Bitcoin

Australia Joins China and Japan in Trying To Regulate Digital Currency Exchanges (cnbc.com) 60

Following moves by China and Japan to regulate digital currencies, Australia is attempting to crackdown on money laundering and terrorism financing with plans to regulate bitcoin exchanges. From a report: "The threat of serious financial crime is constantly evolving, as new technologies emerge and criminals seek to nefariously exploit them. These measures ensure there is nowhere for criminals to hide," said Australia's Minister for Justice Michael Keenan in a press release. The Australian government proposed a set of reforms on Thursday which will close a gap in regulation and bring digital currency exchange providers under the remit of the Australian Transactions and Reporting Analysis Centre. These exchanges serve as marketplaces where traders can buy and sell digital currencies, such as bitcoin, using fiat currencies, such as the dollar. The reform bill is intended to strengthen the Anti-Money Laundering and Counter-Terrorism Financing Act and increase the powers of AUSTRAC.
Social Networks

Thai Activist Jailed For the Crime of Sharing an Article on Facebook (eff.org) 111

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.
The Courts

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com) 71

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.
China

China's VPN Developers Face Crackdown (bbc.com) 55

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.
Canada

An Image Site Is Victimizing Countless Women and Little Can Be Done (vice.com) 271

Allison Tierney, reporting for Vice: An international anonymous photo-sharing site where people post explicit photos without consent is playing host to the victimization of countless women. In the Canadian section of Anon-IB alone, there are currently over a hundred threads -- often organized by region, city, or calling out for nudes of a specific woman to be posted publicly. "Hamilton hoes," "Nanaimo Thread!," and "Markham wins" are some titles of Canadian threads. (Language used on the site equates the word "win" with sexually explicit photos of women.) Many major Canadian cities are represented on the site, and some threads even focus on women from specific schools. While it's a crime to share an "intimate image" of a person without their consent in Canada, sites that host this kind of activity don't necessarily fall under this. "[In terms of organizing content], is it criminal? No. Is it illegal? No," Toronto-based lawyer Jordan Donich, of Donich Law, told VICE. "It's a newer version of an older problem -- sites like these have been around for a long time." Anon-IB is not a new site; its current domain was registered to a "private person" in 2015 and ends in an ".ru." However, the site was initially up several years before 2015, going offline briefly in 2014.
Australia

Buggy Software Made Us Miss Money Laundering Scam, Says Australian Bank (theregister.co.uk) 57

An anonymous reader shares a report: Australia's Commonwealth Bank has blamed a software update for a money laundering scam that saw criminals send over AU$70m (US$55m) offshore after depositing cash into automatic teller machines. News of the Bank's involvement in the laundering scam broke last week, when Australia's financial intelligence agency AUSTRAC announced that it had found over 53,500 occasions on which the Bank failed to submit reports on transactions over $10,000. All transactions of that value are reportable in Australia, as part of efforts to crimp the black economy, crime and funding of terrorism. The news was not a good look for the Bank (CBA), because most of the cash was deposited into accounts established with fake drivers licences. Worse still is that each failure of this type can attract a fine of AU$18m, leaving CBA open to a sanction that would kill it off. Today the bank has explained the reason for its failure: "a coding error" that saw the ATMs fail to create reports of $10,000+ transactions. The error was introduced in a May 2012 update designed to address other matters, but not repaired until September 2015.
Security

The Kronos Indictment: Is it a Crime To Create and Sell Malware? (washingtonpost.com) 199

Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden "kill switch" for the malware, was arrested by the FBI over his alleged involvement in separate malicious software targeting bank accounts. According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015. Hutchins, who is indicted with another unnamed co-defendant, stands accused of six counts of hacking-related crimes as a result of his alleged involvement with Kronos. A preliminary analysis of those counts suggest that the government will face significant legal challenges. Orin Kerr, the Fred C. Stevenson Research Professor at The George Washington University Law School, writes: The indictment asserts that Hutchins created the malware and an unnamed co-conspirator took the lead in selling it. The indictment charges a slew of different crimes for that: (1) conspiracy to violate the Computer Fraud and Abuse Act; (2) three counts of violating 18 U.S.C. 2512, which prohibits selling and advertising wiretapping devices; (3) a count of wiretapping; and (4) a count of violating the Computer Fraud and Abuse Act through accomplice liability -- basically, aiding and abetting a hacking crime. Do the charges hold up? Just based on a first look at the case, my sense is that the government's theory of the case is fairly aggressive. It will lead to some significant legal challenges. It's hard to say, at this point, how those challenges will play out. The indictment is pretty bare-bones, and we don't have all the facts or even what the government thinks are the facts.
Crime

Man Used DDoS Attacks On Media To Extort Them To Remove Stories (itwire.com) 34

New submitter troublemaker_23 shares a report from iTWire: A 32-year-old man from Seattle who was arrested for mounting a series of distributed denial of service attacks on businesses in Australia, the U.S. and Canada, wanted articles about himself removed from various news sites, including Fairfax Media. According to an FBI chargesheet filed in the U.S. District Court for the Northern District of Texas (Dallas Division), Kamyar Jahanrakhshan tried to get articles removed from the Sydney Morning Herald, a site for legal articles known as Leagle.com, Metronews.ca, a Canadian news website, CBC in Canada and Canada.ca. The chargesheet, filed by FBI special agent Matthew Dosher, said Jahanrakhshan migrated to the U.S. in 1991 and took U.S. citizenship; he then moved to Canada about four years later and became a permanent resident there. He had a conviction for second degree theft in Washington state in 2005 and this was vacated in August 2011; he also had a 2011 conviction for fraud and obstruction in Canada. In each case, Jahanrakhshan, who was deported back to the U.S. as a result of the Canada crime, launched DDoS attacks on the news websites and then contacted them. Further reading: Ars Technica
Businesses

LinkedIn Says It's Illegal To Scrape Its Website Without Permission (arstechnica.com) 167

A small company called hiQ is locked in a high-stakes battle over web scraping with LinkedIn. It's a fight that could determine whether an anti-hacking law can be used to curtail the use of scraping tools across the web. From a report: HiQ scrapes data about thousands of employees from public LinkedIn profiles, then packages the data for sale to employers worried about their employees quitting. LinkedIn, which was acquired by Microsoft last year, sent hiQ a cease-and-desist letter warning that this scraping violated the Computer Fraud and Abuse Act, the controversial 1986 law that makes computer hacking a crime. HiQ sued, asking courts to rule that its activities did not, in fact, violate the CFAA. James Grimmelmann, a professor at Cornell Law School, told Ars that the stakes here go well beyond the fate of one little-known company. "Lots of businesses are built on connecting data from a lot of sources," Grimmelmann said. He argued that scraping is a key way that companies bootstrap themselves into "having the scale to do something interesting with that data." [...] But the law may be on the side of LinkedIn -- especially in Northern California, where the case is being heard. In a 2016 ruling, the 9th Circuit Court of Appeals, which has jurisdiction over California, found that a startup called Power Ventures had violated the CFAA when it continued accessing Facebook's servers despite a cease-and-desist letter from Facebook.
The Internet

It Is Easy To Expose Users' Secret Web Habits, Say Researchers (bbc.com) 95

An anonymous reader shares a BBC report: Two German researchers say they have exposed the porn-browsing habits of a judge, a cyber-crime investigation and the drug preferences of a politician. The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather "clickstreams." These are detailed records of everywhere that people go online. The researchers argue such data -- which some firms scoop up and use to target ads -- should be protected. The data is supposed to be anonymised, but analysis showed it could easily be tied to individuals. People's browsing history is often used to tailor marketing campaigns. The results of the research by Svea Eckert and Andreas Dewes were revealed at the Def Con hacking conference in Las Vegas this weekend. The pair found that 95% of the data they obtained came from 10 popular browser extensions. "What these companies are doing is illegal in Europe but they do not care," said Ms Eckert, adding that the research had kicked off a debate in Germany about how to curb the data gathering habits of the firms.
Cellphones

Do Kill Switches Deter Cellphone Theft? (arstechnica.com) 97

evolutionary shares an article from Ars Technica: San Francisco's district attorney says that a California state law mandating "theft-deterring technological solutions" for smartphones has resulted in a precipitous drop in such robberies. Those measures primarily include a remote kill switch after a phone has been stolen that would allow a phone to be disabled, withstanding even a hard reset. Such a kill switch has become standard in all iPhones ("Activation Lock") and Android phones ("Device Protection") since 2015... When measured from the peak in 2013, "overall robberies involving smartphones have declined an astonishing 50 percent... Because of this hard-fought legislation, stealing a smartphone is no longer worth the trouble, and that means the devices we use every day no longer make us targets for violent crime."
Bitcoin

US Indicts Suspected Russian 'Mastermind' of $4 Billion Bitcoin Laundering Scheme (reuters.com) 99

schwit1 shares a report from Reuters: A U.S. jury indicted a Russian man on Wednesday as the operator of a digital currency exchange he allegedly used to launder more than $4 billion for people involved in crimes ranging from computer hacking to drug trafficking. Alexander Vinnik was arrested in a small beachside village in northern Greece on Tuesday, according to local authorities, following an investigation led by the U.S. Justice Department along with several other federal agencies and task forces. U.S. officials described Vinnik in a Justice Department statement as the operator of BTC-e, an exchange used to trade the digital currency bitcoin since 2011. They alleged Vinnik and his firm "received" more than $4 billion in bitcoin and did substantial business in the United States without following appropriate protocols to protect against money laundering and other crimes. U.S. authorities also linked him to the failure of Mt. Gox, a Japan-based bitcoin exchange that collapsed in 2014 after being hacked. Vinnik "obtained" funds from the hack of Mt. Gox and laundered them through BTC-e and Tradehill, another San Francisco-based exchange he owned, they said in the statement.
Crime

Feds Crack Trump Protesters' Phones To Charge Them With Felony Rioting (thedailybeast.com) 465

An anonymous reader quotes a report from The Daily Beast: Officials seized Trump protesters' cell phones, cracked their passwords, and are now attempting to use the contents to convict them of conspiracy to riot at the presidential inauguration. Prosecutors have indicted over 200 people on felony riot charges for protests in Washington, D.C. on January 20 that broke windows and damaged vehicles. Some defendants face up to 75 years in prison, despite little evidence against them. But a new court filing reveals that investigators have been able to crack into at least eight defendants' locked cell phones. Now prosecutors want to use the internet history, communications, and pictures they extracted from the phones as evidence against the defendants in court. [A] July 21 court document shows that investigators were successful in opening the locked phones. The July 21 filing moved to enter evidence from eight seized phones, six of which were "encrypted" and two of which were not encrypted. A Department of Justice representative confirmed that "encrypted" meant additional privacy settings beyond a lock screen. For the six encrypted phones, investigators were able to compile "a short data report which identifies the phone number associated with the cell phone and limited other information about the phone itself," the filing says. But investigators appear to have bypassed the lock on the two remaining phones to access the entirety of their contents.
Communications

AlphaBay Owner Used Email Address For Both AlphaBay and LinkedIn Profile. 146

BarbaraHudson writes: The Register is reporting that Alexandre Cazes, the 25-year-old Canadian running the dark web site AlphaBay, was using a hotmail address easily connected to him via his Linkdin profile to administer the site. From the report: "[A]ccording to U.S. prosecutors, he used his real email address, albeit a Hotmail address -- Pimp_Alex_91@hotmail.com -- as the administrator password for the marketplace software. As a result, every new user received a welcome email from that address when they signed up to the site, and everyone using its password recovery tool also received an email from that address. However, rather than carefully set up and then abandon that email address, it turns out that Alexandre Cazes -- Pimp Alex -- had been using that address for years. Cazes had also used his Pimp Alex Hotmail address as well as an email address from his own business -- EBX Technologies -- to set up online bank accounts and crypto-currency accounts. How did law enforcement know that Cazes was behind EBX Technologies? It was on his LinkedIn profile."

BarbaraHudson adds: "His laptop wasn't encrypted, so expect more arrests as AlphaBay users are tracked down."
Crime

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown (bleepingcomputer.com) 41

An anonymous reader writes via Bleeping Computer: Today, in coordinated press releases, the U.S. Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces -- AlphaBay and Hansa Market. First to fall was the Hansa Market after Dutch officers seized control over their servers located inside one of the country's hosting providers. Dutch Police seized Hansa servers on June 20, but the site was allowed to operate for one more month as officers gathered more evidence about its clientele. The Hansa honeypot received an influx of new users as the FBI shut down AlphaBay on July 5, a day after it took control over servers on July 4. Europol and the FBI say they collected mountains of evidence such as "usernames and passwords of thousands of buyers and sellers of illicit commodities" and "delivery addresses for a large number of orders." FBI Active Director McCabe said AlphaBay was ten times larger than Silk Road, with over 350,000 listings. In opposition, Silk Road, which authorities seized in November 2013, listed a meager 14,000 listings for illicit goods and services at the time authorities took down the service.
Businesses

Insider Trader Arrested After He Googled 'Insider Trading,' Authorities Allege 124

Spy Handler writes: Fei Yan, a research scientist at the Massachusetts Institute of Technology and 31-year-old Chinese citizen, was arrested by federal authorities on Wednesday on insider trading charges. Mr. Yan used Google to search for phrases such as "how sec detect unusual trade" and "insider trading with international account." He also allegedly read an article titled "Want to Commit Insider Trading? Here's How Not to Do It," according to the U.S. attorney prosecuting the case. Further reading: Associated Press, CNBC, USA Today
The Almighty Buck

Ask Slashdot: Why Do So Many of You Think Carrying Cash Is 'Dangerous'? 660

An anonymous reader writes: Recently, I asked Slashdot what you thought about paying for things online using plastic, and the security of using plastic in general; thank you all for your many and varied responses, they're all much appreciated and gave me things to consider.

However, I got quite a few responses that puzzled me: People claiming that paying for things with cash, and carrying any amount of cash around at all, was somehow dangerous, that I'd be "robbed," and that I shouldn't carry cash at all, only plastic. I'm Gen-Y; I've walked around my entire life, in all sorts of places, and have never been approached or robbed by anyone, so I'm more than a little puzzled by that.

So now I ask you, Slashdotters: Why do you think carrying cash is so dangerous? Where do you live/spend your time that you worry so much about being robbed? Have you been robbed before, and that's why you feel this way? I'm not going to stop carrying cash in my wallet but I'd like to understand why it is so many of you feel this way -- so please be thorough in your explanations.
Verizon

Millions of Verizon Customer Records Exposed in Security Lapse (zdnet.com) 44

Zack Whittaker, reporting for ZDNet: An Israeli technology company has exposed millions of Verizon customer records, ZDNet has learned. As many as 14 million records of subscribers who called the phone giant's customer services in the past six months were found on an unprotected Amazon S3 storage server controlled by an employee of Nice Systems, a Ra'anana, Israel-based company. The data was downloadable by anyone with the easy-to-guess web address. Nice, which counts 85 of the Fortune 100 as customers, plays in two main enterprise software markets: customer engagement and financial crime and compliance including tools that prevent fraud and money laundering. Nice's 2016 revenue was $1.01 billion, up from $926.9 million in the previous year. The financial services sector is Nice's biggest industry in terms of customers, with telecom companies such as Verizon a key vertical. The company has more than 25,000 customers in about 150 countries.
Microsoft

Microsoft's Default Font Is at the Center Of a Government Corruption Case (thenextweb.com) 186

Calibri, a font that was created in 2004 and made default option on PowerPoint, Excel, Outlook, and WordPad by Microsoft in 2007, is currently sitting at the center of a corruption investigation involving Pakistan's Prime Minister, Nawaz Sharif. From a report: Accused of illegally profiting from his position since the 1990s, Sharif is now under investigation by the Joint Investigative Team -- a collective of Pakistani police, military, and financial regulators -- after a treasure trove of evidence surfaced with 2016's release of The Panama Papers. In a report obtained by Al Jazeera, investigators recommended a case be filed in the National Accountability Court after concluding there were "significant gap[s]" in Sharif's ability to account for his familial assets. [...] Sharif contends that neither he, nor his family, profited from his position of power, a denial that came under scrutiny today after his daughter and political heir apparent, Maryam Nawaz, produced documents from 2006 that prove her father's innocence. Unfortunately for the Nawaz family, type experts today confirmed the documents were written in Calibri, a font that wasn't available until 2007.
Crime

State Prison Officials Blame An Escape On Drones And Cellphones (usatoday.com) 223

An anonymous reader quotes USA Today: A fugitive South Carolina inmate recaptured in Texas this week had chopped his way through a prison fence using wire cutters apparently dropped by a drone, prison officials said Friday. Jimmy Causey, 46, fled the Lieber Correctional Institution in Ridgeville, S.C., on the evening of July 4th after leaving a paper mache doll in his bed to fool guards into thinking he was asleep. He was not discovered missing until Wednesday afternoon. Causey was captured early Friday 1,200 miles away in a motel in Austin by Texas Rangers acting on a tip, WLTX-TV reported... "We believe a drone was used to fly in the tools that allow(ed) him to escape," South Carolina Corrections Director Bryan Stirling said...

Stirling said prison officials are investigating the performance by prison guards that night but pointed to cellphones and drones as the main problem. The director said he and other officials have sought federal help for years to combat the use of drones to drop contraband into prison. "It's a simple fix," Stirling said. "Allow us to block the signal... They are physically incarcerated, but they are not virtually incarcerated."

It's the second time the same convict escaped from South Carolina's maximum security prison -- albeit the first time he's (allegedly) used a drone. The state's Law Enforcement Division Chief also complains that the federal government still prohibits state corrections officials from blocking cellphones, and "as long as cellphones continue to be utilized by inmates in prisons we're going to have things like this -- we're going to have very well-planned escapes..."

Slashdot Top Deals