America's Federal Trade Commission "is sending more than $5.6 million in refunds to consumers," reports the Associated Press, "as part of a settlement with Amazon-owned Ring, which was charged with failing to protect private video footage from outside access." In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers.
According to their announcement Tuesday, the FTC is now sending 117,044 PayPal payments to affected consumers...

The FTC is issuing more than $5.6 million in refunds to Ring customers as part of a privacy settlement. The Associated Press reports: In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers. According to a Tuesday notice, the FTC is sending 117,044 PayPal payments to impacted consumers who had certain types of Ring devices -- including indoor cameras -- during the timeframes that the regulators allege unauthorized access took place. Eligible customers will need to redeem these payments within 30 days, according to the FTC -- which added that consumers can contact this case's refund administrator, Rust Consulting, or visit the FTC's FAQ page on refunds for more information about the process.

According to the Wall Street Journal, a deal for IBM to acquire HashiCorp could materialize in the next few days. Shares of HashiCorp jumped almost 20% on the news.

UPDATE 4/24/24: IBM has confirmed the deal valued at $6.4 billion. "IBM will pay $35 per share for HashiCorp, a 42.6% premium to Monday's closing price," reports Reuters. "The acquisition will be funded by cash on hand and will add to adjusted core profit within the first full year of closing, expected by the end of 2024." HashiCorp's shares continued to surge Tuesday on the news. CNBC reports: Developers use HashiCorp's software to set up and manage infrastructure in public clouds that companies such as Amazon and Microsoft operate. Organizations also pay HashiCorp for managing security credentials. Founded in 2012, HashiCorp went public on Nasdaq in 2021. The company generated a net loss of nearly $191 million on $583 million in revenue in the fiscal year ending Jan. 31, according to its annual report. In December, Mitchell Hashimoto, co-founder of HashiCorp, whose family name is reflected in the company name, announced that he was leaving.

Revenue jumped almost 23% during that period, compared with 2% for IBM in 2023. IBM executives pointed to a difficult economic climate during a conference call with analysts in January. The hardware, software and consulting provider reports earnings on Wednesday. Cisco held $9 million in HashiCorp shares at the end of March, according to a regulatory filing. Cisco held early acquisition talks with HashiCorp, according to a 2019 report.

A lawsuit is alleging Amazon was so desperate to keep up with the competition in generative AI it was willing to breach its own copyright rules. From a report: The allegation emerges from a complaint accusing the tech and retail mega-corp of demoting, and then dismissing, a former high-flying AI scientist after it discovered she was pregnant. The lawsuit was filed last week in a Los Angeles state court by Dr Viviane Ghaderi, an AI researcher who says she worked successfully in Amazon's Alexa and LLM teams, and achieved a string of promotions, but claims she was later suddenly demoted and fired following her return to work after giving birth. She is alleging discrimination, retaliation, harassment and wrongful termination, among other claims.

Google has fired another 20 workers for participating in protests against its $1.2 billion cloud computing contract with the Israeli government, according to an activist group representing the workers. From a report: In total, the company has now fired around 50 employees over sit-in protests held in Google offices last week that were part of yearslong discontent among a group of Google and Amazon workers over claims that Israel is using the companies' services to harm Palestinians. Google has denied those claims, saying Project Nimbus, the cloud-computing contract, doesn't involve "highly sensitive, classified, or military workloads relevant to weapons or intelligence services," and that Israeli government ministries that use its commercial cloud must agree to its terms of services and other policies.

No Tech For Apartheid, the group representing the workers, claimed in a statement that Google is attempting to "quash dissent, silence its workers, and reassert its power over them." "That's because Google values its profit, and its $1.2 billion contract with the Israeli government and military, more than people. And it certainly values it over its own workers," it said. The group said it will continue organizing until Google cancels Project Nimbus. Further reading: Google To Employees: 'We Are a Workplace'.

The European Union has opened a second formal investigation into TikTok under its Digital Services Act (DSA), an online governance and content moderation framework. The investigation centers around TikTok Lite's "Task and Reward" feature that may harm mental health, especially among minors, by promoting addictive behavior. TechCrunch reports: The Commission also said it's minded to impose interim measures that could force the company to suspend access to the TikTok Lite app in the EU while it investigates concerns the app poses mental health risks to users. Although the EU has given TikTok until April 24 to argue against the measure -- meaning the app remains accessible for now. Penalties for confirmed violations of the DSA can reach up to 6% of global annual turnover. So ByeDance, TikTok's parent, could face hefty fines if EU enforcers do end up deciding it has broken the law.

The EU's first TikTok probe covers multiple issues including the protection of minors, advertising transparency, data access for researchers, and the risk management of addictive design and harmful content. Hence it said the latest investigation will specifically focus on TikTok Lite, a version of the video sharing platform which launched earlier this month in France and Spain and includes a mechanism that allows users to earn points for doing things like watching or liking videos. Points earned through TikTok Lite can be exchanged for things like Amazon gift vouchers or TikTok's own digital currency for gifting to creators. The Commission is worried this so-called "task and reward" feature could negatively impact the mental health of young users by "stimulating addictive behavior."

The EU wrote that the second probe will focus on TikTok's compliance with the DSA obligation to conduct and submit a risk assessment report prior to the launch of the "Task and Reward Lite" program, with a particular focus on negative effects on mental health, including minors' mental health. It also said it will look into measures taken by TikTok to mitigate those risks. In a press release announcing the action, the EU said ByeDance failed to produce a risk assessment about the feature which it had asked to see last week -- when it gave the company 24 hours to produce the document. Since it failed to submit the risk assessment paperwork on April 18 the Commission wrote that it suspects a "prima facie infringement of the DSA."

Amazon confirmed it is ending Prime Air drone delivery operations in Lockeford, California. The Central California town of 3,500 was the company's second U.S. drone delivery site, after College Station, Texas. Operations were announced in June 2022. From a report: The retail giant is not offering details around the setback, only noting, "We'll offer all current employees opportunities at other sites, and will continue to serve customers in Lockeford with other delivery methods. We want to thank the community for all their support and feedback over the past few years."

College Station deliveries will continue, along with a forthcoming site in Tolleson, Arizona set to kick off deliveries later this year. Tolleson, a city of just over 7,000, is located in Maricopa County, in the western portion of the Phoenix metropolitan area. Prime Air's arrival brings same-day deliveries to Amazon customers in the region, courtesy of a hybrid fulfillment center/delivery station. The company says it will be contacting impacted customers when the service is up and running. There's no specific information on timing beyond "this year," owing, in part, to ongoing negotiations with both local officials and the FAA required to deploy in the airspace.

An anonymous reader shares a report: To accommodate tech companies' pivots to artificial intelligence, tech companies are increasingly investing in ways to power AI's immense electricity needs. Most recently, OpenAI CEO Sam Altman invested in Exowatt, a company using solar power to feed data centers, according to the Wall Street Journal. That's on the heals of OpenAI partner, Microsoft, working on getting approval for nuclear energy to help power its AI operations. Last year Amazon, which is a major investor in AI company Anthropic, said it invested in more than 100 renewable energy projects, making it the "world's largest corporate purchaser of renewable energy for the fourth year in a row."

North Korean animators have been secretly working on major international TV shows, including an Amazon superhero series and an upcoming HBO Max children's anime, according to a report by cybersecurity researchers. The findings, detailed in a report by the Stimson Center think tank's 38 North Project and Google-owned security firm Mandiant, provide a glimpse into how North Korea can use skilled IT workers to raise funds for its heavily sanctioned regime.

Researcher Nick Roy discovered a misconfigured cloud server on a North Korean IP address in December, containing thousands of animation files, including cells, videos, and notes discussing ongoing projects. Some images appeared to be from Amazon's "Invincible" and HBO Max's "Iyanu: Child of Wonder." The server, which mysteriously stopped being used at the end of February, likely allowed work to be sent to and from North Korean animators, according to Martyn Williams, a senior fellow on the 38 North Project. U.S. sanctions prohibit companies from working with North Korean entities, but the researchers say it is unlikely that the companies involved were aware of the animators' origins. The report suggests the contracting arrangement was several steps removed from the major producers.

Bloomberg looks at America's biggest operator of private electrical vehicle charging infrastructure: Amazon. "In a little more than two years, Amazon has installed more than 17,000 chargers at about 120 warehouses around the U.S." — and had Rivian build 13,500 custom electric delivery vans. Amazon has a long way to go. The Seattle-based company says its operations emitted about 71 million metric tons of carbon dioxide equivalent in 2022, up by almost 40% since Jeff Bezos's 2019 vow that his company would eventually stop contributing to the emissions warming the planet. Many of Amazon's emissions come from activities — air freight, ocean shipping, construction and electronics manufacturing, to name a few — that lack a clear, carbon-free alternative, today or any time soon. The company has not made much progress on decarbonization of long-haul trucking, whose emissions tend to be concentrated in industrial and outlying areas rather than the big cities that served as the backdrop for Amazon's electric delivery vehicle rollout...

Another lesson Amazon learned is one the company isn't keen to talk about: Going green can be expensive, at least initially. Based on the type of chargers Amazon deploys — almost entirely midtier chargers called Level 2 in the industry — the hardware likely cost between $50 million and $90 million, according to Bloomberg estimates based on cost estimates supplied by the National Renewable Energy Laboratory. Factoring in costs beyond the plugs and related hardware — like digging through a parking lot to lay wires or set up electrical panels and cabinets — could double that sum. Amazon declined to comment on how much it spent on its EV charging push.
In addition to the expense of the chargers, electric vehicle-fleet operators are typically on the hook for utility upgrades. When companies request the sort of increases to electrical capacity that Amazon has — the Maple Valley warehouse has three megawatts of power for its chargers — they tend to pay for them, making the utility whole for work done on behalf of a single customer. Amazon says it pays upgrade costs as determined by utilities, but that in some locations the upgrades fit within the standard service power companies will handle out of their own pocket.
The article also includes this quote from Kellen Schefter, transportation director at the Edison Electric Institute trade group (which worked with Amazon on its electricity needs). "Amazon's scale matters. If Amazon can show that it meets their climate goals while also meeting their package-delivery goals, we can show this all actually works."

South America's Amazon River has reached its lowest level since measurements began, according to the Washington Post, while temperatures "hovered above 110 degrees Fahrenheit" for nearly a week as April began in the capital of Mali. "Nights offered little relief, with temperatures often staying above 90 degrees..."

"An overtaxed electrical grid sputtered and shut down," they add, and "dehydration and heat stroke became epidemic... At the city's main hospital, doctors recorded a month's worth of deaths in just four days. Local cemeteries were overwhelmed." The historic heat wave that besieged Mali and other parts of West Africa this month — which scientists say would have been "virtually impossible" in a world without human-caused climate change — is just the latest manifestation of a sudden and worrying surge in global temperatures. Fueled by decades of uncontrolled fossil fuel burning and an El Niño climate pattern that emerged last June, the planet this year breached a feared warming threshold of 1.5 degrees Celsius above preindustrial levels. Nearly 19,000 weather stations have notched record high temperatures since January 1. Each of the last ten months has been the hottest of its kind.

The scale and intensity of this hot streak is extraordinary even considering the unprecedented amount of greenhouse gases in the atmosphere, researchers say. Scientists are still struggling to explain how the planet could have exceeded previous temperature records by as much as half a degree Celsius (0.9 degrees Fahrenheit) last fall. What happens in the next few months, said Gavin Schmidt, director of the NASA Goddard Institute for Space Studies, could indicate whether Earth's climate has undergone a fundamental shift — a quantum leap in warming that is confounding climate models and stoking ever more dangerous weather extremes.

But even if the world returns to a more predictable warming trajectory, it will only be a temporary reprieve from the conditions that humanity must soon confront, Schmidt said. "Global warming continues apace."
Will this summer's La Niña cool things off? More atmospheric research is underway, and "Schmidt says it's too soon to know how worried the world should be," according to the article. But he does raise this possibility. "What if the statistical connections that we are basing our predictions on are no longer valid?"

"It's niggling at the back of my brain that it could be that the past is no longer a guide to the future."

The Washington Post reports on a new situation in Virginia: There, massive data centers with computers processing nearly 70 percent of global digital traffic are gobbling up electricity at a rate officials overseeing the power grid say is unsustainable unless two things happen: Several hundred miles of new transmission lines must be built, slicing through neighborhoods and farms in Virginia and three neighboring states. And antiquated coal-powered electricity plants that had been scheduled to go offline will need to keep running to fuel the increasing need for more power, undermining clean energy goals...

The $5.2 billion effort has fueled a backlash against data centers through the region, prompting officials in Virginia to begin studying the deeper impacts of an industry they've long cultivated for the hundreds of millions of dollars in tax revenue it brings to their communities. Critics say it will force residents near the [West Virginia] coal plants to continue living with toxic pollution, ironically to help a state — Virginia — that has fully embraced clean energy. And utility ratepayers in the affected areas will be forced to pay for the plan in the form of higher bills, those critics say. But PJM Interconnection, the regional grid operator, says the plan is necessary to maintain grid reliability amid a wave of fossil fuel plant closures in recent years, prompted by the nation's transition to cleaner power. Power lines will be built across four states in a $5.2 billion effort that, relying on coal plants that were meant to be shuttered, is designed to keep the electric grid from failing amid spiking energy demands. Cutting through farms and neighborhoods, the plan converges on Northern Virginia, where a growing data center industry will need enough extra energy to power 6 million homes by 2030...

There are nearly 300 data centers now in Virginia. With Amazon Web Services pursuing a $35 billion data center expansion in Virginia, rural portions of the state are the industry's newest target for development. The growth means big revenue for the localities that host the football-field-size buildings. Loudoun [County] collects $600 million in annual taxes on the computer equipment inside the buildings, making it easier to fund schools and other services. Prince William [County], the second-largest market, collects $100 million per year.
The article adds that one data center "can require 50 times the electricity of a typical office building, according to the U.S. Department of Energy. "Multiple-building data center complexes, which have become the norm, require as much as 14 to 20 times that amount."

One small power company even told the grid operator that data centers were already consuming 59% of the power they produce...

An anonymous reader quotes a report from Business Insider: If you think you've been seeing an awful lot more Reddit results lately when you search on Google, you're not imagining things. The internet is in upheaval, and for website owners the rules of "winning" Google Search have never been murkier. Google's generative AI search engine is coming from one direction. It's creeping closer to mainstream deployment and bringing an existential crisis for SEOs and website makers everywhere. Coming from the other direction is an influx of posts from Reddit, Quora, and other internet forums that have climbed up through the traditional set of Google links. Data analysis from Semrush, which predicts traffic based on search ranking, shows that traffic to Reddit has climbed at an impressive clip since August. Semrush estimated that Reddit had over 132 million visitors in August 2023. At the time of publishing, it was projected to have over 346 million visitors in April 2024.

None of this is accidental. For years, Google has been watching users tack on "Reddit" to the end of search queries and finally decided to do something about it. Google started dropping hints in 2022 when it promised to do a better job of promoting sites that weren't just chasing the top of search but were more helpful and human. Last August, Google rolled out a big update to Search that seemed to kick this into action. Reddit, Quora, and other forum sites started getting more visibility in Google, both within the traditional links and within a new "discussions and forums" section, which you may have spotted if you're US-based. The timing of this Reddit bump has led to some conspiracy theories. In February, Google and Reddit announced a blockbuster deal that would let Google train its AI models on Reddit content. Google said the deal, reportedly worth $60 million, would "facilitate more content-forward displays of Reddit information," leading to some speculation that Google promised Reddit better visibility in exchange for the valuable training data. A few weeks later, Reddit also went public.

Steve Paine, marketing manager at Sistrix, called the rise of Reddit "unprecedented." "There hasn't been a website that's grown so much search visibility so quickly in the US in at least the last five years," he told Business Insider. Right now, Reddit ranks high for product searches. Reddit's main competitors are Wikipedia, YouTube, and Fandom, Paine said, and it also competes in "high-value commercial searches," putting it up against Amazon. The "real competitors," he said, are the subreddits that compete with brands on the web. A Google spokesperson told Business Insider that the company is essentially just giving users what they want: "Our research has shown that people often want to learn from others' experiences with a topic, so we've continued to make it easier to find helpful perspectives on Search when it's relevant to a query. Our systems surface content from hundreds of forums and other communities across the web, and we conduct rigorous testing to ensure results are helpful and high quality."

The US Consumer Financial Protection Bureau (CFPB) has slapped coding boot camp BloomTech -- formerly known as Lambda School -- with several punishments for alleged deceptive business practices. From a report: The business, which claims on its site it will help students land their "dream job" in tech at companies like Amazon, Cisco, and Google, accepted the consent order without admitting or denying any wrongdoing. In an announcement yesterday, the CFPB said it had taken action against BloomTech and its CEO Austen Allred for allegedly not disclosing the true cost of its loans to students and allegedly claiming overoptimistic hiring rates for BloomTech graduates. BloomTech, formerly Lambda School, has operated since 2017 and offers six- to nine-month vocational programs in science and engineering, with a focus on computer technology.

"BloomTech and its CEO sought to drive students toward income share loans that were marketed as risk-free, but in fact carried significant finance charges and many of the same risks as other credit products," said Rohit Chopra, director of the CFPB. With income share loans or income share agreements, BloomTech allowed students to pay tuition later but in exchange had to pay a percentage of their future income, CFPB claimed. The agency alleged that BloomTech explicitly told students that its income share loans (which cost an average of $4k "finance charge" to use) weren't actually loans at all. The CFPB claimed in the settlement order a "significant majority" of students used these loans to finance their education, and alleged each student could end up paying up to $30k of their income to BloomTech to settle the loans. From the CFPB's press release: BloomTech advertised on its website that 71 to 86 percent of students were placed in jobs within six months of graduation, when its non-public reporting to investors consistently showed placement rates closer to 50 percent. Allred tweeted that the school achieved a 100 percent job-placement rate in one of its cohorts, and later acknowledged in a private message that the sample size was just one student.

Amazon staff went undercover on Walmart, eBay and other marketplaces as a third-party seller called "Big River," WSJ reports. The mission: to scoop up information on pricing, logistics and other business practices. From the report: For nearly a decade, workers in a warehouse in Seattle's Denny Triangle neighborhood have shipped boxes of shoes, beach chairs, Marvel T-shirts and other items to online retail customers across the U.S. The operation, called Big River Services International, sells around $1 million a year of goods through e-commerce marketplaces including eBay, Shopify, Walmart and Amazon under brand names such as Rapid Cascade and Svea Bliss. "We are entrepreneurs, thinkers, marketers and creators," Big River says on its website. "We have a passion for customers and aren't afraid to experiment."

What the website doesn't say is that Big River is an arm of Amazon that surreptitiously gathers intelligence on the tech giant's competitors. Born out of a 2015 plan code named "Project Curiosity," Big River uses its sales across multiple countries to obtain pricing data, logistics information and other details about rival e-commerce marketplaces, logistics operations and payments services, according to people familiar with Big River and corporate documents viewed by The Wall Street Journal. The team then shared that information with Amazon to incorporate into decisions about its own business.

[...] The story of Big River offers new insight into Amazon's elaborate efforts to stay ahead of rivals. Team members attended their rivals' seller conferences and met with competitors identifying themselves only as employees of Big River Services, instead of disclosing that they worked for Amazon. They were given non-Amazon email addresses to use externally -- in emails with people at Amazon, they used Amazon email addresses -- and took other extraordinary measures to keep the project secret. They disseminated their reports to Amazon executives using printed, numbered copies rather than email. Those who worked on the project weren't even supposed to discuss the relationship internally with most teams at Amazon.

At Amazon's annual cloud conference in 2016, the company captured the crowd's attention by driving an 18-wheeler onstage. Andy Jassy, now Amazon's CEO, called it the Snowmobile, and said the company would be using the truck to help customers speedily transfer data to Amazon Web Services facilities. Less than eight years later, the semi is out of commission. From a report: As of March, AWS had removed Snowmobile from its website, and the Amazon unit has stopped offering the service, CNBC has confirmed. The webpage devoted to AWS' "Snow family" of products now directs users to its other data transport services, including the Snowball Edge, a 50-pound suitcase-sized device that can be equipped with fast solid-state drives, and the smaller Snowcone.

An AWS spokesperson said in an emailed statement that the company has introduced more cost-effective options for moving data. Clients had to deal with power, cooling, networking, parking and security when they used the Snowmobile service, the spokesperson said.

Dropbox cofounder and CEO Drew Houston said he views his employees like customers, and that means giving them what they want -- which isn't in-person work. From a report: "We will support however they want to gather," Houston said in a new interview with The Verge. "But we're finding that these retreats and off-sites and things like that are often a lot more effective than asking people to commute." Houston said other business leaders are making the wrong move by forcing employees back to the office. Many companies are pushing employees to return to office in a hybrid structure, including giants like Google, Apple, and Amazon.

"They keep mashing the go back to 2019 button, and they see it's not working," Houston said in the interview, speaking generally about return-to-office mandates. "Then they just push harder, and then you have this really toxic relationship." He compared returning to the office to returning to movie theaters or malls. It may have been cool for a time and people might still occasionally want to watch a big movie like "Top Gun" at the cinema, he said, "but the world has moved on." The CEO said the reason it used to be so easy to get people to the office was because they didn't have a choice. A lot of CEOs today don't understand that flexibility wasn't an option in the past, Houston said.

An anonymous reader quotes a report from Wired: Dozens of Google employees began occupying company offices in New York City and Sunnyvale, California, on Tuesday in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in, organized by the activist group No Tech for Apartheid, is happening at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. The sit-in will be accompanied by outdoor protests at Google offices in New York, Sunnyvale, San Francisco, and Seattle beginning at 2 pm ET and 11 am PT. Tuesday's actions mark an escalation in a series of recent protests organized by tech workers who oppose their employer's relationship with the Israeli government, especially in light of Israel's ongoing assault on Gaza. Since Hamas killed about 1,100 Israelis on October 7, the IDF has killed more than 34,000 Palestinians.

Just over a dozen people gathered outside Google's offices in New York and Sunnyvale on Tuesday. Among those in New York was Google cloud software engineer Eddie Hatfield, who was fired days after disrupting Google Israel's managing director at March's Mind The Tech, a company-sponsored conference focused on the Israeli tech industry, in early March. Several hours into the sit-ins on Tuesday, Google security began to accuse the workers of "trespassing" and disrupting work, prompting several people to leave while others vowed to remain until they were forced out. The 2021 contract, known as Project Nimbus, involves Google and Amazon jointly providing cloud computing infrastructure and services across branches of the Israeli government. Last week, Time reported that Google's work on Project Nimbus involves providing direct services to the Israel Defense Forces. [...]

On March 4, more than600 other Googlers signed a petition opposing the company's sponsorship of the conference. After Hatfield was fired three days later, Google trust-and-safety-policy employee Vidana Abdel Khalek resigned from her position in opposition to Project Nimbus. Then, in late March, more than 300 Apple workers signed an open letter that alleged retaliation against workers who have expressed support for Palestinians, and urged company leadership to show public support for Palestinians. Hasan Ibraheem, a Google software engineer, is participating in the sit-in at his local Google office in New York. "This has really been a culmination of our efforts," he tells WIRED. Since joining No Tech for Apartheid in December, Ibraheem says, he has been participating in weekly "tabling" actions being held at Google office cafes in New York, Sunnyvale, San Francisco, and Mountain View, California. It involves holding a sign that says "Ask me about Project Nimbus" during lunch break, passing out flyers, and answering questions from coworkers. "It's actually shocking how many people at Google don't even know that this contract exists," Ibraheem says. "A lot of people who don't know about it, who then learn about it through us, are reasonably upset that this contract exists. They just didn't know that it existed beforehand."

An anonymous reader quotes a report from Ars Technica: Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers -- one based in Seattle and the other in Redmond, Washington -- out of $3.5 million. The indictment, filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles O. Parks III -- 45 of Omaha, Nebraska -- with wire fraud, money laundering, and engaging in unlawful monetary transactions in connection with the scheme. Parks has yet to enter a plea and is scheduled to make an initial appearance in federal court in Omaha on Tuesday. Parks was arrested last Friday. Prosecutors allege that Parks defrauded "two well-known providers of cloud computing services" of more than $3.5 million in computing resources to mine cryptocurrency. The indictment says the activity was in furtherance of a cryptojacking scheme, a term for crimes that generate digital coin through the acquisition of computing resources and electricity of others through fraud, hacking, or other illegal means.

Details laid out in the indictment underscore the failed economics involved in the mining of most cryptocurrencies. The $3.5 million of computing resources yielded roughly $1 million worth of cryptocurrency. In the process, massive amounts of energy were consumed. [...] Prosecutors didn't say precisely how Parks was able to trick the providers into giving him elevated services, deferring unpaid payments, or failing to discover the allegedly fraudulent behavior. They also didn't identify either of the cloud providers by name. Based on the details, however, they are almost certainly Amazon Web Services and Microsoft Azure. If convicted on all charges, Parks faces as much as 30 years in prison.

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. Krebs on SecurityL: The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with "low attack complexity" in Chirp Systems smart locks.

"Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access," CISA's alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). "Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability." Matt Brown, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp's app to get in and out of their apartments.