A registered sex offender has become the first person in England and Wales to be convicted of cyber-flashing. The BBC reports: Nicholas Hawkes, 39, of Basildon, Essex, sent unsolicited photos of his erect penis to a 15-year-old girl and a woman on Friday. The woman took screenshots of the image on WhatsApp and reported Hawkes to Essex Police the same day. Hawkes admitted two charges when he appeared before magistrates in Southend earlier. He is the first person to be convicted of the new offense of cyber-flashing, which was brought in under the Online Safety Act and came into effect on January 31.

After pleading guilty to two counts of sending a photograph or film of genitals to cause alarm, distress, or humiliation, he was remanded in custody until March 11, when he will be sentenced at Basildon Crown Court. Hawkes is a registered sex offender until November 2033 after he was convicted and given a community order for sexual activity with a child under 16 and exposure last year at Basildon Crown Court, the CPS said. He will also be sentenced for breaching the order when he is sentenced in March.

Former FTX customers "have reasons to believe they could actually recoup their money," reports CNBC: Bankman-Fried, who could spend the rest of his life behind bars, was found guilty in November on seven criminal counts after roughly $10 billion in customer funds from his company went missing. Some of that money went to pay for Bankman-Fried's lavish lifestyle, but much of it went towards other investments that have, of late, appreciated dramatically in value. Lawyers representing the bankruptcy estate of FTX told a judge in Delaware last week that they expect to fully repay customers and creditors with legitimate claims. Bankruptcy attorney Andrew Dietderich, who works with FTX's new leadership team, said "there is still a great amount of work and risk" ahead in getting all the money back to clients, but that the team has a "strategy to achieve it."

It's a welcome development for the many thousands of customers (reportedly up to a million) who collectively lost billions of dollars in FTX's collapse 15 months ago, when the crypto exchange spiraled into bankruptcy in a matter of days. Given the lightly regulated and unsecured nature of FTX — and the crypto industry at large — those clients faced the real possibility that the vast majority of their money had evaporated. Plenty of failed hedge funds and lenders lost virtually everything during the 2022 crypto winter... [C]rypto was mired in a bear market, with bitcoin trading at around $16,000. It's now above $47,000... FTX's bitcoin stash, which was worth $560 million at the time of the September report, is today valued north of $1 billion.

Bankman-Fried's investments weren't limited to crypto. He also used client money to back startups like Anthropic, the artificial intelligence company founded by ex-OpenAI employees. FTX invested $500 million in Anthropic in 2021, before the generative AI boom. Anthropic's valuation hit $18 billion in December 2023, which would value FTX's roughly 8% stake at about $1.4 billion.
CNBC suggests this could affect the length of Bankman-Fried's prison sentence (which will be determined next month).

There's now also a so-called "FTX IOU" market where investors are selling their debt, CNBC adds. "One financial firm that had lost around $100 million initially sold its FTX debt for 6 cents on the dollar in a new secondary market out of concern that he may never get a better deal. As of December, those claims were going for more than 70 cents on the dollar."

CNBC also reports that FTX "had been negotiating with bidders about a potential reboot of the company, but those efforts were scrapped last month."

Thousands of people using the London Underground had their movements, behavior, and body language watched by AI surveillance software designed to see if they were committing crimes or were in unsafe situations, new documents obtained by WIRED reveal. From the report: The machine-learning software was combined with live CCTV footage to try to detect aggressive behavior and guns or knives being brandished, as well as looking for people falling onto Tube tracks or dodging fares. From October 2022 until the end of September 2023, Transport for London (TfL), which operates the city's Tube and bus network, tested 11 algorithms to monitor people passing through Willesden Green Tube station, in the northwest of the city. The proof of concept trial is the first time the transport body has combined AI and live video footage to generate alerts that are sent to frontline staff. More than 44,000 alerts were issued during the test, with 19,000 being delivered to station staff in real time.

Documents sent to WIRED in response to a Freedom of Information Act request detail how TfL used a wide range of computer vision algorithms to track people's behavior while they were at the station. It is the first time the full details of the trial have been reported, and it follows TfL saying, in December, that it will expand its use of AI to detect fare dodging to more stations across the British capital. In the trial at Willesden Green -- a station that had 25,000 visitors per day before the Covid-19 pandemic -- the AI system was set up to detect potential safety incidents to allow staff to help people in need, but it also targeted criminal and antisocial behavior. Three documents provided to WIRED detail how AI models were used to detect wheelchairs, prams, vaping, people accessing unauthorized areas, or putting themselves in danger by getting close to the edge of the train platforms.

A radio station in Alabama has been forced to temporarily shut down after thieves stole a 200ft radio tower. The Guardian reports: WJLX, a station in Jasper, Alabama, was ordered to go off air by the Federal Communications Commission (FCC) after thieves took the station's AM tower last week, the Guardian first learned. "In all my years of being in the business, around the business, everything like that, I have never seen anything like this," WJLX's general manager, Brett Elmore, told the Guardian. "You don't hear of a 200ft tower being stolen," he added.

Elmore said the theft was first discovered last week by a landscaping crew that regularly manages the area nearby the tower, WBRC reported. "They called me and said the tower was gone. And I said, 'What do you mean, the tower is gone?'" Elmore said. The radio tower was previously located in a wooded area, behind a local poultry plant. Elmore said that thieves had cut the tower's wires and somehow removed it. Thieves also stole the station's AM transmitter from a nearby building.

For the small radio station, the theft has had a significant impact. Elmore said the station's property was not insured. Replacing the tower could cost the station anywhere between $100,000 to $150,000, which is "more money than we have," Elmore said. The FCC also notified WJLX on Thursday morning that the station would have to go off the air because of the theft. While WJLX still has its FM transmitter and tower, it is not allowed to operate its FM transmitter while the AM station is off the air. "I had a guy from Virginia call yesterday and say, 'You know, I think a helicopter grabbed [the tower],'" Elmore said. He's hoping that surveillance video from the nearby poultry plant or witnesses nearby can help figure out who stole the station's tower.

An anonymous reader quotes a report from TechCrunch: AI-generated imagery and other forms of deepfakes depicting child sexual abuse (CSA) could be criminalized in the European Union under plans to update existing legislation to keep pace with technology developments, the Commission announced today. It's also proposing to create a new criminal offense of livestreaming child sexual abuse. The possession and exchange of "pedophile manuals" would also be criminalized under the plan -- which is part of a wider package of measures the EU says is intended to boost prevention of CSA, including by increasing awareness of online risks and to make it easier for victims to report crimes and obtain support (including granting them a right to financial compensation). The proposal to update the EU's current rules in this area, which date back to 2011, also includes changes around mandatory reporting of offenses.

Back in May 2022, the Commission presented a separate piece of CSA-related draft legislation, aiming to establish a framework that could make it obligatory for digital services to use automated technologies to detect and report existing or new child sexual abuse material (CSAM) circulating on their platforms, and identify and report grooming activity targeting kids. The CSAM-scanning plan has proven to be highly controversial -- and it continues to split lawmakers in the parliament and the Council, as well as kicking up suspicions over the Commission's links with child safety tech lobbyists and raising other awkward questions for the EU's executive, over a legally questionable foray into microtargeted ads to promote the proposal. The Commission's decision to prioritize the targeting of digital messaging platforms to tackle CSA has attracted a lot of criticism that the bloc's lawmakers are focusing in the wrong area for combatting a complex societal problem -- which may have generated some pressure for it to come with follow-on proposals. (Not that the Commission is saying that, of course; it describes today's package as "complementary" to its earlier CSAM-scanning proposal.) "Fast evolving technologies are creating new possibilities for child sexual abuse online, and raises challenges for law enforcement to investigate this extremely serious and wide spread crime," said Ylva Johansson, commissioner for home affairs, in a statement. "A strong criminal law is essential and today we are taking a key step to ensure that we have effective legal tools to rescue children and bring perpetrators to justice. We are delivering on our commitments made in the EU Strategy for a more effective fight against Child sexual abuse presented in July 2020."

The final shape of the proposals will be determined by the EU's co-legislators in the Parliament and Council. "If/when there's agreement on how to amend the current directive on combating CSA, it would enter into force 20 days after its publication in the Official Journal of the EU," adds TechCrunch.

An anonymous reader shares a report: An underground website called OnlyFake is claiming to use "neural networks" to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds. In our own tests, OnlyFake created a highly convincing California driver's license, complete with whatever arbitrary name, biographical information, address, expiration date, and signature we wanted. The photo even gives the appearance that the ID card is laying on a fluffy carpet, as if someone has placed it on the floor and snapped a picture, which many sites require for verification purposes. 404 Media then used another fake ID generated by this site to successfully step through the identity verification process on OKX. OKX is a cryptocurrency exchange that has recently appeared in multiple court records because of its use by criminals.

Rather than painstakingly crafting a fake ID by hand -- a highly skilled criminal profession that can take years to master -- or waiting for a purchased one to arrive in the mail with the risk of interception, OnlyFake lets essentially anyone generate fake IDs in minutes that may seem real enough to bypass various online verification systems. Or at least fool some people. "The era of rendering documents using Photoshop is coming to an end," an announcement posted to OnlyFake's Telegram account reads. As well as "neural networks," the service claims to use "generators" which create up to 20,000 documents a day. The service's owner, who goes by the moniker John Wick, told 404 Media that hundreds of documents can be generated at once using data from an Excel table.

Slashdot reader Press2ToContinue shared this report from WION: : The Hong Kong branch of a multinational company has lost $25.6 million after a scammer used deepfake technology to pose as the firm's chief financial officer (CFO) in a video conference call and ordered money transfers, according to the police, in what is being highlighted as first of its kind cases in the city.

The transaction was ordered during a meeting where it was found that everyone present on the video call except the victim were deepfakes of real people, said the Hong Kong police, on Friday (Feb 2)...

Scammers in this case used deepfake technology to turn publicly available video and other footage of staff members into convincing meeting participants.

An anonymous reader quotes a report from ProPublica: Over the last decade, police departments across the U.S. have spent millions of dollars equipping their officers with body-worn cameras that record what happens as they go about their work. Everything from traffic stops to welfare checks to responses to active shooters is now documented on video. The cameras were pitched by national and local law enforcement authorities as a tool for building public trust between police and their communities in the wake of police killings of civilians like Michael Brown, an 18 year old black teenager killed in Ferguson, Missouri in 2014. Video has the potential not only to get to the truth when someone is injured or killed by police, but also to allow systematic reviews of officer behavior to prevent deaths by flagging troublesome officers for supervisors or helping identify real-world examples of effective and destructive behaviors to use for training. But a series of ProPublica stories has shown that a decade on, those promises of transparency and accountability have not been realized.

One challenge: The sheer amount of video captured using body-worn cameras means few agencies have the resources to fully examine it. Most of what is recorded is simply stored away, never seen by anyone. Axon, the nation's largest provider of police cameras and of cloud storage for the video they capture, has a database of footage that has grown from around 6 terabytes in 2016 to more than 100 petabytes today. That's enough to hold more than 5,000 years of high definition video, or 25 million copies of last year's blockbuster movie "Barbie." "In any community, body-worn camera footage is the largest source of data on police-community interactions. Almost nothing is done with it," said Jonathan Wender, a former police officer who heads Polis Solutions, one of a growing group of companies and researchers offering analytic tools powered by artificial intelligence to help tackle that data problem.

The Paterson, New Jersey, police department has made such an analytic tool a major part of its plan to overhaul its force. In March 2023, the state's attorney general took over the department after police shot and killed Najee Seabrooks, a community activist experiencing a mental health crisis who had called 911 for help. The killing sparked protests and calls for a federal investigation of the department. The attorney general appointed Isa Abbassi, formerly the New York Police Department's chief of strategic initiatives, to develop a plan for how to win back public trust. "Changes in Paterson are led through the use of technology," Abbassi said at a press conference announcing his reform plan in September, "Perhaps one of the most exciting technology announcements today is a real game changer when it comes to police accountability and professionalism." The department, Abassi said, had contracted with Truleo, a Chicago-based software company that examines audio from bodycam videos to identify problematic officers and patterns of behavior.

For around $50,000 a year, Truleo's software allows supervisors to select from a set of specific behaviors to flag, such as when officers interrupt civilians, use profanity, use force or mute their cameras. The flags are based on data Truleo has collected on which officer behaviors result in violent escalation. Among the conclusions from Truleo's research: Officers need to explain what they are doing. "There are certain officers who don't introduce themselves, they interrupt people, and they don't give explanations. They just do a lot of command, command, command, command, command," said Anthony Tassone, Truleo's co-founder. "That officer's headed down the wrong path." For Paterson police, Truleo allows the department to "review 100% of body worn camera footage to identify risky behaviors and increase professionalism," according to its strategic overhaul plan. The software, the department said in its plan, will detect events like uses of force, pursuits, frisks and non-compliance incidents and allow supervisors to screen for both "professional and unprofessional officer language." There are around 30 police departments currently use Truleo, according to the company.

Christopher J. Schneider, a professor at Canada's Brandon University who studies the impact of emerging technology on social perceptions of police, is skeptical the AI tools will fix the problems in policing because the findings might be kept from the public just like many internal investigations. "Because it's confidential," he said, "the public are not going to know which officers are bad or have been disciplined or not been disciplined."

An anonymous reader quotes a report from Wired: A California teenager prosecutors say is responsible for hundreds of swatting attacks around the United States was exposed after law enforcement pieced together a digital trail left on some of the internet's largest platforms, according to court records released this week. Alan Winston Filion, a 17-year-old from Lancaster, California, faces four felony charges in Florida's Seminole County related to swatting, or fake threats called into the police to provoke a forceful response, according to Florida state prosecutors. Police arrested Filion on January 18, and he was extradited to Seminole County this week.

Filion's arrest, first reported by WIRED on January 26, marks the culmination of a multi-agency manhunt for the person police claim is responsible for swatting attacks on high schools, historically black colleges and universities, mosques, and federal agents, and for threats to bomb the Pentagon, members of the United States Senate, and the US Supreme Court. Ultimately, a YouTube channel, Discord chats, and usernames related to The Lord of the Rings helped lead authorities to Filion's doorstep.

Florida prosecutors charged Filion with four felony counts, including three related to allegedly making false reports to law enforcement and one for unlawful use of a two-way radio for "facilitating or furthering an act of terrorism" that authorities say targeted people based on race, religion, or other protected classes. While prosecutors alleged that Filion "is responsible for hundreds of swatting and bomb threat incidents throughout the United States," the charges Filion faces relate to a single May 12, 2023, swatting attack against the Masjid Al Hayy Mosque in Sanford, Florida. [...] At 2 pm EST on Wednesday, Filion shuffled into a Seminole County courtroom and stood quietly as the judge read the charges against him. He is currently being held without bond.

When FTX filed for bankruptcy in November 2022, the defunct cryptocurrency exchange suffered a hack that resulted in more than $380 million in crypto stolen from FTX's virtual wallets. It turns out that FTX was hit with a SIM-swapping scam orchestrated by ringleader Robert Powell. Powell, along with Carter Rohn and Emily Hernandez, have been indicted and are due to appear in Chicago federal court later Friday for a detention hearing. CNBC reports: The three defendants are charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, in a scheme that ran from March 2021 to last April, and involved the co-conspirators traveling to cellphone retail stores in more than 15 states. The indictment says the trio shared the personal identifying information of more than 50 victims, created fake identification documents in the victims' names, impersonated them and then accessed their victims' "online, financial and social media accounts for the purpose of stealing money and data."

The scheme relied on duping phone companies into swapping the Subscriber Identity Module of cell phone subscribers into a cellphone controlled by members of the conspiracy, the indictment said. That in turn allowed the conspirators to defeat the multifactor authentication protection on the victims' accounts, giving them access to the money in those accounts. The indictment does not identify FTX by name as the main victim of the conspiracy, but the details of the hack described in that charging document align with the details publicly known about the theft from FTX, which was collapsing at the time of the attack.

Joshua Schulte, a former CIA software engineer, was sentenced to 40 years in prison on Thursday for carrying out the largest theft of classified information in the agency's history and possessing child pornography. The Guardian reports: The 40-year sentence by US district judge Jesse Furman was for "crimes of espionage, computer hacking, contempt of court, making false statements to the FBI, and child pornography," federal prosecutors said in a statement. The judge did not impose a life sentence as sought by prosecutors. Joshua Schulte was convicted in July 2022 on four counts each of espionage and computer hacking and one count of lying to FBI agents, after giving classified materials to the whistleblowing agency WikiLeaks in the so-called Vault 7 leak. Last August, a judge mostly upheld the conviction.

WikiLeaks in March 2017 began publishing the materials, which concerned how the CIA surveilled foreign governments, alleged extremists and others by compromising their electronics and computer networks. Prosecutors characterized Schulte's actions as "the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information" in US history. Prosecutors also said Schulte received thousands of images and videos of child sexual abuse, and that they found the material in Schulte's New York apartment, in an encrypted container beneath three layers of password protection, during the CIA leaks investigation.

Cargo theft from freight trains in the Los Angeles area has surged, with detectives estimating over 90 containers being opened daily and that theft on their freight trains in the Union Pacific area was up some 160 percent from the previous year. Nationally, cargo theft neared $1 billion in losses last year. Companies decline comment but California's governor publicly questioned the widespread railroad theft. Most arrested were not organized; many were homeless people nearby opportunistically taking fallen boxes off tracks. Theft stems largely from e-commerce boom that reshaped freight shipping to meet consumer demand, opening vulnerabilities. Railroad police forces and online retailers aim to combat this but concede difficulty tracking stolen goods resold anonymously online. Some products stolen from containers even get resold back on Amazon. The New York Times Magazine: Sometimes products stolen out of Amazon containers are resold by third-party sellers back on Amazon in a kind of strange ouroboros, in which the snakehead of capitalism hungrily swallows its piracy tail. Last June, California's attorney general created what was touted as a first-of-its-kind agreement among online retailers that committed them to doing a better job tracking, reporting and preventing stolen items from being resold on their platforms. While declining to comment on specific cases, a spokesperson for Amazon told me that the company is working to improve the process of vetting sellers: The number of "bad actor attempts" to create new selling accounts on Amazon decreased to 800,000 in 2022 from six million in 2020.

Amazon's Ring home doorbell unit says it will stop letting police departments request footage from users' video doorbells and surveillance cameras, retreating from a practice that was criticized by civil liberties groups and some elected officials. Bloomberg: Next week, the company will disable its Request For Assistance tool (non-paywalled link), the program that had allowed law enforcement to seek footage from users on a voluntary basis, Eric Kuhn, who runs Ring's Neighbors app, said in a blog post on Wednesday. Police and fire departments will have to seek a warrant to request footage from users or show the company evidence of an ongoing emergency.

Kuhn didn't say why Ring was disabling the tool. Yassi Yarger, a spokesperson, said Ring had decided to devote its resources to new products and experiences in the Neighbors app that better fit with the company's vision. The aim is to make Neighbors, which had been focused on crime and safety, into more of a community hub, she said. New features announced on Wednesday -- one called Ring Moments that lets users post clips and a company-produced Best of Ring -- highlight that push.

Thomas Claburn reports via The Register: A security researcher in Germany has been fined $3,300 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.

With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor's clients stored on that database server. That info is said to have included personal details of those customers' own customers. And we're told that Modern Solution's program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords. The contractor's findings were discussed in a June 23, 2021 report by Mark Steier, who writes about e-commerce. That same day Modern Solution issued a statement [PDF] -- translated from German -- summarizing the incident [...]. The statement indicates that sensitive data about Modern Solution customers was exposed: last names, first names, email addresses, telephone numbers, bank details, passwords, and conversation and call histories. But it claims that only a limited amount of data -- names and addresses -- about shoppers who made purchases from these retail clients was exposed. Steier contends that's incorrect and alleged that Modern Solution downplayed the seriousness of the exposed data, which he said included extensive customer data from the online stores operated by Modern Solution's clients.

In September 2021 police in Germany seized the IT consultant's computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge â" he worked previously for a related firm -- and the biz claimed he was a competitor. Hendrik H. was charged with unlawful data access under Section 202a of Germany's Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation's cybersecurity law. In June, 2023, a Julich District Court in western Germany sided with the IT consultant because the Modern Solution software was insufficiently protected. But the Aachen regional court directed the district court to hear the complaint. Now, the district court has reversed its initial decision. On January 17, a Julich District Court fined Hendrik H. and directed him to pay court costs.

One man living in Virginia oversaw "the laundering of some $7 million in fraudulently obtained gift cards" from Walmart in an international operation which over five years scammed hundreds of victims into sending the numbers over the phone, reports a new ProPublica investigation. (Citing court evidence that emerged after his arrested in 2021). Earlier that year, he complained to an associate that more and more people were competing to resell cards in China, eating into his profits. So many scammers were flocking to Walmart that he and his team regularly encountered them at self-checkout counters.... "We ran into quite a few at the store, and we even started chatting."
It was apparently so common that federal prosecutors started calling it "The Walmart scheme." And while the store is supposed to watch for customers who appear to be acting on a scammer's instructions, "Too often, Walmart has failed." America's largest retailer has long been a facilitator of fraud on a mass scale, a ProPublica investigation has found. For roughly a decade, Walmart has resisted tougher enforcement while breaking promises to regulators and skimping on employee training, according to more than 50 interviews, internal documents supplied by former industry executives, court filings and other public records...More than $1 billion in fraud losses were routed through the company's financial systems between 2013 and 2022, according to filings by the Federal Trade Commission and court cases analyzed by ProPublica. That has helped fuel a boom in financial chicanery. Americans, many of them elderly, were swindled out of $27 billion between 2013 and 2022, according to the FTC...

Walmart has a financial incentive to avoid cracking down. It makes money each time a Walmart gift card is used and earns a fee when another brand of card is bought. And it receives one commission when a person sends a money transfer and a second when the recipient picks it up. The company's financial services business generates hundreds of millions in annual profits. (Its filings do not provide specific figures for gift cards and money transfers.) "They were concerned about the bucks. That's all," Nick Alicea, a former fraud team leader for the U.S. Postal Inspection Service who investigated Walmart for years, told ProPublica. Walmart's deficiencies have repeatedly attracted government scrutiny. In 2017, the attorneys general of New York and Pennsylvania investigated Walmart over concerns that it was "reaping the benefits" of gift card fraud. The investigation concluded a year later with Walmart promising to restrict or eliminate the use of its gift cards to purchase other gift cards...

Instead, the company let the practice continue until 2022 — even after it knew that millions of dollars were being laundered through its stores. The FTC sued Walmart in 2022, alleging it "turned a blind eye" as criminals took advantage of its money transfer service. Walmart, the FTC claimed, pocketed millions in fees while "letting fraudsters fleece its customers." Summarizing the FTC's evidence, a federal judge in the case wrote that "Walmart knew that its services were used by fraudsters" and that the company was repeatedly warned about certain stores where "twenty-five, fifty, or even seventy-five percent of money transfer activity was fraudulent." Separately, a federal grand jury in Pennsylvania is hearing evidence of possible criminal conduct in Walmart's money transfer business, according to corporate filings that did not detail the allegations.
While the FTC says Americans were swindled out of $27 billion between 2013 and 2022, Walmart responded to ProPublica's investigation by pointing out it's refunded $4 million to gift-card fraud victims, and also blocked more than $700 million in suspicious money transfers. "We have a robust anti-fraud program and other controls to help stop scammers and other criminals who may use the financial services we offer to harm our customers." The company's legal filings in the FTC case struck a different tone. Walmart is seeking to dismiss the suit, partly on the grounds that it has "no responsibility to protect against the criminal conduct of third parties." Though fraud is "deeply unfortunate," Walmart argues, such schemes are "reasonably avoidable by consumers."
Other interesting quotes from the article:

• "Walmart outlets at one point accounted for the top 20 locations for fraud nationally among chains that partnered with MoneyGram, according to internal documents."

• "In a single week in March 2017, consumers claiming they'd been duped into a money transfer filed 610 complaints about Walmart, according to documents obtained by ProPublica. CVS ranked second, with 47."

• "Site inspections routinely found that Walmart staff lacked anti-fraud training and that employees failed to ask screening questions..."

• Walmart resisted MoneyGram's attempts to fight fraud [according to the former fraud team leader for the postal inspector's office in Harrisburg, Pennsylvania, who investigated MoneyGram and Walmart].

In 2003, Hans Reiser answered questions from Slashdot's readers...

Today Wikipedia describes Hans Reiser as "a computer programmer, entrepreneur, and convicted murderer... Prior to his incarceration, Reiser created the ReiserFS computer file system, which may be used by the Linux kernel but which is now scheduled for removal in 2025, as well as its attempted successor, Reiser4."

This week alanw (Slashdot reader #1,822), spotted a development on the Linux kernel mailing list. "Hans Reiser (imprisoned for the murder of his wife) has written a letter, asking it to be published to Slashdot." Reiser writes: I was asked by a kind Fredrick Brennan for my comments that I might offer on the discussion of removing ReiserFS V3 from the kernel. I don't post directly because I am in prison for killing my wife Nina in 2006.

I am very sorry for my crime — a proper apology would be off topic for this forum, but available to any who ask.

A detailed apology for how I interacted with the Linux kernel community, and some history of V3 and V4, are included, along with descriptions of what the technical issues were. I have been attending prison workshops, and working hard on improving my social skills to aid my becoming less of a danger to society. The man I am now would do things very differently from how I did things then.
Click here for the rest of Reiser's introduction, along with a link to the full text of the letter...

The letter is dated November 26, 2023, and ends with an address where Reiser can be mailed. Ars Technica has a good summary of Reiser's lengthy letter from prison — along with an explanation for how it came to be. With the ReiserFS recently considered obsolete and slated for removal from the Linux kernel entirely, Fredrick R. Brennan, font designer and (now regretful) founder of 8chan, wrote to the filesystem's creator, Hans Reiser, asking if he wanted to reply to the discussion on the Linux Kernel Mailing List (LKML). Reiser, 59, serving a potential life sentence in a California prison for the 2006 murder of his estranged wife, Nina Reiser, wrote back with more than 6,500 words, which Brennan then forwarded to the LKML. It's not often you see somebody apologize for killing their wife, explain their coding decisions around balanced trees versus extensible hashing, and suggest that elementary schools offer the same kinds of emotional intelligence curriculum that they've worked through in prison, in a software mailing list. It's quite a document...

It covers, broadly, why Reiser believes his system failed to gain mindshare among Linux users, beyond the most obvious reason. This leads Reiser to detail the technical possibilities, his interpersonal and leadership failings and development, some lingering regrets about dealings with SUSE and Oracle and the Linux community at large, and other topics, including modern Russian geopolitics... Reiser asks that a number of people who worked on ReiserFS be included in "one last release" of the README, and to "delete anything in there I might have said about why they were not credited." He says prison has changed him in conflict resolution and with his "tendency to see people in extremes...."

Reiser writes that he understood the difficulty ahead in getting the Linux world to "shift paradigms" but lacked the understanding of how to "make friends and allies of people" who might initially have felt excluded. This is followed by a heady discussion of "balanced trees instead of extensible hashing," Oracle's history with implementing balanced trees, getting synchronicity just right, I/O schedulers, block size, seeks and rotational delays on magnetic hard drives, and tails. It leads up to a crucial decision in ReiserFS' development, the hard non-compatible shift from V3 to Reiser 4. Format changes, Reiser writes, are "unwanted by many for good reasons." But "I just had to fix all these flaws, fix them and make a filesystem that was done right. It's hard to explain why I had to do it, but I just couldn't rest as long as the design was wrong and I knew it was wrong," he writes. SUSE didn't want a format change, but Reiser, with hindsight, sees his pushback as "utterly inarticulate and unsociable." The push for Reiser 4 in the Linux kernel was similar, "only worse...."

He encourages people to "allow those who worked so hard to build a beautiful filesystem for the users to escape the effects of my reputation." Under a "Conclusion" sub-heading, Reiser is fairly succinct in summarizing a rather wide-ranging letter, minus the minutiae about filesystem architecture.

I wish I had learned the things I have been learning in prison about talking through problems, and believing I can talk through problems and doing it, before I had married or joined the LKML. I hope that day when they teach these things in Elementary School comes.

I thank Richard Stallman for his inspiration, software, and great sacrifices,

It has been an honor to be of even passing value to the users of Linux. I wish all of you well.


It both is and is not a response to Brennan's initial prompt, asking how he felt about ReiserFS being slated for exclusion from the Linux kernel. There is, at the moment, no reply to the thread started by Brennan.

Organized crime is mining sand from rivers and coasts to feed demand worldwide, ruining ecosystems and communities. Can it be stopped? Scientific American reports: Very few people are looking closely at the illegal sand system or calling for changes, however, because sand is a mundane resource. Yet sand mining is the world's largest extraction industry because sand is a main ingredient in concrete, and the global construction industry has been soaring for decades. Every year the world uses up to 50 billion metric tons of sand, according to a United Nations Environment Program report. The only natural resource more widely consumed is water. A 2022 study by researchers at the University of Amsterdam concluded that we are dredging river sand at rates that far outstrip nature's ability to replace it, so much so that the world could run out of construction-grade sand by 2050. The U.N. report confirms that sand mining at current rates is unsustainable.

The greatest demand comes from China, which used more cement in three years (6.6 gigatons from 2011 through 2013) than the U.S. used in the entire 20th century (4.5 gigatons), notes Vince Beiser, author of The World in a Grain. Most sand gets used in the country where it is mined, but with some national supplies dwindling, imports reached $1.9 billion in 2018, according to Harvard's Atlas of Economic Complexity. Companies large and small dredge up sand from waterways and the ocean floor and transport it to wholesalers, construction firms and retailers. Even the legal sand trade is hard to track. Two experts estimate the global market at about $100 billion a year, yet the U.S. Geological Survey Mineral Commodity Summaries indicates the value could be as high as $785 billion.

Sand in riverbeds, lake beds and shorelines is the best for construction, but scarcity opens the market to less suitable sand from beaches and dunes, much of it scraped illegally and cheaply. With a shortage looming and prices rising, sand from Moroccan beaches and dunes is sold inside the country and is also shipped abroad, using organized crime's extensive transport networks, Abderrahmane has found. More than half of Morocco's sand is illegally mined, he says.

An anonymous reader quotes a report from Wired: Stablecoins, cryptocurrencies pegged to a stable value like the US dollar, were created with the promise of bringing the frictionless, border-crossing fluidity of Bitcoin to a form of digital money with far less volatility. That combination has proved to be wildly popular, rocketing the total value of stablecoin transactions since 2022 past even that of Bitcoin itself. It turns out, however, that as stablecoins have become popular among legitimate users over the past two years, they were even more popular among a different kind of user: those exploiting them for billions of dollars of international sanctions evasion and scams.

As part of itsannual crime report, cryptocurrency-tracing firm Chainalysis today released new numbers on the disproportionate use of stablecoins for both of those massive categories of illicit crypto transactions over the last year. By analyzing blockchains, Chainalysis determined that stablecoins were used in fully 70 percent of crypto scam transactions in 2023, 83 percent of crypto payments to sanctioned countries like Iran and Russia, and 84 percent of crypto payments to specifically sanctioned individuals and companies. Those numbers far outstrip stablecoins' growing overall use -- including for legitimate purposes -- which accounted for 59 percent of all cryptocurrency transaction volume in 2023.

In total, Chainalysis measured $40 billion in illicit stablecoin transactions in 2022 and 2023 combined. The largest single category of that stablecoin-enabled crime was sanctions evasion. In fact, across all cryptocurrencies, sanctions evasion accounted for more than half of the $24.2 billion in criminal transactions Chainalysis observed in 2023, with stablecoins representing the vast majority of those transactions. [...] Chainalysis concedes that the analysis in its report excludes some cryptocurrencies like Monero and Zcash that are designed to be harder or impossible to trace with blockchain analysis. It also says it based its numbers on the type of cryptocurrency sent directly to an illicit actor, which may leave out other currencies used in money laundering processes that repeatedly swap one type of cryptocurrency for another to make tracing more difficult. "Whether it's an individual located in Iran or a bad guy trying to launder money -- either way, there's a benefit to the stability of the US dollar that people are looking to obtain," says Andrew Fierman, Chainalysis' head of sanctions strategy. "If you're in a jurisdiction where you don't have access to the US dollar due to sanctions, stablecoins become an interesting play."

Fierman points to Nobitex, the largest cryptocurrency exchange operating in the sanctioned country of Iran, as well as Garantex, a notorious exchange based in Russia that has been specifically sanctioned for its widespread criminal use. According to Chainalysis, "Stablecoin usage on Nobitex outstrips bitcoin by a 9:1 ratio, and on Garantex by a 5:1 ratio," reports Wired. "That's a stark difference from the roughly 1:1 ratio between stablecoins and bitcoins on a few nonsanctioned mainstream exchanges that Chainalysis checked for comparison."

Speaking of cyber attacks, JPMorgan Chase is targeted by hackers trying to infiltrate its systems 45 billion times a day (Warning: source may be paywalled; alternative source) -- twice the rate at which it was attacked a year earlier -- the bank's head of asset and wealth management has said. FT: Speaking at Davos on Wednesday, Mary Erdoes said the bank spent $15bn on technology every year and employed 62,000 technologists, with many focused solely on combating the rise in cyber crime. "We have more engineers than Google or Amazon. Why? Because we have to," she said. "The fraudsters get smarter, savvier, quicker, more devious, more mischievous."

Western lenders have suffered a surge in cyber attacks in the past two years, which has been partly blamed on Russian hackers acting in response to sanctions placed on the country and its banks following its full-scale invasion of Ukraine. But the use of artificial intelligence by cyber criminals has also increased the number of incidents and level of sophistication of attacks. UPDATE 1/18/24: In a statement provided to Slashdot, a JPMorgan spokesperson said: "The 45 billion per day figure measures numerous activities, not just hacking attempts. As updated by Bloomberg, 'Examples of activity can include user log ins like employee virtual desktops, and scanning activity, which are often highly automated and not targeted.'" Bloomberg and FT have updated their articles accordingly.

E-commerce giant eBay agreed to pay a $3 million penalty for the harassment and stalking of a Massachusetts couple by several of its employees. "The couple, Ina and David Steiner, had been subjected to threats and bizarre deliveries, including live spiders, cockroaches, a funeral wreath and a bloody pig mask in August 2019," reports CBS News. From the report: Thursday's fine comes after several eBay employees ran a harassment and intimidation campaign against the Steiners, who publish a news website focusing on players in the e-commerce industry. "eBay engaged in absolutely horrific, criminal conduct. The company's employees and contractors involved in this campaign put the victims through pure hell, in a petrifying campaign aimed at silencing their reporting and protecting the eBay brand," Levy said. "We left no stone unturned in our mission to hold accountable every individual who turned the victims' world upside-down through a never-ending nightmare of menacing and criminal acts."

The Justice Department criminally charged eBay with two counts of stalking through interstate travel, two counts of stalking through electronic communications services, one count of witness tampering and one count of obstruction of justice. The company agreed to pay $3 million as part of a deferred prosecution agreement. Under the agreement, eBay will be required to retain an independent corporate compliance monitor for three years, officials said, to "ensure that eBay's senior leadership sets a tone that makes compliance with the law paramount, implements safeguards to prevent future criminal activity, and makes clear to every eBay employee that the idea of terrorizing innocent people and obstructing investigations will not be tolerated," Levy said.

Former U.S. Attorney Andrew Lelling said the plan to target the Steiners, which he described as a "campaign of terror," was hatched in April 2019 at eBay. Devin Wenig, eBay's CEO at the time, shared a link to a post Ina Steiner had written about his annual pay. The company's chief communications officer, Steve Wymer, responded: "We are going to crush this lady." About a month later, Wenig texted: "Take her down." Prosecutors said Wymer later texted eBay security director Jim Baugh. "I want to see ashes. As long as it takes. Whatever it takes," Wymer wrote. Investigators said Baugh set up a meeting with security staff and dispatched a team to Boston, about 20 miles from where the Steiners live. "Senior executives at eBay were frustrated with the newsletter's tone and content, and with the comments posted beneath the newsletter's articles," the Department of Justice wrote in its Thursday announcement. Two former eBay security executives were sentenced to prison over the incident.