On Tuesday, The Independent, Tom's Hardware, and many other tech outlets reported on a story about how three million smart toothbrushes were used in a DDoS attack. The only problem? It "didn't actually happen," writes Jason Koebler via 404 Media. "There are no additional details about this apparent attack, and most of the article cites general research by a publicly traded cybersecurity company called Fortinet which has detected malicious, hijacked internet of things devices over the years. A search on Fortinet's website shows no recent published research about hacked smart toothbrushes." From the report: The original article, called "The toothbrushes are attacking," starts with the following passage: "She's at home in the bathroom, but she's part of a large-scale cyber attack. The electric toothbrush is programmed with Java, and criminals have unnoticed installed malware on it - like on 3 million other toothbrushes. One command is enough and the remote-controlled toothbrushes simultaneously access the website of a Swiss company. The site collapses and is paralyzed for four hours. Millions of dollars in damage is caused. This example, which seems like a Hollywood scenario, actually happened. It shows how versatile digital attacks have become." [...]

The "3 million hacked smart toothbrushes" story has now been viral for more than 24 hours and literally no new information about it has emerged despite widespread skepticism from people in the security industry and its virality. The two Fortinet executives cited in the original report did not respond to an email and LinkedIn message seeking clarification, and neither did Fortinet's PR team. The author of the Aargauer Zeitung story also did not respond to a request for more information. I called Fortinet's headquarters, asked to speak to the PR contact listed on the press release about its earnings, which was published after the toothbrush news began to go viral, and was promptly disconnected. The company has continued to tweet about other, unrelated things. They have not responded to BleepingComputer either, nor the many security researchers who are asking for further proof that this actually happened. While we don't know how this happened, Fortinet has been talking specifically about the dangers of internet-connected toothbrushes for years, and has been using it as an example in researcher talks. In a statement to 404 Media, Fortinet said "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred."

The U.S. Environmental Protection Agency (EPA) today unveiled new, stricter limits for PM2.5 (particulate smaller than 2.5 micrometers in diameter), commonly referred to as soot. As NPR notes, these particles are are "one of the deadliest types of air pollution." From the report: The agency lowered the allowable limit for annual PM2.5 levels from 12 micrograms per cubic meter to 9. That's a "significant reduction," says Regan Patterson, an air pollution expert at the University of California, Los Angeles. "The science is clear," says EPA Administrator Michal Regan. "Soot pollution is one of the most dangerous forms of air pollution and is linked to a range of serious and potentially deadly illnesses, including asthma and heart attacks."

The new standard represents the first tightening of the rules since 2012, but states will have several years to reach the new limits. The EPA left the daily limits on PM2.5 pollution unchanged, at 35 micrograms per cubic meter, saying the same efforts that will reduce pollution under the revised annual standard will drive down short-term pollution exposures as well. Decades of research have demonstrated that tiny particles are dangerous to people's health at nearly any concentration. The sources vary: fossil fuel combustion, agriculture, and industrial processes all add to the load, as does wildfire smoke and dust.

In aggregate, the tiny particles drive millions of premature deaths worldwide each year. The EPA estimates that the new, tighter standards will prevent about 4,500 premature deaths a year by 2032 in the U.S. and prevent about 800,000 asthma-related emergency visits. It estimates the lower pollution exposures could reduce healthcare costs by about $46 billion by that time.

An anonymous reader quotes a report from Ars Technica: While the world awaits closing arguments later this year in the US government's antitrust case over Google's search dominance, a California judge has dismissed a lawsuit from 26 Google users who claimed that Google's default search agreement with Apple violates antitrust law and has ruined everyone's search results. Users had argued (PDF) that Google struck a deal making its search engine the default on Apple's Safari web browser specifically to keep Apple from competing in the general search market. These payments to Apple, users alleged, have "stunted innovation" and "deprived" users of "quality, service, and privacy that they otherwise would have enjoyed but for Google's anticompetitive conduct." They also allege that it created a world where users have fewer choices, enabling Google to prefer its own advertisers, which users said caused an "annoying and damaging distortion" of search results.

In an order (PDF) granting the tech companies' motion to dismiss, US District Judge Rita Lin said that users did not present enough evidence to support claims for relief. Lin dismissed some claims with prejudice but gave leave to amend others, allowing users another chance to keep their case -- now twice-dismissed -- at least partially alive. Under Lin's order, users will not be able to amend claims that Google and Apple executives allegedly sealed the default search deal on the condition that Apple would not create its own general search engine through "private, secret, and clandestine personal meetings." Because plaintiffs showed no evidence pinpointing exactly when Apple allegedly agreed to stay out of the general search market, these meetings, Lin reasoned, could just as easily indicate "rational, legal business behavior," rather than an "illegal conspiracy."

Users attempted to argue that Google and Apple intentionally hid these facts from the public, but Lin wrote that their "conclusory and vague allegations that defendants 'secretly conducted meetings' and 'engaged in conduct to obfuscate internal communications' are plainly insufficient." Sharing bystander photos documenting Google's Sundar Pichai and Apple's Tim Cook meeting at a restaurant with a manila folder tucked under Pichai's elbow did not help users' case. Lin was also not moved by users demonstrating that Google has a history of destroying evidence, because "they put forth no specific factual allegations that defendants did so in this case." However, users will have 30 days to amend currently "inadequately" alleged claims that "Google's exclusive default agreement, under which Apple set Google as the default search engine for its Safari web browser, foreclosed competition in the general search services market in the United States," Lin wrote. If users miss that deadline, the case will be tossed with no opportunities to further amend claims.

An anonymous reader quotes a report from TechCrunch: AI-generated imagery and other forms of deepfakes depicting child sexual abuse (CSA) could be criminalized in the European Union under plans to update existing legislation to keep pace with technology developments, the Commission announced today. It's also proposing to create a new criminal offense of livestreaming child sexual abuse. The possession and exchange of "pedophile manuals" would also be criminalized under the plan -- which is part of a wider package of measures the EU says is intended to boost prevention of CSA, including by increasing awareness of online risks and to make it easier for victims to report crimes and obtain support (including granting them a right to financial compensation). The proposal to update the EU's current rules in this area, which date back to 2011, also includes changes around mandatory reporting of offenses.

Back in May 2022, the Commission presented a separate piece of CSA-related draft legislation, aiming to establish a framework that could make it obligatory for digital services to use automated technologies to detect and report existing or new child sexual abuse material (CSAM) circulating on their platforms, and identify and report grooming activity targeting kids. The CSAM-scanning plan has proven to be highly controversial -- and it continues to split lawmakers in the parliament and the Council, as well as kicking up suspicions over the Commission's links with child safety tech lobbyists and raising other awkward questions for the EU's executive, over a legally questionable foray into microtargeted ads to promote the proposal. The Commission's decision to prioritize the targeting of digital messaging platforms to tackle CSA has attracted a lot of criticism that the bloc's lawmakers are focusing in the wrong area for combatting a complex societal problem -- which may have generated some pressure for it to come with follow-on proposals. (Not that the Commission is saying that, of course; it describes today's package as "complementary" to its earlier CSAM-scanning proposal.) "Fast evolving technologies are creating new possibilities for child sexual abuse online, and raises challenges for law enforcement to investigate this extremely serious and wide spread crime," said Ylva Johansson, commissioner for home affairs, in a statement. "A strong criminal law is essential and today we are taking a key step to ensure that we have effective legal tools to rescue children and bring perpetrators to justice. We are delivering on our commitments made in the EU Strategy for a more effective fight against Child sexual abuse presented in July 2020."

The final shape of the proposals will be determined by the EU's co-legislators in the Parliament and Council. "If/when there's agreement on how to amend the current directive on combating CSA, it would enter into force 20 days after its publication in the Official Journal of the EU," adds TechCrunch.

Julia Simon reports via NPR: In a D.C. courtroom, a trial is wrapping up this week with big stakes for climate science. One of the world's most prominent climate scientists is suing a right-wing author and a policy analyst for defamation. The case comes at a time when attacks on scientists are proliferating, says Peter Hotez, professor of Pediatrics and Molecular Virology at Baylor College of Medicine. Even as misinformation about scientists and their work keeps growing, Hotez says scientists haven't yet found a good way to respond. "The reason we're sort of fumbling at this is it's unprecedented. And there is no roadmap," he says. The climate scientist at the center of this trial is Michael Mann. The professor of earth and environmental science at the University of Pennsylvania gained prominence for helping make one of the most accessible, consequential graphs in the history of climate science. First published in the late 1990s, the graph shows thousands of years of relatively stable global temperatures. Then, when humans start burning lots of coal and oil, it shows a spike upward. Mann's graph looks like a hockey stick lying on its side, with the blade sticking straight up. The so-called "hockey stick graph" was successful in helping the public understand the urgency of global warming, and that made it a target, says Kert Davies, director of special investigations at the Center for Climate Integrity, a climate accountability nonprofit. "Because it became such a powerful image, it was under attack from the beginning," he says.

The attacks came from groups that reject climate science, some funded by the fossil fuel industry. In the midst of these types of attacks -- including the hacking of Mann's and other scientists' emails by unknown hackers -- Penn State, where Mann was then working, opened an investigation into his research. Penn State, as well as the National Science Foundation, found no evidence of scientific misconduct. But a policy analyst and an author wrote that they were not convinced. The trial in D.C. Superior Court involves posts from right-wing author Mark Steyn and policy analyst Rand Simberg. In an online post, Simberg compared Mann to former Penn State football coach Jerry Sandusky, a convicted child sex abuser. Simberg wrote that Mann was the "Sandusky of climate science," writing that Mann "molested and tortured data (PDF)." Steyn called Mann's research fraudulent. Mann sued the two men for defamation. Mann also sued the publishers of the posts, National Review and the Competitive Enterprise Institute, but in 2021, the court ruled they couldn't be held liable.

In court, Mann has argued that he lost funding and research opportunities. Steyn said in court that if Penn State's president, Graham Spanier, covered up child sexual assault, why wouldn't he cover up for Mann's science. The science in question used ice cores and tree rings to estimate Earth's past temperatures. "If Graham Spanier is prepared to cover up child rape, week in, week out, year in, year out, why would he be the least bit squeamish about covering up a bit of hanky panky with the tree rings and the ice cores?" Steyn asked the court. Mann and Steyn declined to speak to NPR during the ongoing trial. One of Simberg's lawyers, Victoria Weatherford, said "inflammatory does not equal defamatory" and that her client is allowed to express his opinion, even if it were wrong. "No matter how offensive or distasteful or heated it is," Weatherford tells NPR, "that speech is absolutely protected under the First Amendment when it's said against a public figure, if the person saying it believed that what they said was true."

Mozilla has rolled out a new $9 per month service called Mozilla Monitor Plus that automatically scrubs personal information from over 190 data broker sites. The tool builds on the free Firefox Monitor platform, expanding monitoring capabilities and proactively removing exposed details to protect user privacy. Subscribers will also receive data breach alerts under the new service.

An anonymous reader quotes a report from MacRumors: Apple Vision Pro owners who forget the passcode they set will need to take the device to an Apple retail location to get it reset, reports Bloomberg's Mark Gurman. There is apparently no on-device way to reset a Vision Pro passcode if it is forgotten. [...] Customers who have forgotten their Vision Pro passcodes have been told by Apple that they will need to visit a retail store for a fix or will need to ship the headset to Apple if there isn't a nearby store. Like Apple's iOS devices, the incorrect passcode cannot be entered too many times or the device will be disabled, with a waiting period before a passcode can be entered again. Removing the passcode requires erasing all content on the Vision Pro. [...]

There is an erase content setting on the Vision Pro, but there is no way to get into the reset mode using a combination of button presses. Erasing Vision Pro can only be done through the Settings app. Customers who have the $300 Developer Strap may be able to wipe the device from a Mac, but most users will not be able to get this accessory as it is limited to registered developers in the United States.

In a London court, lawyers for a group supported by the Crypto Open Patent Alliance (COPA) argued that Craig Wright's assertion of being the inventor of bitcoin is "a brazen lie," challenged by accusations of extensive document forgery to substantiate his claim. Wright's defense disputes these allegations, maintaining that he has presented definitive proof of his role in creating bitcoin. Reuters reports: Craig Wright says he is the author of a 2008 white paper, the foundational text of bitcoin and other cryptocurrencies, published in the name "Satoshi Nakamoto". He argues this means he owns the copyright in the white paper and has intellectual property rights over the bitcoin blockchain. But the Crypto Open Patent Alliance (COPA) -- whose members include Twitter founder Dorsey's payments firm Block -- is asking London's High Court to rule that Wright is not Satoshi.

The five-week hearing, at which Wright will give evidence from Tuesday, is the culmination of years of speculation about the true identity of Satoshi. Wright first publicly claimed to be Satoshi in 2016 and has since taken legal action against cryptocurrency developers and exchanges. COPA, however, says Wright has never provided any genuine proof, accusing him of repeatedly forging documents to support his claim, which Wright denies. Wright sat in court as COPA's lawyer Jonathan Hough said his claim was "a brazen lie, an elaborate false narrative supported by forgery on an industrial scale." Hough said that "there are elements of Dr Wright's conduct that stray into farce," citing his alleged use of ChatGPT to produce forgeries.

But he added: "Dr Wright's conduct is also deadly serious. On the basis of his dishonest claim to be Satoshi, he has pursued claims he puts at hundreds of billions of dollars, including against numerous private individuals." Wright's lawyer Anthony Grabiner, however, argued in court filings that he has produced "clear evidence demonstrating his authorship of the white paper and creation of bitcoin." Grabiner added that it was "striking" that no one else had publicly claimed to be Satoshi. "If Dr Wright were not Satoshi, the real Satoshi would have been expected to come forward to counter the claim," he said.

An anonymous reader shares a report: An underground website called OnlyFake is claiming to use "neural networks" to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds. In our own tests, OnlyFake created a highly convincing California driver's license, complete with whatever arbitrary name, biographical information, address, expiration date, and signature we wanted. The photo even gives the appearance that the ID card is laying on a fluffy carpet, as if someone has placed it on the floor and snapped a picture, which many sites require for verification purposes. 404 Media then used another fake ID generated by this site to successfully step through the identity verification process on OKX. OKX is a cryptocurrency exchange that has recently appeared in multiple court records because of its use by criminals.

Rather than painstakingly crafting a fake ID by hand -- a highly skilled criminal profession that can take years to master -- or waiting for a purchased one to arrive in the mail with the risk of interception, OnlyFake lets essentially anyone generate fake IDs in minutes that may seem real enough to bypass various online verification systems. Or at least fool some people. "The era of rendering documents using Photoshop is coming to an end," an announcement posted to OnlyFake's Telegram account reads. As well as "neural networks," the service claims to use "generators" which create up to 20,000 documents a day. The service's owner, who goes by the moniker John Wick, told 404 Media that hundreds of documents can be generated at once using data from an Excel table.

Slashdot reader Press2ToContinue shared this report from WION: : The Hong Kong branch of a multinational company has lost $25.6 million after a scammer used deepfake technology to pose as the firm's chief financial officer (CFO) in a video conference call and ordered money transfers, according to the police, in what is being highlighted as first of its kind cases in the city.

The transaction was ordered during a meeting where it was found that everyone present on the video call except the victim were deepfakes of real people, said the Hong Kong police, on Friday (Feb 2)...

Scammers in this case used deepfake technology to turn publicly available video and other footage of staff members into convincing meeting participants.

Slashdot reader Unpopular Opinions requests suggestions from the Slashdot community: Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host.

Which is not anything new... Companies have been doing this for decades, except as paid services you requested. Now the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. It's data they never had the rights to collect and/or compile to begin with, including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match...

"Just block those crawlers"? That's what some of those companies advise, but not only does the site operator have to automate it themself, not all companies offer lists of their source IP addresses or identify them. Some use multiple/different crawler domain names from their commercial product, or use cloud providers such as Google Cloud, AWS and Azure â" so one can't just block access to their company's networks without massive implications. They also change their own information with no warning, and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.

With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this?
Block those crawlers? Change your Terms of Service? What's the best fix... Share your own thoughts and suggestions in the comments.

How can you stop security firms from harvesting your data?

An anonymous Slashdot reader shared this report from the San Francisco Chronicle's senior political writer: The next House member representing Silicon Valley wants to change a key piece of federal law that shields internet companies like X, Facebook and Snapchat from lawsuits over content their users post. That protection is considered the lifeblood of social media.

The top eight Democratic candidates vying to succeed Democratic Rep. Anna Eshoo in her very blue district agree that something has to change with Section 230 of the Communications Decency Act, which was created in 1996, back when lawmakers shied away from doing anything that could limit the growth of the industry. Their unanimity is a sign that Eshoo's successor won't be a tool for the hometown industry. At least not on this issue. The challenge is what to do next. Whoever is elected, their actions as the voice of Silicon Valley will carry outsize weight in Congress. They can lead the charge to actually do something to clean up the bile on social media...

The good news is that they will have bipartisan support to address the bile and disinformation online. The bad news is that finding the right solution will still be hard.

An anonymous reader shared this report from USA Today: A nationwide analysis by USA TODAY shows local governments are banning green energy faster than they're building it.

At least 15% of counties in the U.S. have effectively halted new utility-scale wind, solar, or both, USA TODAY found. These limits come through outright bans, moratoriums, construction impediments and other conditions that make green energy difficult to build... In the past decade, about 180 counties got their first commercial wind-power project. But in the same period, more than twice as many blocked wind development. And while solar power has found more broad acceptance, 2023 was the first year to see almost as many individual counties block new solar projects as the ones adding their first project.

The result: Some of the nation's areas with the best sources of wind and solar power have now been boxed out. Because large-scale solar and wind projects typically are built outside city limits, USA TODAY's analysis focuses on restrictions by the county-level governments that have jurisdiction. In a few cases, such as Connecticut, Tennessee and Vermont, entire states have implemented near-statewide restrictions. While 15% of America's counties might sound like a small portion, the trend has significant consequences, says Jeff Danielson, a former four-term Iowa state senator now with the Clean Grid Alliance. "It's 15% of the most highly productive areas to develop wind and solar," he said. "Our overall goals are going to be difficult to achieve if the answer is 'No' in county after county...."

[T]he number of new wind projects opening annually peaked in the early 2010s, according to inventory data from the U.S. Energy Information Administration, and has slowed since then. Wind power is expected to grow 11% by 2025 from last year's levels. In the past 10 years, 183 counties saw their first wind project come online. However, USA TODAY's analysis found that in the same period, nearly 375 counties have essentially blocked new wind development. That's almost as many as the 508 counties — out of 3,144 total in the U.S. — currently home to an operational wind turbine....

Of the 116 counties implementing bans or impediments to utility-scale solar plants, half did so in 2023 alone. This surge in obstacles is unprecedented since green-energy technology gained broad acceptance...
The article points out that counties sometimes also limit the size of solar farms — making them impractical to build. "Other jurisdictions create shadow bans of sorts. Projects might not technically be banned, but officials simply reject all green energy plans on a case-by-case basis..."

"USA TODAY's findings were supported by research published in late January by the Department of Energy's Lawrence Berkeley National Laboratory. Energy developers reported one third of the wind and solar siting applications they had submitted in the past five years were canceled, while about half were delayed for six months or more. Zoning issues and community opposition were two of the top reasons."

The article also quotes an Ohio farmer who complained that "You live in the country, and you want to be away from all the hustle and bustle. I kind of look at it as if they're sticking a warehouse or a factory here." Last September, his county's commissioners banned all new large-scale wind and solar projects.

The non-profit Linux Foundation Energy hopes to develop energy-sector solutions (including standards, specifications, and software) supporting rapid decarbonization by collaborating with industry stakeholders.

And now they're involved in a new partnership with America's Joint Office of Energy — which facilitates collaboration between the federal Department of Energy and its Department of Transportation. The partnership's goal? To "build open-source software tools to support communications between EV charging infrastructure and other systems."

The Buildout reports: The partnership and effort — known as "Project EVerest" — is part of the administration's full-court press to improve the charging experience for EV owners as the industry's nationwide buildout hits full stride. "Project EVerest will be a game changer for reliability and interoperability for EV charging," Gabe Klein, executive director of the administration's Joint Office of Energy and Transportation, said yesterday in a post on social media....

Administration officials said that a key driver of the move to institute broad standards for software is to move beyond an era of unreliable and disparate EV charging services throughout the U.S. Dr. K. Shankari, a principal software architect at the Joint Office of Energy and Transportation, said that local and state governments now working to build out EV charging infrastructure could include a requirement that bidding contractors adhere to Project EVerest standards. That, in turn, could have a profound impact on providers of EV charging stations and services by requiring them to adapt to open source standards or lose the opportunity to bid on public projects. Charging availability and reliability are consistently mentioned as key turnoffs for potential EV buyers who want the infrastructure to be ready, easy, and consistent to use before making the move away from gas cars.

Specifically, the new project will aim to create what's known as an open source reference implementation for EV charging infrastructure — a set of standards that will be open to developers who are building applications and back-end software... And, because the software will be available for any company, organization, or developer to use, it will allow the creation of new EV infrastructure software at all levels without software writers having to start from scratch. "LF Energy exists to build the shared technology investment that the entire industry can build on top of," said Alex Thompson of LF Energy during the web conference. "You don't want to be re-inventing the wheel."
The tools will help communication between charging stations (and adjacent chargers), as well as vehicles and batteries, user interfaces and mobile devices, and even backend payment systems or power grids. An announcement from the Joint Office of Energy and Transportation says this software stack "will reduce instances of incompatibility resulting from proprietary systems, ultimately making charging more reliable for EV drivers." "The Joint Office is paving the way for innovation by partnering with an open-source foundation to address the needs of industry and consumers with technical tools that support reliable, safe and interoperable EV charging," said Sarah Hipel, Standards and Reliability Program Manager at the Joint Office.... With this collaborative development model, EVerest will speed up the adoption of EVs and decarbonization of transportation in the United States by accelerating charger development and deployment, increase customizability, and ensure high levels of security for the nation's growing network.
Linux Foundation Energy adds that reliable charging "is key to ensuring that anyone can confidently choose to ride or drive electric," predicting it will increase customizability for different use cases while offering long-term maintainability, avoiding vendor-lock in, and ensuring high levels of security. This is a pioneering example of the federal government collaborating to deploy code into an open source project...

"The EVerest project has been demonstrated in pilots around the world to make EV charging far more reliable and reduces the friction and frustration EV drivers have experienced when a charger fails to work or is not continually maintained," said LF Energy Executive Director Alex Thornton. "We look forward to partnering with the Joint Office to create a robust firmware stack that will stand the test of time, and be maintained by an active and growing global community to ensure the nation's charging infrastructure meets the needs of a growing fleet of electric vehicles today and into the future."
Thanks to Slashdot reader ElectricVs for sharing the article.

An anonymous reader quotes a report from ProPublica: Over the last decade, police departments across the U.S. have spent millions of dollars equipping their officers with body-worn cameras that record what happens as they go about their work. Everything from traffic stops to welfare checks to responses to active shooters is now documented on video. The cameras were pitched by national and local law enforcement authorities as a tool for building public trust between police and their communities in the wake of police killings of civilians like Michael Brown, an 18 year old black teenager killed in Ferguson, Missouri in 2014. Video has the potential not only to get to the truth when someone is injured or killed by police, but also to allow systematic reviews of officer behavior to prevent deaths by flagging troublesome officers for supervisors or helping identify real-world examples of effective and destructive behaviors to use for training. But a series of ProPublica stories has shown that a decade on, those promises of transparency and accountability have not been realized.

One challenge: The sheer amount of video captured using body-worn cameras means few agencies have the resources to fully examine it. Most of what is recorded is simply stored away, never seen by anyone. Axon, the nation's largest provider of police cameras and of cloud storage for the video they capture, has a database of footage that has grown from around 6 terabytes in 2016 to more than 100 petabytes today. That's enough to hold more than 5,000 years of high definition video, or 25 million copies of last year's blockbuster movie "Barbie." "In any community, body-worn camera footage is the largest source of data on police-community interactions. Almost nothing is done with it," said Jonathan Wender, a former police officer who heads Polis Solutions, one of a growing group of companies and researchers offering analytic tools powered by artificial intelligence to help tackle that data problem.

The Paterson, New Jersey, police department has made such an analytic tool a major part of its plan to overhaul its force. In March 2023, the state's attorney general took over the department after police shot and killed Najee Seabrooks, a community activist experiencing a mental health crisis who had called 911 for help. The killing sparked protests and calls for a federal investigation of the department. The attorney general appointed Isa Abbassi, formerly the New York Police Department's chief of strategic initiatives, to develop a plan for how to win back public trust. "Changes in Paterson are led through the use of technology," Abbassi said at a press conference announcing his reform plan in September, "Perhaps one of the most exciting technology announcements today is a real game changer when it comes to police accountability and professionalism." The department, Abassi said, had contracted with Truleo, a Chicago-based software company that examines audio from bodycam videos to identify problematic officers and patterns of behavior.

For around $50,000 a year, Truleo's software allows supervisors to select from a set of specific behaviors to flag, such as when officers interrupt civilians, use profanity, use force or mute their cameras. The flags are based on data Truleo has collected on which officer behaviors result in violent escalation. Among the conclusions from Truleo's research: Officers need to explain what they are doing. "There are certain officers who don't introduce themselves, they interrupt people, and they don't give explanations. They just do a lot of command, command, command, command, command," said Anthony Tassone, Truleo's co-founder. "That officer's headed down the wrong path." For Paterson police, Truleo allows the department to "review 100% of body worn camera footage to identify risky behaviors and increase professionalism," according to its strategic overhaul plan. The software, the department said in its plan, will detect events like uses of force, pursuits, frisks and non-compliance incidents and allow supervisors to screen for both "professional and unprofessional officer language." There are around 30 police departments currently use Truleo, according to the company.

Christopher J. Schneider, a professor at Canada's Brandon University who studies the impact of emerging technology on social perceptions of police, is skeptical the AI tools will fix the problems in policing because the findings might be kept from the public just like many internal investigations. "Because it's confidential," he said, "the public are not going to know which officers are bad or have been disciplined or not been disciplined."

An anonymous reader quotes a report from Wired: A California teenager prosecutors say is responsible for hundreds of swatting attacks around the United States was exposed after law enforcement pieced together a digital trail left on some of the internet's largest platforms, according to court records released this week. Alan Winston Filion, a 17-year-old from Lancaster, California, faces four felony charges in Florida's Seminole County related to swatting, or fake threats called into the police to provoke a forceful response, according to Florida state prosecutors. Police arrested Filion on January 18, and he was extradited to Seminole County this week.

Filion's arrest, first reported by WIRED on January 26, marks the culmination of a multi-agency manhunt for the person police claim is responsible for swatting attacks on high schools, historically black colleges and universities, mosques, and federal agents, and for threats to bomb the Pentagon, members of the United States Senate, and the US Supreme Court. Ultimately, a YouTube channel, Discord chats, and usernames related to The Lord of the Rings helped lead authorities to Filion's doorstep.

Florida prosecutors charged Filion with four felony counts, including three related to allegedly making false reports to law enforcement and one for unlawful use of a two-way radio for "facilitating or furthering an act of terrorism" that authorities say targeted people based on race, religion, or other protected classes. While prosecutors alleged that Filion "is responsible for hundreds of swatting and bomb threat incidents throughout the United States," the charges Filion faces relate to a single May 12, 2023, swatting attack against the Masjid Al Hayy Mosque in Sanford, Florida. [...] At 2 pm EST on Wednesday, Filion shuffled into a Seminole County courtroom and stood quietly as the judge read the charges against him. He is currently being held without bond.

When FTX filed for bankruptcy in November 2022, the defunct cryptocurrency exchange suffered a hack that resulted in more than $380 million in crypto stolen from FTX's virtual wallets. It turns out that FTX was hit with a SIM-swapping scam orchestrated by ringleader Robert Powell. Powell, along with Carter Rohn and Emily Hernandez, have been indicted and are due to appear in Chicago federal court later Friday for a detention hearing. CNBC reports: The three defendants are charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, in a scheme that ran from March 2021 to last April, and involved the co-conspirators traveling to cellphone retail stores in more than 15 states. The indictment says the trio shared the personal identifying information of more than 50 victims, created fake identification documents in the victims' names, impersonated them and then accessed their victims' "online, financial and social media accounts for the purpose of stealing money and data."

The scheme relied on duping phone companies into swapping the Subscriber Identity Module of cell phone subscribers into a cellphone controlled by members of the conspiracy, the indictment said. That in turn allowed the conspirators to defeat the multifactor authentication protection on the victims' accounts, giving them access to the money in those accounts. The indictment does not identify FTX by name as the main victim of the conspiracy, but the details of the hack described in that charging document align with the details publicly known about the theft from FTX, which was collapsing at the time of the attack.

Joshua Schulte, a former CIA software engineer, was sentenced to 40 years in prison on Thursday for carrying out the largest theft of classified information in the agency's history and possessing child pornography. The Guardian reports: The 40-year sentence by US district judge Jesse Furman was for "crimes of espionage, computer hacking, contempt of court, making false statements to the FBI, and child pornography," federal prosecutors said in a statement. The judge did not impose a life sentence as sought by prosecutors. Joshua Schulte was convicted in July 2022 on four counts each of espionage and computer hacking and one count of lying to FBI agents, after giving classified materials to the whistleblowing agency WikiLeaks in the so-called Vault 7 leak. Last August, a judge mostly upheld the conviction.

WikiLeaks in March 2017 began publishing the materials, which concerned how the CIA surveilled foreign governments, alleged extremists and others by compromising their electronics and computer networks. Prosecutors characterized Schulte's actions as "the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information" in US history. Prosecutors also said Schulte received thousands of images and videos of child sexual abuse, and that they found the material in Schulte's New York apartment, in an encrypted container beneath three layers of password protection, during the CIA leaks investigation.

"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike," said FBI Director Christopher Wray in a prepared testimony before the House Select Committee on the Chinese Communist Party. NBC News reports: Wray also argued that "there has been far too little public focus" that Chinese hackers are targeting critical infrastructure in the U.S. such as water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems, according to the prepared remarks. "And the risk that poses to every American requires our attention -- now," his prepared testimony said.

As Wray testified, the Justice Department and FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with botnet malware that targeted critical infrastructure. The DOJ said the hackers, known to the private sector as "Volt Typhoon," used privately owned small routers that were infected with "KV botnet" malware to conceal further Chinese hacking activities against U.S. and foreign victims. Wray addressed the malware in his testimony, emphasizing that it targets critical infrastructure in the U.S. [...]

At Wednesday's hearing, the director of the federal Cybersecurity and Infrastructure Security Agency, Jen Easterly, testified that Americans should expect efforts by China to wage influence campaigns online relating to the 2024 election. However, Easterly added that she was confident that voting systems and other election infrastructure are well-defended. "To be very clear, Americans should have confidence in the integrity of our election infrastructure because of the enormous amount of work that's been done by state and local election officials, by the federal government, by vendors, by the private sector since 2016," Easterly said in her testimony.

Wray emphasized in the remarks that the "cyber onslaught" of Chinese hackers "goes way beyond prepositioning for future conflict," saying in the prepared remarks that every day the hackers are "actively attacking" U.S. economic security, engaging in "wholesale theft of our innovation, and our personal and corporate data." "And they don't just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents," the excerpts said.

An anonymous reader quotes a report from Reuters: Italy's data protection authority has told OpenAI that its artificial intelligence chatbot application ChatGPT breaches data protection rules, the watchdog said on Monday, as it presses ahead with an investigation started last year. The authority, known as Garante, is one of the European Union's most proactive in assessing AI platform compliance with the bloc's data privacy regime. Last year, it banned ChatGPT over alleged breaches of European Union (EU) privacy rules. The service was reactivated after OpenAI addressed issues concerning, amongst other things, the right of users to decline to consent to the use of personal data to train algorithms. At the time, the regulator said it would continue its investigations. It has since concluded that elements indicate one or more potential data privacy violations, it said in a statement without providing further detail. The Garante on Monday said Microsoft-backed OpenAI has 30 days to present defense arguments, adding that its investigation would take into account work done by a European task force comprising national privacy watchdogs.