An anonymous reader quotes a report from Reuters: The European Union on Tuesday agreed a 43 billion euro ($47 billion) plan for its semiconductor industry in an attempt to catch up with the United States and Asia and start a green industrial revolution. The EU Chips Act, proposed by the European Commission last year and confirmed by Internal Market Commissioner Thierry Breton, aims to double the bloc's share of global chip output to 20% by 2030 and follows the U.S. CHIPS for America Act.

"We need chips to power digital and green transitions or healthcare systems," Commission Vice-President Margrethe Vestager said in a tweet. Since the announcement of its chips subsidies plan last year, the EU has already attracted more than 100 billion euros in public and private investments, an EU official said. "The critical piece of the equation which the EU will need to get right, as for the U.S., is how much of the supply chains supporting the industry can be moved to the EU and at what cost," said [Paul Triolo, a China and tech expert at the Washington-based Center for Strategic & International Studies]. While the Commission had originally proposed funding only cutting-edge chip plants, EU governments and lawmakers have widened the scope to cover the whole value chain, including older chips and research and design facilities.

An anonymous reader quotes a report from the U.S. Department of Justice: Two criminal complaints filed by the U.S. Attorney's Office for the Eastern District of New York were unsealed today in federal court in Brooklyn charging 44 defendants with various crimes related to efforts by the national police of the People's Republic of China (PRC) -- the Ministry of Public Security (MPS) -- to harass Chinese nationals residing in the New York metropolitan area and elsewhere in the United States. The defendants, including 40 MPS officers and two officials in the Cyberspace Administration of China (CAC), allegedly perpetrated transnational repression schemes targeting U.S. residents whose political views and actions are disfavored by the PRC government, such as advocating for democracy in the PRC. In the two schemes, the defendants created and used fake social media accounts to harass and intimidate PRC dissidents residing abroad and sought to suppress the dissidents' free speech on the platform of a U.S. telecommunications company (Company-1). The defendants charged in these schemes are believed to reside in the PRC or elsewhere in Asia and remain at large.

The two-count complaint charges 34 MPS officers with conspiracy to transmit interstate threats and conspiracy to commit interstate harassment. All the defendants are believed to reside in the PRC, and they remain at large. As alleged, the officers worked with Beijing's MPS bureau and are or were assigned to an elite task force called the "912 Special Project Working Group" (the Group). The purpose of the Group is to target Chinese dissidents located throughout the world, including in the United States. [...] The complaint alleges how members of the Group created thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats. These online personas also disseminated official PRC government propaganda and narratives to counter the pro-democracy speech of the Chinese dissidents. As alleged, for example, Group members created and maintained the fake social media accounts through temporary email addresses, posted official PRC government content, and interacted with other online users to avoid the appearance that the Group accounts were "flooding" a given social media platform. The Group tracks the performances of members in fulfilling their online responsibilities and rewards Group members who successfully operate multiple online personas without detection by the social media companies who host the platforms or by other users of the platforms.

The investigation also uncovered official MPS taskings to Group members to compose articles and videos based on certain themes targeting, for example, the activities of Chinese dissidents located abroad or the policies of the U.S. government. As alleged, the defendants also attempted to recruit U.S. persons to act as unwitting agents of the PRC government by disseminating propaganda or narratives of the PRC government. On several occasions, the defendants used online personas to contact individuals assessed to be sympathetic and supportive of the PRC government's narratives and asked these individuals to disseminate Group content. In addition, Group members took repeated affirmative actions to have Chinese dissidents and their meetings removed from the platform of Company-1. For example, Group members disrupted a dissident's efforts to commemorate the Tiananmen Square Massacre through a videoconference by posting threats against the participants through the platform's chat function. In another Company-1 videoconference on the topic of countering communism organized by a PRC dissident, Group members flooded the videoconference and drowned out the meeting with loud music and vulgar screams and threats directed at the pro-democracy participants. "These cases demonstrate the lengths the PRC government will go to silence and harass U.S. persons who exercise their fundamental rights to speak out against PRC oppression, including by unlawfully exploiting a U.S.-based technology company," said Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division. "These actions violate our laws and are an affront to our democratic values and basic human rights."

The Asia Internet Coalition, an influential industry organization representing technology giants such as Facebook, Google, Apple, and Amazon, has voiced concerns over a recent amendment to India's IT rules, saying the changes grant the local government expansive content removal authority without implementing adequate procedural safeguards. From a report: India recently updated its IT rules, barring social media platforms such as Facebook and Twitter from disseminating false or misleading information about the government's business affairs. Under the new regulations, these firms must rely on New Delhi's own fact-checking unit to verify claims. The amendments lack the "sufficient procedural safeguards" to protect people's fundamental rights to access information, said Jeff Paine, Managing Director of AIC in a statement Monday.

"The Russian government has become far more successful at manipulating social media and search engine rankings than previously known," reports the Washington Post, "boosting lies about Ukraine's military and the side effects of vaccines with hundreds of thousands of fake online accounts, according to documents recently leaked on the chat app Discord.

"The Russian operators of those accounts boast that they are detected by social networks only about 1 percent of the time, one document says." That claim, described here for the first time, drew alarm from former government officials and experts inside and outside social media companies contacted for this article. "Google and Meta and others are trying to stop this, and Russia is trying to get better. The figure that you are citing suggests that Russia is winning," said Thomas Rid, a disinformation scholar and professor at Johns Hopkins University's School of Advanced International Studies. He added that the 1 percent claim was likely exaggerated or misleading.

The undated analysis of Russia's effectiveness at boosting propaganda on Twitter, YouTube, TikTok, Telegram and other social media platforms cites activity in late 2022 and was apparently presented to U.S. military leaders in recent months. It is part of a trove of documents circulated in a Discord chatroom and obtained by The Washington Post. Air National Guard technician Jack Teixeira was charged Friday with taking and transmitting the classified papers, charges for which he faces 15 years in prison...

Many of the 10 current and former intelligence and tech safety specialists interviewed for this article cautioned that the Russian agency whose claims helped form the basis for the leaked document may have exaggerated its success rate.
The leaked document was apparently prepared by the Joint Chiefs of Staff, U.S. Cyber Command and Europe Command, which directs American military activities in Europe. "It refers to signals intelligence, which includes eavesdropping, but does not cite sources for its conclusions," the Post reports, describing the document as offering "a rare candid assessment by U.S. intelligence of Russian disinformation operations."

The assessment concludes that foreign bots "view, 'like,' subscribe and repost content and manipulate view counts to move content up in search results and recommendation lists." And the document says a Russian center's disinformation network — working directly for Russia's presidential administration — was still working on improvements as recently as late 2022 and expected to improve its ability to "promote pro-Russian narratives abroad." After Russia's 2016 efforts to interfere in the U.S. presidential election, social media companies stepped up their attempts to verify users, including through phone numbers. Russia responded, in at least one case, by buying SIM cards in bulk, which worked until companies spotted the pattern, employees said. The Russians have now turned to front companies that can acquire less detectable phone numbers, the document says.

A separate top-secret document from the same Discord trove summarized six specific influence campaigns that were operational or planned for later this year by a new Russian organization, the Center for Special Operations in Cyberspace. The new group is mainly targeting Ukraine's regional allies, that document said. Those campaigns included one designed to spread the idea that U.S. officials were hiding vaccine side effects, intended to stoke divisions in the West.

In March U.S. President Joe Biden "signed an executive order that limits U.S. government agencies from using commercially available spyware," writes EFF senior policy analyst Matthew Guariglia.

"But that doesn't mean there will be no government use of spyware in the United States...." The executive order arrived only days before revelations that the United States, which was previously thought to have steered clear of some of the most infamous foreign spyware products, actually had a contract to test and deploy the notorious Pegasus created by Israeli company NSO Group. The contract was signed under a fake name on November 8, 2021 between an organization that acts as a front for the U.S. government and an American affiliate of NSO group. Only five days before, on November 3, 2021, the U.S. Commerce Department added NSO Group and other foreign spyware companies to a blacklist — the "Entity List for engaging in activities that are contrary to the national security or foreign policy interests of the United States." So the signing of this straw contract was in apparent breach of this ban. NSO Group is just one of the companies that should be covered by the new executive order....

Though the NSO Group's Pegasus spyware has garnered particular attention for its widespread use against human rights advocates, journalists, and politicians, the executive order did not name any company specifically, keeping the policy broad. This may lead some government agencies to think that their purchase of foreign spyware might fly under the radar if it comes from another, smaller vendor, or the vendor can plausibly deny that it is really spyware that they are selling. We urge the Biden administration to publish a non-exhaustive list of spyware companies included as part of this ban. That would send a clear message to agencies who wish to exploit any ambiguity in order to skirt the law.
The EFF applauds the U.S. order for specyfing ways in which spyware is not to be used — including a ban on its use against journalists, activists, political figures, and any U.S. person "without proper legal authorization, safeguards, and oversight." And the EFF also notes positive signs of progress towards stopping government misuse of spyware:
Building upon the U.S. executive order, a global coalition of eleven countries, including Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States, are working towards a common goal of countering the misuse of commercial spyware. This alliance is committed to establishing robust guardrails and procedures that uphold fundamental human rights, civil liberties, and the rule of law, within each of their respective systems.
But the EFF also points out the biggest concern of the U.S. government appears to be with the dangers in spyware that's foreign made. "While this signals discomfort with foreign-made spyware, no one should take this as an indication that the U.S. government is averse to using similar technologies developed internally, or indeed acquiring foreign spyware companies for domestic use.

"Given the government's long history of using and abusing incredibly invasive techniques, people in the United States should push for robust human rights safeguards to ensure the government won't proceed with only the minor restrictions of this executive order to rein them in."

Several government cybersecurity agencies united to urge secure-by-design and secure-by-default software. Releasing "joint guidance" for software manufactuers were two U.S. security agencies — the FBI and the NSA — joined with the U.S. Cybersecurity and Infrastructure Security Agency and the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, Netherlands, and New Zealand. "To create a future where technology and associated products are safe for customers," they wrote in a joint statement, "the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers."

The Washington Post reports: Software manufacturers should put an end to default passwords, write in safer programming languages and establish vulnerability disclosure programs for reporting flaws, a collection of U.S. and international government agencies said in new guidelines Thursday. [The guidelines also urge rigorous code reviews.]

The "principles and approaches" document, which isn't mandatory but lays out the agencies' views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. It's part of a potentially contentious multiyear effort that aims to shift the way software makers secure their products. It was a key feature of the administration's national cybersecurity strategy, which was released last month and emphasized shifting the burden of security from consumers — who have to manage frequent software updates — to the companies that make often insecure products... The administration has also raised the prospect of legislation on secure-by-design and secure-by-default, but officials have said it could be years away....

The [international affairs think tank] Atlantic Council's Cyber Statecraft Initiative has praised the Biden administration's desire to address economic incentives for insecurity. Right now, the costs of cyberattacks fall on users more than they do tech providers, according to many policymakers. "They're on a righteous mission," Trey Herr, director of the Atlantic Council initiative, told me. If today's guidelines are the beginning of the discussion on secure-by-design and secure-by-default, Herr said, "this is a really strong start, and an important one."

"It really takes aim at security features as a profit center," which for some companies has led to a lot of financial growth, Herr said. "I do think that's going to rub people the wrong way and quick, but that's good. That's a good fight."
In the statement CISA's director says consumers also have a role to play in this transition. "As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else."

Among other things, the new guidelines say that manufacturers "are encouraged make hard tradeoffs and investments, including those that will be 'invisible' to the customers, such as migrating to programming languages that eliminate widespread vulnerabilities."

The Python Software Foundation is "concerned that proposed EU cybersecurity laws will leave open source organizations and individuals unfairly liable for distributing incorrect code," according to the Register. The PSF reviewed the EU's proposed "Cyber Resilience Act" and "Product Liability Act" and reports "issues that put the mission of our organization and the health of the open-source software community at risk."

From the Register's report: "If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product," the PSF said in a statement shared on Tuesday by executive director Deb Nicholson. "The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users...."

The PSF argues the EU lawmakers should provide clear exemptions for public software repositories that serve the public good and for organizations and developers hosting packages on public repositories. "We need it to be crystal clear who is on the hook for both the assurances and the accountability that software consumers deserve," the PSF concludes. The PSF is asking anyone who shares its concerns to convey that sentiment to an appropriate EU Member of Parliament by April 26, while amendments focused on protecting open source software are being considered.

Bradley Kuhn, policy fellow at the Software Freedom Conservancy, told The Register that the free and open source (FOSS) community should think carefully about the scope of the exemptions being sought. "I'm worried that many in FOSS are falling into a trap that for-profit companies have been trying to lay for us on this issue," he said. "While it seems on the surface that a blanket exception for FOSS would be a good thing for FOSS, in fact, this an attempt for companies to get the FOSS community to help them skirt their ordinary product liability. For profit companies that deploy FOSS should have the same obligations for security and certainty for their users as proprietary software companies do."
The article points out that numerous tech organizations are urging clarifications in the proposed regulations, including NLnet Labs and the Eclipse Foundation.

The Washington Post found a new tranche of "top-secret intelligence documents" on Discord, and based on them reported Friday that U.S. intelligence agencies were aware of at least two additional Chinese spy balloons.

Based on the classified documents, the Post also reports that "questions lingered about the true capabilities of the one that flew over the continental United States in January and February." The Chinese spy balloon that flew over the United States this year, called Killeen-23 by U.S. intelligence agencies, carried a raft of sensors and antennas the U.S. government still had not identified more than a week after shooting it down, according to a document allegedly leaked to a Discord chatroom by Jack Teixeira, a member of the Massachusetts Air National Guard.

Another balloon flew over a U.S. carrier strike group in a previously unreported incident, and a third crashed in the South China Sea, a second top-secret document stated, though it did not provide specific information for launch dates.... [Chinese spy balloon] Bulger-21 carried sophisticated surveillance equipment and circumnavigated the globe from December 2021 until May 2022, the NGA document states. Accardo-21 carried similar equipment as well as a "foil-lined gimbaled" sensor, it says....

Annotating what appear to be detailed photos of the balloon that flew over the United States, presumably taken from a U-2 spy plane, intelligence analysts assessed that it could generate enough power to operate "any" surveillance and reconnaissance technology, including a type of radar that can see at night and through clouds and thin materials [including tarps].... China's military has operated a vast surveillance balloon project for several years, partly out of Hainan province off China's south coast, U.S. officials have previously told The Post.

But the NGA document is notable as much for what it doesn't say, reflecting the government's possible lack of insight, at least in mid-February, into the balloons' capabilities... The lack of detailed conclusions about the balloon's surveillance capabilities raises questions about the decision to let it fly over the United States before shooting it down, an action the Defense Department justified at the time as an opportunity to collect additional intelligence.
The Post also reports that another leaked document (relying on intercepted communications) assessed that within the Chinese military the balloon surveillance program lacked "strong leadership" oversight.

An anonymous reader shares a report from KrebsOnSecurity: KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.

The term juice jacking crept into the collective paranoia of gadget geeks in the summer of 2011, thanks to the headline for a story here about researchers at the DEFCON hacker convention in Vegas who'd set up a mobile charging station designed to educate the unwary to the reality that many mobile devices were set up to connect to a computer and immediately sync data by default. Since then, Apple, Google and other mobile device makers have changed the way their hardware and software works so that their devices no longer automatically sync data when one plugs them into a computer with a USB charging cable. Instead, users are presented with a prompt asking if they wish to trust a connected computer before any data transfer can take place. On the other hand, the technology needed to conduct a sneaky juice jacking attack has become far more miniaturized, accessible and cheap. And there are now several products anyone can buy that are custom-built to enable juice jacking attacks. [...]

How seriously should we take the recent FBI warning? An investigation by the myth-busting site Snopes suggests the FBI tweet was just a public service announcement based on a dated advisory. Snopes reached out to both the FBI and the FCC to request data about how widespread the threat of juice jacking is in 2023. "The FBI replied that its tweet was a 'standard PSA-type post' that stemmed from the FCC warning," Snopes reported. "An FCC spokesperson told Snopes that the commission wanted to make sure that their advisory on "juice-jacking," first issued in 2019 and later updated in 2021, was up-to-date so as to ensure 'the consumers have the most up-to-date information.' The official, who requested anonymity, added that they had not seen any rise in instances of consumer complaints about juice-jacking." The best way to protect yourself from juice jacking is by using your own gear to charge and transfer data from your device(s) to another.

"Juice jacking isn't possible if a device is charged via a trusted AC adapter, battery backup device, or through a USB cable with only power wires and no data wires present," says security researcher Brian Krebs. "If you lack these things in a bind and still need to use a public charging kiosk or random computer, at least power your device off before plugging it in."

The official in charge of a secretive Pentagon effort to investigate unexplained aerial incursions has co-authored an academic paper that presents an out-of-this-world theory: Recent objects could actually be alien probes from a mothership sent to study Earth. Politico reports: In a draft paper dated March 7 (PDF), Sean Kirkpatrick, head of the Pentagon's All-domain Anomaly Resolution Office, and Harvard professor Avi Loeb teamed up to write that the objects, which appear to defy all physics, could be "probes" from an extraterrestrial "parent craft." It's unusual for government officials, especially those involved in the nascent effort to collect intelligence on recent sightings, to discuss the possibility of extraterrestrial life, although top agency officials don't rule it out when asked. After Loeb posted it online, the paper gained notoriety from a post on Military Times and has also circulated among science-focused news outlets.

More than half of the five-page paper is devoted to discussing the possibility that the unexplained objects DoD is studying could be the "probes" in the mothership scenario, including most of the page-long introduction. One section is titled: "The Extraterrestrial Possibility" and another "Propulsion Methods." Kirkpatrick's involvement in the academic paper demonstrates that the Pentagon is open to scientific debate of the origins of UFOs, an important signal to send to the academic world, experts said. But they add that his decision to attach his name to a theory considered in most academic circles to be highly unsubstantiated also raises questions about AARO's credibility.

The paper explains that interstellar objects such as the cigar-shaped "Oumuamua" that scientists spotted flying through the galaxy in 2017 "could potentially be a parent craft that releases many small probes during its close passage to Earth." The paper goes on to compare the probes to "dandelion seeds" that could be separated from the parent craft by the sun's gravitational force. It examines the physics of how the smaller craft could move through the Earth's atmosphere to reach the surface, where they could be spotted by humans. The paper notes that the "probes" could use starlight to "charge their batteries" and the Earth's water as fuel. It also speculates on the motive for aliens to send exploratory probes to Earth. "What would be the overarching purpose of the journey? In analogy with actual dandelion seeds, the probes could propagate the blueprint of their senders," the authors write. "As with biological seeds, the raw materials on the planet's surface could also be used by them as nutrients for self-replication or simply scientific exploration."

A proposed Indian government unit to fact-check news on social media is not about censoring journalism nor will it have any impact on media reportage, a federal minister said on Friday. Reuters reports: Recently amended IT regulation requires online platforms like Meta's Facebook and Twitter to "make reasonable efforts" to not "publish, share or host" any information relating to the government that is "fake, false or misleading." Rajeev Chandrasekhar, India minister of state for IT, said in an online discussion it was "not true" that the government-appointed unit, which press freedom advocates strongly oppose, was aimed at "censoring journalism." The Editors Guild of India last week described the move as draconian and akin to censorship.

Alphabet's Google received a mixed ruling on Thursday from a San Francisco federal judge in a patent lawsuit brought by Sonos over wireless audio technology, failing to invalidate all of the patents before a trial but narrowing Sonos' claims. Reuters reports: The case, set for trial May 8, is part of a contentious intellectual property dispute between the former business partners over their smart speakers that includes lawsuits in the United States, Canada, France, Germany and the Netherlands. Sonos won a limited import ban on some Google devices from the U.S. International Trade Commission (ITC) last year, while Google has sued Sonos for patent infringement at the ITC and in California. [...]

Sonos accused Google in the San Francisco case of infringing four patents related to multi-room wireless speaker technology. U.S. District Judge William Alsup previously invalidated one of the patents and determined Google infringed another. Alsup found Thursday that a second Sonos patent was also invalid, but rejected Google's request to cancel the remaining two patents before trial. The judge also said Google did not infringe one of the surviving patents willfully, reducing Sonos' potential damages. Alsup also said he would hold a separate bench trial after the jury trial to determine whether Google's redesigned speakers infringe Sonos' patents.

The "right to repair" movement has made considerable inroads over the past five years, partially due to support from the Biden FTC. State-level legislation aimed at dismantling repair monopolies has made progress, despite industry lobbying efforts to weaken the proposals (e.g., Kathy Hochul in New York State). Federal legislation, however, faces challenges in a troubled Congress. In response, a bipartisan group of 28 state attorneys general has penned a letter to key congressional committee leaders, urging them to advance stalled right to repair bills. From the letter: "The Right-to-Repair is a bipartisan issue that impacts every consumer, household, and farm in a time of increasing inflation. It is about ensuring that consumers have choices as to who, where, when and at what cost their vehicles can be repaired. It is about ensuring that farmers can repair their tractors for a reasonable price and quickly enough to harvest their crops."

Motherboard has discovered a swatting-as-a-service account on Telegram that uses computer generated voices to issue bomb and mass shooting threats against highschools and other locations across the country. An anonymous reader shares an excerpt from the report: Known as "Torswats" on the messaging app Telegram, the swatter has been calling in bomb and mass shooting threats against highschools and other locations across the country. Torswat's connection to these wide ranging swatting incidents has not been previously reported. The further automation of swatting techniques threatens to make an already dangerous harassment technique more prevalent. Swatting is when someone calls in a bogus threat in an attempt to direct law enforcement resources to a particular home, school, or other location. Often, swatting calls result in heavily armed police raiding an innocent victim's home. At least one case has resulted in police killing the unsuspecting occupant.

Torswats carries out these threatening calls as part of a paid service they offer. For $75, Torswats says they will close down a school. For $50, Torswats says customers can buy "extreme swattings," in which authorities will handcuff the victim and search the house. Torswats says they offer discounts to returning customers, and can negotiate prices for "famous people and targets such as Twitch streamers." Torswats says on their Telegram channel that they take payment in cryptocurrency. [...] On their Telegram channel, Torswats has uploaded at least 35 distinct recordings of calls they appear to have made. Torswats may have made many more swatting calls on others' behalf, though: each filename includes a number, with the most recent going up to 170. Torswats also recently shuttered their channel before reappearing on Telegram in February.

In all of those 35 recordings except two, Torswats appears to have used a synthesized voice. The majority of the calls are made with a fake male sounding voice; several include a woman which also appears to be computer generated. Torswats is seemingly able to change what the voice is saying in something close to real-time in order to respond to the operator's questions. These sometimes include "where are you located," "what happened," and "what is your name?" [...] Earlier this month, Torswats allegedly changed their tactics: they claimed to have made a swatting call using their own voice. In the subsequent recording, they start with much the same script as their automated voice. "I've done something really bad and want to kill myself," they tell the operator. They then claim they came out to their parents as a transgender woman, that they have an AR-15, and will shoot any police who respond. "Forgot to cut off my laugh at the end," Torswats wrote on Telegram.

An anonymous reader quotes a report from the Guardian: South Korea is to offer reclusive youths a monthly living allowance of 650,000 won ($490) in order to encourage them out of their homes, as part of a new measure passed by the Ministry of Gender Equality and Family. The measure also offers education, job and health support. The condition is known as "hikikomori," a Japanese term that roughly translated means, "to pull back." The government wants to try to make it easier for those experiencing it to leave the house to go to school, university or work.

Included in the program announced this week, which expands on measures announced in November, is a monthly allowance for living expenses for people aged between nine and 24 who are experiencing extreme social withdrawal. It also includes an allowance for cultural experiences for teenagers. About 350,000 people between the ages of 19 and 39 in South Korea are considered lonely or isolated -- about 3% of that age group -- according to the Korea Institute for Health and Social Affairs. Secluded youth are often from disadvantaged backgrounds and 40% began living reclusively while adolescents, according to a government document outlining the measures.

The new measures aim to strengthen government support "to enable reclusive youth to recover their daily lives and reintegrate into society," the government said in a statement. Among the other types of support are paying for the correction of affected people's physical appearance, including scars "that adolescents may feel ashamed of," as well as helping with school and gym supplies. South Korea also has a relatively high rate of youth unemployment, at 7.2%, and is trying to tackle a rapidly declining birthrate that further threatens productivity.

An anonymous reader quotes a report from TechCrunch: The hackers who breached data storage giant Western Digital claim to have stolen around 10 terabytes of data from the company, including reams of customer information. The extortionists are pushing the company to negotiate a ransom -- of "minimum 8 figures" -- in exchange for not publishing the stolen data. On April 3, Western Digital disclosed "a network security incident" saying hackers had exfiltrated data after hacking into "a number of the Company's systems." At the time, Western Digital provided few details about exactly what data the hackers stole, saying in a statement that the hackers "obtained certain data from its systems and [Western Digital] is working to understand the nature and scope of that data."

One of the hackers spoke with TechCrunch and provided more details, with the goal of verifying their claims. The hacker shared a file that was digitally signed with Western Digital's code-signing certificate, showing they could now digitally sign files to impersonate Western Digital. Two security researchers also looked at the file and agreed it is signed with the company's certificate. The hackers also shared phone numbers allegedly belonging to several company executives. TechCrunch called the numbers. Most of the calls rang but went to automated voicemail messages. Two of the phone numbers had voicemail greetings that mentioned the names of the executives that the hackers claimed were associated with the numbers. The two phone numbers are not public.

Screenshots shared by the hacker show a folder from a Box account apparently belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product), and a screenshot of a group call where one of the participants is identified as Western Digital's chief information security officer. They also said they were able to steal data from the company's SAP Backoffice, a backend interface that helps companies manage e-commerce data. The hacker said that their goal when they hacked Western Digital was to make money, though they decided against using ransomware to encrypt the company's files. [...] If Western Digital doesn't get back to them, the hacker said, they are ready to start publishing the stolen data on the website of the ransomware gang Alphv. The hacker said they are not directly affiliated with Alphv but "I know them to be professional." Western Digital said they're declining to comment or answer questions about the hacker's claims.

"Early Wednesday, San Francisco police made an arrest in the April 4th killing of tech exec Bob Lee," writes Slashdot reader xevioso. "Lee was stabbed in the early hours of April 4th, and later died. His killing prompted a host of claims that this was yet another example of San Francisco's slide into chaos, but the person arrested is reportedly another tech exec." Mission Local reports: The alleged killer also works in tech and is a man Lee purportedly knew. We are told that police today were dispatched to Emeryville with a warrant to arrest a man named Nima Momeni. The name and Emeryville address SFPD officers traveled to correspond with this man, the owner of a company called Expand IT.

Multiple police sources have described the predawn knifing that last week left the 43-year-old Lee dead in a deserted section of downtown San Francisco as neither a robbery attempt nor a random attack. Rather, Lee and Momeni were portrayed by police as being familiar with one another. In the wee hours of April 4, they were purportedly driving together through downtown San Francisco in a car registered to the suspect. Some manner of confrontation allegedly commenced while both men were in the vehicle, and potentially continued after Lee exited the car. Police allege that Momeni stabbed Lee multiple times with a knife that was recovered not far from the spot on the 300 block of Main Street to which officers initially responded.

An anonymous reader quotes a report from the New York Times: The leader of a small online gaming chat group where a trove of classified U.S. intelligence documents leaked over the last few months is a 21-year-old member of the intelligence wing of the Massachusetts Air National Guard, according to interviews and documents reviewed by The New York Times. The National Guardsman, whose name is Jack Teixeira, oversaw a private online group called Thug Shaker Central, where about 20 to 30 people, mostly young men and teenagers, came together over a shared love of guns, racist online memes and video games. On Thursday afternoon, about a half-dozen F.B.I. agents pushed into a residence in North Dighton, Mass. Attorney General Merrick B. Garland later said in a short statement that Airman Teixeira had been arrested "without incident." Federal investigators had been searching for days for the person who leaked the top secret documents online.

Starting months ago, one of the users uploaded hundreds of pages of intelligence briefings into the small chat group, lecturing its members, who had bonded during the isolation of the pandemic, on the importance of staying abreast of world events. [...] The Times spoke with four members of Thug Shaker Central, one of whom said he had known the person who leaked for at least three years, had met him in person and referred to him as the O.G. The friends described him as older than most of the group members, who were in their teens, and the undisputed leader. One of the friends said the O.G. had access to intelligence documents through his job. While the gaming friends would not identify the group's leader by name, a trail of digital evidence compiled by The Times leads to Airman Teixeira. The Times has been able to link Airman Teixeira to other members of Thug Shaker Central through his online gaming profile and other records. Details of the interior of Airman Teixeira's childhood home -- posted on social media in family photographs -- also match details on the margins of some of the photographs of the leaked secret documents.

Members of Thug Shaker Central who spoke to The Times said that the documents they discussed online were meant to be purely informative. While many pertained to the war in Ukraine, the members said they took no side in the conflict. The documents, they said, started to get wider attention only when one of the teenage members of the group took a few dozen of them and posted them to a public online forum. From there they were picked up by Russian-language Telegram channels and then The Times, which first reported on them. The person who leaked, they said, was no whistle-blower, and the secret documents were never meant to leave their small corner of the internet. "This guy was a Christian, antiwar, just wanted to inform some of his friends about what's going on," said one of the person's friends from the community, a 17-year-old recent high school graduate. "We have some people in our group who are in Ukraine. We like fighting games; we like war games."

Federal authorities are making arrests and seizing funds with the help of new tools to identify criminals through cryptocurrency transactions. From a report: James Zhong appeared to have pulled off the perfect crime. In December 2012, he stumbled upon a software bug while withdrawing money from his account on Silk Road, an online marketplace used to hide criminal dealings behind the seemingly bulletproof anonymity of blockchain transactions and the dark web. Mr. Zhong, a 22-year-old University of Georgia computer-science student at the time, used the site to buy cocaine. "I accidentally double-clicked the withdraw button and was shocked to discover that it resulted in allowing me to withdraw double the amount of bitcoin I had deposited," he later said in federal court. After the first fraudulent withdrawal, Mr. Zhong created new accounts and with a few hours of work stole 50,000 bitcoins worth around $600,000, court papers from federal prosecutors show.

Federal officials closed Silk Road a year later on criminal grounds and seized computers that held its transaction records. The records didn't reveal Mr. Zhong's caper at first. Authorities hadn't yet mastered how to track people and groups hidden behind blockchain wallet addresses, the series of letters and numbers used to anonymously send and receive cryptocurrency. One elemental feature of the system was the privacy it gave users. Mr. Zhong moved the stolen bitcoins from one account to another for eight years to cover his tracks. By late 2021, the red-hot crypto market had raised the value of his trove to $3.4 billion. In November 2021, federal agents surprised Mr. Zhong with a search warrant and found the digital keys to his crypto fortune hidden in a basement floor safe and a popcorn tin in the bathroom. Mr. Zhong, who pleaded guilty to wire fraud, is scheduled to be sentenced Friday in New York federal court, where prosecutors are seeking a prison sentence of less than two years.

Mr. Zhong's case is one of the highest-profile examples of how federal authorities have pierced the veil of blockchain transactions. Private and government investigators can now identify wallet addresses associated with terrorists, drug traffickers, money launderers and cybercriminals, all of which were supposed to be anonymous. Law-enforcement agencies, working with cryptocurrency exchanges and blockchain-analytics companies, have compiled data gleaned from earlier investigations, including the Silk Road case, to map the flow of cryptocurrency transactions across criminal networks worldwide. In the past two years, the U.S. has seized more than $10 billion worth of digital currency through successful prosecutions, according to the Internal Revenue Service -- in essence, by following the money. Instead of subpoenas to banks or other financial institutions, investigators can look to the blockchain for an instant snapshot of the money trail.

The White House said Thursday that data does not indicate a US recession is on the horizon, rebuffing Federal Reserve staff economists who forecast a minor contraction starting later this year. From a report: White House Press Secretary Karine Jean-Pierre said job numbers and consumer spending are strong and chalked it up to President Joe Biden's economic plans, waving off a recession risk. "We're seeing the success of his plans, and recent economic indicators are not consistent with a recession or even a pre-recession," Jean-Pierre said Thursday when asked about the Fed forecast. Federal Reserve minutes published Wednesday indicated that "the staff's projection at the time of the March meeting included a mild recession starting later this year, with a recovery over the subsequent two years."

Still, Fed officials appear on track to extend their run of interest-rate hikes, shrugging off the warning. Jean-Pierre pointed to job gains, the unemployment rate and consumer spending as indicators. She also said that inflation has been falling, though it remains well above target and may spur more Fed hikes, raising the chance of a recession. Still, the spokeswoman contradicted the warning of the Fed staff. "Those are the indicators that show us that we are not headed to a recession or a pre-recession," she said.