Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."

GitHub, Microsoft, and OpenAI "told a San Francisco federal court that a proposed class-action lawsuit for improperly monetizing open-source code to train their AI systems cannot be sustained," reports Reuters: The companies said in Thursday court filings that the complaint, filed by a group of anonymous copyright owners, did not outline their allegations specifically enough and that GitHub's Copilot system, which suggests lines of code for programmers, made fair use of the source code. A spokesperson for GitHub, an online platform for housing code, said Friday that the company has "been committed to innovating responsibly with Copilot from the start" and that its motion is "a testament to our belief in the work we've done to achieve that...."

Microsoft and OpenAI said Thursday that the plaintiffs lacked standing to bring the case because they failed to argue they suffered specific injuries from the companies' actions. The companies also said the lawsuit did not identify particular copyrighted works they misused or contracts that they breached.

Microsoft also said in its filing that the copyright allegations would "run headlong into the doctrine of fair use," which allows the unlicensed use of copyrighted works in some situations. The companies both cited a 2021 U.S. Supreme Court decision that Google's use of Oracle source code to build its Android operating system was transformative fair use.
Slashdot reader guest reader shares this excerpt from the plaintiffs' complaint: GitHub and OpenAI have offered shifting accounts of the source and amount of the code or other data used to train and operate Copilot. They have also offered shifting justifications for why a commercial AI product like Copilot should be exempt from these license requirements, often citing "fair use."

It is not fair, permitted, or justified. On the contrary, Copilot's goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall. It violates the licenses that open-source programmers chose and monetizes their code despite GitHub's pledge never to do so.

The Associated Press reports that America's Federal Reserve Board "has denied a Wyoming cryptocurrency bank's application for Federal Reserve System membership, officials announced Friday, dealing a setback to the crypto industry's attempts to build acceptance in mainstream U.S. banking." Many in crypto have been looking to Cheyenne-based Custodia Bank's more than 2-year-old application as a bellwether for crypto banking. Approval would have meant access to Federal Reserve services including its electronic payments system.

The rejection adds to doubts about crypto banking's viability, particularly in Wyoming, a state that has sought to become a hub of crypto banking, exchanges and mining....

Custodia sued the Federal Reserve Board and Federal Reserve Bank of Kansas City in Wyoming federal court last year, accusing them of taking an unreasonably long time on its application. In a statement Friday, the company said it was "surprised and disappointed" by the rejection and pledged to continue to litigate the issue.
In a statement, America's Federal Reserve Board argued argued that Custodia's "novel business model" and focus on crypto-assets "presented significant safety and soundness risks." "The Board has previously made clear that such crypto activities are highly likely to be inconsistent with safe and sound banking practices.

"The Board also found that Custodia's risk management framework was insufficient to address concerns regarding the heightened risks associated with its proposed crypto activities, including its ability to mitigate money laundering and terrorism financing risks."

The United States and European Union on Friday announced an agreement to speed up and enhance the use of artificial intelligence to improve agriculture, healthcare, emergency response, climate forecasting and the electric grid. Reuters reports: A senior U.S. administration official, discussing the initiative shortly before the official announcement, called it the first sweeping AI agreement between the United States and Europe. Previously, agreements on the issue had been limited to specific areas such as enhancing privacy, the official said. AI modeling, which refers to machine-learning algorithms that use data to make logical decisions, could be used to improve the speed and efficiency of government operations and services.

"The magic here is in building joint models (while) leaving data where it is," the senior administration official said. "The U.S. data stays in the U.S. and European data stays there, but we can build a model that talks to the European and the U.S. data because the more data and the more diverse data, the better the model." The initiative will give governments greater access to more detailed and data-rich AI models, leading to more efficient emergency responses and electric grid management, and other benefits, the administration official said. The partnership is currently between just the White House and the European Commission, the executive arm of the 27-member European Union. The senior administration official said other countries will be invited to join in the coming months.

An anonymous reader quotes a report from NPR: Aerospace giant Boeing entered a plea of not guilty to a criminal charge at an arraignment in federal court in Texas Thursday. The company is charged with felony fraud related to the crashes of two of its 737 Max airplanes that killed a total of 346 people. About a dozen relatives of some of those who were killed in the crashes gave emotional testimony during the three-hour arraignment hearing about how they've been affected by what they call "the deadliest corporate crime in U.S. history." They testified after Boeing's chief aerospace safety officer Mike Delaney entered a plea of not guilty on behalf of the airplane manufacturer to the charge of conspiracy to commit fraud. The company is accused of deceiving and misleading federal regulators about the safety of a critical automated flight control system that investigators found played a major role in causing the crashes in Indonesia in 2018 and in Ethiopia in 2019.

Boeing and the Justice Department had entered into a deferred prosecution agreement to settle the charge two years ago but many of the families of the crash victims objected to the agreement, saying that they were not consulted about what they called a "secret, sweetheart deal." Under the terms of the agreement, Boeing admitted to defrauding the FAA by concealing safety problems with the 737 Max, but pinned much of the blame on two technical pilots who they say misled regulators while working on the certification of the aircraft. Only one of those pilots was prosecuted and a jury acquitted him at trial last year. Boeing also agreed to pay $2.5 billion, including $1.7 billion in compensation to airlines that had purchased 737 Max planes but could not use them while the plane was grounded for 20 months after the second plane crashed. The company also agreed to pay $500 million in compensation to the families of those killed in the two Max plane crashes, and to pay a $243 million fine. The agreement also required Boeing to make significant changes to its safety policies and procedures, as well as to the corporate culture, which many insiders have said had shifted in recent years from a safety first focus to one that critics say put profits first.

After three years, if the aerospace giant and defense contractor lived up to the terms of the deferred prosecution agreement, the criminal charge against Boeing would be dismissed and the company would be immune from further prosecution. But last fall, U.S. District Court Judge Reed O'Connor agreed that under the Crime Victims' Rights Act, the relatives' rights had been violated and they should have been consulted before the DOJ and Boeing reached the agreement. Last week, he ordered Boeing to appear Thursday to be arraigned. On Thursday, the families asked Judge O'Connor to impose certain conditions on Boeing as a condition of release, including appointing an independent monitor to oversee Boeing's compliance with the terms of the previous deferred prosecution agreement, and that the company's compliance efforts "be made public to the fullest extent possible." O'Connor did not rule on whether to impose those conditions yet, as Boeing and the Justice Department opposed the request. But he did impose a standard condition that Boeing commit no new crimes.

An anonymous reader shares a report: When Safari users in Hong Kong recently tried to load the popular code-sharing website GitLab, they received a strange warning instead: Apple's browser was blocking the site for their own safety. The access was temporarily cut off thanks to Apple's use of a Chinese corporate website blacklist, which resulted in the innocuous site being flagged as a purveyor of misinformation. Neither Tencent, the massive Chinese firm behind the web filter, nor Apple will say how or why the site was censored. The outage was publicized just ahead of the new year. On December 30, 2022, Hong Kong-based software engineer and former Apple employee Chu Ka-cheong tweeted that his web browser had blocked access to GitLab, a popular repository for open-source code. Safari's "safe browsing" feature greeted him with a full-page "deceptive website warning," advising that because GitLab contained dangerous "unverified information," it was inaccessible. Access to GitLab was restored several days later, after the situation was brought to the company's attention.

The warning screen itself came courtesy of Tencent, the mammoth Chinese internet conglomerate behind WeChat and League of Legends. The company operates the safe browsing filter for Safari users in China on Apple's behalf -- and now, as the Chinese government increasingly asserts control of the territory, in Hong Kong as well. Apple spokesperson Nadine Haija would not answer questions about the GitLab incident, suggesting they be directed at Tencent, which also declined to offer responses. The episode raises thorny questions about privatized censorship done in the name of "safety" -- questions that neither company seems interested in answering: How does Tencent decide what's blocked? Does Apple have any role? Does Apple condone Tencent's blacklist practices?

Home Depot's Canadian arm was found to be sharing details from e-receipts related to in-store purchases with Facebook owner Meta Platforms without the knowledge or consent of its customers, according to Canada's privacy regulator. From a report: An investigation by the Office of the Privacy Commissioner of Canada (OPC) found that by participating in Meta's offline conversions program Home Depot shared the e-receipts that included encoded email addresses and purchase information. The regulator added that the home goods chain stopped sharing customer information with Meta in October 2022, which was among the recommendations made by OPC, until the company is able to implement measures to ensure valid consent.

The FBI revealed today that it had shut down the prolific ransomware gang called Hive, "a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims," reports Reuters. Slashdot readers wiredmikey and unimind shared the news. From the report: At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations' data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. "Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."

News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.

The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."

U.S. Rep. Jake Auchincloss read a speech on the floor of the U.S. House that was generated by AI chatbot ChatGPT. "Auchincloss said he prompted the system in part to 'write 100 words to deliver on the floor of the House of Representatives' about the legislation," reports the Associated Press. "Auchincloss said he had to refine the prompt several times to produce the text he ultimately read. His staff said they believe it's the first time an AI-written speech was read in Congress." From the report: The bill, which Auchincloss is refiling, would establish a joint U.S.-Israel AI Center in the United States to serve as a hub for AI research and development in the public, private and education sectors. Auchincloss said part of the decision to read a ChatGPT-generated text was to help spur debate on AI and the challenges and opportunities created by it. He said he doesn't want to see a repeat of the advent of social media, which started small and ballooned faster than Congress could react. "I'm the youngest parent in the Democratic caucus, AI is going to be part of my life and it could be a general purpose technology for my children," said Auchincloss, 34.

The text generated from Auchincloss's prompt includes sentences like: "We must collaborate with international partners like the Israeli government to ensure that the United States maintains a leadership role in AI research and development and responsibly explores the many possibilities evolving technologies provide." "There were probably about a dozen of my colleagues on the floor. I bet none of them knew it was written by a computer," he said. Lawmakers and others shouldn't be reflexively hostile to the new technology, but also shouldn't wait too long before drafting policies or new laws to help regulate it, Auchincloss said. In particular, he argued that the country needs a "public counterweight" to the big tech firms that would help guarantee that smaller developers and universities have access to the same cloud computing, cutting edge algorithms and raw data as larger companies.

schwit1 shares a report from NPR: A British man who planned to have a "robot lawyer" help a defendant fight a traffic ticket has dropped the effort after receiving threats of possible prosecution and jail time. [...] The first-ever AI-powered legal defense was set to take place in California on Feb. 22, but not anymore. As word got out, an uneasy buzz began to swirl among various state bar officials, according to Browder. He says angry letters began to pour in. "Multiple state bar associations have threatened us," Browder said. "One even said a referral to the district attorney's office and prosecution and prison time would be possible." In particular, Browder said one state bar official noted that the unauthorized practice of law is a misdemeanor in some states punishable up to six months in county jail.

"Even if it wouldn't happen, the threat of criminal charges was enough to give it up," [said Joshua Browden, the CEO of the New York-based startup DoNotPay]. "The letters have become so frequent that we thought it was just a distraction and that we should move on." State bar associations license and regulate attorneys, as a way to ensure people hire lawyers who understand the law. Browder refused to cite which state bar associations in particular sent letters, and what official made the threat of possible prosecution, saying his startup, DoNotPay, is under investigation by multiple state bar associations, including California's. "The truth is, most people can't afford lawyers," he said. "This could've shifted the balance and allowed people to use tools like ChatGPT in the courtroom that maybe could've helped them win cases."

"I think calling the tool a 'robot lawyer' really riled a lot of lawyers up," Browder said. "But I think they're missing the forest for the trees. Technology is advancing and courtroom rules are very outdated."

An anonymous reader quotes a report from ArsTechnica: The operator of Madison Square Garden and Radio City Music Hall is being probed by New York's attorney general over the company's use of facial recognition technology to identify and exclude lawyers from events. AG Letitia James' office said the policy may violate civil rights laws. Because of the policy, lawyers who work for firms involved in litigation against MSG Entertainment Corp. can be denied entry to shows or sporting events, even when they have no direct involvement in any lawsuits against MSG. A lawyer who is subject to MSG's policy may buy a ticket to an event but be unable to get in because the MSG venues use facial recognition to identify them.

In December, attorney Kelly Conlon was denied entry into Radio City Music Hall in New York when she accompanied her daughter's Girl Scout troop to a Rockettes show. Conlon wasn't personally involved in any lawsuits against MSG but is a lawyer for a firm that "has been involved in personal injury litigation against a restaurant venue now under the umbrella of MSG Entertainment," NBC New York reported. James' office sent a letter (PDF) Tuesday to MSG Entertainment, noting reports that it "used facial recognition software to forbid all lawyers in all law firms representing clients engaged in any litigation against the Company from entering the Company's venues in New York, including the use of any season tickets."

"We write to raise concerns that the Policy may violate the New York Civil Rights Law and other city, state, and federal laws prohibiting discrimination and retaliation for engaging in protected activity," Assistant AG Kyle Rapinan of the Civil Rights Bureau wrote in the letter. "Such practices certainly run counter to the spirit and purpose of such laws, and laws promoting equal access to the courts: forbidding entry to lawyers representing clients who have engaged in litigation against the Company may dissuade such lawyers from taking on legitimate cases, including sexual harassment or employment discrimination claims." The AG's office also said it is concerned that "facial recognition software may be plagued with biases and false positives against people of color and women." The letter asked MSG Entertainment to respond by February 13 "to state the justifications for the Company's Policy and identify all efforts you are undertaking to ensure compliance with all applicable laws and that the Company's use of facial recognition technology will not lead to discrimination." "To be clear, our policy does not unlawfully prohibit anyone from entering our venues and it is not our intent to dissuade attorneys from representing plaintiffs in litigation against us," said an MSG spokesperson in a statement. "We are merely excluding a small percentage of lawyers only during active litigation. Most importantly, to even suggest anyone is being excluded based on the protected classes identified in state and federal civil rights laws is ludicrous. Our policy has never applied to attorneys representing plaintiffs who allege sexual harassment or employment discrimination."

An anonymous reader quotes a report from TechCrunch: If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there's a chance your credit card number and personal information were exposed. Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders' information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses -- and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder's information.

The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: Any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data. Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.

But in this case, Sen wasn't the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database's contents of credit card data and would return it in exchange for a small sum of cryptocurrency. A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. [...] Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later. Many of the stores leaking customers' information claim to operate out of Hong Kong and were set up in the past few weeks. Some of the websites include: spraygroundusa.com, ihuahebuy.com, igoodlinks.com, ibuysbuy.com, lichengshop.com, hzoushop.com, goldlyshop.com, haohangshop.com, twinklebubble.store, and spendidbuy.com.

State Sen. Wendy Rogers (R-AZ) has introduced a set of bills aimed at making bitcoin legal tender in Arizona and allowing state agencies to accept bitcoin. Bitcoin Magazine reports: The proposed legislation (PDF) aims to recognize bitcoin as a legal form of currency in Arizona, allowing it to be used to pay for debts, taxes and other financial obligations. This would mean that all transactions that are currently done in U.S. dollars could potentially be done with bitcoin, and individuals and businesses would have the option to use bitcoin as they see fit. Specifically mentioning bitcoin alone, the legal tender bill defines bitcoin as, "the decentralized, peer-to-peer digital currency in which a record of transactions is maintained on the Bitcoin blockchain and new units of currency are generated by the computational solution of mathematical problems and that operates independently of a central bank."

The acceptance bill is more broad, saying that, "A state agency may enter into an agreement with a cryptocurrency issuer to provide a method to accept cryptocurrency as a payment method of fines, civil penalties or other penalties, rent, rates, taxes, fees, charges, revenue, financial obligations and special assessments to pay any amount due to that agency or this state." The report notes that Sen. Rogers introduced the same amendment in January 2022, but it "died by the second reading."

New bills in the state House and Senate would not only pursue collective bargaining rights across companies, as with past measures, but would guarantee a minimum wage, paid sick leave and other benefits. Companies like Uber and Lyft would also have to cover some driver expenses and pour money into the government's unemployment insurance system. Engadget reports: The new legislation wouldn't decide whether drivers are employees or independent contractors. However, Senate bill co-sponsor Jason Lewis told the State House News Service his bill would establish requirements that apply regardless of a driver's status. Previous bills would have tasked workers with negotiating for benefits that are now included, Lewis says.

In a statement, the Service Employees International Union (a bill proponent) says the bill "rewrites the rules" and gives condition drivers have sought for over a decade. The Massachusetts Coalition for Independent Work, an industry-run organization that opposes the legislation, previously claimed that measures granting employee status don't reflect a "vast majority" of drivers that want to remain contractors. The coalition prefers bills that would bring the anti-employee ballot proposal to the legislature as well as create portable benefit accounts.

Senator Joe Manchin, chairman of the Senate Energy and Natural Resources Committee, has introduced a new bill that squashes a small loophole around the Inflation Reduction Act's (IRA) $7,500 EV tax credit. Engadget reports: The new credits are restricted to cars with final assembly in the US, as well as those with a certain amount of North American battery content (an amount that increases every year). But, the U.S. Treasury has delayed its final rules on battery guidance until March, which means EVs with foreign batteries can still receive the full $7,500 in credits until then. Manchin's legislation, dubbed the American Vehicle Security Act (AVSA), would push the battery requirement back to January 1st.

"It is unacceptable that the U.S. Treasury has failed to issue updated guidance for the 30D electric vehicle tax credits and continues to make the full $7,500 credits available without meeting all of the clear requirements included in the Inflation Reduction Act," Manchin wrote a statement. "The Treasury Department failed to meet the statutory deadline of December 31, 2022, to release guidance for the 30D credit and have created an opportunity to circumvent stringent supply chain requirements included in the IRA. The IRA is first-and-foremost an energy security bill, and the EV tax credits were designed to grow domestic manufacturing and reduce our reliance on foreign supply chains for the critical minerals needed to produce EV batteries." Autoblog notes that the AVSA doesn't patch the other IRA loophole, which also allows for the full credit for leased cars built outside of the U.S.

An anonymous reader quotes a report from Reuters: U.S. Senator Josh Hawley, a Republican and China hawk, said on Tuesday that he would introduce a bill to ban the short video app TikTok in the United States. TikTok, whose parent is the Chinese company ByteDance, already faces a ban that would stop federal employees from using or downloading TikTok on government-owned devices. "TikTok is China's backdoor into Americans' lives. It threatens our children's privacy as well as their mental health," he said on Twitter. "Now I will introduce legislation to ban it nationwide." Hawley did not say when the bill would be introduced. "Senator Hawley's call for a total ban of TikTok takes a piecemeal approach to national security and a piecemeal approach to broad industry issues like data security, privacy and online harms," said TikTok spokeswoman Brooke Oberwetter. "We hope that he will focus his energies on efforts to address those issues holistically, rather than pretending that banning a single service would solve any of the problems he's concerned about or make Americans any safer."

The US Justice Department and eight states sued Alphabet's Google, calling for the break up of the search giant's ad-technology business over alleged illegal monopolization of the digital advertising market. From a report: "Google abuses its monopoly power to disadvantage website publishers and advertisers who dare to use competing ad tech products in a search for higher quality, or lower cost, matches," the Justice Department said in the complaint, which was filed in federal court in Virginia. New York, California and Virginia were among the states that signed on to the complaint.

The lawsuit represents the Biden administration's first major case challenging the power of one of the nation's largest tech companies, following through on a probe that began under former President Donald Trump. It also marks one of the few times the Justice Department has called for the breakup of a major company since it dismantled the Bell telecom system in 1982. Google is the dominant player in the $278.6 billion US digital-ad market, controlling most of the technology used to buy, sell and serve online advertising. A resolution in the case could be years away. The lawsuit marks the DOJ's second antitrust suit against Google and the fifth major case in the US challenging the company's business practices.

An anonymous reader quotes a report from the BBC: Japan's prime minister says his country is on the brink of not being able to function as a society because of its falling birth rate. Fumio Kishida said it was a case of "now or never." Japan -- population 125 million -- is estimated to have had fewer than 800,000 births last year. In the 1970s, that figure was more than two million. Japan now has the world's second-highest proportion of people aged 65 and over -- about 28% -- after the tiny state of Monaco, according to World Bank data.

"Japan is standing on the verge of whether we can continue to function as a society," Mr Kishida told lawmakers. "Focusing attention on policies regarding children and child-rearing is an issue that cannot wait and cannot be postponed." He said that he eventually wants the government to double its spending on child-related programs. A new government agency to focus on the issue would be set up in April, he added. However, Japanese governments have tried to promote similar strategies before, without success. In 2020, researchers projected Japan's population to fall from a peak of 128 million in 2017 to less than 53 million by the end of the century. The population is currently just under 125 million, according to official data.

Germany's cartel office regulator said on Monday it had initiated proceedings against payment company PayPal Europe over the possibility that it hindered competition. Reuters reports: The subject of the proceedings was PayPal's rules for extra charges and the presentation of PayPal in the terms of use for Germany, the watchdog said. The regulator is investigating in particular rules that say merchants may not offer their goods and services at a lower price to customers who choose a cheaper payment method than PayPal.

PayPal demands that sellers do not express a preference for other payment methods or make their use more convenient for customers, according to the antitrust watchdog. "These clauses could restrict competition and constitute a violation of the prohibition of abuse," said cartel office chief Andreas Mundt in a statement. "We will now examine what market power PayPal has and to what extent online merchants are dependent on offering PayPal as a payment method."

An anonymous reader quotes a report from The Guardian: Pakistan's national grid suffered a major breakdown, leaving millions of people without electricity for the second time in three months and highlighting the infrastructural weakness of the heavily indebted nation. The energy minister, Khurram Dastgir, said the outage on Monday was caused by a large voltage surge in the south of the grid, which affected the entire network. Supplies were being partially restored from north to the south, he added, nearly six hours after factories, hospitals and schools reported outages. The grid should be fully functioning by 10pm (1700 GMT), Dastgir said, adding: "We are trying our utmost to achieve restoration before that."

Like much of the national infrastructure, Pakistan's grid needs an upgrade that the government says it can ill afford. Pakistan has enough installed power capacity to meet demand, but it lacks resources to run its oil-and-gas powered plants -- and the sector is so heavily in debt that it cannot afford to invest in infrastructure and power lines. "We have been adding capacity, but we have been doing so without improving transmission infrastructure," Fahad Rauf, the head of research at Karachi-based brokerage Ismail Iqbal Industries, said.