Google defended its use of "history-off chats" for many internal communications, denying the US government's allegation that it intentionally destroyed evidence needed in an antitrust case. The history-off setting causes messages to be automatically deleted within 24 hours. Ars Technica reports: The US government and 21 states last month asked a court to sanction Google for allegedly using the auto-delete function on chats to destroy evidence and accused Google of falsely telling the government that it suspended its auto-deletion practices on chats subject to a legal hold. Google opposed the motion for sanctions on Friday in a filing (PDF) in US District Court for the District of Columbia. Google said it uses a "tiered approach" for preserving chats. "When there is litigation, Google instructs employees on legal hold not to use messaging apps like Google Chat to discuss the subjects at issue in the litigation and, if they must, to switch their settings to 'history on' for chats regarding the subjects at issue in the litigation, so that any such messages are preserved," the Google filing said.

Google said the government plaintiffs "contend that the Federal Rules specifically mandate that Google should have applied a forced history on setting for all custodians for all chats created while the custodian was on legal hold, regardless of the possible relevance of the message to the litigation." But federal rules only require "reasonable steps to preserve" information, Google pointed out. "Google's vast preservation efforts here -- and specifically its methodology with respect to history-off chats -- were 'reasonable steps' under the Rule," Google argued. Google said the US and state attorneys general "have not been denied access to material information needed to prosecute these cases and they have offered no evidence that Google intentionally destroyed such evidence." Google also argued that the objections came too late, alleging that the government knew before litigation began "that there was a subset of chats not automatically retained." "Plaintiffs' motions are barred at the outset because they were on notice of Google's approach to chats for years, yet did not object until well after the close of discovery. Those tactics should not be countenanced," Google told the court.

Google said its November 2019 disclosures in an ESI (Electronically Stored Information) questionnaire "show that the distinction between 'on-the-record' and other chats was apparent to anyone who wanted to pursue the matter from the outset of DOJ's investigation. For instance, the ESI Questionnaire response specifies that chat 'messages are generally retained for a period of 30 days if they have been marked on-the-record, and potentially longer if on-the-record messages are on legal hold.'" Google also said, "it is no secret how Google's Chat product operates" because it's a publicly available product and the Google Chat website explains the history-off feature. The Justice Department's motion last month said things happened very differently. "Google systematically destroyed an entire category of written communications every 24 hours" for nearly four years, the government motion said, continuing [...].

Microsoft has won dismissal of a private consumer antitrust lawsuit over its $69 billion proposed purchase of "Call of Duty" maker Activision Blizzard, but the plaintiffs were given 20 days to refine their legal challenge. From a report: A federal judge in San Francisco ruled that the lawsuit from a group of video game plaintiffs "lacks allegations" supporting their claim that the proposed acquisition would harm market competition. "Plaintiffs' general allegation that the merger may cause 'higher prices, less innovation, less creativity, less consumer choice, decreased output, and other potential anticompetitive effects' is insufficient," wrote U.S. District Judge Jacqueline Corley. "Why? How?" The decision does not affect the U.S. Federal Trade Commission's (FTC) regulatory challenge to the largest-ever gaming industry deal.

Indian authorities severed mobile internet access and text messaging for a second day Sunday across Punjab, a state of about 27 million people, as officials sought to capture a Sikh separatist and braced for potential unrest. The Washington Post reports: The statewide ban -- which crippled most smartphone services except for voice calls and some SMS text messages -- marked one of the broadest shutdowns in recent years in India, a country that has increasingly deployed the law enforcement tactic, which digital rights activists call draconian and ineffective. The Punjab government, led by the opposition Aam Admi Party, initially announced a 24-hour ban starting midday Saturday as its security forces launched a sprawling operation to arrest the fugitive Amritpal Singh, then extended the ban Sunday for another 24 hours.

Singh, a 30-year-old preacher, has been a popular figure within a separatist movement that seeks to establish a sovereign state in Punjab called Khalistan for followers of the Sikh religion. He rocketed to nationwide notoriety in February after his supporters stormed a police station to free one of his jailed supporters. The Khalistan movement is outlawed in India and considered a top national security threat by officials, but the movement has sympathizers across Punjab state, which is majority Sikh, and among members of the large Sikh diaspora who have settled in countries such as Canada and Britain. In a bid to forestall unrest and curtail what it called "fake news," Punjab authorities blocked mobile internet service beginning at noon Saturday, shortly after they failed to apprehend Singh as he drove through central Punjab with a cavalcade of supporters. Officials were probably also motivated by a desire to deprive Singh's supporters of social media, which they briefly used Saturday to seek help and organize their ranks.

Singh was still on the run as of late Sunday, and the 4G blackout remained in effect. Three Punjab residents who spoke to The Washington Post said life had been disrupted since midday Saturday. Only essential text messages, such as confirmation codes for bank transfers, were trickling through. Wired internet services were not affected. "My entire business is dependent on internet," said Mohammad Ibrahim, who accepts QR code-based payments at his two clothing shops in a village outside of Ludhiana and also sells garments online. "Since yesterday, I've felt crippled."

A U.S. and Greek national who worked on Meta's security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case. From the report: The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece. It demonstrates that the illicit use of spyware is spreading beyond use by authoritarian governments against opposition figures and journalists, and has begun to creep into European democracies, even ensnaring a foreign national working for a major global corporation.

The simultaneous tapping of the target's phone by the national intelligence service and the way she was hacked indicate that the spy service and whoever implanted the spyware, known as Predator, were working hand in hand. The latest case comes as elections approach in Greece, which has been rocked by a mounting wiretapping and illegal spyware scandal since last year, raising accusations that the government has abused the powers of its spy agency for illicit purposes. The Predator spyware that infected the device is marketed by an Athens-based company and has been exported from Greece with the government's blessing, in possible breach of European Union laws that consider such products potential weapons, The New York Times found in December. The Greek government has denied using Predator and has legislated against the use of spyware, which it has called "illegal."

After almost 17 years online, file-hosting veteran Zippyshare will shut down at the end of the month. TorrentFreak: Founded in 2006, Zippyshare was known for its free, no-nonsense, no-frills approach to storing files online. Having changed very little over the years, Zippyshare's operators say the platform is now a dinosaur that costs too much to run in a world where ad-blocking is widespread. Zippyshare said, "Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore."

A federal judge on Monday will weigh pleas by four major book publishers to stop an online lending library from freely offering digital copies of books, in a case that raises novel questions about digital-library rights and the reach of copyright law that protects the work of writers and publishers. From a report: Nonprofit organization Internet Archive created the digital books, building its collection by scanning physical book copies in its possession. It lends the digital versions to readers worldwide, with more than three million digitized books on offer. Titles range from Stephen King's scary bestseller "It" to Kristin Hannah's historical novel "The Nightingale." The archive expanded its digital lending during the Covid-19 pandemic, temporarily lifting limits on how many people could check out a book at one time. The move helped prompt the publishers' copyright infringement lawsuit in 2020, which is pending before U.S. District Judge John Koeltl in Manhattan.

The plaintiffs are Lagardere SCA's Hachette Book Group, John Wiley and Sons, Bertelsmann SE's Penguin Random House, and HarperCollins Publishers, which like The Wall Street Journal is owned by News Corp. They argue the Internet Archive book platform "constitutes willful digital piracy on an industrial scale" and hurts writers and publishers who rely on consumers buying their products. William Adams, general counsel for HarperCollins Publishers, said the archive's approach has no basis in law. "What they're doing is supplanting what authors and publishers do with libraries and have been doing for a long time," he said. The Internet Archive says its lending practices are a fair and legal use of the books, in the same way that traditional bricks-and-mortar libraries have a right to share their collections with the public.

And starting in 2021 — long before the run on Silicon Valley Bank — the Federal Reserve had "repeatedly warned the bank that it had problems," reports the New York Times: In 2021, a Fed review of the growing bank found serious weaknesses in how it was handling key risks. Supervisors at the Federal Reserve Bank of San Francisco, which oversaw Silicon Valley Bank, issued six citations. Those warnings, known as "matters requiring attention" and "matters requiring immediate attention," flagged that the firm was doing a bad job of ensuring that it would have enough easy-to-tap cash on hand in the event of trouble.

But the bank did not fix its vulnerabilities. By July 2022, Silicon Valley Bank was in a full supervisory review — getting a more careful look — and was ultimately rated deficient for governance and controls. It was placed under a set of restrictions that prevented it from growing through acquisitions. Last autumn, staff members from the San Francisco Fed met with senior leaders at the firm to talk about their ability to gain access to enough cash in a crisis and possible exposure to losses as interest rates rose.

It became clear to the Fed that the firm was using bad models to determine how its business would fare as the central bank raised rates: Its leaders were assuming that higher interest revenue would substantially help their financial situation as rates went up, but that was out of step with reality. y early 2023, Silicon Valley Bank was in what the Fed calls a "horizontal review," an assessment meant to gauge the strength of risk management. That checkup identified additional deficiencies — but at that point, the bank's days were numbered. In early March, it faced a run and failed within a matter of days....

The picture that is emerging is one of a bank whose leaders failed to plan for a realistic future and neglected looming financial and operational problems, even as they were raised by Fed supervisors. For instance, according to a person familiar with the matter, executives at the firm were told of cybersecurity problems both by internal employees and by the Fed — but ignored the concerns.
The Federal Reserve Bank system has 12 distircts, and the one overseeing California had a board of directors which included SVB's CEO Greg Becker, the article points out. "While board members do not play a role in bank supervision, the optics of the situation are bad."

Gizmodo reports that Amazon "is thinking about releasing a web browser, a boring-sounding project that could have massive implications." The company has sent a survey to users asking detailed questions, including which features would "convince you to download and try" a "new desktop/laptop browser from Amazon...."

The survey asked a variety of questions. Most telling was the last question: "Imagine that there is a new desktop/laptop browser from Amazon available to do. Select which of the following you would most like to know more about." The survey went on to list topics such as privacy, syncing passwords across devices, and shopping features.... Users were asked to rate the importance of features including text to speech, extensions, the availability to sync data across desktop and mobile devices, and — notably — blocking third party cookies.

Amazon seems to be seriously considering a web browser of its own, and it comes at a time when it would have an unusual impact on the advertising business. The ad industry is bracing for cataclysmic change as Google moves closer to killing third-party cookies in Chrome, the world's most popular web browser, which would kneecap one of the primary ways businesses track consumers for ads.... Part of what makes Amazon so attractive to marketers is the fact that the company sits on a treasure trove of data about what consumers are buying and what their shopping habits are like. If Amazon could match that information with the data collection that comes from a web browser, it could tip the scales of internet advertising in favor of the retail giant.
One thing Amazon asked users is whethered they'd be convinced to download and try a browser if it offered "AI-enabled tab, history, and bookmarks management to automatically sort these into categories for quick search and retrieval."

An anonymous reader quotes a report from Bloomberg: Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site "BreachForums" under the name "Pompompurin." Conor Brian Fitzpatrick was arrested by a team of investigators at his home around 4:30 p.m. Wednesday, an FBI agent said in a sworn statement filed in court the next day. Fitzpatrick is charged with a single count of conspiracy to commit access device fraud.

BreachForums hosted the stolen databases of almost 1,000 companies and websites. The databases often includes personal information, such as names, emails and passwords. The information is offered for sale by users of the site and can be used for fraud. Pompompurin's profile on BreachForums describes him as "Bossman" and pictures the Sanrio Co. cartoon dog whose name he used as an online alias. The profile shows Fitzpatrick's most recent visit to the site was Wednesday at 3:53 p.m., shortly before his arrest. The FBI agent, who led the other agents in the arrest, said Fitzpatrick admitted he had used the alias "Pompompurin" and was the owner and operator of BreachForums.

In November 2021, Pompompurin claimed responsibility for sending out fake emails that originated from an "fbi.gov" email address. Pompompurin claimed responsibility for the breach in an interview with Brian Krebs. Details of the charges, filed in federal court in Alexandria, Virginia, have not been made public. A spokeswoman for the US Attorney in Alexandria didn't return phone and email messages seeking comment. Fitzpatrick was presented in federal court in White Plains, New York, and released on a $300,000 unsecured bond, signed by his parents. Fitzpatrick is required to avoid any contact with co-defendant, co-conspirators and witnesses in the case. He's due to appear in court in Alexandria on March 24.

The Brazilian government is studying whether to regulate Internet platforms with content that earns revenue such as advertising, its secretary for digital policies, Joao Brant, said on Friday. Reuters reports: The idea would be for a regulator to hold such platforms, not consumers, accountable for monetized content, Brant told Reuters. Another goal is "to prevent the networks from being used for the dissemination and promotion of crimes and illegal content" especially after the riots by supporters of former far-right President JairBolsonaro in Brasilia in January, fueled by misinformation about the election he lost in October.

Brant said President Luiz Inacio Lula da Silva's government also intends to make companies responsible for stopping misinformation, hate speech and other crimes on their social media platforms. Platforms would not be held responsible for content individually, but for how diligent they are in protecting the "digital environment," he said in an interview. Brant did not detail what the regulatory body would look like, but said the government wants to regulate monetized content and prevent the platforms from spreading misinformation.

The UK Space Agency said Friday it would back research by Rolls-Royce looking at the use of nuclear power on the moon. CNBC reports: In a statement, the government agency said researchers from Rolls-Royce had been working on a Micro-Reactor program "to develop technology that will provide power needed for humans to live and work on the Moon." The UKSA will now provide [around $3.52 million] of funding for the project, which it said would "deliver an initial demonstration of a UK lunar modular nuclear reactor."

Rolls-Royce is set to work with a range of organizations on the project, including the University of Sheffield's Advanced Manufacturing Research Centre and Nuclear AMRC, and the University of Oxford. "Developing space nuclear power offers a unique chance to support innovative technologies and grow our nuclear, science and space engineering skills base," Paul Bate, chief executive of the UK Space Agency, said. Bate added that Rolls-Royce's research "could lay the groundwork for powering continuous human presence on the Moon, while enhancing the wider UK space sector, creating jobs and generating further investment." According to the UKSA, Rolls-Royce [...] is aiming "to have a reactor ready to send to the Moon by 2029."

An anonymous reader quotes a report from The Register: A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak. The proposed class-action lawsuit stems from a February intrusion during which malware crew BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network (LVHN) physician's networks, stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people, and then demanded a ransom payment to decrypt the files and prevent it from posting the health data online. The Pennsylvania health care group, one of the largest in the US state, oversees 13 hospitals, 28 health centers, and dozens of other physicians' clinics, pharmacies, rehab centers, imaging and lab services. LVHN refused to pay the ransom, and earlier this month BlackCat started leaking patient info, including images of at least two breast cancer patients, naked from the waist up.

According to the lawsuit [PDF] filed this week, here's how one of the patients, identified as "Jane Doe" found out about the data breach -- and that LVHN had stored nude images of her on its network in the first place. On March 6, LVHN VP of Compliance Mary Ann LaRock, called Doe and told her that her nude photos had been posted on the hackers' leak site. "Ms. LaRock offered plaintiff an apology, and with a chuckle, two years of credit monitoring," the court documents say. In addition to swiping the very sensitive photos, the crooks also made off with everything needed for identity fraud.

According to the lawsuit, LaRock also told Doe that her physical and email addresses, along with date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach. "Given that LVHN is and was storing the sensitive information of plaintiff and the class, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach," the lawsuit says. It claims LVHN was negligent in its duty to safeguard patients' sensitive information, and seeks class action status for everyone whose data was exposed with monetary damages to be determined. Pennsylvania attorney Patrick Howard, who is representing Doe and the rest of the plaintiffs in the proposed class action, said he expects the number of patients affected by the breach to be in the "hundreds, if not thousands."

New Zealand will ban TikTok on devices with access to the parliamentary network because of cybersecurity concerns, a government official said on Friday. CNBC reports: TikTok will be banned on all devices with access to New Zealand's parliamentary network by the end of March, said Parliamentary Service Chief Executive Rafael Gonzalez-Montero. Gonzalez-Montero, in an email to Reuters, said the decision was taken after advice from cybersecurity experts and discussions within government and with other countries.

"Based on this information the Service has determined that the risks are not acceptable in the current New Zealand Parliamentary environment," he said. Special arrangements can be made for those who require the app to do their jobs, he added.

The FBI and the Department of Justice are investigating the events that led TikTok's Chinese parent company, ByteDance, to use the app to surveil American journalists, including this reporter, Forbes reported, citing sources familiar with the departments' actions. From the report: According to a source in position to know, the DOJ Criminal Division, Fraud Section, working alongside the Office of the U.S. Attorney for the Eastern District of Virginia, has subpoenaed information from ByteDance regarding efforts by its employees to access U.S. journalists' location information or other private user data using the TikTok app. According to two sources, the FBI has been conducting interviews related to the surveillance. ByteDance's use of the app to surveil U.S. citizens was first reported by Forbes in October, and confirmed by an internal company investigation in December.

"We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance. Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us," said ByteDance spokesperson Jennifer Banks. This is the first report of the federal government investigating ByteDance's surveillance practices. It is not clear if the DOJ's subpoena is connected to the FBI's interviews. The DOJ and the FBI are both part of the interagency Committee on Foreign Investment in the United States (CFIUS), which this week demanded that ByteDance divest from TikTok or face a nationwide ban of the app. For the past several years, CFIUS has attempted to negotiate a national security contract with TikTok meant to mitigate concerns that it could be used by the Chinese government to access valuable private information about U.S. citizens or manipulate U.S. civic discourse.

The US Copyright Office has issued (PDF) guidance today to clarify when AI-generated material can be copyrighted. Ars Technica reports: Guidance comes after the Copyright Office decided that an author could not copyright individual AI images used to illustrate a comic book, because each image was generated by Midjourney -- not a human artist. In making its decision, the Copyright Office committed to upholding the longstanding legal definition that authors of creative works must be human to register works. Because of this, officials confirmed that AI technologies can never be considered authors. This wasn't the only case influencing new guidance, but it was the most recent. Wrestling with the comic book's complex authorship questions helped prompt the Copyright Office to launch an agency-wide initiative to continue exploring a wider range of copyright issues arising as the AI models that are used to generate text, art, audio, and video continue evolving.

Perhaps the most significant aspect of the guidance is an author's "duty to disclose the inclusion of AI-generated content in a work submitted for registration." When registering works, authors must distinguish which content is human-authored and which content is AI-generated. If applicants aren't sure how to refer to the AI-generated content, the Copyright Office recommends providing a general statement that the work contains AI-generated content. That will prompt the office to follow up to help each author fill in the blanks in an application.

For artists who have pending applications or have already registered works that contain AI-generated content, the Copyright Office suggests correcting the public record by submitting a supplementary registration. Any failure to accurately reflect the role of AI in copyrighted works could result in "losing the benefits of the registration," the office warned. That could leave works vulnerable to being copied, with little or no legal recourse for copyright infringement claims. Failure to disclose AI-generated content is the only type of infringement discussed in the guidance. Critics like Alex J. Champandard, a co-founder of Creative.ai -- a group of hackers and artists interested in generative AI -- tweeted to say that current guidance puts authors in a precarious catch-22 situation. "By disclosing the AI, you're opening yourself up to infringement, but by not disclosing AI, it's safer but in violation of [the US Copyright Office]!" Champandard's tweet suggested.

Amazon did not alert its New York City customers that they were being monitored by facial recognition technology, a lawsuit filed Thursday alleges. CNBC reports: In a class-action suit, lawyers for Alfredo Perez said that the company failed to tell visitors to Amazon Go convenience stores that the technology was in use. Thanks to a 2021 law, New York is the only major American city to require businesses to post signs if they're tracking customers' biometric information, such as facial scans or fingerprints. [...] The lawsuit says that Amazon only recently put up signs informing New York customers of its use of facial recognition technology, more than a year after the disclosure law went into effect. "To make this 'Just Walk Out' technology possible, the Amazon Go stores constantly collect and use customers' biometric identifier information, including by scanning the palms of some customers to identify them and by applying computer vision, deep learning algorithms, and sensor fusion that measure the shape and size of each customer's body to identify customers, track where they move in the stores, and determine what they have purchased," says the lawsuit.

"It means that even a global tech giant can't ignore local privacy laws," Albert Cahn, project director, said in a text message. "As we wait for long overdue federal privacy laws, it shows there is so much local governments can do to protect their residents."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today finalized rules requiring mobile carriers to block robotext messages that are likely to be illegal. The FCC described the rules as the agency's "first regulations specifically targeting the increasing problem of scam text messages sent to consumers." Carriers will be required to block text messages that come from "invalid, unallocated, or unused numbers." Carriers must also block texts from "numbers that the subscriber to the number has self-identified as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting," the FCC said. Carriers will have to establish a point of contact for text senders so the senders can inquire about blocked texts. The FCC already requires similar blocking of voice calls from these types of numbers. The order will take effect 30 days after it is published in the Federal Register, according to a draft of the order released before the meeting.

More robotext rules may be on the way because today's "action also seeks public comment on further proposals to require providers to block texts from entities the FCC has cited as illegal robotexters," the FCC said. For example, the FCC proposes to clarify that Do Not Call Registry protections apply to text messaging. The FCC said it's further proposing to close the "lead generator loophole" that "allows companies to use a single consumer consent to deliver robocalls and text messages from multiple -- perhaps thousands -- of marketers on subjects that may not be what the consumer had in mind." The FCC "will also take further public comment on text authentication measures and other proposals to continue to fight illegal scam robotexts." The FCC separately voted today to close another gap in its Caller ID authentication rules that target illegal robocalls. The rules already required phone companies to implement the caller ID authentication technologies known as STIR and SHAKEN. But the rules don't apply in every possible scenario, so the FCC has periodically strengthened them. In June 2022, for example, the FCC required carriers with 100,000 or fewer customers to comply a year earlier than these small carriers were originally required to. The FCC said in a statement: "The new rules will require intermediate providers that receive unauthenticated IP calls directly from domestic originating providers to use STIR/SHAKEN to authenticate those calls. Although STIR/SHAKEN has been widely implemented under FCC rules, some originating providers are not capable of using the framework. In other cases, unscrupulous originating providers may deliberately fail to authenticate calls. By requiring the next provider in the call path to authenticate those calls, the FCC closes a gap in the caller ID authentication regime and facilitates government and industry efforts to identify and block illegal robocalls."

A Dutch court hearing a class action lawsuit on Wednesday found that a European subsidiary of Meta, Facebook Ireland, improperly used personal data of Dutch citizens between 2010 and 2020, saying the company had "violated the law." From a report: "Personal information was processed for the purposes of advertising when in this case that is not allowed," a summary of the Amsterdam court ruling said. "Personal information was given to third parties without Facebook users being informed and without there being a legal basis to do so." The decision was directed at Facebook Ireland because it is the part of the company that oversees the processing of Dutch user data. The case has not yet progressed to the phase where any damages could be claimed.

An anonymous reader quotes a report from KrebsOnSecurity: Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh -- also known as "Weep" -- a 19-year-old from Pawtucket, Rhode Island; and Nicholas Ceraolo, 25, of Queens, NY, who allegedly also went by the handles "Convict" and "Ominus." The Justice Department says Singh and Ceraolo belong to a group of cybercriminals known to its members as "ViLE," who specialize in obtaining personal information about third-party victims, which they then use to harass, threaten or extort the victims, a practice known as "doxing." [...]

The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. federal government portal without authorization. The complaint doesn't specify which agency portal was hacked, but it does state that the portal included access to law enforcement databases that track narcotics seizures in the United States. [On May 12, 2022, KrebsOnSecurity broke the news.] Prosecutors say they tied Singh to the government portal hack because he connected to it from an Internet address that he'd previously used to access a social media account registered in his name. When they raided Singh's residence on Sept. 8, 2022 and seized his devices, investigators with Homeland Security found a cellular phone and laptop that allegedly "contained extensive evidence of access to the Portal." If convicted, Ceraolo faces up to 20 years' imprisonment for conspiracy to commit wire fraud; both Ceraolo and Singh face five years' imprisonment for conspiracy to commit computer intrusions.

A copy of the complaint against Ceraolo and Singh is here (PDF).

An anonymous reader quotes a report from Ars Technica: Today, the federal government's Joint Office of Energy and Transportation opened up applications for a $2.5 billion program to expand electric vehicle charging infrastructure in underserved communities. The Charging and Fueling Infrastructure Discretionary Grant Program was authorized along with the $5 billion National Electric Vehicle Infrastructure Formula Program as part of the Infrastructure Investment and Jobs Act of 2021. For starters, the Joint Office is making $700 million available for EV chargers -- but also other alternative fuels including hydrogen and natural gas.

The CFI program actually encompasses two discrete $1.25 billion grant programs. The first is for community charging and fueling grants in both urban and rural areas, particularly in underserved and disadvantaged communities, including low- and moderate-income neighborhoods as well as neighborhoods with a low ratio of private parking. The other half of the money is for the alternative fuel corridor grants, which will fund the deployment of EV chargers and other alternative fuel infrastructure along designated alternative fuel corridors. "It's critical that we build a national charging network that provides EV drivers with the right type of charging in the right location -- whether that's high-powered charging on highway corridors and in urban hubs or Level 2 charging where EV drivers or riders live, work, and play," said Joint Office Executive Director Gabe Klein. "By working with cities and communities through the CFI Program to get this mix right, we can ensure that everyone has convenient and affordable access to riding and driving electric."