aggregator

How Police Secretly Took Over a Global Phone Network for Organized Crime

Slashdot - Your Rights Online - Cz, 2020-07-02 16:48
Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. From a report: Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym. Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world. Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously. "[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys." Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe. Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

Read more of this story at Slashdot.

New Mac Ransomware Is Even More Sinister Than It Appears

Slashdot - Your Rights Online - Cz, 2020-07-02 15:00
An anonymous reader quotes a report from Wired: The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy. Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide. [...] Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage.

Read more of this story at Slashdot.

US Secures World Stock of Key COVID-19 Drug Remdesivir

Slashdot - Your Rights Online - Cz, 2020-07-02 09:00
The U.S. has bought up virtually all the stocks of remdesivir, perhaps the most closely watched experimental drug to treat COVID-19. The Guardian reports: Remdesivir, the first drug approved by licensing authorities in the U.S. to treat Covid-19, is made by Gilead and has been shown to help people recover faster from the disease. The first 140,000 doses, supplied to drug trials around the world, have been used up. The Trump administration has now bought more than 500,000 doses, which is all of Gilead's production for July and 90% of August and September. "President Trump has struck an amazing deal to ensure Americans have access to the first authorised therapeutic for Covid-19," said the U.S. health and human services secretary, Alex Azar. "To the extent possible, we want to ensure that any American patient who needs remdesivir can get it. The Trump administration is doing everything in our power to learn more about life-saving therapeutics for Covid-19 and secure access to these options for the American people." The drug, which was trialled in the Ebola epidemic but failed to work as expected, is under patent to Gilead, which means no other company in wealthy countries can make it. The cost is around $3,200 per treatment of six doses, according to the US government statement. The deal was announced as it became clear that the pandemic in the U.S. is spiralling out of control. Anthony Fauci, the country's leading public health expert and director of the National Institute of Allergy and Infectious Diseases, told the Senate the U.S. was sliding backwards.

Read more of this story at Slashdot.

Uncovered: 1,000 Phrases That Incorrectly Trigger Alexa, Siri, and Google Assistant

Slashdot - Your Rights Online - Cz, 2020-07-02 00:02
An anonymous reader quotes a report from The Wall Street Journal: As Alexa, Google Home, Siri, and other voice assistants have become fixtures in millions of homes, privacy advocates have grown concerned that their near-constant listening to nearby conversations could pose more risk than benefit to users. New research suggests the privacy threat may be greater than previously thought. The findings demonstrate how common it is for dialog in TV shows and other sources to produce false triggers that cause the devices to turn on, sometimes sending nearby sounds to Amazon, Apple, Google, or other manufacturers. In all, researchers uncovered more than 1,000 word sequences -- including those from Game of Thrones, Modern Family, House of Cards, and news broadcasts -- that incorrectly trigger the devices. "The devices are intentionally programmed in a somewhat forgiving manner, because they are supposed to be able to understand their humans," one of the researchers, Dorothea Kolossa, said. "Therefore, they are more likely to start up once too often rather than not at all." When devices wake, the researchers said, they record a portion of what's said and transmit it to the manufacturer. The audio may then be transcribed and checked by employees in an attempt to improve word recognition. The result: fragments of potentially private conversations can end up in the company logs. The research paper, titled "Unacceptable, where is my privacy?," hasn't yet been published, although a brief write-up of the findings can be found here.

Read more of this story at Slashdot.

Zoom Misses Its Own Deadline To Publish Its First Transparency Report

Slashdot - Your Rights Online - Śr, 2020-07-01 23:25
How many government demands for user data has Zoom received? We won't know until "later this year," an updated Zoom blog post now says. From a report: The video conferencing giant previously said it would release the number of government demands it has received by June 30. But the company said it's missed that target and has given no firm new date for releasing the figures. It comes amid heightened scrutiny of the service after a number of security issues and privacy concerns came to light following a massive spike in its user base, thanks to millions working from home because of the coronavirus pandemic. In a blog post today reflecting on the company's turnaround efforts, chief executive Eric Yuan said the company has "made significant progress defining the framework and approach for a transparency report that details information related to requests Zoom receives for data, records or content. We look forward to providing the fiscal [second quarter] data in our first report later this year," he said. Transparency reports offer rare insights into the number of demands or requests a company gets from the government for user data. These reports are not mandatory, but are important to understand the scale and scope of government surveillance.

Read more of this story at Slashdot.

China's Influence Via WeChat Is 'Flying Under the Radar' of Most Western Democracies

Slashdot - Your Rights Online - Śr, 2020-07-01 18:04
China's WeChat, like most social networks, is a haven for disinformation and "fake news". Less well-known, at least in the West, is its role in mobilising Chinese diaspora communities to support particular political policies or people, according to a report. schwit1 shares the report: These activities are coordinated through a system known as the United Front, a network of party and state agencies that are responsible for influencing purportedly independent groups outside the Chinese Communist Party. At the very top, the United Front Work Department is led by China's fourth most senior political leader, Wang Yang. President Xi Jinping and his family have been involved in United Front work for decades. "Where United Front really works their biggest magic is actually on social media WeChat," says Maree Ma, general manager of Vision Times, a leading Chinese-language Australian media outlet. WeChat's private groups are capped at 500 members, but according to Ma, there's "hundreds" of United Front organisations in Australia, each of them with many of these groups.

Read more of this story at Slashdot.

Supreme Court Says Generic Domains Like Booking.com Can Be Trademarked

Slashdot - Your Rights Online - Śr, 2020-07-01 15:00
An anonymous reader quotes a report from Ars Technica: The U.S. Patent and Trademark Office erred by finding the term booking.com was too generic for trademark protection, the Supreme Court ruled on Tuesday. Trademark law prohibits anyone from registering generic terms that describe a class of products or services. Anyone can start a store company called "The Wine Company," but they can't use trademark law to stop others from using the same name. When the online travel giant Bookings Holdings sought to trademark its booking.com domain name almost a decade ago, the U.S. Patent and Trademark Office concluded that the same rule applied. Booking Holdings challenged this decision in court. The company pointed to survey data showing that consumers associated the phrase "booking.com" with a specific website as opposed to a generic term for travel websites. Both the trial and appeals courts sided with booking.com, finding that booking.com was sufficiently distinctive to merit its own trademark -- even if the generic word "booking" couldn't be trademarked on its own. Trademark law declines to protect generic terms in an effort to promote competition. If a company could trademark a word like "booking" or "wine," it could interfere with competitors who want to accurately describe their products in the marketplace. That would give companies that trademark generic terms an unfair advantage. But an opinion by Justice Ruth Bader Ginsburg (and joined by seven other justices) found that this wasn't a serious concern for dot-com trademarks. A company like Travelocity or Expedia might describe itself as "a booking website," but it would never describe itself as "a booking.com." Ginsburg notes that the rules of the domain-name system ensure that only one company can use a name like booking.com, so consumers are likely to understand that "booking.com" refers to a particular website -- it's not a generic term for booking websites in general.

Read more of this story at Slashdot.

National Mask Mandate Could Save 5 Percent of GDP, Economists Say

Slashdot - Your Rights Online - Wt, 2020-06-30 22:10
An anonymous reader quotes a report from The Washington Post: After a late-spring lull, daily coronavirus cases in the United States have again hit record highs, driven by resurgent outbreaks in states such as Florida, Arizona and California. Hospitals in Houston are already on the brink of being overwhelmed, and public health experts worry the pandemic's body count will soon again be climbing in tandem with the daily case load. The dire situation has raised the specter of another round of state-level stay-at-home orders to halt the pandemic's spread and caused a number of governors to pause or reverse their ongoing reopening plans. Against this backdrop, a team of economists at investment bank Goldman Sachs has published an analysis suggesting more painful shutdowns could be averted if the United States implements a nationwide mask mandate. "A face mask mandate could potentially substitute for lockdowns that would otherwise subtract nearly 5% from GDP," the team, led by the company's chief economist, Jan Hatzius, writes. It's worth noting the authors of the report are economists and not public health experts. Their primary motivation is to protect the economic interests of Goldman Sachs's investors, which is why they're interested in the effects of federal policy on gross domestic product. But their findings are in line with a number of other published studies on the efficacy of masks. The Goldman Sachs report notes the United States is a global outlier with respect to face mask use, which is widespread in Asia and currently mandated in many European countries. Though the Centers for Disease Control and Prevention "recommends" the use of masks in public and 20 states plus the District of Columbia have implemented their own mandates, there is no binding national policy, with wide regional variations in mask use around the country. "We estimate that statewide mask mandates gradually raise the percentage of people who 'always' or 'frequently' wear masks by around 25 [percentage points] in the 30+ days after signing," the authors write. "Our numerical estimates are that cumulative cases grow 17.3% per week without a mask mandate but only 7.3% with a mask mandate, and that cumulative fatalities grow 29% per week without a mask mandate but only 16% with a mask mandate."

Read more of this story at Slashdot.

Google Removes 25 Android Apps Caught Stealing Facebook Credentials

Slashdot - Your Rights Online - Wt, 2020-06-30 16:10
Google has removed this month 25 Android apps from the Google Play Store that were caught stealing Facebook credentials. From a report: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground. If the app was Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login page (see image below: blue bar = actual Facebook app, black bar = phishing page).

Read more of this story at Slashdot.

With DOJ Charges, Former VC Mike Rothenberg Could Now Be Facing Serious Jail Time

Slashdot - Your Rights Online - Wt, 2020-06-30 03:30
Connie Loizos writing via TechCrunch: While some in Silicon Valley might prefer to forget about investor Mike Rothenberg roughly four years after his young venture firm began to implode, his story is still being written, and the latest chapter doesn't bode well for the 36-year-old. While Rothenberg earlier tangled with the Securities and Exchange Commission and lost, it was a civil matter, if one that could haunt him for the rest of his life. Now, the U.S. Department of Justice has brought two criminal wire fraud charges against him, charges that he made two false statements to a bank and money laundering charges, all of which could result in a very long time in prison depending on how things play out. How long, exactly? The DOJ says the the two bank fraud charges and the two false statements to a bank charges "each carry a maximum of 30 years in prison, not more than five years supervised release, and a $1,000,000 fine," while the money laundering charges "carry a penalty of imprisonment of not more than ten years, not more than three years of supervised release, and a fine of not more than twice the amount of the criminally derived property involved in the transaction at issue." The damage done in the brief life of Rothenberg's venture outfit -- even while understood in broad strokes by industry watchers -- is rather breathtaking. As laid out by the DOJ, Rothenberg raised and managed four funds from the time he founded his firm, Rothenberg Ventures, in 2012, through 2016, and his criminal activities began almost immediately...

Read more of this story at Slashdot.

1 Killed, 2 Shot Outside Amazon Warehouse In Jacksonville

Slashdot - Your Rights Online - Pn, 2020-06-29 23:52
A 20-year-old man was killed and two others injured when two suspects opened fire outside an Amazon warehouse in Jacksonville. From a report: According to JSO, the man who was killed was targeted by the shooters who fled from the scene in a silver car. JSO is now searching for three suspects, including the driver of the getaway car. The 20-year-old victim was standing in line for job applications with about six others outside of the facility when the suspects began firing, JSO said. JSO believes the suspects knew the victim. "We're trying to determine what the motive was why they were after this victim. We have about 10 eyewitnesses that were both inside and outside of the facility," said JSO Assistant Chief Brian Kee. "This does not appear to be a workplace violent incident that you would normally associate with workplace violence or mass shootings." A 29-year-old man was grazed in the arm and a 22-year-old man was grazed in the foot during the shooting. Both were treated and did not require hospitalization, JSO said. People claiming to be family members of Amazon employees at the facility said on social media that employees were placed on lockdown inside. A woman who said she witnessed the shooting and asked not to be identified said she was just feet away from the man who was killed. "As I started to go back inside the Amazon doors, I turned my head slightly to the right, I saw the gunman standing right there with a gun in his hand and next thing you know he just started shooting," she said. "He just let off about five or six rounds. I stood there in complete shock because I couldn't believe what was actually happening in front of my face." Developing...

Read more of this story at Slashdot.

Apple Declined To Implement 16 Web APIs in Safari Due To Privacy Concerns

Slashdot - Your Rights Online - Pn, 2020-06-29 16:56
Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices. Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices. Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor. Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader. Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes. Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes. Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices. Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors. [...] The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

Read more of this story at Slashdot.

America Pushes Europe to Reject Chinese Baggage Screening Tech

Slashdot - Your Rights Online - Pn, 2020-06-29 00:04
An anonymous reader quotes Engadget: The U.S. fight against Chinese technology appears to be extending to another category: the security screening you normally see at the airport or border. Wall Street Journal sources understand the National Security Council and other U.S. agencies are pushing European governments (including Germany, Greece and Italy) to avoid using baggage, cargo and passenger screening systems from Nuctech, a Chinese state-run company that already has a foothold in the continent. American officials are reportedly worried any connected devices could pass sensitive data like passenger info and shipping manifests to Chinese spies. Much like the claims against Huawei, there's no publicly available evidence of Nuctech forwarding data to Chinese surveillance systems. The U.S. Transportation Security Administration barred Nuctech from many U.S. airports in 2014 following a review, although the report is classified... The U.S. is supposedly asking European nations to replace Nuctech equipment with American equivalents — it stands to benefit if the Chinese company gets kicked out. That's a strong incentive to keep up the campaign, even if the surveillance claims are unwarranted.

Read more of this story at Slashdot.

Are Uber Drivers Employees? Uber Faces Two Big Court Challenges

Slashdot - Your Rights Online - N, 2020-06-28 17:34
Strider- (Slashdot reader #39,683) shares a story from Reuters: Canada's Supreme Court on Friday ruled in favor of a driver in a gig economy case that paves the way for a class action suit calling for Uber Technologies Inc to recognize drivers in Canada as company employees. UberEats driver David Heller had filed a class action suit, challenged by Uber, aiming to secure a minimum wage, vacation pay and other benefits like overtime pay. Drivers are now classified as independent contractors and do not have such benefits. A lower court had already ruled that Uber's contracts included an arbitration clause that was "invalid and unenforceable," Reuters, reports, and it was Uber's attempt to appeal of that ruling that was dismissed by Canada's Supreme Court in an 8-1 vote. Reuters notes that "The arbitration process, which must be conducted in the Netherlands where Uber has its international headquarters, costs about C$19,000 ($14,500)." Meanwhile, CNN also reports that Uber and Lyft "could soon be forced to reclassify their drivers in California as employees or cease operating in the state as part of an escalating legal battle over a new law impacting much of the on-demand economy." California Attorney General Xavier Becerra and a coalition of city attorneys intend to file for a preliminary injunction this week to force the two ride-hailing companies to comply with the new state law, according to a press release issued Wednesday... "It's time for Uber and Lyft to own up to their responsibilities and the people who make them successful: their workers," said Becerra in a statement concerning the injunction the state is intending to file. "Misclassifying your workers as 'consultants' or 'independent contractors' simply means you want your workers or taxpayers to foot the bill for obligations you have as an employer.

Read more of this story at Slashdot.

IBM's New Differential Privacy Library Works With Just a Single Line of Code

Slashdot - Your Rights Online - N, 2020-06-28 16:34
Friday IBM Research updated their open source "IBM Differential Privacy Library," a suite of new lightweight tools offering "an array of functionality to extract insight and knowledge from data with robust privacy guarantees." "Most tasks can be run with only a single line of code," brags a new blog post (shared by Slashdot reader IBMResearch), explaining how it works: This year for the first time in its 230-year history the U.S. Census will use differential privacy to keep the responses of its citizens confidential when the data is made available. But how does it work? Differential privacy uses mathematical noise to preserve individuals' privacy and confidentiality while allowing population statistics to be observed. This concept has a natural extension to machine learning, where we can protect models against privacy attacks, while maintaining overall accuracy. For example, if you want to know my age (32) I can pick a random number out of a hat, say ±7 — you will only learn that I could be between 25 and 39. I've added a little bit of noise to the data to protect my age and the US Census will do something similar. While the US government built its own differential privacy tool, IBM has been working on its own open source version and today we are publishing our latest release v0.3. The IBM Differential Privacy Library boasts a suite of tools for machine learning and data analytics tasks, all with built-in privacy guarantees. Our library is unique to others in giving scientists and developers access to lightweight, user-friendly tools for data analytics and machine learning in a familiar environment... What also sets our library apart is our machine learning functionality enables organisations to publish and share their data with rigorous guarantees on user privacy like never before... Also included is a collection of fundamental tools for data exploration and analytics. All the details for getting started with the library can be found at IBM's Github repository.

Read more of this story at Slashdot.

How Did the World Miss Covid-19's Silent Spread?

Slashdot - Your Rights Online - N, 2020-06-28 03:34
Long-time Slashdot reader hankwang writes: The New York Times has an article on how the transmission of Covid-19 by seemingly healthy individuals was discovered in Germany on January 27, but the report was discredited because of a quibble over whether it was really asymptomatic or rather presymptomatic or oligosymptomatic transmission. Oligosymptomatic means that the symptoms are so mild that they are not recognized as symptoms... It took until March before asymptomatic transmission was publicly acknowledged as playing a significant role. From the article. (Alternate source here): Dr. Rothe, an infectious disease specialist at Munich University Hospital, and her colleagues were among the first to warn the world [on January 30]. But even as evidence accumulated from other scientists, leading health officials expressed unwavering confidence that symptomless spreading was not important. In the days and weeks to come, politicians, public health officials and rival academics disparaged or ignored the Munich team. Some actively worked to undermine the warnings at a crucial moment, as the disease was spreading unnoticed... It is now widely accepted that seemingly healthy people can spread the virus, though uncertainty remains over how much they have contributed to the pandemic. Though estimates vary, models using data from Hong Kong, Singapore and China suggest that 30 to 60 percent of spreading occurs when people have no symptoms... The Chinese health authorities had explicitly cautioned that patients were contagious before showing symptoms. A Japanese bus driver was infected while transporting seemingly healthy tourists from Wuhan. And by the middle of February, 355 people aboard the Diamond Princess cruise ship had tested positive. About a third of the infected passengers and staff had no symptoms... [P]ublic health officials saw danger in promoting the risk of silent spreaders. If quarantining sick people and tracing their contacts could not reliably contain the disease, governments might abandon those efforts altogether... Plus, preventing silent spreading required aggressive, widespread testing that was then impossible for most countries. "It's not like we had some easy alternative," said Dr. Libman, the Canadian doctor. "The message was basically: 'If this is true, we're in trouble.'" European health officials say they were reluctant to acknowledge silent spreading because the evidence was trickling in and the consequences of a false alarm would have been severe... As the research coalesced in March, European health officials were convinced. "OK, this is really a big issue," Dr. Agoritsa Baka, a senior European Union doctor, recalled thinking. "It plays a big role in the transmission..." Since then, the C.D.C., governments around the world and, finally, the World Health Organization have recommended that people wear masks in public.

Read more of this story at Slashdot.

Whatever Happened to the 'Flash Crash' Trader?

Slashdot - Your Rights Online - N, 2020-06-28 01:34
British stock trader Navinder Sarao was accused of helping cause a $1 trillion stock market crash in 2010. But the rest of his story is now being told in a new book titled Flash Crash: A Trading Savant, a Global Manhunt, and the Most Mysterious Market Crash in History. "I think that he was a gamer and, for him, markets were honestly the ultimate form of game," author Liam Vaughan tells the New York Post: Sarao was more concerned with the rise of high-frequency trading, a method of buying and selling that used powerful computers and algorithms to execute trades in fractions of seconds. The speed allowed (mostly) large, monied firms to beat others to a trade, thereby securing a better price. Sarao bristled at the unfairness. He began engaging in what is known as "spoofing." He hired software developers to write programs that would allow him to place millions of dollars worth of orders, then — after other traders had reacted to his potential trade — abruptly cancel his order. The deception allowed Sarao to nudge the market higher or lower and reap the benefits. His trading habits eventually drew scrutiny from the Chicago Mercantile Exchange, earning him cautionary letters. Sarao, however, phoned the authorities and told them to "kiss my ass." Then on May 6, 2010, Sarao logged on from his bedroom and began furiously trading, attempting to capitalize on the volatility still roiling the markets after the 2008 crisis. In the final two hours before he logged off at 7:40 p.m. London time, the trader had bought and sold 62,077 e-mini contracts — with a combined value of $3.4 billion. A minute later, markets tumbled with a "velocity and intensity it never had before," Vaughan writes... Sarao was later arrested and extradited to the United States, only the second person ever charged with spoofing. It's unclear how much his actions contributed to America's so-called "flash crash." The US government contends that he was partially responsible, while some financial experts disagree, seeing him as a Robin Hood whose actions only hurt wealthy companies. But whatever happened to Sarao? The Post writes that he cooperated with authorities, and the answer ultimately came quietly in January, reports CNBC: Despite facing as much as eight years in prison, Federal Judge Virginia Kendall sentenced Sarao — who suffers from severe Asperger's — to just one year of supervised release. Court documents submitted by Sarao's legal team described him as a "singularly sunny, childlike, guileless, trusting person," who lived off social security payments and played hour after hour of video games in his childhood bedroom. Sarao, who spent four months in the U.K.'s Wandsworth Prison before his extradition to the United States, has forfeited about $7.6 million in gains made from trading. U.S. authorities claimed Sarao made more than $70 million between 2009 and 2014 from his bedroom — much of it legal. However, it has been reported that he has lost almost all of his money after investing in fraudulent scams. "I think justice was done," the new book's author tells the Post, "because the message was out there that someone shouldn't be thinking about doing what Nav was doing."

Read more of this story at Slashdot.

Apple Will Force Apps to Ask for Permission Before Tracking Users

Slashdot - Your Rights Online - N, 2020-06-28 00:34
"Apple Inc. will force iPhone apps to get permission from users before tracking them," reports Bloomberg, "dealing a potentially major blow to app developers who rely on advertisements to make money." Apple facilitates tracking on its phones by providing app developers with unique numbers for each user, something security advocates have long said contradicts the company's frequent statements in support of privacy. The update to the iPhone's operating system doesn't do away with the tracking system, but makes it much more apparent to users and gives them more opportunities to turn it off. Previously, controls were buried in the phone's settings menu. "Considering the iPhone's user base, this is a very big change. It certainly improves user privacy," said Lukasz Olejnik, an independent privacy researcher and consultant. "Users at large encountering such pop-ups in just about any application may potentially start asking questions about the use of their data. It will force the industry to reconsider some of the core assumptions."

Read more of this story at Slashdot.

Journalist's Phone Hacked: All He Had To Do Was Visit a Website. Any Website.

Slashdot - Your Rights Online - So, 2020-06-27 22:34
The iPhone that Moroccan journalist Omar Radi used to contact his sources also allowed his government to spy on him (and at least two other journalists), reports the Toronto Star, citing new research from Amnesty International. Slashdot reader Iwastheone shares their report: Their government could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment. Yet Radi was trained in encryption and cyber security. He hadn't clicked on any suspicious links and didn't have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked. Instead, a report published Monday by Amnesty International shows Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website. Forensic evidence gathered by Amnesty International on Radi's phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser. Two more human rights advocates in Morocco have been targeted by the same malware, the article reports.

Read more of this story at Slashdot.

Apple 'Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users', Claims Forbes

Slashdot - Your Rights Online - So, 2020-06-27 19:34
In February, Reddit's CEO called TikTok "fundamentally parasitic," according to a report on TechCrunch, adding "it's always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone... I actively tell people, 'Don't install that spyware on your phone.'" TikTok called his remarks "baseless accusations made without a shred of evidence." But now Apple "has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users' devices..." reports Forbes cybersecurity contributor Zak Doffman, noting that one of the biggest offenders it revealed still turns out to be TikTok: Worryingly, one of the apps caught snooping [in March] by security researchers Talal Haj Bakry and Tommy Mysk was China's TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced. Well, maybe not. With the release of the new clipboard warning in the beta version of iOS 14, now with developers, TikTok seems to have been caught abusing the clipboard in a quite extraordinary way. So it seems that TikTok didn't stop this invasive practice back in April as promised after all. Worse, the excuse has now changed. According to TikTok, the issue is now "triggered by a feature designed to identify repetitive, spammy behavior," and has told me that it has "already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion." In other words: We've been caught doing something we shouldn't, we've rushed out a fix... iOS users can relax, knowing that Apple's latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well. Long-time Slashdot reader schwit1 also shares an online rumor from an anonymous Redditor (with a 7-year-old account) who claims to be a software engineer who's reverse engineered TikTok's software and learned more scary things, concluding that TikTok is a "data collection service that is thinly-veiled as a social network." So far the most reputable news outlets that have repeated his allegations are Bored Panda, Stuff, Hot Hardware, and Illinois radio station WBNQ.

Read more of this story at Slashdot.