Slashdot Mirror

A former student of The College of Saint Rose in Albany, New York, has pled guilty to charges that he destroyed tens of thousands of dollars worth of campus computers using a USB device designed to instantly overwhelm and fry their circuitry. The plea was announced today by the Department of Justice, FBI, and Albany Police Department. The Verge reports: Vishwanath Akuthota, the former student, now faces up to 10 years in prison (with up to three years of supervision after release) and a fine totaling up to $250,000. He was arrested and taken into custody in North Carolina on February 22nd, just over a week after he went on a spree of inserting the "USB Killer" device into 66 of Saint Rose's computers around various locations on campus. Such devices can be easily and freely purchased online and can overload the surge protection in many PCs.

Akuthota, 27, apparently made video recordings of himself inserting the malicious USB device into the computers and said "I'm going to kill this guy" as the PCs were overloaded and permanently ruined. So it's fair to say the FBI and APD had all the evidence they needed. In total, Akuthota caused $58,471 worth of damage. As part of his guilty plea, he has agreed to pay back that amount to the college, a small private school in New York's capital city. The Verge reached out to The College of Saint Rose for a statement on today's news, but a spokesperson said the college had been asked by law enforcement to refrain from commenting.

Jackson Cosko, a former employee of Senator Maggie Hassan, has "admitted to breaking into Hassan's office after being fired, stealing data that included personal contact information, then posting that information online during Supreme Court Justice Brett Kavanaugh's confirmation hearing," reports The Verge. The report says Cosko added several senators' private phone numbers and addresses to Wikipedia. He has pleaded guilty to computer fraud, witness tampering, obstruction of justice, and making restricted personal information public. From the report: Cosko worked as a computer system administrator for Hassan, but he was fired in May of 2018. According to a plea agreement, he retaliated by using another employee's key to break into his old workplace at least four times, installing keyloggers on computers and using stolen login credentials to download gigabytes of data. While watching the Supreme Court confirmation hearing in September, Cosko "became angry" at Republican senators questioning Kavanaugh -- so he posted contact information for Senators Lindsey Graham, Mike Lee, and Orrin Hatch on Wikipedia. Cosko was interning for US Representative Sheila Jackson Lee at the time, and his changes were flagged by a bot that detects Wikipedia edits from congressional computers. The bot inadvertently helped spread the senators' information across Twitter, a process that prosecutors say Cosko aided by tweeting about his leaks.

Cosko struck again a few days later, posting information about Senate Majority Leader Mitch McConnell and Senator Rand Paul -- who had called for an investigation -- on Wikipedia. He added comments calling himself a "golden god" who had a legal right to post the information, asking readers to "send us bitcoins." When a witness spotted him in Hassan's office the next day, Cosko responded with a threatening email titled "I own EVERYTHING." Cosko claimed he would release private emails, encrypted messages, and the health data and social security numbers for senators' children. "If you tell anyone I will leak it all," he wrote. Cosko was arrested soon after. Attorneys say Cosko could serve up to 57 months in prison, and he's required to give up all the equipment used in the crimes.

schwit1 writes: Evaldas Rimasauskas, a Lithuanian citizen, concocted a brazen scheme that allowed him to bilk Facebook and Google out of more than $100 million. The crime defrauded Google of $23 million and Facebook of $99 million. Rimasauskas committed the crimes between 2013 to 2015, an indictment was issued in 2017, and he was formally indicted Wednesday in New York after he pleaded guilty to wire fraud, aggravated identity theft, and three counts of money laundering.

"As Evaldas Rimasauskas admitted today, he devised a blatant scheme to fleece U.S. companies out of over $100 million, and then siphoned those funds to bank accounts around the globe," said U.S. Attorney Geoffrey S. Berman in a DoJ press release. How did he do it? The indictment reveals that he simply billed the companies for the amounts and they paid the bills. Rimasauskas was able to trick company employees into wiring the money to multiple bank accounts that he controlled and had set up in institutions in Cyprus, Lithuania, Hungary, Slovakia, and Latvia.

20-year-old Timothy Dalton Vaughn from Winston-Salem, N.C now faces 80 years in federal prison, reports KrebsOnSecurity.com: Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused -- who had fairly well separated his real life identity from his online personas -- appears to have been caught after a gaming Web site he frequented got hacked...

[T]he real-life identity of HDGZero remained a mystery...as there was little publicly available information at the time connecting that moniker to anyone. That is, until early January 2019, when news broke that hackers had broken into the servers of computer game maker BlankMediaGames and made off with account details of some 7.6 million people who had signed up to play "Town of Salem," the company's browser-based role playing game. That stolen information has since been posted and resold in underground forums. A review of the leaked BlankMediaGames user database shows that in late 2018, someone who selected the username "hdgzero" signed up to play Town of Salem... The data also shows this person registered at the site using a Sprint mobile device with an Internet address that traced back to the Carolinas.
This week America's Justice Department released an indictment of Vaughn and co-conspirator George Duke-Cohan for spoofed bomb threat emails to more than 2,400 schools, according to Krebs, adding that the government also alleges the two reported a fake hijacking of an airline bound for the United States. "That flight, which had almost 300 passengers on board, was later quarantined for four hours in San Francisco pending a full security check."

The two now face charges of conspiracy and eight additional felony offenses, "including making threats to injure in interstate commerce and making interstate threats involving explosives."

"Three men allegedly conspired with admitted 'swatter' Tyler Barriss to make hoax reports of bombs and murders to police departments, high schools and a convention center across the United States, according to three indictments unsealed today," reports America's Department of Justice.

An anonymous reader quotes NBC News: The three people charged -- Neal Patel, 23, of Des Plaines, Illinois; Tyler Stewart, 19, of Gulf Breeze, Florida; and Logan Patten, 19, of Greenwood, Missouri -- are not accused in the "swatting" call allegedly made by another man that preceded the police shooting of Andrew Finch, a 28, in Wichita on Dec. 28, 2017. But they are accused of asking the suspect in the fatal Kansas case, Tyler Barriss, through Twitter direct messages to make false reports of bombs or threats of shootings that would trigger a law enforcement response and the evacuation of buildings against other targets, including a high school and a Dallas video game tournament....

Patel allegedly conspired with Barriss to make false reports to police in Milford, Connecticut, in December of 2017, and to make a false bomb threat targeting a video game convention in Dallas, according to the U.S. Attorney's Office for the Central District of California in Los Angeles. Stewart is accused of conspiring with Barriss to make two false bomb threats about a high school in Gurnee, Illinois, in early December of 2017, and Patten is charged with hiring Barriss to "swat" people in Indiana and Ohio, also in December of 2017, and of scheming with Barriss to "swat" a high school in Missouri, according to prosecutors.
After this week's arrests, the three men each face up to 15 years in federal prison. Patel allegedly also used "unauthorized" credit cards to pay Barriss -- and now faces two more bank fraud charges which each carry up to 30 years in federal prison.

The article also notes that the 25-year-old who actually made the calls -- and the call which led to a fatal shooting in Wichita -- "has agreed to serve a sentence of between 20 and 25 years in federal prison." And the two gamers involved in the dispute which led to that shooting have also been criminally charged.

Federal prosecutors in Kansas announced Tuesday that a 25-year-old Californian has admitted that he caused a Wichita man to be killed at the hands of local police during a swatting attack late last year. Ars Technica reports: According to the United States Attorney's Office for the District of Kansas, Tyler Barriss pleaded guilty to making a false report resulting in a death, cyberstalking, and conspiracy. He also admitted that he was part of "dozens of similar crimes in which no one was injured." In May 2018, Barriss was indicted on county charges (manslaughter) and federal charges, which include cyberstalking and wire fraud, among many others. U.S. Attorney Stephen McAllister said in a Tuesday statement that Barriss would be sentenced to at least 20 years in prison. Barriss also was involved in calling in a bomb threat to the Federal Communications Commission in December 2017 to disrupt a vote on net neutrality rules. The 25-year-old Californian is scheduled to be sentenced on January 30, 2019, in federal court in Wichita.

Federal prosecutors in Kansas announced Tuesday that a 25-year-old Californian has admitted that he caused a Wichita man to be killed at the hands of local police during a swatting attack late last year. Ars Technica reports: According to the United States Attorney's Office for the District of Kansas, Tyler Barriss pleaded guilty to making a false report resulting in a death, cyberstalking, and conspiracy. He also admitted that he was part of "dozens of similar crimes in which no one was injured." In May 2018, Barriss was indicted on county charges (manslaughter) and federal charges, which include cyberstalking and wire fraud, among many others. U.S. Attorney Stephen McAllister said in a Tuesday statement that Barriss would be sentenced to at least 20 years in prison. Barriss also was involved in calling in a bomb threat to the Federal Communications Commission in December 2017 to disrupt a vote on net neutrality rules. The 25-year-old Californian is scheduled to be sentenced on January 30, 2019, in federal court in Wichita.

The Justice Department on Friday charged a Russian woman for her role in a conspiracy to interfere with the 2018 U.S. election, marking the first criminal case prosecutors have brought against a foreign national for interfering in the upcoming midterms. From a report: Elena Khusyaynova, 44, was charged with conspiracy to defraud the United States. Prosecutors said she managed the finances of "Project Lakhta," a foreign influence operation they said was designed "to sow discord in the U.S. political system" by pushing arguments and misinformation online about a whole host of divisive political issues, including immigration, the Confederate flag, gun control, and the NFL national anthem protests. The charges against Khusyaynova came just as the Office of the Director of National Intelligence warned that it was concerned about "ongoing campaigns" by Russia, China and Iran to interfere with the upcoming Midterm elections and even the 2020 race -- an ominous warning that comes just weeks before voters head to the polls.

Seven Russian intelligence officers have been indicted by the Justice Department for computing hacking, wire fraud, money laundering, and identity theft -- all as part of an effort to distract from Russia's state-sponsored doping program. The defendants reportedly stole and disseminated the personal information of several prominent anti-doping officials and 250 athletes following the 2014 Sochi Olympics. The Verge reports: The indictment names all seven of the accused as members of the Russian Federation intelligence agency (or GRU) housed within the intelligence directorate of the Russian military. Three of the defendants were also charged as part of the Mueller investigation regarding hacking the Democratic National Convention in an attempt to compromise U.S. election infrastructure in 2016. The Justice Department claimed in its indictment that the GRU officials were working to undermine the advocacy of anti-doping organizations, officials, and athletes following the exposure of a Russian state-sponsored doping campaign in 2015. Login credentials were stolen through classic phishing techniques, which, in some cases, gave the hackers access to the medical profiles of some athletes. This information was then disseminated over social media by the hackers who disguised themselves as a hacktivist group called the Fancy Bears' Hack Team.

In the case of four-time Olympic gold medalist runner Mo Farah, the Fancy Bears' Hack Team had gained access to his "biological passport." This set of information tracks the blood data of athletes in order to monitor the potentiality of doping. The group then posted the contents of Farah's profile over social media, pointing to results that claimed he was "likely doping." By use of this method, the hackers were able to subvert media attention away from Russia's doping accusations and point the finger at other countries as well. The indictment claims that the hackers spoke to 186 different reporters in order to "amplify the exposure" of their message.

Former NSA employee Nghia Hoang Pho, 64, was sentenced to five and a half years in prison for taking top secret U.S. defense files to his home. Pho pleaded guilty in December to willful retention of national defense information, the U.S. Justice Department said in a statement. The maximum sentence for this crime is 10 years, but prosecutors were recommending a sentence of eight years. CNET reports: Pho, a naturalized U.S. citizen originally from Vietnam, worked in the NSA's Tailored Access Group, the agency's team that focuses on tools that can directly hack surveillance targets. Between 2010 and March 2015, Pho took home paper and digital copies of U.S. government documents and writings that contained national defense information on them, the Justice Department said. Pho reportedly had antivirus software from Kaspersky Lab on his home computer network and the software scooped up the top secret information as part of its virus scanning process. Kaspersky has acknowledged that its software lifted hacking tools from a home computer in 2014 but said it wasn't part of an intentional effort to steal information from the NSA. Pho said in court he took the materials home so he could put in more work to earn a promotion, according to CBS Baltimore.

An anonymous reader quotes a report from Motherboard: After more than a decade of headlines about the vulnerability of U.S. voting machines to hacking, it turns out the federal government says it may not be able to prosecute election hacking under the federal law that currently governs computer intrusions. Per a Justice Department report issued in July from the Attorney General's Cyber Digital Task Force, electronic voting machines may not qualify as "protected computers" under the Computer Fraud and Abuse Act, the 1986 law that prohibits unauthorized access to protected computers and networks or access that exceeds authorization (such as an insider breach).

The report says the law generally only prohibits against hacking computers "that are connected to the Internet (or that meet other narrow criteria for protection)" and notes that voting machines generally do not meet this criteria "as they are typically kept off the Internet." Consequently, "should hacking of a voting machine occur, the government would not, in many conceivable circumstances, be able to use the CFAA to prosecute the hackers." Aside from the fact that the assertion about voting machines not being connected is incorrect -- many voting machines are connected in that they use cellular and landline modems that connect with cell towers and backend telecom networks to transmit results on election night -- the government's assertion that the CFAA applies only to connected machines is news to legal experts.

An anonymous reader quotes a report from Ars Technica: A total of 24 people who pleaded guilty to their involvement in a massive years-long phone scam often involving fake Internal Revenue Service and United States Citizenship and Immigration Services officials have now been given prison sentences from four to 20 years. The indictment was originally filed in October 2016 against 61 people and includes charges of conspiracy to commit identity theft, impersonation of an officer of the United States, wire fraud, and money laundering. If victims didn't pay up, callers threatened arrest, deportation, or heavier fines. There were also related scams involving fake payday loans and bogus U.S. government grants, according to the criminal complaint. The lead defendant was Miteshkumar Patel, who was given 20 years.

CNET reports on what happened when a new Uber driver received a call from Uber telling him to cancel the trip and verify his account: The caller asked for his email. He gave it. The caller asked for his Uber account password. He gave him that, too, after a brief hesitation. Then the caller said to tell him the confirmation code he'd be receiving shortly via text. The driver told him the code once he got the text. This was the two-factor authentication needed to get into the driver's Uber account. "Nothing happened for the rest of the week," the driver says. "I didn't think anything of this again until Saturday." But in those following three days, the scammer had changed the driver's account settings and waited for the perfect time to withdraw money.... By Saturday night, his $653.88 in earnings from that week had been nabbed from his account...

Apparently the scam has hit thousands of ride-hail drivers, and millions of dollars have been diverted from their accounts, according to a lawsuit brought by the U.S. Attorney's Office in New York's federal court last November... [A] couple of key elements about Uber make it possible. When passengers hail a ride with Uber, they see the name of the driver and the car's make, model and license number, and they get an anonymized phone number to call the driver. All of this ensures passengers safely connect with the right driver. But it also makes it possible for the wrong people to see lots of information about drivers.
When one of the scam victims complained to Uber, he "was told he had to wait until Monday when he could talk to a representative in person at one of its driver hubs," although eventually Uber "agreed to credit the $653.88 back to his account as a 'one-time repayment courtesy.'"

Other scammers have gone after Uber directly, CNET reports, using GPS-spoofing apps to simulate long rides as "a way to pocket money via stolen credit cards, essentially using Uber as a makeshift money laundering service." Uber's data science manager spotted the fake rides because "weird" altitude coordinates indicated that the drivers were flying through the sky.

More than 40 alleged dark-web drug dealers have been arrested as part of a sweeping federal effort by the Department of Justice as "the first national undercover operation targeting dark net vendors." The Verge reports: The core of the operation was an online money-laundering business seized by agents from Homeland Security Investigations and operated as a sting for over a year. By offering cash for bitcoin, HSI agents were able to identify specific drug dealers, ultimately tracing more than $20 million in drug-linked cryptocurrency transactions. The hijacked money-laundering service was offered across a number of different marketplaces, with agents claiming at least some presence on AlphaBay, Dream Market, Wall Street, and others.

So far, prosecutions have been launched across 19 states as a result of the operation, seizing more than $3.6 million in cash. The same raids seized large quantities of Schedule IV pharmaceuticals -- including 100,000 tramadol pills and over 24 kilograms of Xanax -- as is typical of trade on dark net markets. Agents also recovered more than 300 models of liquid synthetic opioids and roughly 100 grams of fentanyl. Further investigations are still ongoing.

Yesterday, 43-year-old Iowa man Sherman Hopkins Jr. was sentenced to 20 years in prison for attempting to rob a domain name from another man at gunpoint in 2017. As Motherboard reports, "this may be the first time someone has attempted to steal a domain name at gunpoint." From the report: Last June, Hopkins broke into the home of 26 year-old Ethan Deyo in Cedar Rapids, Iowa one afternoon and demanded that Deyo to log on to his computer to transfer the domain name for "doitforstate.com" to another account. According to Deyo's bio on his personal website, he is a web entrepreneur who previously worked for the web hosting service GoDaddy. After seeing Hopkins enter the apartment, Deyo locked himself into his room and Hopkins kicked in the door. Hopkins kicked in the door and "pistol-whipped" Deyo, held a gun to his head and used a stun gun on him during the encounter. While he attempted to wrestle the gun away from Hopkins, Deyo was shot in the leg, but he eventually gained control of the firearm and shot Hopkins multiple times in the chest. It's unclear why Hopkins wanted the domain name or who he was transferring the domain name to.

An anonymous reader shares a report: Former FBI Director James Comey, who led the investigation into Hillary Clinton's use of personal email while secretary of state, also used his personal email to conduct official business, according to a report from the Justice Department on Thursday. The report also found that while Comey was "insubordinate" in his handling of the email investigation, political bias did not play a role in the FBI's decision to clear Clinton of any criminal wrongdoing.

The report from the office of the inspector general "identified numerous instances in which Comey used a personal email account (a Gmail account) to conduct FBI business." In three of the five examples, investigators said Comey sent drafts he had written from his FBI email to his personal account. In one instance, he sent a "proposed post-election message for all FBI employees that was entitled 'Midyear thoughts,'" the report states. In another instance, Comey again "sent multiple drafts of a proposed year-end message to FBI employees" from his FBI account to his personal email account.

An anonymous reader writes: 18-year-old Casey Viner, who instigated the 911 call which led to a fatal shooting in Wichita (hiring Tyler Barriss to perform the actual call), is in big trouble. "If convicted on the 10 counts he faces, Viner could spend almost the rest of his life in prison and pay a $1,000,000 fine," reports a local Cincinnati news site. Ironically, Viner's father is a corporal with the county sheriff's department.

The 19-year-old intended target for the SWAT attack had supplied a real address in Wichita for a house where he used to live. But in an eerie coincidence, ten days before the fatal shooting in Wichita, Cincinnati police had responded to a similar SWAT call which had sent them to a house where Viner used to live. The local police said "the facts and circumstances and the verbiage were very, very similar."
25-year-old Tyler Barriss also faces a life sentence for false information which resulted in a death -- as well as several local charges. And Thursday a federal grand jury also indicted Barriss "for a threat that caused an evacuation of a high-profile FCC hearing" into net neutrality regulations just two weeks before the fatal Wichita shooting, "and another threat eight days later that targeted FBI headquarters."

Barriss's lawyer insists that his client wasn't responsible for the Wichita death, blaming instead a "gung-ho, crazy cop."

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter -- stages 2 and 3 can't survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI's advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves. The Justice Department and U.S. Department of Homeland Security have also issued statements advising users to reboot their routers as soon as possible.

Federal authorities have charged the two founders of classified site Backpage.com, along with five other employees, with laundering money and facilitating prostitution. According to The Washington Post, the Justice Department claims Backpage took "consistent and concerted action" to knowingly allow ads for illegal sex work. The indictment alleges that "virtually every dollar flowing into Backpage's coffers represents the proceeds of illegal activity." The Verge reports: Law enforcement agencies seized Backpage's servers last week, and co-founder Michael Lacey was charged in a sealed 93-count indictment, which has now been revealed. Lacey, as well as his co-founder James Larkin, were already charged with violating California money laundering laws, although a judge threw out state-level pimping charges. Beyond Lacey and Larkin, the Backpage indictment includes charges against the site's chief financial officer, operations manager, assistant operations manager, and marketing director. It also charges the executive vice president of one of Backpage's parent companies. Backpage CEO Carl Ferrer, who was previously charged with pimping in California, was not charged in this indictment. The Justice Department claims Backpage's owners tried to cover up the fact that most of its "adult services" ads involved prostitution, and that Backpage allowed child sex traffickers to keep ads on the site as long as they deleted age-related keywords. The indictment also claims that Backpage disguised payments for illegal services by having customers funnel money to foreign bank accounts or apparently unrelated companies, or by transferring funds into cryptocurrency. These federal chargers are reportedly unrelated to the Stop Enabling Sex Traffickers Act, a bill that would make website operators liable for illegal content posted to their sites. The bill is currently awaiting Trump's signature.

The US Justice Department has filed charges against 13 Russian nationals and three Russian groups for interfering with the 2016 presidential election. From a report: In an indictment [PDF] released on Friday, the Justice Department called out the Internet Research Agency, a notorious group behind the Russian propaganda effort across social media. Employees for the agency created troll accounts and used bots to prop up arguments and sow political chaos during the 2016 presidential campaign. Facebook, Twitter and Google have struggled to deal with fake news, trolling campaigns and bots on their platforms, facing the scorn of Capitol Hill over their mishandlings. The indictment lists 13 Russian nationals tied to the effort.

An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."

The Justice Department wants to keep Kim Dotcom's millions of dollars worth of seized assets, citing the Megaupload founder's fugitive status. The department filed a brief on Friday, which cited his fugitive status as well as a lack of evidence supporting claims that poor health was preventing him from entering the U.S. CNET reports: Dotcom has been in the news since 2012, when the FBI and the US Department of Justice shut down file-sharing site Megaupload and charged the site's operators with the piracy-related offenses. The U.S. government also seized $42 million in assets. Dotcom, alongside Mathias Ortmann, Bram van der Kolk and Finn Batato, are wanted for trial in the U.S. on 13 counts, including copyright infringement, conspiracy to commit racketeering, money laundering and wire fraud. In February, the New Zealand High Court found that Dotcom, a New Zealand resident, and his co-accused were eligible for extradition to the United States.

An anonymous reader quotes a report from The Verge: Federal prosecutors have filed a hate crime charge against 51-year-old Kansas resident Adam Purinton, according to the Department of Justice. Purinton, who is accused of shooting three people in an Olathe bar, reportedly told a local Garmin engineer to "get out of my country" before opening fire. Purinton is currently being held on first-degree murder charges filed by local prosecutors. Today's indictment accuses Purinton of committing murder "because of Kuchibhotla's actual and perceived race, color, religion and national origin," with additional charges for the attempted murder of Madasani and violations of federal firearm statutes. The Justice Department declined to say whether it will pursue the death penalty, although it is authorized by the hate crime statute.

The founder and CEO of a shuttered Silicon Valley startup has been indicted for tricking employees into working without pay and for lying about his credentials and financing. From a report: In an indictment unsealed this week, Isaac Choi, founder and CEO of failed Silicon Valley job search startup WrkRiot, was charged with five counts of wire fraud for allegedly defrauding former employees. Problems at the upstart surfaced in August when Penny Kim, former head of marketing for the company, published an account of her experience at an unnamed biz. She said the unspecified outfit failed to pay her and forged wire transfer confirmations to make it appear it had transferred owed funds. After it emerged that Kim was talking about WrkRiot, the company threatened legal action. By the end of August, when former CTO Al Brown acknowledged being the person referred to as "Charlie" in Kim's post and corroborated her claims, WrkRiot had shut down its website and Facebook page.

schwit1 quotes a report from The Hill: The Department of Justice charged 25-year-old government contractor Reality Leigh Winner with sharing top secret material with a media outlet, prosecutors announced in a press release Monday. Court documents filed by the government don't specify which media outlet received the materials allegedly leaked by Winner, but NBC News reported that the material went to the Intercept online news outlet. The Intercept published a top secret NSA report Monday that alleged Russian military intelligence launched a 2016 cyberattack on a voting software company. Details on the report published by The Intercept suggest that it was created on May 5, 2017 -- the same day prosecutors say the materials Winner is charged with sharing were created. A Justice Department spokesman declined to comment on whether Winner is accused of sharing the report published by the Intercept. Last month, Winner allegedly "printed and improperly removed classified intelligence reporting, which contained classified national defense information" before mailing the materials to an unnamed online news outlet a few days later, according to prosecutors.

An anonymous reader quotes Fortune: A former developer for IBM pled guilty on Friday to economic espionage and to stealing trade secrets related to a type of software known as a clustered file system, which IBM sells to customers around the world. Xu Jiaqiang stole the secrets during his stint at IBM from 2010 to 2014 "to benefit the National Health and Family Planning Commission of the People's Republic of China," according to the U.S. Justice Department. In a press release describing the criminal charges, the Justice Department also stated that Xu tried to sell secret IBM source code to undercover FBI agents posing as tech investors. (The agency does not explain if Xu's scheme to sell to tech investors was to benefit China or to line his own pockets).

Part of the sting involved Xu demonstrating the stolen software, which speeds computer performance by distributing works across multiple servers, on a sample network. The former employee acknowledged that others would know the software had been taken from IBM, but said he could create extra computer scripts to help mask its origins.
At one point 31-year-old Xu even showed undercover FBI agents the part of the source code that identified it as coming from IBM "as well as the date on which it had been copyrighted."

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.

An anonymous reader quotes Motherboard: A 21-year-old from Virginia plead guilty on Friday to writing and selling custom spyware designed to monitor a victim's keystrokes. Zachary Shames, from Great Falls, Virginia, wrote a keylogger, malware designed to record every keystroke on a computer, and sold it to more than 3,000 people who infected more than 16,000 victims with it, according to a press release from the U.S. Department of Justice.

Shames, who appears to be a student at James Madison University, developed the first version of the spyware while he was still a high school student in 2013, "and continued to modify and market the illegal product from his college dorm room," according to the feds... While the feds only vaguely referred to it as "some malicious keylogger software," it appears the spyware was actually called "Limitless Keylogger Pro," according to evidence found by a security researcher who asked to remain anonymous... According to what appears to be Shames Linkedin page, he was an intern for the defense contractor Northrop Grumman from May 2015 until August 2016.
The Department of Justice announced that he'll be sentenced on June 16, and faces a maximum of 10 years in prison.

An anonymous reader quotes a report from CNET: More than 1 million people signed onto a petition asking President Barack Obama to pardon Edward Snowden, proponents of the pardon said Friday. The campaign began in September, when Snowden, his attorney Ben Wizner from the ACLU, and other privacy activists announced they would formally petition Obama for a pardon. Snowden leaked classified NSA documents detailing surveillance programs run by the U.S. and its allies to journalists in 2013, kicking off a heated debate on whether Americans should be willing to sacrifice internet privacy to help the government protect the country from terrorist attacks. Obama and White House representatives have said repeatedly that Snowden must face the charges against him and that he'll be afforded a fair trial. In the U.S., a pardon is "an expression of the president's forgiveness and ordinarily is granted in recognition of the applicant's acceptance of responsibility for the crime and established good conduct for a significant period of time after conviction or completion of sentence," according to the Office of the Pardon Attorney. It does not signify innocence. Also on Friday, David Kaye urged Obama to consider a pardon for Snowden. Kaye, the special rapporteur to the United Nations Human Rights Council on the freedom of expression, said U.S. law doesn't allow Snowden to argue that his disclosures were made for the benefit of the public. The jury would merely be asked to decide whether Snowden stole government secrets and distributed them -- something Snowden himself concedes he did. In response to the petition, Edward Snowden tweeted: "Whether or not this President ends the war on whistleblowers, you've sent a message to history: I feared no one would care. I was wrong."

This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes: Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."

"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.

An anonymous reader quotes a report from The Verge: The copyright violation notice is every pirate's worst nightmare, a clear legal sign that a major copyright holder knows what you've been torrenting and is ready to make you pay for your crimes. But according to an indictment filed today in Minnesota federal court, that system has also opened the door to some very creative forms of fraud. The indictment alleges that two lawyers -- Paul R. Hansmeier and John L. Steele -- used the copyright system to extort roughly $6 million out of porn pirates over the course of three years. Prosecutors say the lawyers uploaded their own pornographic videos to torrent services -- including the embattled Pirate Bay -- then aggressively targeted users who downloaded the content, discovering names through the standard copyright violation process and then threatening pirates with damages up to $150,000 unless they agreed to a settlement. The typical cost of a settlement was $4,000, far less than the cost of challenging the order in open court. Throughout the process, Feds allege that Hansmeier and Steele concealed their role in uploading the videos, although the underlying copyright claim was often legitimate. The duo typically obtained copyright to the videos through shell companies, although in some cases they actually filmed and produced their own pornography as part of the scheme.

An anonymous reader quotes a report from The Verge: The copyright violation notice is every pirate's worst nightmare, a clear legal sign that a major copyright holder knows what you've been torrenting and is ready to make you pay for your crimes. But according to an indictment filed today in Minnesota federal court, that system has also opened the door to some very creative forms of fraud. The indictment alleges that two lawyers -- Paul R. Hansmeier and John L. Steele -- used the copyright system to extort roughly $6 million out of porn pirates over the course of three years. Prosecutors say the lawyers uploaded their own pornographic videos to torrent services -- including the embattled Pirate Bay -- then aggressively targeted users who downloaded the content, discovering names through the standard copyright violation process and then threatening pirates with damages up to $150,000 unless they agreed to a settlement. The typical cost of a settlement was $4,000, far less than the cost of challenging the order in open court. Throughout the process, Feds allege that Hansmeier and Steele concealed their role in uploading the videos, although the underlying copyright claim was often legitimate. The duo typically obtained copyright to the videos through shell companies, although in some cases they actually filmed and produced their own pornography as part of the scheme.

There's a new reason you can be stopped by airport security: because the security officer who flagged you "was being secretly paid by the government...to uncover evidence of drug smuggling." schwit1 quotes The Economist: For years, officials from the Department of Justice testified, the DEA has paid millions of dollars to a variety of confidential sources to provide tips on travellers who may be transporting drugs or large sums of money. Those sources include staff at airlines, Amtrak, parcel services and even the Transportation Safety Administration...

According to [a DOJ] report, airline employees and other informers had an incentive to search more travellers' bags, since they received payment whenever their actions resulted in DEA seizures of cash or contraband. The best-compensated of these appears to have been a parcel company employee who received more than $1 million from the DEA over five years. One airline worker, meanwhile, received $617,676 from 2012 to 2015 for tips that led to confiscations. But the DEA itself profited much more from the program. That well-paid informant got only about 12% of the amount the agency seized as a result of the his tips.
The DEA had paid out $237 million to over 9,000 informants over five years towards the end of 2015, according to the report. The Economist writes that "travelers no doubt paid the price in increased searches," adding that the resulting searches were all probably illegal.

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.
Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.

Last month, instead of asking for data relating to specific individuals suspected of a crime, the Internal Revenue Service (IRS) demanded America's largest Bitcoin service, Coinbase, to provide the identities of all of the firm's U.S. customers who made transactions over a three year period because there is a chance they are avoiding paying taxes on their bitcoin reserves. On Wednesday, a federal judge authorized a summons requiring Coinbase to provide the IRS with those records. Gizmodo reports: Covering the identities and transaction histories of millions of customers, the request is believed to be the largest single attempt to identify tax evaders using virtual currency to date. As a so-called "John Doe" summons, the document targets a particular group or class of taxpayers -- rather than individuals -- the agency has a "reasonable basis" to believe may have broken the law. According to The New York Times, the IRS argued that two cases of tax evasion involving Coinbase combined with Bitcoin's "relatively high level of anonymity" serve as that basis. "There is no allegation in this suit that Coinbase has engaged in any wrongdoing in connection with its virtual currency exchange business," said the Justice Department on Wednesday. "Rather, the IRS uses John Doe summonses to obtain information about possible violations of internal revenue laws by individuals whose identities are unknown." In a statement, Coinbase vowed to fight the summons, which the company's head counsel has previously characterized as a "every, very broad" fishing expedition.

An anonymous reader quotes a report from Ars Technica: The Department of Justice today sued DirecTV and its owner, ATT, saying the satellite TV company colluded with competitors during contentious negotiations to broadcast Los Angeles Dodgers games. Dodgers games have been blacked out in much of Los Angeles because pay-TV providers have been unwilling to pay the price demanded by SportsNet LA, the Dodgers channel operated by the baseball franchise and Time Warner Cable. But the DOJ's antitrust division placed the blame for this situation on ATT and DirecTV. In a complaint filed in U.S. District Court in California, it alleges that DirecTV was a "ringleader" in a coordinated scheme with cable companies Cox and Charter, according to a DOJ announcement. ATT completed its purchase of DirecTV in July 2015, but the complaint covers a dispute that began before the merger and continues to this day. The Dodgers channel owners offered carriage licenses to the pay-TV companies in January 2014, but the channel is still not available on DirecTV, Cox, or ATT's wireline TV service. (Games are now available on Charter, which purchased Time Warner Cable this year.) The lawsuit "alleges that DirecTV unlawfully exchanged competitively-sensitive information with Cox, Charter, and ATT during the companies' negotiations for the right to telecast the Dodgers Channel," the DOJ announcement said. "Specifically, the complaint alleges that DirecTV and each of these competitors agreed to and did exchange non-public information about their companies' ongoing negotiations to telecast the Dodgers Channel, as well as their companies' future plans to carry -- or not carry -- the channel." The companies used this strategy "to obtain bargaining leverage and to reduce the risk that they would lose subscribers if they decided not to carry the channel but a competitor chose to do so." The information these companies learned from each other "through these unlawful agreements" was a major factor in their decision not to carry the Dodgers channel, the complaint said. ATT said it will fight the lawsuit and blamed Time Warner Cable for charging unreasonably high prices. The asking price was reportedly about $5 a month per subscriber regardless of how many people watch the games.

An anonymous reader quotes a report from Ars Technica: The Department of Justice today sued DirecTV and its owner, ATT, saying the satellite TV company colluded with competitors during contentious negotiations to broadcast Los Angeles Dodgers games. Dodgers games have been blacked out in much of Los Angeles because pay-TV providers have been unwilling to pay the price demanded by SportsNet LA, the Dodgers channel operated by the baseball franchise and Time Warner Cable. But the DOJ's antitrust division placed the blame for this situation on ATT and DirecTV. In a complaint filed in U.S. District Court in California, it alleges that DirecTV was a "ringleader" in a coordinated scheme with cable companies Cox and Charter, according to a DOJ announcement. ATT completed its purchase of DirecTV in July 2015, but the complaint covers a dispute that began before the merger and continues to this day. The Dodgers channel owners offered carriage licenses to the pay-TV companies in January 2014, but the channel is still not available on DirecTV, Cox, or ATT's wireline TV service. (Games are now available on Charter, which purchased Time Warner Cable this year.) The lawsuit "alleges that DirecTV unlawfully exchanged competitively-sensitive information with Cox, Charter, and ATT during the companies' negotiations for the right to telecast the Dodgers Channel," the DOJ announcement said. "Specifically, the complaint alleges that DirecTV and each of these competitors agreed to and did exchange non-public information about their companies' ongoing negotiations to telecast the Dodgers Channel, as well as their companies' future plans to carry -- or not carry -- the channel." The companies used this strategy "to obtain bargaining leverage and to reduce the risk that they would lose subscribers if they decided not to carry the channel but a competitor chose to do so." The information these companies learned from each other "through these unlawful agreements" was a major factor in their decision not to carry the Dodgers channel, the complaint said. ATT said it will fight the lawsuit and blamed Time Warner Cable for charging unreasonably high prices. The asking price was reportedly about $5 a month per subscriber regardless of how many people watch the games.

BUL2294 writes: Following the arrests earlier this month in India of call center employees posing as IRS or immigration agents, USA Today and Consumerist are reporting that the U.S. Department of Justice has charged 61 people in the U.S. and India of facilitating the scam, bilking millions from Americans thinking they were facing immediate arrest and prosecution. "According to the indictment (PDF) -- which covers 20 individuals in the U.S. and 32 people and five call centers in India -- since about 2012 the defendants used information obtained from data brokers and other sources to call potential victims impersonating officers from the IRS or U.S. Citizenship and Immigration Services," reports Consumerist. The report adds: "To give the calls an air of authenticity, the organization was able to 'spoof' phone numbers, making the calls appear to have really come from a federal agency. The callers would then allegedly threaten potential victims with arrest, imprisonment, fines, or deportation if they did not pay supposed taxes or penalties to the government. In instances when the victims agreed to pay, the DOJ claims that the call centers would instruct them to go to banks or ATMs to withdraw money, use the funds to purchase prepaid stored value cards from retail stores, and then provide the unique serial number to the caller. At this point, the operations U.S.-based counterparts would use the serial numbers to transfer the funds to prepaid reloadable cards. The cards would then be used to purchase money orders that were transferred into U.S. bank accounts of individuals or businesses. To make matters worse, the indictment claims that the prepaid debit cards were often registered using personal information of thousands of identity theft victims, and the wire transfers were directed by the organizations using fake names and fraudulent identifications. The operation would then use 'hawalas' -- a system in which money is transferred internationally outside of the formal banking system -- to direct the pilfered funds to accounts belonging to U.S.-based individuals.

An anonymous reader quotes a report from Ars Technica: Lawyers representing Artem Vaulin have filed their formal legal response to prosecutors' allegations of conspiracy to commit criminal copyright infringement, among other charges. Vaulin is the alleged head of KickassTorrents (KAT). KAT was the world's largest BitTorrent distribution site before it was shuttered by authorities earlier this year. Vaulin was arrested in Poland, where he now awaits extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Leslie Caldwell said in a July 2016 statement. The defense's new 22-page court filing largely relies on the argument that there is no such thing as secondary criminal copyright infringement. While secondary copyright infringement as a matter of civil liability was upheld by the Supreme Court in MGM v. Grokster in 2005, Vaulin and his associates have been charged criminally. "The fundamental flaw in the government's untenable theory of prosecution is that there is no copyright protection for such torrent file instructions and addresses," [the brief's author, Ira Rothken,] argued in his Monday motion to dismiss the charges against Vaulin. "Therefore, given the lack of direct willful copyright infringement, torrent sites do not violate criminal copyright laws." "The extradition procedures have formally been started by the US in Poland," Rothken told Ars. "We are in a submissions or briefing period, and our Polish team is opposing extradition." Rothken also said that he has yet to be allowed to meet or speak directly with his client. For now, Rothken has been required to communicate via his Polish counterpart, Alek Kowzan. "Maybe they are afraid that Artem's extradition defense will be enhanced if American lawyers can assist in defending against the US extradition," Rothken added. No hearings before US District Judge John Z. Lee have been set.

An anonymous reader quotes a report from Motherboard: In 2007, an FBI agent impersonated an Associated Press journalist in order to deliver malware to a criminal suspect and find out his location. According to a newly published report from the Department of Justice, the operation was in line with the FBI's undercover policies at the time. Journalistic organizations had expressed concern that the tactic could undermine reporters' and media institutions' credibility. The case concerned a Seattle teenager suspected of sending bomb threats against a local school. FBI Special Agent Mason Grant got in touch with the teen over email, pretending to be an AP journalist. After some back and forth, Grant sent the suspect a fake article which, when clicked, grabbed his real IP address. Armed with this information, the FBI identified and arrested the suspect. The Associated Press, the Reporters Committee for Freedom of the Press, and other journalistic organizations condemned the move. They pointed out that an FBI agent posing as a reporter could create distrust between legitimate journalists and sources, and also raised issues with the way the malware was distributed through a fake news story. The new Department of Justice report noted that, today, this activity would require greater authorization, under an interim policy on impersonating members of the media that was adopted by the FBI this June. Now, for the agency to pretend to be a journalist as part of an undercover operation, an application must be made by the head of an FBI field office to the agency's main headquarters, reviewed by the Undercover Review Committee, and then approved by the deputy director, after discussion with the deputy attorney general.

An anonymous reader writes: The FBI seems to have solved the mysterious case of the 2011 kernel.org hack, when an unknown attacker breached kernel.org servers and attempted to install a rootkit in the kernel code. As years went by, the Linux Kernel Organization kept avoiding releasing an incident response surrounding the event, irking their community accustomed to more open communications from their leaders. The mystery seems to have been solved when yesterday a Florida man was arrested and charged with "hacking the Linux Kernel Organization" and installing a "rootkit and trojan software," just like in the 2011 kernel.org server breach. Donald Ryan Austin is his name. He was arrested during a routine traffic stop last Sunday, on August 28, 2016, and faces a maximum sentence of ten years in prison, a fine of $250,000, and any other restitution.

An anonymous reader quotes a report from NY Daily News: Federal officials charged a $3.5 billion Malaysian money-laundering scheme helped finance the Leonardo DiCaprio movie "Wolf of Wall Street" -- the Hollywood tale that parallels the corruption charges. U.S. officials seek to recover $1.3 billion of the missing funds, including profits from the Martin Scorsese-directed movie that earned five Oscar nominations. The conspirators used some of their illicit cash to fund Scorsese's tale of "a corrupt stockbroker who tried to hide his own illicit profits in a perceived foreign safe haven," said U.S. Assistant Attorney General Leslie Caldwell. DiCaprio famously played the lead role of convicted fraudster Jordan Belfort, who was ordered to repay $110 million to 1,500 victims of his scam. The identified conspirators included movie producer Riza Shahriz Abdul Aziz, the prime minister's stepson, and businessman Low Taek John, a friend of Najib's family. A third scammer identified only as "Malaysian Official 1" was widely believed to be Najib. Court papers indicated that $681 million from a 2013 bond sale went directly into the official's private account. The nation's attorney-general, Mohamed Apandi, came to Najib's defense Thursday, expressing his "strong concerns at the insinuations and allegations" brought against the 1Malaysia Development Berhad (1MDB). Apandi's office, after investigating the $681 million bank deposit, announced in January that the funds were a donation from the Saudi royal family. The prime minister wound up returning most of the cash. Federal officials, in their California court filing, indicated they were hoping to seize proceeds from the 2013 movie, along with luxury properties in New York and California, artwork by Vincent Van Gogh and Claude Monet, and a $35 million private jet. Investigations of 1MDB are already underway in Switzerland and Singapore, with officials in the latter announcing Thursday that they had seized assets worth $176 million. This is shaping up to be the largest U.S. Justice Department asset recovery action in history.

An anonymous reader quotes a report from Ars Technica: Federal authorities announced on Wednesday the arrest of the alleged mastermind of KickassTorrents (KAT), the world's largest BitTorrent distribution site. As of this writing, the site is still up. Prosecutors have formally charged Artem Vaulin, 30, of Ukraine, with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Like The Pirate Bay, KAT does not host individual infringing files but rather provides links to .torrent and .magnet files so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users. According to a Department of Justice press release sent to Ars Technica, Vaulin was arrested on Wednesday in Poland. The DOJ will shortly seek his extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Caldwell said in the statement. "In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice." KickassTorrents added a dark web address last month to make it easier for users to bypass blockades installed by ISPs.

Reader itwbennett writes: Xu Jiaqiang, a Chinese national, worked as a developer for an unnamed U.S. company's branch in China (a Reuters report says it's IBM) from November 2010 to May 2014, when he resigned voluntarily. A year later he was allegedly caught trying to sell stolen proprietary source code to U.S. undercover agents, who claimed they were starting a large-data storage company. The software is described in the original complaint as a key component of one of the world's largest scientific supercomputers and of commercial applications that require rapid access to large volumes of data. In December 2015, Xu was arrested by the FBI, alleged to have stolen for his own benefit and that of the National Health and Family Planning Commission in China, although no specific charges relating to actual transfer of the code to the National Health and Family Planning Commission are mentioned in the superseding indictment.

An anonymous reader writes: At least 12 different drones have been shot from the sky in the United States, including drone shootings in Arkansas, Oklahoma, Virginia, Kentucky, and New Jersey. Now the FAA is confirming that drone shooting is a federal offense, citing regulations against aircraft sabotage. An aviation attorney (teaching drone law at New York's Vaughn College of Aeonautics) tells Forbes this means penalties of up to 20 years in prison for interfering with the "authorized" operation of an aircraft, while threatening a drone or a drone operator would also be a federal crime subject to five years in prison.
Slate notes that "This is bad news if you were planning to invest in the DroneDefender, a goofy-looking gun that promised to disrupt intrusive drones by bombarding them 'with radio waves that disrupt [their] remote control and GPS signals'." And Popular Science adds that "It also poses a complication for some local and state laws, like Utah's proposed HB 420, which would let police shoot down drones in emergency situations." Meanwhile, police in the Netherlands are actually training eagles to attack drones. And last week in South Africa, a drone crashed through the window of an office building and hit an unarmed office worker on the head.

An anonymous reader writes: On April 6, a hacking outfit going by the name of Cyber Justice Team leaked data from multiple Syrian government and private websites. The leak includes the password file from the breached server, along with MySQL host permissions, admin passwords, and a link to the 10GB compressed file, uploaded to the file sharing site MEGA. While some of the data seems to be from older data breaches, some of it is also new. This is one of the biggest leaks of Syrian government data, a regime that has remained protected against such threats due to an aggressive cyber-policy. The government has been known to secretly back the Syrian Electronic Army hacker group, who the US government recently indicted (3 members at least).

An anonymous reader writes: The U.S. government set up a fake college called the University of Northern New Jersey as a trap to find and arrest 21 people on charges of visa fraud, reports Newsweek. The arrested 21 individuals were brokers, employers, and recruiters who conspired with more than 1,000 foreign nationals to fraudulently obtain student and foreign worker visas through a "pay to stay" New Jersey college, Department of Justice was quoted as saying. Those overseas students now face being deported from the United States for buying visas, in an alleged immigration scam worth up to $1m. From the report, "During conversations with undercover agents, one of the recruiters, Alvin Yeun, said 'we've been doing this for years' and told an agent not to worry. The 21 people arrested are residents are New Jersey, New York, California, Illinois and Georgia; some were also involved in committing work visa fraud."

HughPickens.com writes: Nicolas Cage is known as an avid collector, with interests that include real estate, rare cars and comic books: In 2011, he sold a like-new copy of Action Comics No. 1, which featured the first appearance of Superman, for $2.1 million. Now Katie Rogers reports at the NY Times that Cage has agreed to turn over the skull of a Tyrannosaurus bataar. It was the star artifact in a natural history-themed luxury auction in Manhattan, and was sold for $276,000 to an anonymous buyer eight years ago. "Cultural artifacts such as this Bataar Skull represent a part of Mongolian national cultural heritage," says Glenn Sorge. "It belongs to the people of Mongolia. These priceless antiquities are not souvenirs to be sold to private collectors or hobbyists." Several skeletons of the Tyrannosaurus bataar, a large, carnivorous dinosaur that was a close relative of Tyrannosaurus rex, have been returned to Mongolia in recent years. The private sales of such artifacts have worried paleontologists because it makes it harder for the scientific community to learn more about how the dinosaurs once lived. "We're losing science, we're losing education, we're losing valuable specimens," says Kevin Padian, a paleontologist at University of California, Berkeley.

schwit1 writes: Several federal agencies, including the U.S. Department of Justice, have announced criminal and civil actions related to unlawful advertising and sale of dietary supplements. "Six executives with USPlabs LLC and a related company, S.K. Laboratories, face criminal charges related to the sale of unlawful dietary supplements. Four were arrested on Tuesday and two are expected to surrender, the Justice department said. The indictment says that USPlabs used a synthetic stimulant manufactured in China to make Jack3d and OxyElite Pro but told retailers that the supplements were made from plant extracts." The FTC is working on this as well, and their press release has more details. The DoJ's case involves "more than 100 makers and marketers" of these supplements. It's about time.

An anonymous reader writes: The Islamic State hacker detained at Bukit Aman in Kuala Lumpur, has been identified as 20-year-old Kosovo student name Ardit Ferizi. The U.S. arrest warrant alleges that the Kosovo hacker executed computer attacks and committed theft violations, stealing the personally identifiable information of members of the U.S. military and federal employees. The Department of Justice warned that the leaked data was intended for the "purpose of encouraging terrorist attacks against those individuals."