An anonymous reader shares a report: The investment bank B Riley is so determined to persuade the troubled bitcoin miner Core Scientific to avoid filing for bankruptcy that it has offered as much as $72mn in fresh financing to keep the company from seeking a court-supervised Chapter 11 restructuring. "Bankruptcy is not the answer and would be a disservice to the Company's investors," B Riley wrote in a letter from early December. "It will destroy value for the Company's shareholders, reduce potential recoveries for the Company's lenders, deplete its limited resources and create massive uncertainty for all its stakeholders."

Core Scientific filed for bankruptcy anyway last week. Still, B Riley's aversion should be understandable. A series of players have succumbed to the ongoing crypto winter including FTX, BlockFi, Voyager Digital and Celsius with customer accounts largely frozen. The novel legal issues about digital asset ownership, the continuing problems in the sector and the deliberative nature of US bankruptcy proceedings have kept any of the major companies from exiting court protection yet. The costs are piling up and account holders are noticing. Lawyers, bankers and other advisers in the Celsius case that began in July recently submitted detailed fee requests to the New York federal bankruptcy court totalling $53mn.

Per US law, these official advisers will have these so-called "administrative expenses," subject to court approval, paid by the "estate" or the company which will naturally eat into the recoveries of account holders. Law firms involved including Kirkland & Ellis and White & Case which are usual powerhouses in corporate and private equity bankruptcies are involved in Celsius and have top lawyers billing more than $1,800 per hour. (This may remain a bargain as top lawyers in the FTX bankruptcy at Sullivan & Cromwell are charging in excess of $2,000 per hour).

The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than what was promised in the listing. The device's memory card held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people. From a report: Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints. Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan. The device -- a relic of the vast biometric collection system the Pentagon built in the years after the Sept. 11, 2001, attacks -- is a physical reminder that although the United States has moved on from the wars in Afghanistan and Iraq, the tools built to fight them and the information they held live on in ways unintended by their creators.

Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear. But the data, which offers detailed descriptions of individuals in addition to their photograph and biometric data, could be enough to target people who were previously unknown to have worked with U.S. military forces should the information fall into the wrong hands. For those reasons, Mr. Marx would not place the information online or share it in an electronic format, but he did allow a Times reporter in Germany to see the data in person alongside him. "Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it," Brig. Gen. Patrick S. Ryder, the Defense Department's press secretary, said in a statement. "The department requests that any devices thought to contain personally identifiable information be returned for further analysis." He provided an address for the military's biometrics program manager at Fort Belvoir in Virginia where the devices could be sent. The biometric data on the SEEK II was collected at detainment facilities, on patrols, during screenings of local hires and after the explosion of an improvised bomb. Around the time when the device was last used in Afghanistan, the American war effort there was winding down.

The U.S. Copyright Office has completed its public consultations on the use of technical measures to identify and protect copyrighted content online. From a report: For many years, U.S. lawmakers have considered options to update the DMCA so it can more effectively deal with today's online copyright issues. Many proposals have come and gone, without resulting in any significant updates. Calls to change current legislation persist, however. Following repeated nudges from Senators Thom Tillis and Patrick Leahy, the Copyright Office launched a consultation on automated tools that online services can use to ensure that pirated content is less easily shared.

The Copyright Office also asked stakeholders whether it's desirable to make certain standard technical measures mandatory for online platforms. Such measures could include upload filters to block pirated content from being reuploaded. This month the Copyright Office presents its conclusions, which are also shared with Senators Tillis and Leahy in two letters. After reviewing thousands of responses and input from stakeholders in plenary sessions, the overall conclusion is one of clear disagreement. Most parties agree that it's impossible to design an error-free takedown process but disagree on what error rate is acceptable when takedowns are automated. Opponents of filtering technology warn that fair use and First Amendment rights are at stake.

Rightsholders did not dispute that but noted that these issues don't play a role when full copies of copyrighted content are shared. When it comes to the implementation of voluntary measures, the Copyright Office doesn't have any concrete suggestions. Instead, it will continue to back existing initiatives, while facilitating dialogue between various stakeholders. "The public comments and the consultations confirmed that there cannot be a one-size-fits-all approach to voluntary technical measures, and that there remains a lack of consensus in this area," the Office writes. "Nevertheless, the consultations served as valuable opportunities for dialogue among stakeholders, which may lead to further voluntary action. The Copyright Office proposed options to continue its role as convener of these conversations in the future."

US citizens lost over $10 billion due to phishing calls by illegal Indian call centres in 2022, as per the Federal Bureau of Investigation (FBI) data. From a report: Most of the victims of these fraud calls from Indian phishing gangs were elderly US citizens above the age of 60 years who lost over $3 billion, Times Of India reported citing FBI data. After several incidents were reported in 2022, the FBI has now deputed a permanent representative at the US embassy in New Delhi. The representative will work closely with the CBI, Interpol and the Delhi Police to bust these gangs that have put India under the threat to be termed as the hub of such illegal call centres. Several Americans lost a total of $10.2 billion in 2022 so far, which is a 47 per cent increase from 2021's $6.9 billion, to such fraud calls.

Friday America's Federal Trade Commission issued an announcement on what it called "illegal business tactics that Mastercard has been using to force merchants to route debit card payments through its payment network," saying the FTC is now requiring Mastercard "to stop blocking the use of competing debit payment networks." The popularity of debit cards has been growing especially quickly for purchases consumers make using their personal devices equipped with ewallet applications such as Apple Pay, Google Pay, and Samsung Wallet. Payment card networks play a critical role in those debit card transactions....

Payment card networks compete for the business of banks that issue cards and for the business of merchants that accept card payments. Mastercard, along with Visa, is one of the two leading payment card networks in the United States. The processing fees charged by networks total billions of dollars every year, affecting every purchase made with a debit card, according to the FTC. Most of these fees are paid by the merchants to the card-issuing banks and the payment card networks....

Mastercard was flouting the law by setting policies to block merchants from routing ecommerce transactions using Mastercard-branded debit cards saved in ewallets to alternative payment card networks, including networks that may charge lower fees than Mastercard, the FTC alleged. Specifically, Mastercard used its control over a process called "tokenization" to block the use of competing payment card networks, the agency alleged. Transactions commonly are "tokenized" by replacing the cardholder's primary account number with a different number to protect the account number during some stages of a debit transaction. Tokens are stored in ewallets such as Apple Pay, Google Pay, and Samsung Wallet and serve as a substitute credential to provide additional protection for a cardholder's account number....

According to the FTC, Mastercard refuses to provide conversion services to competing networks for remote ewallet debit transactions...thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.

A Valero gas station sells approximately 5,000 gallons of gas a day, one employee estimates.

But local police arrested six men who, in a series of robberies, tricked the pumps out of 30,000 gallons of gasoline, reports the Mercury News, "a haul authorities estimated was worth at least $180,000." Upon further inspection of surveillance video, authorities said, police saw one of the suspects activate a gas-pump computer, allowing another suspect to pump fuel into his vehicle.... An employee from the Valero station, who declined to give their name, called the process the gas thieves used "nearly untraceable."

"You must have a deep understanding of how the pump system works," the person said. "There is a time frame anywhere from 75 seconds to two minutes for the authorization to go through the network [after sliding a credit card into a gas pump]. In this (time period), there's an opportunity to manipulate the pump ... You're able to manipulate the pump and confuse the programming to an extent that the pump starts dispensing gas...."

In a Facebook post, authorities said the three suspects had been "conspiring together in a sophisticated operation to thwart security devices and pump electronics to steal large amounts of gasoline from the business...."

Authorities say $20,000 of damage was done to gas pumps.
Thanks to Slashdot reader k6mfw for submitting the story.

Long-time Slashdot reader theodp writes: In recognition of the innovation and unique nature of 1-Click, the U.S. Patent Office awarded Patent No. 5960411 to Amazon.com for 1-Click on September 28, 1999," boasted an Oct. 1999 Amazon press release. "First made available to Amazon.com customers in September 1997, 1-Click combines with Gift-Click and Wish List to make Amazon.com the most convenient, easiest-to-use shopping destination this holiday season."

The following day, Amazon weaponized its new patent, filing a lawsuit on Oct. 20th saying defendant and competitor Barnes and Noble had illegally copied Amazon's patented 1-Click ordering technology. "We're pleased that Judge Pechman recognized the innovation underlying our 1-Click feature," said Amazon CEO and 1-Click co-inventor Jeff Bezos in a Dec. 1999 Amazon press release celebrating a preliminary injunction that barred barnesandnoble.com from using its 'copycat version of 1-Click technology' while the lawsuit was pending (Amazon and B&N settled in 2002).

"The patent system is designed to encourage innovation on behalf of customers," Amazon had written in its 1999 press release, arguing that in 1997 its 1-Click technology "was a significant step forward for online shoppers that required thousands of hours of effort." It's been noted that B&N first threw down the litigation gauntlet, slapping Amazon with a lawsuit over its marketing claim as "World's Largest Bookstore" just days before Amazon's IPO in May 1997.

USPTO continuity records show a 'child' patent of the original Method and System for Placing a Purchase Order Via a Communications Network patent finally expired due to non-payment of maintenance fees on 10/10/2022, more than 25 years after Amazon applied for its 1-Click patent on 9/22/1997.

U.S. lawmakers have left a proposal to make the federal judiciary's PACER online court records system free out of a sprawling, $1.66 trillion spending measure unveiled on Tuesday, a setback for advocates as the current Congress nears its end. From a report: Supporters of the Open Courts Act had been pushing to get the stalled, bipartisan legislation attached to the omnibus spending measure, which boosts overall spending on the judiciary by nearly 6% to $8.461 billion in fiscal year 2023. Currently, users of PACER, which stands for Public Access to Court Electronic Records, are charged $0.10 per page to download documents up to a $3 cap, which does not cover transcripts. The Open Courts Act would make electronic court records freely available and mandate the judiciary to develop a new website to access them. It had already advanced out of the Senate Judiciary Committee on a bipartisan vote in December 2021.

An anonymous reader quotes a report from Reuters: Microsoft was hit on Tuesday in U.S. court with a private consumer lawsuit claiming the technology company's $69 billion bid to purchase "Call of Duty" maker Activision Blizzard will unlawfully squelch competition in the video game industry. The complaint filed in federal court in California comes about two weeks after the U.S. Federal Trade Commission filed a case with an administrative law judge seeking to stop Microsoft, owner of the Xbox console, from completing the largest-ever acquisition in the video-gaming market. The private lawsuit also seeks an order blocking Microsoft from acquiring Activision. It was filed on behalf of 10 video game players in California, New Mexico and New Jersey.

The proposed acquisition would give Microsoft "far-outsized market power in the video game industry," the complaint alleged, "with the ability to foreclose rivals, limit output, reduce consumer choice, raise prices, and further inhibit competition." A Microsoft representative on Tuesday defended the deal, saying in a statement that it "will expand competition and create more opportunities for gamers and game developers." After the FTC sued, Microsoft President Brad Smith said, "We have complete confidence in our case and welcome the opportunity to present our case in court."

Zimbabwe has prohibited the export of raw lithium from its mines so it can cash in on value addition and stop losing billions of dollars in mineral proceeds to foreign companies. Quartz reports: The ministry of Mines and Mining Development on Dec. 20 published a circular under the Base Minerals Export Control Act that seeks to "ensure that the vision of the president to see the country becoming an upper-middle income economy has been realized." The government says it is losing $1.8 billion in mineral revenues due to smuggling and externalization to South Africa and the United Arab Emirates. Gold is the most smuggled mineral.

With continued high international demand, Zimbabwe is projected to become one of the world's largest lithium exporters, with the government hoping to meet 20% of the world's total demand for lithium when it fully exploits its known lithium resources. Mineral exports account for about 60% (pdf) of Zimbabwe's export earnings while the mining sector contributes 16% to its GDP, according to a 2021 mining report by the London School of Economics.

"No lithium-bearing ores, or unbeneficiated lithium whatsoever, shall be exported from Zimbabwe to another country except under the written permit of the minister," mining minister Winston Chitando says in the circular. However, according to deputy mining minister Polite Kambamura, mining companies that are building processing plants will be excluded from the directive. "If we continue exporting raw lithium we will go nowhere. We want to see lithium batteries being developed in the country," he said. "We have done this in good faith for the growth of industry."

An anonymous reader quotes a report from MIT News: What if the U.S. placed a tax on robots? The concept has been publicly discussed by policy analysts, scholars, and Bill Gates (who favors the notion). Because robots can replace jobs, the idea goes, a stiff tax on them would give firms incentive to help retain workers, while also compensating for a dropoff in payroll taxes when robots are used. Thus far, South Korea has reduced incentives for firms to deploy robots; European Union policymakers, on the other hand, considered a robot tax but did not enact it. Now a study by MIT economists scrutinizes the existing evidence and suggests the optimal policy in this situation would indeed include a tax on robots, but only a modest one. The same applies to taxes on foreign trade that would also reduce U.S. jobs, the research finds.

"Our finding suggests that taxes on either robots or imported goods should be pretty small," says Arnaud Costinot, an MIT economist, and co-author of a published paper detailing the findings. "Although robots have an effect on income inequality ... they still lead to optimal taxes that are modest." Specifically, the study finds that a tax on robots should range from 1 percent to 3.7 percent of their value, while trade taxes would be from 0.03 percent to 0.11 percent, given current U.S. income taxes. "We came in to this not knowing what would happen," says Ivan Werning, an MIT economist and the other co-author of the study. "We had all the potential ingredients for this to be a big tax, so that by stopping technology or trade you would have less inequality, but ... for now, we find a tax in the one-digit range, and for trade, even smaller taxes."

[...] Apart from its bottom-line tax numbers, the study contains some additional conclusions about technology and income trends. Perhaps counterintuitively, the research concludes that after many more robots are added to the economy, the impact that each additional robot has on wages may actually decline. At a future point, robot taxes could then be reduced even further. "You could have a situation where we deeply care about redistribution, we have more robots, we have more trade, but taxes are actually going down," Costinot says. If the economy is relatively saturated with robots, he adds, "That marginal robot you are getting in the economy matters less and less for inequality." The paper, "Robots, Trade, and Luddism: A Sufficient Statistic Approach to Optimal Technology Regulation," appears in advance online form in The Review of Economic Studies.

Former Alameda Research CEO Caroline Ellison and FTX co-founder Gary Wang pleaded guilty to charges tied to FTX's collapse, U.S. Attorney Damian Williams announced Wednesday night. CoinDesk reports: The U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) also announced (PDF) charges against the two, saying Ellison manipulated the price of FTT, an exchange token issued by FTX, at exchange founder Sam Bankman-Fried's direction. The duo are cooperating with investigators, Williams announced. The U.S. Attorney for the Southern District of New York (SDNY) did not specify what they were being charged with.

In a statement, SEC Deputy Enforcement Director Sanjay Wadhwa said the three "were active participants in a scheme to conceal material information from FTX investors, including through the efforts of Mr. Bankman-Fried and Ms. Ellison to artificially prop up the value of FTT, which served as collateral for undisclosed loans that Alameda took out from FTX pursuant to its undisclosed, and virtually unlimited, line of credit." Highlighted in the complaint are multiple times when Bankman-Fried made public statements, and provided investors with documentation via audited financial statements, that Alameda received no preferential treatment from FTX.

Ellison was a close confidant of Bankman-Fried's, and has been targeted by prosecutors for her role in manipulating FTX's exchange token FTT, which Alameda had used as collateral for investments. In early December Ellison, who is thought to reside in Hong Kong or Nassau, was spotted in Manhattan at a coffee shop leading many to suspect she was working with authorities. Shortly after, Ellison retained the law firm WilmerHale to represent herself. WilmerHale counts Stephanie Avakian, a former director of the SEC's Division of Enforcement, as one of its top attorneys. Further reading: FTX Founder Bankman-Fried To Be Released on a $250 Million Bond Package While He Awaits Trial

The FBI is recommending the use of ad blockers, warning in an alert this week that cybercriminals are using online ads in search results to steal or extort money from victims. TechCrunch reports: In a pre-holiday public service announcement, the FBI said that cybercriminals are buying ads to impersonate legitimate brands, like cryptocurrency exchanges. Ads are often placed at the top of search results but with "minimum distinction" between the ads and the search results, the feds say, which can look identical to the brands that the cybercriminals are impersonating. Malicious ads are also used to trick victims into installing malware disguised as genuine apps, which can steal passwords and deploy file-encrypting ransomware. One of the FBI's recommendations for consumers is to install an ad blocker.

As the name suggests, ad blockers are web browser extensions that broadly block online ads from loading in your browser, including in search results. By blocking ads, would-be victims are not shown any ads at all, making it easier to find and access the websites of legitimate brands. Ad blockers don't just remove the enormous bloat from websites, like auto-playing video and splashy ads that take up half the page, which make your computer fans run like jet engines. Ad blockers are also good for privacy, because they prevent the tracking code within ads from loading. That means the ad companies, like Google and Facebook, cannot track you as you browse the web, or learn which websites you visit, or infer what things you might be interested in based on your web history. "Of course, you can switch your ad blocker off any time you want, and even allow or deny ads for entire websites," adds the report.

"Ads are still an important part of what keeps the internet largely free and accessible, including TechCrunch (and Slashdot!), even as subscriptions and paywalls are increasingly becoming the norm."

Sam Bankman-Fried will be released on a $250 million bond package while he awaits trial on fraud charges related to the collapse of the FTX crypto exchange, a federal magistrate judge said on Thursday. From a report: Prosecutors have accused him of stealing billions of dollars in FTX customer funds to plug losses at his hedge fund, Alameda Research. Nicolas Roos, a prosecutor, told U.S. Magistrate Judge Gabriel Gorenstein that the bail package included home detention and location monitoring. Bankman-Fried will also have to surrender his passport. Bankman-Fried's defense counsel said he agreed with these conditions.

National Cyber Director Chris Inglis is leaving the government in the next few months, Politico reports, citing a former U.S. official and a second person familiar with the matter. From the report: For 17 months, Inglis has served as the inaugural holder of a new position as President Joe Biden's top adviser on a range of cybersecurity issues, including the protection of vital U.S. infrastructure from hackers and efforts to improve the government's own digital defenses. "He's done what he came to do -- build an office that's going to stand the test of time," said the former U.S. official, who requested anonymity to discuss an internal personnel matter.

Inglis plans to leave sometime in January, the former official said. Inglis declined to comment on the record. Inglis never said how long he expected to say, and it was unclear if he had moved up his departure timeline. Inglis took office in July 2021 following unanimous Senate confirmation, and since then, he has steadily built up his new team by hiring outside experts and recruiting cybersecurity officials from other agencies. Inglis, a former National Security Agency deputy director, repeatedly described his job as a coordinator of the government's often disparate cybersecurity activities, someone who measured his success by whether the government was increasingly speaking with one voice on cyber issues.

FTX founder Sam Bankman-Fried will soon be in U.S. custody to face criminal charges connected to the collapse of the crypto exchange, after a judge here approved his transfer from a local jail where he has been held. From a report: Mr. Bankman-Fried agreed not to contest his extradition, and in court Wednesday his lawyer read an affidavit in which the former executive waived his right to extradition proceedings and said he had "a desire to make the relevant customers whole." When asked by Magistrate Judge Shaka Serville if the affidavit was his and represented his wishes, Mr. Bankman-Fried said, "Yes, I do wish to waive my right to formal extradition proceedings." He also told the judge he was healthy and doing well.

His lawyer, Jerone Roberts, said his client's reasons were clear. "It has always been his desire to put customers right," he said. Mr. Roberts said Mr. Bankman-Fried "is anxious to leave" and asked that he be transported to the U.S. on Wednesday. The former FTX chief executive has been in a jail in the Bahamas since his arrest last week on charges he stole billions of dollars from customers while misleading lenders and investors. Federal prosecutors in the U.S. attorney's office for the Southern District of New York have charged Mr. Bankman-Fried, 30 years old, with eight criminal counts, including fraud, conspiracy and money-laundering offenses. Alternative, non-paywalled source: The Block.

An anonymous reader shares a report: On the last episode of "Will Anker ever tell us what's actually going on with its security cameras rather than lying and covering its tracks," we told you how Eufy's customer support team is now quietly providing some of the answers to the questions that the company had publicly ignored about its smart home camera security. Now, Anker is finally taking a stab at a public explanation, in a new blog post titled "To our eufy Security Customers and Partners." Unfortunately, it contains no apology, and doesn't begin to address why anyone would be able to view an unencrypted stream in VLC Media Player on the other side of the country, from a supposedly always-local, always-end-to-end-encrypted camera.

Karl Sebastian Greenwood, co-founder of sham "Bitcoin-killer" OneCoin, pleaded guilty in Manhattan federal court to charges of conspiring to defraud investors and to launder money. "Greenwood was arrested in Thailand in July 2018 and subsequently extradited to the US," reports The Register. "OneCoin's other co-founder, 'Cryptoqueen' Ruja Ignatova (Dr. Ruja Ignatova -- she has a law degree), remains a fugitive on the FBI's Ten Most Wanted list and on Europol's Most Wanted list." From the report: "As a founder and leader of OneCoin, Karl Sebastian Greenwood operated one of the largest international fraud schemes ever perpetrated," said US Attorney Damian Williams in a statement. "Greenwood and his co-conspirators, including fugitive Ruja Ignatova, conned unsuspecting victims out of billions of dollars, claiming that OneCoin would be the 'Bitcoin killer.' In fact, OneCoins were entirely worthless." The US has charged at least nine individuals across four related cases, including Greenwood and Ignatova, with fraud charges related to OneCoin. Authorities in China have prosecuted 98 people accused of trying to sell OneCoin. Police in India arrested 18 for pitching the Ponzi scheme.

According to the Justice Department, Greenwood and Ignatova founded OneCoin in Sofia, Bulgaria, in 2014. Until 2017 or so, they're said to have marketed OneCoin as a cryptocurrency to investors. The OneCoin exchange was shut down in January 2017, but trades evidently continued among affiliated individuals for some time. The OneCoin.eu website remained online until 2019. In fact, OneCoin was a multi-level marketing (MLM) pyramid scheme in which network members received commissions when they managed to recruit people to buy OneCoin. The firm's own promotional materials claim more than three million people invested. And between Q4 2014 and Q4 2016, company records claim OneCoin generated more than $4.3 billion in revenue and $2.9 billion in purported profits. At the top of the MLM pyramid, Greenwood is said to have earned $21 million per month. Greenwood and others claimed that OneCoin was mined using computing power like BitCoin and recorded on a blockchain. But it wasn't. As Ignatova allegedly put it in an email to Greenwood, "We are not mining actually -- but telling people shit."

OneCoin's value, according to the Feds, was simply set by those managing the company -- they manipulated the OneCoin exchange to simulate trading volatility but the price of OneCoin always closed higher than it opened. In an August 1, 2015 email, Ignatova allegedly told Greenwood that one of the goals for the OneCoin trade exchange was "always close on a high price end of day open day with high price, build confidence -- better manipulation so they are happy." According to the Justice Department, the value assigned to OneCoin grew steadily from $0.53 to approximately $31.80 per coin and never declined.

Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November. BleepingComputer reports: In credential stuffing attacks, automated tools are used to make a massive number of attempts to sign into accounts using credentials (user/password pairs) stolen from other online services. [...] In a data breach notification filed with the Main Attorney General's office, DraftKings disclosed that the data of 67,995 people was exposed in last month's incident. The company said the attackers obtained the credentials needed to log into the customers' accounts from a non-DraftKings source.

"In the event an account was accessed, among other things, the attacker could have viewed the account holder's name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change," the breach notification reads. "At this time, there is currently no evidence that the attackers accessed your Social Security number, driver's license number or financial account number. While bad actors may have viewed the last four digits of your payment card, your full payment card number, expiration date, and your CVV are not stored in your account."

After detecting the attack, DraftKings reset the affected accounts' passwords and said it implemented additional fraud alerts. It also restored the funds withdrawn as a result of the credential attack, refunding up to $300,000 identified as stolen during the incident, as DraftKings President and Cofounder Paul Liberman said in November. The common denominator for user accounts that got hijacked seems to be an initial $5 deposit followed by a password change, enabling two-factor authentication (2FA) on a different phone number and then withdrawing as much as possible from the victims' linked bank accounts. While DraftKings has not shared additional info on how the attackers stole funds, BleepingComputer has since learned that the attack was conducted by a threat actor selling stolen accounts with deposit balances on an online marketplace for $10 to $35. The sales included instructions on how the buyers could make $5 deposits and withdraw all of the money from hijacked DraftKings user accounts. "After DraftKings announced the credential stuffing attack, they locked down the breached accounts, with the threat actors warning that their campaign was no longer working," adds the report.

"The company is now advising customers never to use the same password for multiple online services, never share their credentials with third-party platforms, turn on 2FA on their accounts immediately, and remove banking details or unlink their bank accounts to block future fraudulent withdrawal requests."

An anonymous reader quotes a report from Ars Technica: Federal prosecutors have charged two men with allegedly taking part in a spree of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to livestream the police response on social media. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, gained access to 12 Ring cameras after compromising the Yahoo Mail accounts of each owner, prosecutors alleged in an indictment filed Friday in the Central District of California. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor's home. When police arrived at the residence, Nelson allegedly accessed the residence's Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond. It's not clear how the defendants allegedly obtained the Yahoo account credentials. A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals. Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.