NBC reports that America's "Teamsters" labor union was hit by a ransomware attack demanding $2.5 million back in 2019.

"But unlike many of the companies hit by high-profile ransomware attacks in recent months, the union declined to pay, despite the FBI's advice to do so, three sources familiar with the previously unreported cyberattack told NBC News." Personal information for the millions of active and retired members was never compromised, according to a Teamsters spokesperson, who also said that only one of the union's two email systems was frozen along with other data. Teamsters officials alerted the FBI and asked for help in identifying the source of the attack. They were told that many similar hacks were happening and that the FBI would not be able to assist in pursuing the culprit.

The FBI advised the Teamsters to "just pay it," the first source said. "They said 'this is happening all over D.C. ... and we're not doing anything about it,'" a second source said.

Union officials in Washington were divided over whether to pay the ransom — going so far as to bargain the number down to $1.1 million, according to the sources — but eventually sided with their insurance company, which urged them not to pony up... The Teamsters decided to rebuild their systems, and 99 percent of their data has been restored from archival material — some of it from hard copies — according to the union's spokesperson.

The FBI's communications office did not reply to repeated requests for comment. The FBI's stance is to discourage ransomware payments.
NBC News draws a lesson from the fact that it took nearly two years for this story to emerge. "An unknown number of companies and organizations have been extorted without ever saying a word about it publicly."

The New York Times argues that this week changed Bitcoin's reputation as "secure, decentralized and anonymous" (adding "Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.")

"But this week's revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think..." [F]or the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry... The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain. "It is digital bread crumbs," said Kathryn Haun, a former federal prosecutor and investor at venture-capital firm Andreessen Horowitz. "There's a trail law enforcement can follow rather nicely." Haun added that the speed with which the Justice Department seized most of the ransom was "groundbreaking" precisely because of the hackers' use of cryptocurrency. In contrast, she said, getting records from banks often requires months or years of navigating paperwork and bureaucracy, especially when those banks are overseas...

Tracking down a user's transaction history was a matter of figuring out which public key they controlled, authorities said. Seizing the assets then required obtaining the private key, which is more difficult. It's unclear how federal agents were able to get DarkSide's private key. Justice Department spokesman Marc Raimondi declined to say more about how the F.B.I. seized DarkSide's private key. According to court documents, investigators accessed the password for one of the hackers' Bitcoin wallets, though they did not detail how. The F.B.I. did not appear to rely on any underlying vulnerability in blockchain technology, cryptocurrency experts said. The likelier culprit was good old-fashioned police work. Federal agents could have seized DarkSide's private keys by planting a human spy inside DarkSide's network, hacking the computers where their private keys and passwords were stored, or compelling the service that holds their private wallet to turn them over via search warrant or other means. "If they can get their hands on the keys, it's seizable," said Jesse Proudman, founder of Makara, a cryptocurrency investment site. "Just putting it on a blockchain doesn't absolve that fact...."

The F.B.I. has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Start-ups with names like TRM Labs, Elliptic and Chainalysis that trace cryptocurrency payments and flag possible criminal activity have blossomed as law enforcement agencies and banks try to get ahead of financial crime. Their technology traces blockchains looking for patterns that suggest illegal activity... "Cryptocurrency allows us to use these tools to trace funds and financial flows along the blockchain in ways that we could never do with cash," said Ari Redbord, the head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytic software to law enforcement and banks. He was previously a senior adviser on financial intelligence and terrorism at the Treasury Department.
The story includes three intriguing quotes:

• Justice Department spokesman Marc Raimondi said the Colonial Pipeline ransom seizure was only the latest of "many seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets" used for criminal activity.
• Hunter Horsley, chief executive of cryptocurrency investment company Bitwise Asset Management, said "The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed."
• A spokesperson for Chainalysis, a start-up that traces cryptocurrency payments, tells the Times that in the end, "cryptocurrencies are actually more transparent than most other forms of value transfer. Certainly more transparent than cash."

A security camera installation worker for ADT was sentenced Wednesday to a little more than four years in federal prison for illegally accessing the security cameras of more than 200 North Texas customers, reports the Dallas Morning News: Telesforo Aviles, age 35, faced a maximum of five years in prison for computer fraud under the terms of his plea agreement, in which he admitted to accessing customer accounts over 9,600 times since 2015.

He was cuffed and taken into custody to begin serving his sentence after the hearing.

The quiet and introverted technician, a senior supervisor with 17 years at ADT, was caught last year after the company was alerted by a customer to suspicious activity, said his lawyer, Tom Pappas. Aviles, who is married with five children, turned himself in when he was asked to, Pappas said. "He's mortified by what he did," Pappas said. "He sees what he did as a betrayal of himself, too." Of the nearly 10,000 images Aviles accessed, about 40 were "sexual in nature" and none involved children, Pappas said.

An ADT spokesman said the company had no comment.

Assistant U.S. Attorney Sid Mody had asked Starr to give Aviles the maximum sentence, saying that while 217 accounts were accessed, the total number of victims is much higher given that each household had multiple family members. That violation, he said, destroyed "in the worst way" their sense of feeling safe and secure at home... Starr said he considered Aviles' cooperation with authorities and lack of a criminal history as well as the fact that the conduct involved a "lengthy period of time." Aviles noted the homes that had "attractive women" and repeatedly logged into their accounts to view the footage, prosecutors said...

ADT has since been hit with class-action lawsuits from customers over the breach.
The article also notes the story of one woman who filed a federal lawsuit last month against ADT. She'd told the court Aviles persuaded her to install cameras in her bedrooms after she'd specifically questioned whether it was truly necessary. "Aviles told her that it was necessary because a burglar could enter the house through the bedroom windows, and the cameras would monitor that," her lawsuit says. "Of course, Aviles' placement of the cameras had nothing to do with potential burglars."

In a statement filed with the court, one female homeowner reportedly wrote that "This deliberate and calculated invasion of privacy is arguably more harmful than if I had installed no security system and my house had been burglarized."

U.S. Senate Majority Leader Chuck Schumer on Thursday said he is initiating a review of recent high-profile cyber attacks on governments and businesses to find out whether a legislative response is needed. From a report: "Today I am asking Chairman Gary Peters of our Homeland Security Committee and our other relevant committee chairs to begin a government-wide review of these attacks and determine what legislation may be needed to counter the threat of cyber crime and bring the fight to the cyber criminals." Schumer noted that the New York City subway system was the victim of a computer hack in early June. This came on the heels of Colonial Pipeline having to shut down some operations, resulting in disrupted fuel supplies in the U.S. Southeast, as a result of a cyber attack.

A Texas man who had boasted that he was at the United States Capitol when swarms of Trump supporters stormed the building on Jan. 6 pleaded guilty on Wednesday to charges of plotting to blow up an Amazon data center in Virginia, prosecutors said. The New York Times reports: The man, Seth Aaron Pendley, 28, of Wichita Falls, Texas, had been arrested in April after he went to pick up what he believed were bombs made of C-4 plastic explosives and detonation cords from an explosives supplier in Fort Worth, but were actually inert objects provided by an undercover F.B.I. agent, prosecutors said. In a conversation recorded by an undercover agent on March 31, Mr. Pendley said he had hoped to anger "the oligarchy" enough to provoke a reaction that would persuade Americans to take action against what he perceived to be a "dictatorship," prosecutors said.

On Wednesday, in an appearance before Magistrate Judge Hal R. Ray Jr. of U.S. District Court for the Northern District of Texas, Mr. Pendley pleaded guilty to a malicious attempt to destroy a building with an explosive. He faces five to 20 years in federal prison. His sentencing has been set for Oct. 1. "Due in large part to the meticulous work of the F.B.I.'s undercover agents, the Justice Department was able to expose Mr. Pendley's twisted plot and apprehend the defendant before he was able to inflict any real harm," Prerak Shah, the acting U.S. attorney for the Northern District of Texas, said in a statement. "We may never know how many tech workers' lives were saved through this operation -- and we're grateful we never had to find out."

Slashdot reader Charlotte Web summarizes a Department of Justice press release: The U.S. Department of Justice says "millions" of computers around the world were infected with the Trickbot malware, which was used "to harvest banking credentials and deliver ransomware."

In February they arrested a 55-year-old woman in Miami, Florida, saying she and her associates "are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems," according to Special Agent in Charge Eric B. Smith of the FBI's Cleveland Field Office. In October ZDNet was calling Trickbot "one of today's largest malware botnets and cybercrime operations."

Yesterday that woman — Alla Witte, aka "Max" — was arraigned in federal court in Cleveland, Ohio. According to the indictment, Witte worked as a malware developer for the Trickbot Group and wrote code related to the control, deployment, and payments of ransomware.

From the Department of Justice announcement:

The ransomware informed victims that their computer was encrypted, and that they would need to purchase special software through a Bitcoin address controlled by the Trickbot Group to decrypt their files. In addition, Witte allegedly provided code to the Trickbot Group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials... Witte and her co-conspirators allegedly worked together to infect victim computers with the Trickbot malware designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers and addresses. Witte and others also allegedly captured login credentials and other stolen personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts...

If convicted, Witte faces a maximum penalty of 30 years in prison for conspiracy to commit wire and bank fraud; 30 years in prison for each substantive bank fraud count; a two-year mandatory sentence for each aggravated identity theft count, which must be served consecutively to any other sentence; and 20 years in prison for conspiracy to commit money laundering.

The indictment alleges that "beginning in November 2015, Witte and others stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia through the use of the Trickbot malware." The AP reports the group is now accused of targeting high-reward victims which included hospitals, schools, public utilities, and governments, as well as real estate and law firms and country clubs.

Interestingly, this case is part of the U.S. Department of Justice's "Ransomware and Digital Extortion Task Force," with its Criminal Division working with the U.S. Attorneys' Offices and prioritizing the disruption, investigation, and prosecution of ransomware "by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes," according to the department's statement. "The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat."

"These charges serve as a warning to would-be cybercriminals," said Deputy Attorney General Lisa O. Monaco, "that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem."

An anonymous reader quotes a report from The Register: A scammer who convinced some of the world's biggest tech businesses to send him replacement kit has been sentenced to seven years and eight months in the U.S. prison system. Justin David May, 31, used stolen hardware serial numbers, a plethora of fake websites and online identities, social engineering tactics, and a network of associates, to scam Cisco out of nearly $3.5m in hardware in just 12 months. Microsoft lost 137 Surface laptops (retail cost $364,761) to the crew, with Lenovo US also losing 137 replacement hard drives worth $143,000 and APC (formerly American Power Conversion) getting scammed out of a few uninterruptible power supplies. May pled guilty to 42 counts of mail fraud, 10 counts of money laundering, three counts of interstate transportation of goods obtained by fraud, and two counts of tax evasion.

In the largest scam against Cisco, run from April 2016, according to court documents [PDF] filed in eastern district court of Pennsylvania, May and the team set up domains and email addresses to mimic cisco.com user IDs and harvested serial numbers of legit machinery. They then used these to trick Cisco into sending out replacement kit, such as a Cisco Catalyst 3850-48P-E Switch worth around $21,000 at the time, and a couple of Cisco ASR 9001 routers priced at over $100,000 for the pair. The same scam worked well for Microsoft and Lenovo too, it seems. The court docs note that May was skilled at picking imaginary faults that weren't remotely repairable, such as basic software issues, but which were more obvious as serious flaws needing a replacement unit. In addition the crew digitally altered images of their supposed kit and serial numbers to fool support staff. Once the hardware was received, usually via UPS or FedEx, the companies never got the faulty kit back because it never existed. Meanwhile the packages were picked up, sold on eBay and other second-hand sites, and the cash pocketed, or in the case of Microsoft, some of the hardware shipped to Singapore for resale.

New laws in Maryland and Montana are the first in the nation to restrict law enforcement's use of genetic genealogy, the DNA matching technique that in 2018 identified the Golden State Killer, in an effort to ensure the genetic privacy of the accused and their relatives. From a report: Beginning on Oct. 1, investigators working on Maryland cases will need a judge's signoff before using the method, in which a "profile" of thousands of DNA markers from a crime scene is uploaded to genealogy websites to find relatives of the culprit. The new law, sponsored by Democratic lawmakers, also dictates that the technique be used only for serious crimes, such as murder and sexual assault. And it states that investigators may only use websites with strict policies around user consent. Montana's new law, sponsored by a Republican, is narrower, requiring that government investigators obtain a search warrant before using a consumer DNA database, unless the consumer has waived the right to privacy.

The laws "demonstrate that people across the political spectrum find law enforcement use of consumer genetic data chilling, concerning and privacy-invasive," said Natalie Ram, a law professor at the University of Maryland who championed the Maryland law. "I hope to see more states embrace robust regulation of this law enforcement technique in the future." Privacy advocates like Ms. Ram have been worried about genetic genealogy since 2018, when it was used to great fanfare to reveal the identity of the Golden State Killer, who murdered 13 people and raped dozens of women in the 1970s and '80s. After matching the killer's DNA to entries in two large genealogy databases, GEDmatch and FamilyTreeDNA, investigators in California identified some of the culprit's cousins, and then spent months building his family tree to deduce his name -- Joseph James DeAngelo Jr. -- and arrest him.

A birthday party for 17-year-old Adrian Lopez turned into a viral TikTok event that drew thousands of unruly party-goers to Huntington Beach, California, reports the Los Angeles Times.

Just not Adrian Lopez, "who in the days leading up to the party was increasingly nervous about all the attention." When it was over, more than 175 people were arrested, city officials and merchants were adding up the damage, and everyone was wondering who should be blamed and who should be billed...

The high schooler's invitation was picked up by TikTok's "For You" algorithm and viewed by people across the country. The announcement was curious: Who was this mystery teen, and would anyone actually go to his party? Some TikTok users, including internet celebrities, began posting about it, and videos with the hashtag #adrianskickback have since drawn more than 326 million views.

On Saturday night, roughly 2,500 teenagers and young adults — some who say they drove for hours or flew in from other states — converged on the Huntington Beach Pier and downtown area in a gathering that devolved into mayhem. Partygoers blasted fireworks into a mob in the middle of Pacific Coast Highway, jumped on police cars, scaled palm trees and flag poles and leapt from the pier into throngs of people below to crowd-surf. A window at CVS was smashed, businesses were tagged with graffiti, and the roof of Lifeguard Tower 13 collapsed after it was scaled...

Authorities spotted the party announcement when it began circulating last week and immediately began staffing up in preparation for what was being billed as a weekend-long event. In all, more than 150 officers from nearly every police agency in Orange County were called out to the beach Saturday night to help get the crowd under control. Clashes with police broke out Saturday, and officers fired rubber bullets and pepper projectiles as they tried to disperse the crowd. Eventually, authorities issued an overnight curfew to clear the streets...

The majority of those taken into custody over the weekend were not from Orange County, police said.
One 53-year-old watching the crowd told the Times that "Literally they were playing in traffic on the Pacific Coast Highway." But the Times also got a quote from one 18-year-old attendee who "went to last Saturday's party but said he does not condone the debauchery that ensued."

"People my age haven't gone out in a year... It was to get the ball rolling. This is the start of summer."

phalse phace shares a report from the BBC: A suspected Bitcoin "mining" operation illegally stealing electricity has been found by police who were searching for a cannabis farm. Officers had been tipped off about the site on the Great Bridge Industrial Estate, Sandwell, and raided it on May 18, West Midlands Police said. Instead of cannabis plants they found a bank of about 100 computer units. The force said the cryptocurrency "mine" had effectively stolen thousands of pounds of electricity. Inquiries with network operator Western Power Distribution found an illegal connection to the electricity supply.

Detectives said they were tipped off about lots of people visiting the unit throughout the day and a police drone picked up a lot of heat coming from the building. Sgt Jennifer Griffin said, given the signs, they had expected to find a cannabis farm. "It had all the hallmarks of a cannabis cultivation set-up and I believe it is only the second such crypto mine we have encountered in the West Midlands," she said. The computer equipment has been seized but no arrests have been made, the force said.

A man has been jailed for 13 years after his fingerprints were analysed from a photo of a block of cheese. Sky News reports: Carl Stewart shared the M&S Stilton picture -- but made the mistake of showing his fingers and palm. He may have thought he was safe because he was using an EncroChat phone, a highly encrypted device used by criminals. However, police cracked the system last year -- leading to the arrest of hundreds of people in the UK suspected of murder, gun smuggling and serious drug trafficking. Sixty-thousand users -- about 10,000 of them in the UK -- have been identified globally as part of Operation Venetic. Stewart, 39, of Gem Street, Liverpool, received a sentence of 13-and-a-half years at Liverpool Crown Court on Friday. [...] Detective Inspector Lee Wilkinson said Stewart had been "caught out by his love of Stilton cheese." "His palm and fingerprints were analysed from this picture and it was established they belonged to [him]," the officer said. Stewart had used the name Toffeeforce to conduct his EncroChat deals.

An anonymous reader shares a report: On Monday, a team of officers from the Special Cell, an elite branch of the Delhi Police in charge of investigating terrorism and organized crime in New Delhi descended on Twitter's offices in the city to "serve a notice" to Twitter's India head. Police also attempted to raid a Twitter office in Gurugram, a location that has been permanently closed, a Twitter spokesperson told BuzzFeed News. The move came three days after Twitter put a "Manipulated Media" label on the tweets of half a dozen members of India's ruling Bharatiya Janata Party, in which they had accused the opposition Congress party of scheming to damage Indian prime minister Narendra Modi for his handling of the second wave of India's coronavirus pandemic.

In an image they circulated, they claimed that the Congress party was giving special medical favors to journalists affected by the pandemic among other things. AltNews, an Indian fact-checking website, found that the image was forged. (The Congress party has also filed a police complaint against Sambit Patra, the BJP spokesperson who initially shared the image.) On Friday, India's IT ministry sent a letter to the company asking it to remove the labels. Twitter did not.

Slashdot reader esm88 shares the BBC's story about a couple who experienced "a knock on the door from the police" investigating child abuse images posted online. "The couple insisted they had nothing to do with it. But the next few months were 'utter hell' as they attempted to clear their names," before their case was finally dropped in March: In February, a conversation with a friend who worked in cyber-security alerted them to the possibility that their router, supplied by their broadband provider Vodafone, might hold clues to what had happened. They had not changed the default passwords for either the router itself or the admin webpage, leaving it susceptible to brute force attacks. "We think of ourselves as competent users but we are not IT experts," said Matthew. "No-one told us to change the password and the setting up of the router didn't require us to go on to the admin menu, so we didn't.

"It came with a password, so we plugged it in and didn't touch anything."

Ken Munro, a security consultant with Pen Test Partners, told the BBC that it can take "a matter of minutes" for criminals to piggyback on insecure wireless connections... "So what I guess has happened here, is that the hacker has cracked the wi-fi password and then made changes to the router configuration, so their illicit activities on the internet appear to be coming from the innocent party." In March, when the couple's devices were returned and the case closed, the police officer assigned to liaise with them seemed to corroborate that unauthorised use of their wi-fi was to blame. But it couldn't be proved... The problem is industry-wide, points out Mr Munro.

"Internet service providers have started to improve matters to make these attacks harder, by putting unique passwords on each router. However, it will take years for all of the offending routers to be replaced," he said.

An anonymous reader quotes a report from Motherboard: Crime and neighborhood watch app Citizen has ambitions to deploy private security workers to the scene of disturbances at the request of app users, according to leaked internal Citizen documents and Citizen sources. The plans mark a dramatic expansion of Citizen's purview. It is currently an app where users report "incidents" in their neighborhoods and, based on those reports and police scanner transcriptions, the app sends "real-time safety alerts" to users about crime and other incidents happening near where a user is located. It is essentially a mapping app that allows users to both report and learn about crime (or what users of the app perceive to be crime) in their neighborhood. The introduction of in-person, private security forces drastically alters the service, and potential impact, that Citizen may offer in the future, and provides more context as to why a Citizen-branded vehicle has been spotted driving around Los Angeles. The news comes after Citizen offered a $30,000 bounty against a person it falsely accused of starting a wildfire.

In short, the product, described as "security response" in internal emails, would have Citizen send a car with private security forces to an app user, according to the former employee. A private security company working with Citizen would provide the response staff, the former employee added. A second Citizen source confirmed this description of the service. Citizen has been actively testing the program, with what the company describes as quick response times and instant communication between Citizen and security partners, according to the emails.

Currently, Citizen offers a subscription product called "Protect," which costs $19.99 per month. Protect sends a user's location to a Citizen employee when it's turned on, can stream video to a "Protect agent" when activated using a safeword, and is pitched to users as a "digital bodyguard." Protect also advertises "Instant emergency response to your exact location," and says "Live monitoring means you never have to walk alone." It is not clear if the private security response would be tied to Protect or another service. A Citizen spokesperson told Motherboard that "LAPS offers a personal rapid response service that we are testing internally with employees as a small test. For example, if someone would like an escort to walk them home late at night, they can request this service. We have spoken with various partners in designing this pilot project." They declined to answer other questions from Motherboard.

Amazon said on Tuesday it is extending a moratorium on police use of its facial recognition software. The company imposed the ban last year after the murder of George Floyd by law enforcement in June 2020. Reuters reports: Civil liberties advocates have long warned that inaccurate face matches by law enforcement could lead to unjust arrests, as well as to a loss of privacy and chilled freedom of expression. Amazon's extension, which Reuters was first to report, underscores how facial recognition remains a sensitive issue for big companies. The world's largest online retailer did not comment on the reason for its decision. Last year, it said it hoped Congress would put in place rules to ensure ethical use of the technology, though no such law has materialized. Amazon also faced calls this month from activists who wanted its software ban to be permanent.

Slashdot reader quonset writes: To this day no one is sure why he did it, but in 1989 a Harvard-taught evolutionary biologist named Joseph Popp mailed out 20,000 floppy discs with malware on them to people around the world. At the time he was doing research into AIDS and the discs had been sent to attendees of the World Health Organization's AIDS conference in Stockholm.

Eddy Willems was working for an insurance company in Belgium and his boss asked him to see what was on the disc...
CNN picks up the story: Willems was expecting to see medical research when the disc's contents loaded. Instead he became a victim of the first act of ransomware — more than 30 years before the ransomware attack on the US Colonial Pipeline... A few days after inserting the disc, Willems' computer locked and a message appeared demanding that he send $189 in an envelope to a PO Box in Panama. "I didn't pay the ransom or lose any data because I figured out how to reverse the situation," he told CNN Business.

He was one of the lucky ones: Some people lost their life's work.

"I started to get calls from medical institutions and organizations asking how I got around it," said Willems, who is now a cybersecurity expert at G Data, which developed the world's first commercial antivirus solution in 1987. "The incident created a lot of damage back in those days. People lost a lot of work. It was not a marginal thing — it was a big thing, even then...." It's unclear if any people or organizations paid the ransom.
CSO reports that Popp was eventually arrested and charged with multiple counts of blackmail after law enforcement identified him as the owner of the P.O. box where the ransom checks were to be sent.

CNN adds that "One of the biggest problems about ransomware nowadays is that ransoms are often paid with cryptocurrency, such as bitcoin, which is exchanged anonymously and not traceable."

A ransomware attack affecting a pipeline that supplies 45% of the fuel supplies for the Eastern U.S. has now led U.S. president Biden to declare a regional emergency providing "regulatory relief" to expand fuel delivery by other routes.

Axios reports: Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the U.S., notes energy researcher Amy Myers Jaffe, per Politico. It follows other significant cyberattacks on the federal government and U.S. companies in recent months... 5,500 miles of pipeline have been shut down in response to the attack.
The BBC reports: Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer... Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational...

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York..." The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
UPDATE (5/10): "On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted," reports the Associated Press, "and the company said it was working toward 'substantially restoring operational service' by the weekend."

CNN reports that a criminal group originating from Russia named DarkSide "is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official. DarkSide typically targets non-Russian speaking countries, the source said... Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack..."

If so, NBC News adds some sobering thoughts: Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said. But the fact that Colonial had to shut down the country's largest gasoline pipeline underscores just how vulnerable American's cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say. "This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe," said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm...

If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator. "Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.
Citing multiple sources, the BBC reports that DarkSide "infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet... "

The BBC also shares some thoughts from Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online: Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.

He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then "have-a-go" hackers just keep trying usernames and passwords until they get some to work.

"We're seeing a lot of victims now, this is seriously a big problem now," said Mr Chappell.

NBC News reports more than 440 Americans have now been charged with storming the U.S. Capitol building on January 6th, with charges now filed against people from 44 of America's 50 states. They describe it as "one of the largest criminal investigations in American history." The largest number come from Texas, Pennsylvania, and Florida, in that order. Men outnumber women among those arrested by 7 to 1, with an average age of 39, according to figures compiled by the Program on Extremism at George Washington University in Washington, D.C. A total of 44 are military veterans.
Hundreds of arrests happened because rioters later bragged online: In nearly 90 percent of the cases, charges have been based at least in part on a person's own social media accounts.

A New York man, Robert Chapman, bragged on the dating app Bumble that he'd been in the Capitol during the riot. The person he was seeking to date responded, "We are not a match," and notified the FBI.
In fact, the investigative agency has now received "hundreds of thousands" of tips from the public, and has even posted photos of people who participated in the riots online asking for the public's help to identify them.

But NBC also reports that technology is being used to identify participants:

• "Investigators have also used facial recognition software, comparing images from surveillance cameras and an outpouring of social media and news agency videos against photo databases of the FBI and at least one other federal agency, Customs and Border Protection, according to court documents."

• Investigators "have also subpoenaed records from companies providing cellphone service, allowing agents to tell whether a specific person's phone was inside the Capitol during the siege."

Video site LiveLeak, best known for hosting gruesome footage that mainstream rivals wouldn't touch, has shut down after fifteen years in operation. In its place is "ItemFix," a site that bans users from uploading media containing "excessive violence or gory content." The Verge reports: In a blog post, LiveLeak founder Hayden Hewitt did not give an explicit reason for the site's closure, saying only that: "The world has changed a lot over these last few years, the Internet alongside it, and we as people." In a video posted on his YouTube channel Trigger Warning, Hewitt offered no further details, but said that maintaining LiveLeak had become a struggle, and that he and his team "just didn't have it in us to carry on fighting." "Everything's different now, everything moves on," says Hewitt, before adding in an aside to the camera: "I don't fucking like it. I liked it much better when it was the Wild West."

LiveLeak has been a mainstay of internet culture for many years, its name synonymous with footage of murder, terrorism, and everyday incidents of crime and violence. A sinister doppelganger to sites like YouTube, LiveLeak was founded in 2006 and grew out of a culture of early internet "shock sites" like Ogrish, Rotten.com, and BestGore: websites that hosted violent and pornographic content with the express aim of disgusting visitors.

[D]emand for such extreme content will always exist, even if individual sites like LiveLeak come and go. In his farewell blog post, the site's founder Hayden Hewitt emphasized the importance of the site's community. "To the members, the uploaders, the casual visitors, the trolls and the occasionally demented people who have been with us. You have been our constant companions and although we probably didn't get to communicate too often you're appreciated more than you realize," he writes. "On a personal level you have fascinated and amused me with your content. Lastly, to those no longer with us. I still remember you."

Business Insider reports: Former Netflix vice president of IT Michael Kail was convicted by a federal jury on Friday of 28 counts of fraud and money laundering, the U.S. Department of Justice announced in a press release.

Kail, who was indicted in 2018, used his position to create a "pay-to-play" scheme where he approved contracts with outside tech companies looking to do business with Netflix in exchange for taking bribes and kickbacks, according to evidence presented to the jury, the release said. Kail accepted bribes or kickbacks from nine different companies totaling more than $500,000 as well as stock options, according to the Department of Justice's press release...

Netflix sued Kail after he left the company in 2014 to take a role as Yahoo's CIO, accusing him of fraud and breaching his fiduciary duties.
One FBI agent says that Kail "stole the opportunity to work with an industry pioneer from honest, hardworking, Silicon Valley companies," according to the details in the Department of Justice statement: To facilitate kickback payments, the evidence at trial showed that Kail created and controlled a limited liability corporation called Unix Mercenary, LLC. Established on February 7, 2012, Unix Mercenary had no employees and no business location. Kail was the sole signatory to its bank accounts...

Kail faces a maximum sentence of twenty years in prison and a fine of $250,000, or twice his gross gain or twice the gross loss to Netflix, whichever is greater, for each count of a wire or mail fraud conviction, and ten years in prison and a fine of $250,000 for each count of a money laundering conviction.