Slashdot Mirror

An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."

"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.

"The security chief for Amazon chief executive Jeff Bezos said on Saturday that the Saudi government had access to Bezos' phone and gained private information from it," Reuters reports.

But in addition, the National Enquirer's lawyer "tried to get me to say there was no hacking," writes security specialist Gavin de Becker. I've recently seen things that have surprised even me, such as National Enquirer's parent company, AMI, being in league with a foreign nation that's been actively trying to harm American citizens and companies, including the owner of the Washington Post. You know him as Jeff Bezos; I know him as my client of 22 years... Why did AMI's people work so hard to identify a source, and insist to the New York Times and others that he was their sole source for everything? My best answer is contained in what happened next: AMI threatened to publish embarrassing photos of Jeff Bezos unless certain conditions were met. (These were photos that, for some reason, they had held back and not published in their first story on the Bezos affair, or any subsequent story.) While a brief summary of those terms has been made public before, others that I'm sharing are new -- and they reveal a great deal about what was motivating AMI.

An eight-page contract AMI sent for me and Bezos to sign would have required that I make a public statement, composed by them and then widely disseminated, saying that my investigation had concluded they hadn't relied upon "any form of electronic eavesdropping or hacking in their news-gathering process." Note here that I'd never publicly said anything about electronic eavesdropping or hacking -- and they wanted to be sure I couldn't.... An earlier set of their proposed terms included AMI making a statement "affirming that it undertook no electronic eavesdropping in connection with its reporting and has no knowledge of such conduct" -- but now they wanted me to say that for them. The contract further held that if Bezos or I were ever in our lives to "state, suggest or allude to" anything contrary to what AMI wanted said about electronic eavesdropping and hacking, then they could publish the embarrassing photos.

I'm writing this today because it's exactly what the Enquirer scheme was intended to prevent me from doing. Their contract also contained terms that would have inhibited both me and Bezos from initiating a report to law enforcement.

Things didn't work out as they hoped.
De Becker instead turned over his investigation's results to U.S. federal officials, then published today's essay warning the National Enquirer and its chairman have "evolved into trying to strong-arm an American citizen whom that country's leadership wanted harmed, compromised, and silenced." He also suggests it's in response to the "relentless" coverage by the Washington Post (which Bezos owns) of the murder of Saudi Arabian journalist and dissident Jamal Khashoggi.

"Experts with whom we consulted confirmed New York Times reports on the Saudi capability to 'collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace -- including phone calls, texts, emails.'"

"The security chief for Amazon chief executive Jeff Bezos said on Saturday that the Saudi government had access to Bezos' phone and gained private information from it," Reuters reports.

But in addition, the National Enquirer's lawyer "tried to get me to say there was no hacking," writes security specialist Gavin de Becker. I've recently seen things that have surprised even me, such as National Enquirer's parent company, AMI, being in league with a foreign nation that's been actively trying to harm American citizens and companies, including the owner of the Washington Post. You know him as Jeff Bezos; I know him as my client of 22 years... Why did AMI's people work so hard to identify a source, and insist to the New York Times and others that he was their sole source for everything? My best answer is contained in what happened next: AMI threatened to publish embarrassing photos of Jeff Bezos unless certain conditions were met. (These were photos that, for some reason, they had held back and not published in their first story on the Bezos affair, or any subsequent story.) While a brief summary of those terms has been made public before, others that I'm sharing are new -- and they reveal a great deal about what was motivating AMI.

An eight-page contract AMI sent for me and Bezos to sign would have required that I make a public statement, composed by them and then widely disseminated, saying that my investigation had concluded they hadn't relied upon "any form of electronic eavesdropping or hacking in their news-gathering process." Note here that I'd never publicly said anything about electronic eavesdropping or hacking -- and they wanted to be sure I couldn't.... An earlier set of their proposed terms included AMI making a statement "affirming that it undertook no electronic eavesdropping in connection with its reporting and has no knowledge of such conduct" -- but now they wanted me to say that for them. The contract further held that if Bezos or I were ever in our lives to "state, suggest or allude to" anything contrary to what AMI wanted said about electronic eavesdropping and hacking, then they could publish the embarrassing photos.

I'm writing this today because it's exactly what the Enquirer scheme was intended to prevent me from doing. Their contract also contained terms that would have inhibited both me and Bezos from initiating a report to law enforcement.

Things didn't work out as they hoped.
De Becker instead turned over his investigation's results to U.S. federal officials, then published today's essay warning the National Enquirer and its chairman have "evolved into trying to strong-arm an American citizen whom that country's leadership wanted harmed, compromised, and silenced." He also suggests it's in response to the "relentless" coverage by the Washington Post (which Bezos owns) of the murder of Saudi Arabian journalist and dissident Jamal Khashoggi.

"Experts with whom we consulted confirmed New York Times reports on the Saudi capability to 'collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace -- including phone calls, texts, emails.'"

Freshly Exhumed writes: Rep. Elijah Cummings (D-MD), the chairman of the House Oversight Committee, has revealed that senior White House advisor Jared Kushner's lawyer admitted in December that his client "continues to use" WhatsApp to conduct official White House business. The chairman also said that a lawyer for Ivanka Trump and Mr. Kushner told the committee late last year that they additionally used private email accounts for official White House business in a way that may have violated federal records laws. Mr Kushner's lawyer, Abbe Lowell could not say whether his client used WhatsApp to share classified information. Regardless, Cummings says the communications raise questions about whether Kushner and other officials violated the Presidential Records Act, which requires the president and his staff "take all practical steps to file personal records separately from Presidential records." As for Ivanka's use of a personal email account to conduct official business, her lawyer says she sent the emails before she was briefed on the rules.

If you're not familiar with WhatsApp, here's what you should know about it: "As of January 2019, more than 1.5 billion users in over 180 countries use WhatsApp, created in 2009 as an alternative to text messaging," reports USA Today. "Facebook acquired WhatsApp in 2014 to make a bigger play in the rapidly-growing messaging market, along with its own Messenger platform, which also boasts 1.5 billion users." The service features end-to-end encryption, meaning the sender and recipient are the only ones who can view the messages.

An anonymous reader quotes a report from The Daily Beast: First Look Media announced Wednesday that it was shutting down access to whistleblower Edward Snowden's massive trove of leaked National Security Agency documents. Over the past several years, The Intercept, which is owned by First Look Media, has maintained a research team to handle the large number of documents provided by Snowden to Intercept journalists Laura Poitras and Glenn Greenwald. But in an email to staff Wednesday evening, First Look CEO Michael Bloom said that as other major news outlets had "ceased reporting on it years ago," The Intercept had decided to "focus on other editorial priorities" after expending five years combing through the archive. "The Intercept is proud of its reporting on the Snowden archive, and we are thankful to Laura Poitras and Glenn Greenwald for making it available to us," Bloom wrote. He added: "It is our hope that Glenn and Laura are able to find a new partner -- such as an academic institution or research facility -- that will continue to report on and publish the documents in the archive consistent with the public interest." Poitras reprimanded First Look Media for its decision to shut down its archives, and lay off 4 percent of its staff who had maintained them. "This decision and the way it was handled would be a disservice to our source, the risks we've all taken, and most importantly, to the public for whom Edward Snowden blew the whistle," she wrote.

"Late Thursday evening, Greenwald tweeted that both he and Poitras had full copies of the archives, and had been searching for a partner to continue research," reports The Daily Beast.

eatmorekix shares a report from Motherboard: Glocom, a front company for the government of North Korea that sells sanctioned equipment, isn't giving up. In 2017, before YouTube quietly removed Glocom's channel, the company was advertising missile navigation and other military products on the video platform. But Glocom has returned. It setup a new channel, and also had a presence on Twitter, until Motherboard flagged Glocom's accounts to social media companies. The news not only signals the perseverance of parts of the North Korean's money-making enterprises, but also a slice of the content moderation issues that tech platforms constantly face. Glocom "is using them as platforms to market sanctions violating products," Shea Cotton, research associate at the James Martin Center for Nonproliferation Studies, and who has a particular focus on North Korea, told Motherboard in an email. A United Nations report says that Glocom is run by North Korean intelligence agents, even though it pitches itself as a Malaysian company.

Cotton said "this company continues to operate openly. Most DPRK [Democratic Peoples' Republic of Korea] fronts, when exposed, usually fold or at the very least shut down and move their operations to another country and re-open under a new name. This one hasn't done that. We've seen them try to create this spin off brand called 'FACOM' and sell a few of their products under it but as you've seen their main brand is still thriving apparently."

Facebook is suing Andrew Gorbachov and Gleb Sluchevsky, of Ukraine, who worked for a company called Web Sun Group that developed "data-grabbing" quizzes for its social media site. The malicious quiz apps were used to harvest thousands of users' profile data. "The firm says anyone who wanted to take the quizzes was asked to install browser extensions, which then lifted data ranging from names and profile pictures to private lists of friends," reports the BBC. "These were installed about 63,000 times between 2016 and October 2018, it says." From the report: The quizzes, with titles such as "What does your eye color say about you?" and "Do people love you for your intelligence or your beauty?", gained access to this information via the Facebook Login system -- which enables connections between third party apps and Facebook profiles. While the system is intended to verify that such connections are secure, in this case, Facebook says, users were falsely told the app would retrieve only a limited amount of public data from their profiles. "In total, defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 in damages to Facebook," the company said in court documents first published by online news site The Daily Beast. The documents accuse the two men of breaking US laws against computer hacking as well as breaching Facebook's own terms of use.

"Russian oligarchs and Kremlin apparatchiks may find the tables turned on them," writes Kevin Poulsen at The Daily Beast, reporting on a new leak site that's unleashed "a compilation of hundreds of thousands of hacked emails and gigabytes of leaked documents."

"Think of it as WikiLeaks, but without Julian Assange's aversion to posting Russian secrets."

Slashdot reader hyades1 shared their report: The site, Distributed Denial of Secrets, was founded last month by transparency activists. Co-founder Emma Best said the Russian leaks, slated for release Friday, will bring into one place dozens of different archives of hacked material that, at best, have been difficult to locate, and in some cases appear to have disappeared entirely from the web. "Stuff from politicians, journalists, bankers, folks in oligarch and religious circles, nationalists, separatists, terrorists operating in Ukraine," said Best, a national-security journalist and transparency activist. "Hundreds of thousands of emails, Skype and Facebook messages, along with lots of docs...."

The site is a kind of academic library or a museum for leak scholars, housing such diverse artifacts as the files North Korea stole from Sony in 2014, and a leak from the Special State Protection Service of Azerbaijan.

The site's Russia section already includes a leak from Russia's Ministry of the Interior, portions of which detailed the deployment of Russian troops to Ukraine at a time when the Kremlin was denying a military presence there. Though some material from that leak was published in 2014, about half of it wasn't, and WikiLeaks reportedly rejected a request to host the files two years later, at a time when Julian Assange was focused on exposing Democratic Party documents passed to WikiLeaks by Kremlin hackers. "A lot of what WikiLeaks will do is organize and re-publish information that's appeared elsewhere," said Nicholas Weaver, a researcher at the University of California at Berkeley's International Computer Science Institute. "They've never done that with anything out of Russia."
The Russian documents were posted simultaneously on the DDoSecrets website and on the Internet Archive, notes the New York Times, adding that the new site has also posted a large archive of internal documents from WikiLeaks itself.

"Personally, I am disappointed by what I see as dishonest and egotistic behavior from Julian Assange and WikiLeaks," Best tells the Times. "But she added that she had made the Russian document collection available to WikiLeaks ahead of its public release on Friday, and had posted material favorable to Mr. Assange leaked from the Ecuadorean Embassy in London, where he has lived for more than six years to avoid arrest."

An anonymous reader quotes a report from The Daily Beast: Untold riches are promised on Mystery Brand, a website that sells prize-filled "mystery boxes." If you buy one of the digital boxes, some of which cost hundreds of dollars, you might only get a fidget spinner -- or you might get a luxury sports car. For just $100, users can win a box filled with rare Supreme streetwear. For only $12.99, they can win a Lamborghini, or even a $250 million mega-mansion billed as "the most expensive Los Angeles realty." Or at least that's what some top YouTubers have been telling their young fans about the gambling site -- with the video stars apparently seeing that as a gamble worth taking, especially after a dip in YouTube advertising rates.

Over the past week, hugely popular YouTube stars like Jake Paul and Bryan "Ricegum" Le have encouraged their fans to spend money on Mystery Brand, a previously little-known site that appears to be based in Poland. In their videos, Paul and Le show themselves betting hundreds of dollars on the site for a chance to open a digital "box." At first, they win only low-value prizes like fidget spinners or Converse sneakers. By the end of the video, though, they have won thousands of dollars worth of tech and clothing, like rare pairs of sneakers or Apple AirPods. If they like the prize, the YouTube stars have it shipped to their house. The gambling site doesn't list the owner or location where it's based, although the site's terms of service say it's "subject to the laws and jurisdiction of Poland." To make matters worse, users of the site might not even receive the items they believed they have won. "During using the services of the website You may encounter circumstances in which Your won items will not be received," the terms of service reads.

Also, while the ToS say that underage users are ineligible to receive prizes, many of the YouTubers promoting the site have audiences who are underage. "[Jake Paul], for example, has acknowledged that the bulk of his fanbase is between 8 and 15 years old," reports The Daily Beast.

In 2010, Max Ray Butler received a 13-year prison sentence for "hacking" -- at the time, the longest one ever -- after stealing nearly 2 million credit cards and running up fraudulent charges over $86 million.

But eight years into his sentence, he's now being charged with commiting five more counts of wire fraud while still in prison, as well as possessing stolen credit card numbers and contraband in prison, plus two more related counts of conspiracy.

An anonymous reader quotes the Washington Times: Previously known as Max Ray Butler and by his hacker alias, "Iceman," Max Ray Vision has been charged in a nine-count indictment filed by federal prosecutors that places him at the center of a scheme that allegedly involved using a smuggled cellphone, stolen banking data and a consumer-grade drone to make an airdrop into prison, The Daily Beast first reported Friday.... Prosecutors alleged in the indictment that Vision used a smuggled T-Mobile "My-Touch" cellphone while incarcerated at the Federal Correctional Center in Oakdale, Louisiana, to access the internet and obtain stolen debit card numbers.

"Using MoneyGram and Western Union websites, and their respective mobile applications," a grand jury charged in the indictment, "Butler wired funds from the bank accounts associated with the stolen debit card numbers to other inmates at Oakdale FCC," including five co-defendants also charged in the indictment. He later instructed his fellow inmates to transfer the funds obtained from the stolen debit cards to a former cellmate who had been released in May 2015, according to the indictment... Vision's former cellmate allegedly used the stolen funds to purchase an unmanned aerial vehicle, or drone, that was then used in April 2016 to attempt to smuggle another cellphone and other unspecified contraband into prison, according to the indictment...

He allegedly began using the smuggled Android phone in Oct. 2014, according to the indictment, roughly 18 months before the airdrop.
"The potential for greater crimes [sic] opportunities are obvious," complained the Bureau of Prisons concluded in a report cited by The Daily Beast, "i.e. escape, introduction of firearms, etc.

"Although [Vision] was only equipped with a smartphone, he proved that he is more than capable to disrupt and circumvent the security of the institution and present a clear danger to the community in general."

Stan Lee, who wrote and published a comic book legacy that spans from the Depression Era to the present day, who created Spider-Man, Iron Man, the Incredible Hulk and Thor, has died. He was 95. Lee was born Stanley Martin Lieber in New York City in 1922, the son of Romanian Jewish immigrants, and at the age of 17, he began work as an assistant at Timely Comics, the company that would become Marvel Comics. Filling inkwells and fetching lunch, Lee's career began just in time for Superman's 1930s debut in Action Comics #1, kicking off the history of superhero comics. From a report: Lee, who began in the business in 1939 and created or co-created Black Panther, Spider-Man, X-Men, The Mighty Thor, Iron Man, The Fantastic Four, The Incredible Hulk, Daredevil, Ant-Man and other characters, died early Monday morning in Los Angeles, a source told The Hollywood Reporter. (Joan Celia Lee, Stan's daughter, confirmed the news to TMZ.) Lee's final few years were tumultuous.

[...] On his own and through his work with frequent artist-writer collaborators Jack Kirby, Steve Ditko and others, Lee catapulted Marvel from a tiny venture into the world's No. 1 publisher of comic books and later a multimedia giant. In 2009, the Walt Disney Co. bought Marvel Entertainment for $4 billion, and most of the top-grossing superhero films of all time -- led by The Avengers' $1.52 billion worldwide take in 2012 -- featured Marvel characters. An exchange from one of Stan Lee's last interviews, which appeared last month: Interviewer: Do you feel like your legacy is secure?
Stan Lee: Absolutely.

Interviewer: What's on your wish list?
Stan Lee: That I leave everyone happy when I leave.
Interviewer: You won't leave anyone happy.
Stan Lee: Well, I don't mean happy that I left. Happy that I took the right path.
Interviewer: You always do, pop. It was just the people around you. It was never you. You were always the good guy, and there were just creeps around you, and it was this town. Never you.

The American Civil Liberties Union on Wednesday called on the Department of Homeland Security to disclose its use of facial-recognition software. The nonprofit also again pushed for an end of law enforcement's use of the technology. From a report: The ACLU's statements follow reports Tuesday that US Immigration and Customs Enforcement officials met this summer with Amazon. Around that time, the company pitched the agency on potentially using its facial-recognition software, called Rekognition, along with other Amazon products. A handful of US police agencies are already trying out Rekognition as part of their crime-fighting and investigative efforts. The ACLU since May has criticized Amazon's marketing of its facial-recognition software to law enforcement and has asked Congress and the public to debate whether the technology should be used. The nonprofit has argued that facial-recognition technology has the potential of being misused by policing agencies and misidentifying people.

An anonymous reader writes: Hundreds of Facebook employees have reportedly expressed anger that an executive attended Supreme Court Justice nominee Brett Kavanaugh's public hearing last week to support him, The Wall Street Journal reports. Joel Kaplan, Facebook's head of global policy, was at Kavanaugh's hearing because he is reportedly close friends with the Supreme Court Justice nominee. Outraged employees reportedly brought his appearance up during an internal question-and-answer session with CEO Mark Zuckerberg, and have been expressing their concerns in internal discussion threads. On Friday, Zuckerberg said that "he wouldn't have made the same decision but the appearance didn't violate Facebook policies," the Journal reports.

An anonymous reader shares a report: In August 22, 2001, Jerome Jacobson, director of security for a subcontracting company called Simon Marketing, was arrested along with eight co-conspirators for orchestrating a massive scheme to defraud McDonald's Monopoly promotion out of more than $24 million. Jeff Maysh of The Daily Beast tells the inside story in 8,800 words. Between 1989 and 2001, "Uncle Jerry" used his position as the head of the McDonald's Monopoly account to steal winning "pieces" worth between $10,000 and $1 million. He proceeded to gift the pieces to family members and a growing network of associates -- which included "mobsters, psychics, strip club owners, convicts, drug traffickers, and even a family of Mormons" -- in exchange for a cut of the laundered winnings. A former police officer known for his attention to detail, Jacobson was personally responsible for overseeing the printing of paper game pieces, cutting out the winning tickets, and transporting them to McDonald's packaging factories throughout the country. Read the full story here.

An anonymous reader shares a report: In August 22, 2001, Jerome Jacobson, director of security for a subcontracting company called Simon Marketing, was arrested along with eight co-conspirators for orchestrating a massive scheme to defraud McDonald's Monopoly promotion out of more than $24 million. Jeff Maysh of The Daily Beast tells the inside story in 8,800 words. Between 1989 and 2001, "Uncle Jerry" used his position as the head of the McDonald's Monopoly account to steal winning "pieces" worth between $10,000 and $1 million. He proceeded to gift the pieces to family members and a growing network of associates -- which included "mobsters, psychics, strip club owners, convicts, drug traffickers, and even a family of Mormons" -- in exchange for a cut of the laundered winnings. A former police officer known for his attention to detail, Jacobson was personally responsible for overseeing the printing of paper game pieces, cutting out the winning tickets, and transporting them to McDonald's packaging factories throughout the country. Read the full story here.

Zorro quotes a report from The Daily Beast: After years of planning, NASA is finally launching a new effort to send astronauts back to the moon and then onward to Mars. But one important piece of technology is missing: a new space suit. Fifty-three years after astronaut Ed White stepped outside his Gemini 4 capsule on the first-ever spacewalk for an American, NASA is stuck using decades-old suits that critics say are too old, too bulky, too rigid, and too few in number for America's new era of space exploration.

Astronauts could need as many as three different kinds of space suits for a single mission. NASA has plenty of flight-suit options, but its extravehicular activity or EVA suits are old and dwindling in number. And the agency doesn't have any suits specifically for surface missions. Time is running out to make up the space suit shortfalls. NASA plans to launch Exploration Mission 1, the first test of Orion and its heavy rocket, as early as 2020. The Lunar Gateway station could be ready for use five or six years later. Despite these looming deadlines, NASA "remains years away from having a flight-ready space suit... suitable for use on future exploration missions," the agency's inspector general warned in a 2017 audit.

An anonymous reader quotes a report from The Daily Beast: The Trump Administration is planning to eliminate a vast trove of medical guidelines that for nearly 20 years has been a critical resource for doctors, researchers and others in the medical community. Maintained by the Agency for Healthcare Research and Quality [AHRQ], part of the Department of Health and Human Services, the database is known as the National Guideline Clearinghouse [NGC], and it's scheduled to "go dark," in the words of an official there, on July 16. "Guideline.gov was our go-to source, and there is nothing else like it in the world," King said, referring to the URL at which the database is hosted, which the agency says receives about 200,000 visitors per month. "It is a singular resource," Valerie King, a professor in the Department of Family Medicine and Director of Research at the Center for Evidence-based Policy at Oregon Health & Science University, added. [She] said the NGC is perhaps the most important repository of evidence-based research available.

Medical guidelines are best thought of as cheatsheets for the medical field, compiling the latest research in an easy-to use format. When doctors want to know when they should start insulin treatments, or how best to manage an HIV patient in unstable housing -- even something as mundane as when to start an older patient on a vitamin D supplement -- they look for the relevant guidelines. The documents are published by a myriad of professional and other organizations, and NGC has long been considered among the most comprehensive and reliable repositories in the world. AHRQ said it's looking for a partner that can carry on the work of NGC, but that effort hasn't panned out yet. Not even an archived version of the site will remain, according to an official at AHRQ.

The Daily Beast reports that the FBI has seized control of a key server in the Kremlin's global botnet of 500,000 hacked routers. "The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow's ability to reinfect its targets," writes Kevin Poulsen. From the report: The FBI counter-operation goes after "VPN Filter," a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim's Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The law says American agencies must eliminate the use of Kaspersky Lab software by October. But U.S. officials say that's impossible as the security suite is embedded too deep in our infrastructure, The Daily Beast reported Wednesday. From a report: Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware -- and nobody is certain how to get rid of it. "It's messy, and it's going to take way longer than a year," said one U.S. official. "Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with."

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of "any hardware, software, or services developed or provided, in whole or in part," by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed "Kaspersky-branded" products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky's presence in federal networks in the wake of Russia's 2016 election interference campaign.

An anonymous reader quotes a report from The Daily Beast: Securus Technologies' programs are used in thousands of prisons and detention centers nationwide to track calls to inmates, but the company's offerings are also capable of tracking and geolocating people's cellphones without any warrant or oversight, The New York Times reports. Securus obtains location information though data from major cellphone providers the same way marketers do. It also advertises the technology to law-enforcement agencies as a tool to find murder suspects, missing people, and those at-large -- but the feature can easily be abused for access to millions of cellphone users.

One Missouri sheriff used the service at least 11 times between 2014 and 2017, and secretly tracked state highway patrol members and a judge, prosecutors said. While the company said it "required customers to upload a legal document" to certify the location lookup, the Federal Communications Commission claims Securus did not "conduct any review of surveillance requests" -- giving law enforcement tracking power without verification of approval or oversight.

An anonymous reader quotes a report from The Daily Beast: Companies across the nation are now using some rudimentary artificial intelligence, or AI, systems to screen out applicants before interviews commence and for the interviews themselves. As a Guardian article from March explained, many of these companies are having people interview in front of a camera that is connected to AI that analyzes their facial expressions, their voice and more. One of the top recruiting companies doing this, Hirevue, has large customers like Hilton and Unilever. Their AI scores people using thousands of data points and compares it to the scores of the best current employees. But that can be unintentionally problematic. As Recode pointed out, because most programmers are white men, these AI are actually often trained using white male faces and male voices. That can lead to misperceptions of black faces or female voices, which can lead to the AI making negative judgments about those people. The results could trend sexist or racist, but the employer who is using this AI would be able to shift the blame to a supposedly neutral technology. Companies are also having people do their first interview with an AI chatbot. "One popular AI that does this is called Mya, which promises a 70 percent decrease in hiring time," reports The Daily Beast. "Any number of questions these chatbots could ask could be proxies for race, gender or other factors."

Earlier this week, James Bloodworth, a former UK Amazon employee that worked undercover in the "fulfillment center" for six-months, released a book detailing the mistreatment of warehouse employees at the commerce company. He described the work culture as a prison after discovering that Amazon warehouse staff were peeing in bottles to avoid taking too many breaks. Since the report first broke, many Amazon employees have come out to share their thoughts on the working conditions, including one Reddit user who claims that "the post is pretty spot on": They don't monitor bathroom breaks, but [your] individual rate (or production goal) [doesn't] account for bathroom breaks, or... let's say there is a problem like you need [two] of something and there's only one left, well you have to put on your "andon"... wait for someone to come "fix" for you, all the while your rate is dropping. The [two] most common reasons [people] get fired are not hitting rate, and attendance. They don't really try to help you hit rate, they just fire and replace.

My first week there [two] [people] collapsed from dehydration. It's so [commonplace] to see someone collapse that nobody is even shocked anymore. You'll just hear a manager complain that he has to do some report now, while a couple of new [people] try to help the guy (veterans won't risk helping [because] it drips rate). No sitting allowed, and there's nowhere to sit anywhere except the break rooms. Before the robots (they call them kivas) pickers would regularly walk 10-15 miles a day, now it's just stand for 10-12 hours a day. [People] complain about the heat all the time but we just get told 80 degrees (Fahrenheit obviously) is a safe working temp. [Sometimes] they will pull out a thermometer, but even when it hits 85 they just say it's fine. There's been deaths, at least one in my building... Amazon likes to keep it all hush hush. Heard about others, you can find the stories if you search for it, but Amazon does a good job burying it... Amazon has denied the allegations, saying: "Amazon ensures all of its associates have easy access to toilet facilities which are just a short walk from where they are working. Amazon provides a safe and positive workplace for thousands of people across the UK with competitive pay and benefits from day one. We have not been provided with confirmation that the people who completed the survey worked at Amazon and we don't recognize these allegations as an accurate portrayal of activities in our buildings."

Taylor Lorenz, writing for The Daily Beast: There is a notion among older people that teens, with their smartphones and unlimited internet access, never experience boredom. CNN and other media outlets have repeatedly declared that smartphones have killed boredom as we know it. But today's teens are still bored, often incredibly so. They're just more likely to experience a new type of boredom: phone bored.

As members of what has been dubbed "Generation Z," a cohort that spans those born roughly between the years 1998 and 2010, today's teens and tweens have had unparalleled access to technology. Many have had smartphones since elementary, if not middle school. They've grown up with high-speed internet, laptops, and social media.

It's tempting to think that these devices, with their endless ability to stimulate, offer salvation from the type of mind-numbing boredom that is so core to the teen experience. But humans adapt to the conditions that surround them, and technical advances are no different. What seemed novel to one generation feels passe to the next. To many teens, smartphones and the internet have already lost their appeal.

An anonymous reader quotes a report from The Daily Beast: A study published in Scientific Reports on Tuesday suggests that a previously unknown organ has been found in the human body. More astonishingly, the paper puts forth the idea that this new organ is the largest by volume among all 80 organs -- if what the researchers found is, in fact, an organ. The new organ, [pathologist Neil Theise] explained, was a thin layer of dense connective tissue throughout the body, sandwiched just under our skin and within the middle layer of every visceral organ. The organ also made up all the fascia, or the thin mesh of tissue separating every muscle and all the tissue around every vein and artery, from largest to smallest. What initially seemed to be a solid, dense, connective tissue layer was actually a complex network of fluid-filled cavities that are strong and flexible, yet so tiny and undiscerning that they escaped the attention of the brightest scientific minds for generations. In fact, Theise expanded, this "interstitium" could explain many of modern medicine's mysteries, often dismissed by the establishment as either silly or explainable by other phenomena. Take acupuncture, Theise said -- that energetic healing jolt may be traced to the interstitium. Or perhaps the interstitium acted as a "shock absorber," something that protected other organs and muscles in daily function. Also, the space is in direct communication with the lymphatic system as the origin of lymph fluid -- which means the interstitium's system of fluid-filled backroads could explain the metastasis of cancer cells and their quick spread beyond the limits of the organ in which the cancer started.

An anonymous reader shares a report: It may be a while since you've heard the handle "Guccifer 2.0," the hacker who took responsibility for the infamous DNC hack of 2016. Reports from the intelligence community at the time, as well as common sense, pegged Guccifer 2.0 not as the Romanian activist he claimed to be, but a Russian operative. Evidence has been scarce, but one slip-up may have given the game away. An anonymous source close to the U.S. government investigation of the hacker told the Daily Beast that on one single occasion, Guccifer 2.0 failed to log into the usual VPN that disguised their traffic. As a result, they left one honest IP trace at an unnamed social media site.

That IP address, "identified Guccifer 2.0 as a particular GRU officer working out of the agency's headquarters on Grizodubovoy Street in Moscow," the Daily Beast reported. (The GRU is one of the Russia's security and intelligence organs.) Previous work by security researchers had suggested this, but it's the first I've heard of evidence this direct. Assuming it's genuine, it's a sobering reminder of how fragile anonymity is on the internet -- one click and the whole thing comes crashing down.

An anonymous reader writes: It's not just that he's silent in public. Facebook CEO and co-founder Mark Zuckerberg declined to face his employees on Tuesday to explain the company's role in a widening international scandal over the 2016 election. Facebook employees on Tuesday got the opportunity for an internal briefing and question-and-answer session about Facebook's role with the Trump-aligned data firm Cambridge Analytica. It was the first the company held to brief and reassure employees after, ahead of damaging news reports, Facebook abruptly suspended Cambridge Analytica. But Zuckerberg himself wasn't there, The Daily Beast has learned. Instead, the session was conducted by a Facebook attorney, Paul Grewal, according to a source familiar with the meeting. That was the same approach the company used on Capitol Hill this past fall, when it sent its top attorney, Colin Stretch, to brief Congress about the prevalence of Russian propaganda, to include paid ads and inauthentic accounts, on its platform. Further reading: Where in the world is Mark Zuckerberg? Frustrated Facebook execs are asking.

An anonymous reader quotes a report from VICE News: Reddit says it has identified and removed hundreds of Russian propaganda accounts, a few days after reports revealed that Russian trolls were active on the platform during the 2016 U.S. presidential election. In a post Monday, Reddit co-founder Steve Huffman said his site operators had been investigating for awhile and had found a few hundred accounts suspected to be of Russian origin or linked to known sources of Russian propaganda. "Of course, every account we find expands our search a little more," he said, also claiming the "vast majority" of the suspicious accounts were banned back in 2015-2016. An even bigger challenge was the problem of "indirect propaganda," where content produced by accounts now known to be Russian trolls was enthusiastically shared by Trump supporters on subreddits such as r/The_Donald. Reddit's investigation followed a report from The Daily Beast, based on leaked internal data from Kremlin-backed troll farm the Internet Research Agency, that confirmed Russian trolls were active on the site, as well as Tumblr, in their mission to spread disinformation, divide Americans and disrupt U.S. politics. The Washington Post reports that congressional investigators looking into the Russian issue intend to question Reddit and Tumblr over their involvement.

Ever since the inception of the Like button, Facebook users have been asking for a "dislike" button. Today, Facebook is testing a "downvote" button with certain users in the comment section of posts within Facebook groups and on old Facebook memories content. The Daily Beast reports: The feature appears to give users the ability to downrank certain comments. This is the first time Facebook has tested anything similar to a "dislike" button and it could theoretically allow for content that's offensive or relevant to be pushed to the bottom of a comment feed. In 2016, citing Facebook executives, Bloomberg said a dislike button "had been rejected on the grounds that it would sow too much negativity" to the platform. It's unclear how widely the dislike button is being tested. Facebook regularly tests features with small subsets of users that never end up rolling out to the broader public. Most users currently are only able to either Like or Reply to comments in a thread. The downvote option could have radical implications on what types of discussions and comments flourish on the platform. While it could theoretically be used to de-rank inflammatory or problematic comments, it could also easily be used as a tool for abuse.

An anonymous reader shares a report: Snap has a simple message to its employees: leak information and you could be sued or even jailed. The chief lawyer and general counsel of Snapchat's parent company, Michael O'Sullivan, sent a threatening memo to all employees last week just before The Daily Beast published an explosive story with confidential user metrics about how certain Snapchat features are used. "We have a zero-tolerance policy for those who leak Snap Inc. confidential information," O'Sullivan said in the memo, a copy of which was obtained by Cheddar. "This applies to outright leaks and any informal 'off the record' conversations with reporters, as well as any confidential information you let slip to people who are not authorized to know that information."

Joseph Cox, reporting for The Daily Beast: Data obtained by a security analyst and shared with The Daily Beast reveals the behind-the-scenes of the epicenter of revenge porn: a notorious image board called Anon-IB, where users constantly upload non-consensual imagery, comment on it, and trade nudes like baseball cards. The data shows Anon-IB users connecting from U.S. Senate, Navy, and other government computers, including the Executive Office of the President, even as senators push for a bill that would further combat the practice, and after the military's own recent revenge-porn crisis. "Wow tig ol bitties. You have any nudes to share?" someone wrote in November, underneath a photo of a woman who apparently works in D.C., while connecting from an IP address registered to the U.S. Senate.

Anon-IB is a free-to-use message board where users post images, typically of women, and which is split into various genre or location sections. Some parts are focused on countries, while U.S. sections may narrow down to a state. Many users pursue so-called wins, which are nude or explicit photos, and may egg each other on to share more images. Anon-IB was also intertwined with a 2014 breach of celebrity nudes referred to as The Fappening. "Looking for wins of [redacted]. She used to send nudes to my friend all of the time. Would love to see some more," someone connecting from the U.S. Senate IP address wrote last August.

More details are emerging about an online gamer whose fake call to Kansas police led to a fatal shooting:

• "After phoning in a false bomb threat to a Glendale, California TV station in 2015, Tyler Barriss threatened to kill his grandmother if she reported him, according to local reports and court documents." -- The Wichita Eagle

• "The Glendale Police Department confirmed to ABC News that Tyler Barriss made about 20 calls to universities and media outlets throughout the country around the time he was arrested for a bomb threat to Los Angeles ABC station KABC in 2015... He was sentenced to two years and eight months in jail, court records show." -- ABC News

• "Within months of his release in August, he had already become the target of a Los Angeles Police Department investigation into similar hoax calls... LAPD detectives were planning to meet with federal prosecutors to discuss their investigation..." -- The Los Angeles Times

• The Wichita Eagle reports that even after the police had fatally shot the person SWauTistic was pretending to be, he continued his phone call with the 911 operator for another 16 minutes -- on a call which lasted over half an hour.

• Brian Krebs reports that police may have been aided in their investigation by another reformed SWAT perpetrator -- adding that SWauTistic privately claimed to have already called in fake emergencies at approximately 100 schools and 10 homes.

Just last month SWauTistic's Twitter account showed him bragging about a bomb threat which caused the evacuation of a Dallas convention center, according to the Daily Beast -- after which SWauTistic encouraged his Twitter followers to also follow him on a second account, "just in case twitter suspends me for being a god." Later the 25-year-old tweeted that "if you can't pull off a swat without getting busted you're not a leet hacking God its that simple."

Barriss remains in jail in Los Angeles with no bond, though within three weeks he's expected to be extradited to Kansas for his next trial.

Everyone from early investors to cybercriminals has benefited from the huge spike in the value of bitcoin in the past few weeks. It's a boon for one other outfit that has likely racked up tens of millions of dollars' worth of the cryptocurrency: WikiLeaks. Joseph Cox, reporting for The Daily Beast: The transparency organization may be sitting on a stockpile of bitcoin valued at around $25 million, and has likely exchanged several other large cryptocurrency caches for fiat cash, according to two sources who independently analyzed WikiLeaks's bitcoin transactions. "Last wallet looks like his piggy bank," John Bambenek, a security expert who has previously tracked Neo-Nazis' use of bitcoin, told The Daily Beast, pointing to a specific bitcoin address believed to be linked to WikiLeaks. Since at least 2011, WikiLeaks has allowed supporters to send bitcoin donations. As noted by James Ball, a journalist and former WikiLeaks staffer, whoever is in control of this address -- presumably WikiLeaks -- moved around 3,000 bitcoin, worth $800 each, into a series of other accounts on one day in December 2013.

An anonymous reader quotes a report from The Daily Beast: When Director of National Intelligence James R. Clapper Jr., CIA Director John Brennan and FBI Director James B. Comey all went to see Donald Trump together during the presidential transition, they told him conclusively that they had "captured Putin's specific instructions on the operation" to hack the 2016 presidential election, according to a report in The Washington Post. The intel bosses were worried that he would explode but Trump remained calm during the carefully choreographed meeting. "He was affable, courteous, complimentary," Clapper told the Post. Comey stayed behind afterward to tell the president-elect about the controversial Steele dossier, however, and that private meeting may have been responsible for the animosity that would eventually lead to Trump firing the director of the FBI.

Joseph Cox, reporting for DailyBeat: Uber's ride-sharing service has given birth to some of the most creative criminal scams to date, including using a GPS-spoofing app to rip off riders in Nigeria, and even ginning up fake drivers by using stolen identities. Add to those this nefariously genius operation: Cybercriminals, many working in Russia, have created their own illegitimate taxi services for other crooks by piggybacking off Uber's ride-sharing platform, sometimes working in collaboration with corrupt drivers. Based on several Russian-language posts across a number of criminal-world sites, this is how the scam works: The scammer needs an emulator, a piece of software which allows them to run a virtual Android phone on their laptop with the Uber app, as well as a virtual private network (VPN), which routes their computer's traffic through a server in the same city as the rider. The scammer acts, in essence, as a middleman between an Uber driver and the passenger -- ordering trips through the Uber app, but relaying messages outside of it. Typically, this fraudulent dispatcher uses the messaging app Telegram to chat with the passenger, who provides pickup and destination addresses. The scammer orders the trip, and then provides the car brand, driver name, and license plate details back to the passenger through Telegram.

Anonymous readers share a report: The Department of Justice on Tuesday charged an Iranian national with allegedly hacking into HBO, dumping a selection stolen files, and attempting to extort the company by ransoming a treasure trove of the company's content. This summer, hackers released a bevy of internal HBO files, included scripts for Game of Thrones and full, unaired episodes of other shows. Behzad Mesri, aka "Skote Vahshat," at one point worked for the Iranian military to break into military and nuclear systems, as well as Israeli infrastructure, according to the newly released complaint. Under his Vahshat pseudonym, Mesri also defaced hundreds of websites in the U.S. and around the world, the complaint adds. Mesri started his hacking campaign in around May 2017, according to the complaint, probing HBO's systems and employees for weaknesses. Mesri managed to compromise multiple HBO employee accounts as well as other authorized users; from here, he allegedly stole confidential and proprietary information. These included unaired episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm, and The Deuce, as well as scripts for Game of Thrones. Indeed, the hacker behind the HBO breach publicly dumped much of this material online this summer.

After updating the rules of its verification program on Wednesday, Twitter has begun banning and removing verified check marks from white supremacist accounts. For example, white supremacists Richard Spencer and Charlottesville "Unite The Right" protest creator Jason Kessler had their verified statuses revoked today. The Daily Beast reports: The verified check mark was meant to denote "that an account of public interest is authentic," the company said in a series of tweets on Wednesday, but that "verification has long been perceived as an endorsement." "This perception became worse when we opened up verification for public submissions and verified people who we in no way endorse," a company spokesperson tweeted. Users can now lose their blue checkmarks for "inciting or engaging in harassment of others," "promoting hate and/or violence against, or directly attacking or threatening other people on the basis of race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, or disease," supporting people who promote those ideas, and a slew of other reasons.

An anonymous reader quotes a report from Motherboard: The former director of the NSA and the U.S. military's cybersecurity branch doesn't believe private companies should be allowed to hit back at hackers. "If it starts a war, you can't have companies starting a war. That's an inherently governmental responsibility, and plus the chances of a company getting it wrong are fairly high," Alexander said during a meeting with a small group of reporters on Monday. During a keynote he gave at a cybersecurity conference in Manhattan, Alexander hit back at defenders of the extremely common, although rarely discussed or acknowledged, practice of revenge hacking, or hack back. During his talk, Alexander said that no company, especially those attacked by nation state hackers, should ever be allowed to try to retaliate on its own.

Using the example of Sony, which was famously hacked by North Korea in late 2014, Alexander said that if Sony had gone after the hackers, it might have prompted them to throw artillery into South Korea once they saw someone attacking them back. "We can give Sony six guys from my old place there," he said, presumably referring to the NSA, "and they'd beat up North Korea like red-headed stepchild -- no pun intended." But that's not a good idea because it could escalate a conflict, and "that's an inherently governmental responsibility. So if Sony can't defend it, the government has to." Instead, Keith argued that the U.S. government should be able to not only hit back at hackers -- as it already does -- but should also have more powers and responsibilities when it comes to stopping hackers before they even get in. Private companies should share more data with the U.S. government to prevent breaches, ha said.

An anonymous reader quotes a report from The Daily Beast: More than 99 percent of voter fraud identified by a GOP-backed program is false, a study by Harvard, Yale, and Microsoft researchers found. Now Indiana is using the faulty program to de-register voters without warning. In July, Indiana rolled out a new law allowing county officials to purge voter registrations on the spot, based on information from a dubious database aimed at preventing voter fraud. That database, the Interstate Voter Registration Crosscheck Program, identifies people in different states who share the same name and birthdate. Crosscheck has long been criticized as using vague criteria that disproportionately target people of color. Now Indiana voters who share a name and birthdate with another American can have their registrations removed without warning -- a system ripe for abuse, a new lawsuit claims. Crosscheck's premise is simple. The program aims to crack down on people "double voting" in multiple states, by listing people who share a first name, last name, and birthdate.

Indiana has used Crosscheck for years. But until July, the state had a series of checks on the program. If Crosscheck found that an Indiana resident's name and birthdate matched that of a person in another state, Indiana law used to require officials to ask that person to confirm their address, or wait until that person went two general election cycles without voting, before the person's name was purged from Indiana voter rolls. Under the state's new law, officials can scrub a voter from the rolls immediately. That's a problem for Indiana residents, particularly people of color, a Friday lawsuit from Common Cause and the American Civil Liberties Union argues.

From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.

Joseph Cox, reporting for the Daily Beast: The dark web -- a pack of websites that hides their physical location with special software -- is always a precarious place, with the FBI shutting down massive criminal networks, or competing sites hacking one another. Now, someone is trying to take the four largest drug marketplaces offline, seemingly by flooding them with a torrent of traffic. These sites offer a mail-order service for pretty much any drug a customer could imagine, from LSD to varieties of heroin. As of at least Friday morning, several marketplaces were inaccessible or could only be visited from backup website addresses, and at the time of publication are still facing problems. It's not totally clear who is behind the outages, but the downtime has disrupted the dark-web community somewhat. "We are facing a DDoS attack atm [at the moment] and I guess many other markets as well," a Reddit moderator for the site dubbed Wall Street, one of the affected marketplaces, told The Daily Beast.

A sapphire salesman is facing jail time for forging a judge's signature in a case involving Google. Kelly Weill from The Daily Beast reports: Michael Arnstein is the third-generation owner of the Natural Sapphire Company, a Manhattan-based jewelry business. After a falling-out with a former business partner, Arnstein's company amassed dozens of negative reviews, which featured prominently in the Natural Sapphire Company's Google search results. Arnstein sued the former business partner in 2011, accusing him of writing defamatory negative reviews, and a judge ordered the partner to delete 54 of the negative comments. But some negative reviews remained, even after the court order. So Arnstein copied the judge's signature and forged new court orders of his own, demanding that Google scrub negative reviews from his company's search results, Arnstein admitted in a guilty plea on Friday.

SonicSpike shares a report from The Daily Beast: You can use bitcoin. But you can't hide from the taxman. At least, that's the hope of the Internal Revenue Service, which has purchased specialist software to track those using bitcoin, according to a contract obtained by The Daily Beast. The document highlights how law enforcement isn't only concerned with criminals accumulating bitcoin from selling drugs or hacking targets, but also those who use the currency to hide wealth or avoid paying taxes. The IRS has claimed that only 802 people declared bitcoin losses or profits in 2015; clearly fewer than the actual number of people trading the cryptocurrency -- especially as more investors dip into the world of cryptocurrencies, and the value of bitcoin punches past the $4,000 mark. Maybe lots of bitcoin traders didn't realize the government expects to collect tax on their digital earnings, or perhaps some thought they'd be able to get away with stockpiling bitcoin thanks to the perception that the cryptocurrency is largely anonymous.

"The purpose of this acquisition is to help us trace the movement of money through the bitcoin economy," a section of the contract reads. The Daily Beast obtained the document through the Freedom of Information Act. The contractor in this case is Chainalysis, a startup offering its "Reactor" tool to visualize, track, and analyze bitcoin transactions. Chainalysis' users include law enforcement agencies, banks, and regulatory entities. The software can follow bitcoin as it moves from one wallet to another, and eventually to an exchange where the bitcoin user will likely cash out into dollars or another currency. This is the point law enforcement could issue a subpoena to the exchange and figure out who is really behind the bitcoin.

New submitter simkel writes: When the Federal Communications Commission went looking this year for experts to sit on an advisory committee regarding deployment of high-speed internet, Gary Carter thought he would be a logical choice. Carter works for the city of Santa Monica, California, where he oversees City Net, one of the oldest municipal-run networks in the nation. The network sells high-speed internet to local businesses, and uses the revenue in part to connect low-income neighborhoods. That experience seemed to be a good match for the proposed Broadband Deployment Advisory Committee (BDAC), which FCC Chairman Ajit Pai created this year. One of the panel's stated goals is to streamline city and state rules that might accelerate installation of high-speed internet. But one of the unstated goals, members say, is to make it easier for companies to build networks for the next generation wireless technology, called 5G. The advanced network, which promises faster speeds, will require that millions of small cells and towers be erected nationwide on city- and state-owned public property. The assignment seemed to call out for participation from city officials like Carter, since municipal officials approve where and what equipment telecommunications companies can place on public rights of way, poles and buildings. But the FCC didn't choose Carter -- or almost any of the other city or state government officials who applied. Sixty-four city and state officials were nominated for the panel, but the agency initially chose only two: Sam Liccardo, mayor of San Jose, California, and Kelleigh Cole from the Utah Governor's Office, according to documents obtained by the Center for Public Integrity through a Freedom of Information Act request. Pai later appointed another city official, Andy Huckaba, a member of the Lenexa, Kansas, city council. Instead the FCC loaded the 30-member panel with corporate executives, trade groups and free-market scholars. More than three out of four seats on the BDAC are filled by business-friendly representatives from the biggest wireless and cable companies such as AT&T, Comcast, Sprint, and TDS Telecom. Crown Castle International Corp., the nation's largest wireless infrastructure company, and Southern, the nation's second-largest utility firm, have representatives on the panel.

An anonymous reader quotes a report from The Daily Beast: Officials seized Trump protesters' cell phones, cracked their passwords, and are now attempting to use the contents to convict them of conspiracy to riot at the presidential inauguration. Prosecutors have indicted over 200 people on felony riot charges for protests in Washington, D.C. on January 20 that broke windows and damaged vehicles. Some defendants face up to 75 years in prison, despite little evidence against them. But a new court filing reveals that investigators have been able to crack into at least eight defendants' locked cell phones. Now prosecutors want to use the internet history, communications, and pictures they extracted from the phones as evidence against the defendants in court. [A] July 21 court document shows that investigators were successful in opening the locked phones. The July 21 filing moved to enter evidence from eight seized phones, six of which were "encrypted" and two of which were not encrypted. A Department of Justice representative confirmed that "encrypted" meant additional privacy settings beyond a lock screen. For the six encrypted phones, investigators were able to compile "a short data report which identifies the phone number associated with the cell phone and limited other information about the phone itself," the filing says. But investigators appear to have bypassed the lock on the two remaining phones to access the entirety of their contents.

Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."

An anonymous reader shares an article: The Department of Homeland Security will ban laptops in the cabins of all flights from Europe to the United States, European security officials told The Daily Beast. An official announcement is expected Thursday. Initially a ban on laptops and tablets was applied only to U.S.-bound flights from 10 airports in North Africa and the Middle East. The ban was based on U.S. fears that terrorists have found a way to convert laptops into bombs capable of bringing down an airplane. It is unclear if the European ban will also apply to tablets. DHS said in a statement to The Daily Beast: "No final decisions have been made on expanding the restriction on large electronic devices in aircraft cabins; however, it is under consideration. DHS continues to evaluate the threat environment and will make changes when necessary to keep air travelers safe."

According to the Justice Department, a 32-year-old Russian "superhacker" has been sentenced to 27 years in prison for stealing and selling millions of credit-card numbers, causing more than $169 million worth of damages to business and financial institutions. The Daily Beast reports: Roman Valeryevich Seleznev, 32, aka Track2, son of a prominent Russian lawmaker, was convicted last year on 38 counts of computer intrusion and credit-card fraud. "This investigation, conviction and sentence demonstrates that the United States will bring the full force of the American justice system upon cybercriminals like Seleznev who victimize U.S. citizens and companies from afar," said Acting Assistant Attorney General Kenneth Blanco said in a statement. "And we will not tolerate the existence of safe havens for these crimes -- we will identify cybercriminals from the dark corners of the Internet and bring them to justice."

Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes."

The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."

Click through for the rest of the story.
Mark Rumold, senior staff attorney at the EFF, tells Krebs "I don't read the government's complaint as making the case that selling some type of RAT is illegal, and if that were the case I think we would be very interested in this." Also skeptical is Allison Nixon, director of security research for New York City-based security firm Flashpoint. "Huddleston can claim the DRM is to prevent cybercrime, but realistically speaking the DRM is part of the payment system -- to prevent people from pirating the software or initiating a Paypal chargeback." Krebs writes:

Nixon, a researcher who has spent countless hours profiling hackers and activities on Hackforums, said selling the NanoCore RAT on Hackforums and simultaneously scolding people for using it to illegally spy on people "could at best be seen as the actions of the most naive software developer on the Earth. In the greater context of his role as the money man for Limitless Keylogger, it does raise questions about how sincere his anti-cybercrime stance really is."

And of course, the FBI's complaint also notes that the software was promoted on HackForums.net. The Daily Beast says Huddleston eventually realized "it was a terrible place to launch a legitimate remote administration tool. There aren't a lot of corporate procurement officers on HackForums," adding that at first Huddleston handed off the business, "while continuing to develop the code as an 'advisor' in exchange for 60 percent of every sale."

Slashdot reader Highdude702 believes Huddleston's arrest "is an outrage, and is a push too far, also in the wrong direction," calling it "the story of a script kiddie gone big time...arrested for being an accomplice to a crime committed by people he had never met, let alone knew well enough to commit crimes with."

What do Slashdot's readers think?

An anonymous reader quotes a report from The Guardian: Social media site Reddit has banned two of the largest far-right "subreddits" groups it hosts, altright and alternativeright. The subreddits have been used in the organization of America's resurgent neofascist movement but the final straw for Reddit was the two groups' participation in what is known as "doxing": sharing private personal information without permission as a form of online harassment. The subreddits were specifically banned for breaking Reddit's content policy, according to a message posted by the site admins, "specifically, the proliferation of personal and confidential information." Reddit did not make it explicit which content infringed its rules, but it is believed to be attempts to dox the protestor who punched a white nationalist during a TV interview at Donald Trump's inauguration. Speaking to the Daily Beast, one Reddit moderator claimed that the ban was instead a result of its "record monthly traffic" (Reddit moderators, like the creators of individual subreddits, are all volunteers with no official relationship to the site's staff). "It's clear that Reddit banned us because we were becoming very popular and spreading inconvenient truths about who's ruining our country and robbing our children of a future," the moderator said.

An anonymous reader shares with us a report from The Daily Beast: When former Microsoft employees complained of the horrific pornography and murder films they had to watch for their jobs, the software giant told them to just take more smoke breaks, a new lawsuit alleges. Members of Microsoft's Online Safety Team had "God-like" status, former employees Henry Soto and Greg Blauert allege in a lawsuit filed on Dec. 30. They "could literally view any customer's communications at any time." Specifically, they were asked to screen Microsoft users' communications for child pornography and evidence of other crimes. But Big Brother didn't offer a good health care plan, the Microsoft employees allege. After years of being made to watch the "most twisted" videos on the internet, employees said they suffered severe psychological distress, while the company allegedly refused to provide a specially trained therapist or to pay for therapy. The two former employees and their families are suing for damages from what they describe as permanent psychological injuries, for which they were denied worker's compensation. "Microsoft applies industry-leading, cutting-edge technology to help detect and classify illegal images of child abuse and exploitation that are shared by users on Microsoft Services," a Microsoft spokesperson wrote in an email. "Once verified by a specially trained employee, the company removes the image, reports it to the National Center for Missing and Exploited Children, and bans the users who shared the images from our services. We have put in place robust wellness programs to ensure the employees who handle this material have the resources and support they need." But the former employees allege neglect at Microsoft's hands.