blade Runner" is applied to Harrison Ford's Rick Deckard a few times in the film -- we're never given an explanation of where the proper noun comes from. The novel upon which Blade Runner was based, Philip K. Dick's Do Androids Dream of Electric Sheep?, offers no clues either.
Businesses

The Case Against Biometric IDs (nakedcapitalism.com) 146

"The White House and Equifax Agree: Social Security Numbers Should Go," reads a headline at Bloomberg. Securities lawyer Jerri-Lynn Scofield tears down one proposed alternative: a universal biometric identity system (possibly using fingerprints and an iris scan) with further numeric verification. Presto Vivace shared the article: Using a biometric system when the basic problem of securing and safeguarding data have yet to be solved will only worsen, not address, the hacking problem. What we're being asked to do is to turn over our biometric information, and then trust those to whom we do so to safeguard that data. Given the current status of database security, corporate and governmental accountability, etc.: How do you think that is going to play out...?

[M]aybe we should rethink the whole impulse to centralize such data collection, for starters. And, after such a thought experiment, then further focus on obvious measures to safeguard such information -- such as installing regular software patches that could have prevented the Equifax hack -- should be the priority. And, how about bringing back a concept in rather short supply in C-suites -- that of accountability? Perhaps measures to increase that might be a better idea than gee whiz misdirected techno-wizardry... The Equifax hack has revealed the sad and sorry state of cybersecurity. But inviting the biometric ID fairy to drop by and replace the existing Social Security number is not the solution.

The article calls biometric identification systems "another source of data to be mined by corporations, and surveilled by those who want to do so. And it would ultimately not foil identity theft." It suggests currently biometric ids are a distraction from the push to change the credit bureau business model -- for example, requiring consumers to opt-in to the collection of their personal data.
Crime

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) 212

An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."
Bitcoin

Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) 169

"Drug dealer caught because of BitCoin usage," writes Slashdot reader DogDude. TechSpot reports: 38-year-old French national Gal Vallerius stands accused of acting as an administrator, senior moderator, and vendor for dark web marketplace Dream Market, where visitors can purchase anything from heroin to stolen financial data. Upon arriving at Atlanta international airport on August 31, Vallerius was arrested and his laptop searched. U.S. Drug Enforcement Administration agents allegedly discovered $500,000 of Bitcoin and Bitcoin cash on the computer, as well a Tor installation and a PGP encryption key for someone called OxyMonster...

In addition to his role with the site, agents had identified OxyMonster as a major seller of Oxycontin and crystal meth. "OxyMonster's vendor profile featured listings for Schedule II controlled substances Oxycontin and Ritalin," testified DEA agent Austin Love. "His profile listed 60 prior sales and five-star reviews from buyers. In addition, his profile stated that he ships from France to anywhere in Europe." Investigators discovered OxyMonster's real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius. Agents then checked his Twitter and Instagram accounts, where they found many writing similarities, including regular use of quotation marks, double exclamation marks, and the word "cheers," as well as intermittent French posts. The evidence led to a warrant being issued for Vallerius' arrest.

U.S. investigators had been monitoring the site for nearly two years, but got their break when Vallerius flew to the U.S. for a beard-growing competition in Austin, Texas. He now faces a life sentence for conspiracy to distribute controlled substances.
Businesses

US Telco Fined $3 Million in Domain Renewal Blunder (bleepingcomputer.com) 42

Catalin Cimpanu, writing for BleepingComputer: Sorenson Communications, a Utah-based telecommunications provider, received a whopping $3 million fine from the Federal Communications Commission (FCC) last week for failing to renew a crucial domain name used by a part of the local 911 emergency service. The affected service was the Video Relay System (VRS), a video calling service that telecommunication firms must provide to deaf people and others people with vocal disabilities so they can make video calls to 911 services and use sign language to notify operators of an emergency or crime. According to the FCC, on June 6, Sorenson failed to notice that the domain name on which the VRS 911 service ran had expired, leading to the entire system collapsing shortly after. Utah residents with disabilities were unable to reach 911 operators for almost three days, the FCC discovered. Sorensen noticed its blunder and renewed the domain three days later, on June 8.
Cellphones

US Prisons Have a Cellphone Smuggling Problem (nbcnews.com) 275

An anonymous reader quotes NBC: Cellphones smuggled into prisons -- enabling inmates to order murders, plan escapes, deal drugs and extort money -- have become a scourge in a bloc of states where corrections officers annually confiscate as many as one for every three inmates... In South Carolina, prison officers have found and taken one phone for every three inmates, the highest rate in the country. In Oklahoma, it's one phone for every six prisoners, the nation's second-highest rate... Cellphones are prized because they allow inmates to avoid privatized jailhouse phone and visitation services that charge up to $15 for a two-minute call home to friends and family. "Inmates call their mothers like most of us do on holidays," said Dr. John Shaffer, former executive deputy secretary for the Pennsylvania Corrections Department.

But for some, the phones serve a darker purpose. "Most of these guys are just chitchatting with their girlfriends, but some of these guys are stone-hardened criminals running criminal enterprises," said Kevin Tamez of the MPM group, a litigation consulting firm that specializes in prison security... Meth rings operated by prisoners with cellphones, some with ties to prison gangs like the Aryan Brotherhood, the Irish Mob Gang and the United Blood Nation, have been discovered in at least five Southern facilities. Phones have also played a role in breakouts, with one South Carolina inmate dialing up drone delivery of wire cutters and cash for his escape in July. Cellphones are so prevalent in the prison system, Tamez said, that "if you don't have them, you would look like a loser."

The article reports convicts have actually uploaded in-prison videos to Facebook Live and to Snapchat. "Georgia inmates used phones to take photos of themselves tying up or beating other prisoners, then texted the horrifying images to the victim's family and demanded cash."
AI

Many Machine Learning Studies Don't Actually Show Anything Meaningful, But They Spread Fear, Uncertainty, and Doubt (theoutline.com) 98

Michael Byrne, writing for the Outline: Here's what you need to know about every way-cool and-or way-creepy machine learning study that has ever been or will ever be published: Anything that can be represented in some fashion by patterns within data -- any abstract-able thing that exists in the objective world, from online restaurant reviews to geopolitics -- can be "predicted" by machine learning models given sufficient historical data. At the heart of nearly every foaming news article starting with the words "AI knows ..." is some machine learning paper exploiting this basic realization. "AI knows if you have skin cancer." "AI beats doctors at predicting heart attacks." "AI predicts future crime." "AI knows how many calories are in that cookie." There is no real magic behind these findings. The findings themselves are often taken as profound simply for having way-cool concepts like deep learning and artificial intelligence and neural networks attached to them, rather than because they are offering some great insight or utility -- which most of the time, they are not.
Power

Tesla Temporarily Boosts Battery Capacity For Hurricane Irma (sfgate.com) 328

Slashdot reader mikeebbbd noticed this in the AP's Florida hurricane coverage: Electric car maker Tesla says it has temporarily increased the battery capacity of some of its cars to help drivers escaping Hurricane Irma. The electric car maker said the battery boost was applied to Model S and X cars in the Southeast. Some drivers only buy 60 or 70 kilowatt hours of battery capacity, but a software change will give them access to 75 kilowatt hours of battery life until Saturday. Depending on the model, that could let drivers travel about 40 more miles before they would need to recharge their cars.

Tesla said it made the change after a customer asked the company for help evacuating. The company said it's possible it will make similar changes in response to similar events in the future.

Businesses

After Public Outcry From Customers, Britain's Biggest Bank HSBC Heads Off Complaints Over Small Business Account Closures (theguardian.com) 62

Julia Kollewe writing for The Guardian: HSBC has rushed to head off complaints from small businesses that found the bank had frozen or closed down their accounts as part of a crackdown on financial crime. Hundreds of small firms are thought to be affected, whose businesses range from an avocado importer to marketing and design companies. Britain's biggest bank, which has faced accusations of reacting slowly to the debacle, said that after becoming aware of problems in the past week, it was putting extra staff on its helpline and speeding up the process for dealing with complaints. It said staff were reducing the amount of time to unfreeze an account once a review had been completed. Earlier on Monday, Richard Davey, an HTML5 game developer and creator of Phaser, shared his ordeal dealing with HSBC, which had suspended transactions from his accounts without much explanation. It was only after thousands of users brought it to the company's attention on social media that the company fixed Davey's account, he said.
Android

Tech Firms Team Up To Take Down 'WireX' Android DDoS Botnet (krebsonsecurity.com) 29

An anonymous reader quotes a report from Krebs On Security: A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle "WireX," an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat. News of WireX's emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands. Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google's Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.

Experts involved in the takedown say it's not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. Devices that were powered off would not attack, but those that were turned on with the device's screen locked could still carry on attacks in the background, they found. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative.

News

We Can't Stop Checking the News Either. Welcome to the New FOMO (wired.com) 111

An anonymous reader shares an article: Countless studies have shown that social-driven FOMO (fear of missing out) stems from a person's primitive desire to belong to a group, with each snap, tweet, or post a reminder of what separates you from them. This other type of FOMO, the all-news, all-the-time kind, is new enough that nobody has really studied it much, yet of the half-dozen experts in sociology, anthropology, economics, and neurology I spoke to, all quickly recognized what I was describing, and some even admitted to feeling it themselves. "We scroll through our Twitter feeds, not seeking anything specific, just monitoring them so we don't miss out on anything important," says Shyam Sundar, a communications researcher at Pennsylvania State University. This impulse could stem from the chemical hits our brains receive with each news hit, but it could also derive from a primitive behavioral instinct -- surveillance gratification-seeking, or the urge that drove our cave-dwelling ancestors to poke their heads out and check for predators. In times of perceived crisis, our brains cry out for information to help us survive. Maybe this alarm stems from steady hits of @realDonaldTrump. Maybe it's triggered by left-wing Resistance types. Or could it be #FakeNews, ISIS, guns, police violence, or street crime, all propagated through our social media bubbles with headlines that are written specifically to grab our attention? This feels like a processing problem. "One thing we learn about human beings: We're meaning-making machines," Kross says. And social mania may be ideal for mainlining breaking news, but it's not great at providing meaning and context.
Security

UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life (theregister.co.uk) 307

The UK's Crown Prosecution Service has pledged to tackle online abuse with the same seriousness as it does hate crimes committed in the flesh. From a report: Following public concern about the increasing amount of racist, anti-religious, homophobic and transphobic attacks on social media, the CPS has today published a new set of policy documents on hate crime. This includes revised legal guidance for prosecutors on how they should make decisions on criminal charges and handle cases in court. The rules officially put online abuse on the same level as offline hate crimes -- defined as an action motivated by hostility or prejudice -- like shouting abuse at someone face-to-face. They commit the CPS to prosecuting complaints about online material "with the same robust and proactive approach used with online offending." Prosecutors are told to consider the effect on the wider community and whether to identify both the originators and the "amplifiers or disseminators."
Crime

FBI Accepts New Evidence in 46-Year-Old D.B. Cooper Case (dailymail.co.uk) 123

An anonymous reader quotes the Daily Mail: The FBI is looking at an 'odd bit of buried foam' as possible evidence in the cold case investigation into criminal mastermind D.B. Cooper, according to private investigators. The potential evidence was handed over to authorities last week by the team of sleuths who believe the foam made up a part of Cooper's parachute backpack, the New York Daily News reports. Cooper, one of the 20th century's most compelling masterminds, hijacked a Boeing 727 at Seattle-Tacoma airport in 1971 and held its crew and passengers hostage with a bomb. Once his demand of $200,000 cash -- the equivalent of $1,213,226 today -- was reached and transferred onto the plane, Cooper had the crew take off before he parachuted out over the dense Pacific Northwest woods and disappeared.

The discovery of the foam comes just weeks after the FBI uncovered what is believed to be part of Cooper's parachute strap, which private investigators claim could lead authorities to his stolen fortune. In addition, the FBI also received three 'unknown' pieces of fabric that were found close to where the alleged parachute strap was located.

The 40-member cold case team is being overseen by a former FBI supervisor. At one point they essentially crowdsourced the investigation by requesting help from the general public, and the team now says they've found a credible source -- providing information substantiated by FBI field notes -- which has led them to this new evidence.

Slashdot Top Deals