It was "little more than empty fields" five years ago — but it's now "a vast, heavily guarded complex stretching for 210 hectares (520 acres)," reports the Guardian, "the frontline of a multibillion-dollar criminal fraud industry fuelled by human trafficking and brutal violence." Myanmar, Cambodia and Laos have in recent years become havens for transnational crime syndicates running scam centres such as KK Park, which use enslaved workers to run complex online fraud and scamming schemes that generate huge profits. There have been some attempts to crack down on the centres and rescue the workers, who can be subjected to torture and trapped inside. But drone images and new research shared exclusively with the Guardian reveal that the number of such centres operating along the Thai-Myanmar border has more than doubled since Myanmar's military seized power in 2021, with construction continuing to this day.

Data from the Australian Strategic Policy Institute (Aspi), a defence thinktank in Canberra, shows that the number of Myanmar scam centres on the Thai border has increased from 11 to 27, and they have expanded in size by an average of 5.5 hectares a month. Drone images and photographs of KK Park and other Myanmar scam centres, Tai Chang and Shwe Kokko, taken by the Guardian in August show new features and active building work... Myanmar's military junta has allowed the spread of scam centres inside the country as these criminal enterprises have become an essential part of the country's conflict economy since the coup, helping it rise to the top of the global list of countries harbouring organised crime. According to Aspi's analysis, Myanmar's military, which has lost huge swathes of territory since the coup and is struggling to retain its grip on power, cannot take meaningful measures against the scam compounds without endangering its precarious relations with the crucial armed militias who are profiting from them.
While 7,000 people were freed from the compounds earlier this year, "Thai police estimated earlier this year that as many as 100,000 people were held inside Myanmar scam centres," the article notes.

Elsewhere the Guardian reports that "The centres are run by Chinese criminal gangs," and describes people who unwittingly came to Thailand for customer service jobs, only to be trafficked to Myanmar's guarded "cyberslavery compounds" and "forced to send thousands of messages from fake social-media profiles, posing as a rich American investor to swindle US real estate agents into cryptocurrency scams." Since 2020, south-east Asia's cyber-slavery industry has entrapped hundreds of thousands of people and forced them to perform "pig butchering" — the brutal term for building trust with a fraud target before scamming them. At first, the industry mostly captured Chinese and Taiwanese people, then it moved on to south-east Asians and Indians — and now Africans.

Criminal syndicates have been shifting towards scamming victims in the US and Europe after Chinese efforts to prevent its citizens being targeted, experts told the Guardian. That has led some trafficking networks to seek recruits with English-language and tech skills — including east Africans, thousands of whom are now estimated to be trapped inside south-east Asian compounds, says Benedikt Hofmann, the UN Office on Drugs and Crime's representative for south-east Asia and the Pacific.

Thanks to long-time Slashdot reader mspohr for sharing the article.

In 2015 Kim Dotcom answered questions from Slashdot's readers.

Now CBS News reports on "the latest chapter in a protracted 13-year battle by the U.S. government" to extradite Finnish-German millionaire Kim Dotcom from New Zealand: A New Zealand court has rejected the latest bid by internet entrepreneur Kim Dotcom to halt his deportation to the U.S. on charges related to his file-sharing website Megaupload. Dotcom had asked the High Court to review the legality of an official's August 2024 decision that he should be surrendered to the U.S. to face trial on charges of copyright infringement, money laundering and racketeering... The Megaupload founder had applied for what in New Zealand is called a judicial review, in which a judge is asked to evaluate whether an official's decision was lawful. A judge on Wednesday dismissed Dotcom's arguments that the decision to deport him was politically motivated and that he would face grossly disproportionate treatment in the U.S...

New Zealand's government hasn't disclosed what will happen next in the extradition process or divulged an expected timeline for Dotcom to be surrendered to the United States
Dotcom "has been free on bail in New Zealand since February 2012," the article points out — and "One of his lawyers, Ron Mansfield, told Radio New Zealand that Dotcom's team had 'much fight left in us as we seek to secure a fair outcome,' but he didn't elaborate..."

The article notes that the latest decision "could be challenged in the Court of Appeal, where a deadline for filing is October 8."

An anonymous reader quotes a report from The Intercept: The company behind the Proton Mail email service, Proton, describes itself as a "neutral and safe haven for your personal data, committed to defending your freedom." But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists' accounts were eventually reinstated -- but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.

Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton's services as alternatives to something like Gmail "specifically to avoid situations like this," pointing out that "While it's good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most." Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions. Shelton noted that perhaps Proton should "prioritize responding to journalists about account suspensions privately, rather than when they go viral." On Reddit, Proton's official account stated that "Proton did not knowingly block journalists' email accounts" and that the "situation has unfortunately been blown out of proportion."

The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation -- what's known in cybersecurity parlance as an APT, or advanced persistent threat -- had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC. The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023. As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what's known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident. Phrack said the account suspensions created a "real impact to the author. The author was unable to answer media requests about the article." Phrack noted that the co-authors were already working with affected South Korean organizations on responsible disclosure and system fixes. "All this was denied and ruined by Proton," Phrack stated.

Phrack editors said that the incident leaves them "concerned what this means to other whistleblowers or journalists. The community needs assurance that Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent."

A former Memphis disc manufacturing employee has been sentenced to nearly five years in prison after stealing pre-release Blu-rays from his employer and leaking them online. While he received 21 months for copyright infringement, a concurrent firearm charge extended his total prison term to 57 months. TorrentFreak reports: In February, the U.S. Department of Justice indicted 37-year-old Steven Hale from Tennessee, a former employee of a disc manufacturing and distribution company in Memphis. While working at the unnamed company between 2021 and 2022, Hale allegedly stole numerous "pre-release" DVD and Blu-ray discs from his employer. These stolen discs contained many high-profile movie titles including "Spider-Man: No Way Home." In addition to the copyright infringement charge, Hale was also indicted for a firearm offense. When raiding his premises, law enforcement found a gun in a car that was registered in his name, which, for a felon, is a separate criminal offense.

Hale was sentenced at a federal court in Memphis yesterday, where Chief Judge Sheryl H. Lipman handed down a 57-month prison term, exactly in line with the U.S. government's recommendation. Two separate sentences will be served concurrently. Hale received 21 months for the theft and distribution of hundreds of pre-release movie discs. A longer sentence of 57 months was handed down for the firearm charge, which ultimately defines the total prison term. Judge Lipman also granted several requests by the defense. The court recommended that Hale be housed in a facility as close to Memphis as possible so he can be near his family. In addition, the defendant will be allowed to remain on bond and self-surrender to prison at a later date.

The 21-month sentence for the copyright infringement charge is substantially lower than the maximum of 60 months. This is in part the result of a guilty plea the defendant signed in May. After accepting responsibility, the prosecution agreed to drop other charges and recommend a sentence at the low end of the guideline range. Hale entered his guilty plea to Count Two of the indictment. The charge relates to his distribution of ten or more copies of copyrighted works, including pre-release movies, for commercial advantage and private financial gain. This includes the pre-release 'Spider-Man: No Way Home' disc, which is likely the source of the public leak.

The Swiss government could soon require service providers with more than 5,000 users to collect government-issued identification, retain subscriber data for six months and, in many cases, disable encryption. From a report: The proposal, which is not subject to parliamentary approval, has alarmed privacy and digital-freedoms advocates worldwide because of how it will destroy anonymity online, including for people located outside of Switzerland. A large number of virtual private network (VPN) companies and other privacy-preserving firms are headquartered in the country because it has historically had liberal digital privacy laws alongside its famously discreet banking ecosystem.

Proton, which offers secure and end-to-end encrypted email along with an ultra-private VPN and cloud storage, announced on July 23 that it is moving most of its physical infrastructure out of Switzerland due to the proposed law. The company is investing more than $117 million in the European Union, the announcement said, and plans to help develop a "sovereign EuroStack for the future of our home continent." Switzerland is not a member of the EU. Proton said the decision was prompted by the Swiss government's attempt to "introduce mass surveillance."

An anonymous reader quotes a report from Wired: The United States has emerged as the largest investor in commercial spyware -- a global industry that has enabled the covert surveillance of journalists, human rights defenders, politicians, diplomats, and others, posing grave threats to human rights and national security. In 2024, 20 new US-based spyware investors were identified, bringing the total number of American backers of this technology to 31. This growth has largely outpaced other major investing countries such as Israel, Italy, and the United Kingdom, according to a new report published today by the Atlantic Council.

The study surveyed 561 entities across 46 countries between 1992 and 2024, identifying 34 new investors. This brings the total to 128, up from 94 in the dataset published last year. The number of identified investors in the EU Single Market, plus Switzerland, stands at 31, with Italy -- a key spyware hub -- accounting for the largest share at 12. Investors based in Israel number 26. US-based investors include major hedge funds D.E. Shaw & Co. and Millennium Management, prominent trading firm Jane Street, and mainstream financial-services company Ameriprise Financial -- all of which, according to the Atlantic Council, have channeled funds to Israeli lawful-interception software provider Cognyte, a company allegedly linked to human rights abuses in Azerbaijan and Indonesia, among others. [...]

Apart from focusing on investment, the Atlantic Council notes that the global spyware market is "growing and evolving," with its dataset expanded to include four new vendors, seven new resellers or brokers, 10 new suppliers, and 55 new individuals linked to the industry. Newly identified vendors include Israel's Bindecy and Italy's SIO. [...] The study reveals the addition of three new countries linked to spyware activity -- Japan, Malaysia, and Panama. Japan in particular is a signatory to international efforts to curb spyware abuse, including the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware and the Pall Mall Process Code of Practice for States. The Atlantic Council's Jen Roberts, who also worked on the report, urged expanding Executive Order 14105 to also include spyware. He also emphasized preserving Executive Order 14093, noting that U.S. purchasing power is a key lever in shaping and constraining the global spyware market. "US purchasing power is a significant tool in shaping and constraining the global market for spyware," said Roberts.

An anonymous reader quotes a report from Ars Technica: Verizon lost an attempt to overturn a $46.9 million fine for selling customer location data without its users' consent. The US Court of Appeals for the 2nd Circuit rejected Verizon's challenge in a ruling (PDF) issued today. The Federal Communications Commission fined the three major carriers last year for violations revealed in 2018. The companies sued the FCC in three different courts, with varying results.

AT&T beat the FCC in the reliably conservative US Court of Appeals for the 5th Circuit, while T-Mobile lost in the District of Columbia Circuit. Although FCC Chairman Brendan Carr voted against (PDF) the fine last year, when the commission had a Democratic majority, his FCC urged the courts to uphold the Biden-era decisions. A ruling against the FCC could gut the agency's ability to issue financial penalties. The different rulings from different circuits raise the odds of the cases being taken up by the Supreme Court.

Today's 2nd Circuit ruling against Verizon was issued unanimously by a panel of three judges, and it comes to the same legal conclusions as the DC Circuit did in the T-Mobile case. The court did not accept the carrier's argument that the fine violated its Seventh Amendment right to a jury trial and that the location data wasn't protected under the law used by the FCC to issue the penalties. "We disagree [with Verizon]," the 2nd Circuit ruling said. "The customer data at issue plainly qualifies as customer proprietary network information, triggering the Communication Act's privacy protections. And the forfeiture order both soundly imposed liability and remained within the strictures of the penalty cap. Nothing about the Commission's proceedings, moreover, transgressed the Seventh Amendment's jury trial guarantee. Indeed, Verizon had, and chose to forgo, the opportunity for a jury trial in federal court. Thus, we DENY Verizon's petition." Until 2019, the ruling said Verizon operated a location-based services program that sold customer location data through intermediaries like LocationSmart and Zumigo, who then resold it to dozens of third-party entities. Instead of directly managing consent and notifications, Verizon "largely delegated those functions via contract" to its partners, a system that came under scrutiny after a 2018 New York Times report exposed security breaches.

One major misuse involved Securus Technologies, which "was misusing the program to enable law enforcement officers to access location data without customers' knowledge or consent, so long as the officers uploaded a warrant or some other legal authorization," the ruling said. Verizon argued that Section 222 of the Communications Act only covered call-location data, but the court ruled that device-location data also qualifies as protected customer information.

Perplexity AI is the latest AI startup to be hit with a lawsuit by copyright holders, accused by Encyclopedia Britannica and Merriam-Webster of misusing their content in its "answer engine" for internet searches. From a report: The reference companies alleged in New York federal court on Wednesday that Perplexity unlawfully copied their material and diminished their revenue by redirecting their web traffic to its AI-generated summaries.

Snapchat has been accused by a Danish research organisation of leaving an "overwhelming number" of drug dealers to openly operate on Snapchat, making it easy for children to buy substances including cocaine, opioids and MDMA. The Guardian: The social media platform has said it proactively uses technology to filter out profiles selling drugs. However, research by Digitalt Ansvar (Digital Accountability), a Danish research organisation that promotes responsible digital development, has found evidence of a failure to moderate drug-related language in usernames. It also accused Snapchat of failing to respond adequately to reports of profiles openly selling drugs.

Researchers used profiles of 13-year-olds and found a multitude of people selling drugs on Snapchat under usernames featuring keywords such as "coke," "weed" and "molly." When researchers reported 40 of these profiles to Snapchat, the company removed only 10 of them. The other 30 reports were rejected, they said.

President Trump on Tuesday issued a memorandum directing the FDA and HHS to crack down on misleading direct-to-consumer prescription drug ads, requiring clearer disclosure of risks and ensuring that promotions don't overstate benefits or push costly drugs over generics. Longtime Slashdot reader sinij shares an excerpt from the memorandum: The Secretary of Health and Human Services shall therefore take appropriate action to ensure transparency and accuracy in direct-to-consumer prescription drug advertising, including by increasing the amount of information regarding any risks associated with the use of any such prescription drug required to be provided in prescription drug advertisements, to the extent permitted by applicable law. The Commissioner of Food and Drugs shall take appropriate action to enforce the Federal Food, Drug, and Cosmetic Act's prescription drug advertising provisions, and otherwise ensure truthful and non-misleading information in direct-to-consumer prescription drug advertisements. "Advertising dollars is a major avenue for pharmaceutical companies to influence news and attempt to shape public opinion," comments sinij. "Advertising was a major contributor to painkiller addiction, where networks were hesitant to cover early reports of addictiveness. It is likely directly contributing today to lack of critical coverage of Ozempic. It is just too big of a conflict of interest to allow to stand."

Cindy Cohn, who has led the Electronic Frontier Foundation as Executive Director for the past decade and has been with the organization for over 25 years, will step down by mid-2026. The digital rights group is launching a search for her successor. From a press release: "It's been the honor of my life to help EFF grow and become the strong, effective organization it is today, but it's time to make space for new leadership. I also want to get back into the fight for civil liberties more directly than I can as the executive director of a thriving 125-person organization," Cohn said. "I'm incredibly proud of all that we've built and accomplished. One of our former interns once called EFF the joyful warriors for internet freedom and I have always loved that characterization." "I know EFF's lawyers, activists and technologists will continue standing up for freedom, justice and innovation whether we're fighting trolls, bullies, corporate oligarchs, clueless legislators or outright dictators," she added. [...]

Cohn said she made the decision to step down more than a year ago, and later informed EFF's Board of Directors and executive staff. The Board of Directors has assembled a search committee, which in turn has engaged leadership advisory firm Russell Reynolds Associates to conduct a search for EFF's new executive director. Inquiries about the search can be directed to EFF@russellreynolds.com. The search committee hopes to hire someone next spring, with Cohn planning to remain at EFF for a transition period through early summer.

An anonymous reader quotes a report from 404 Media: Employees at Robert F Kennedy Jr.'s Department of Health and Human Services received an email Tuesday morning with the subject line "AI Deployment," which told them that ChatGPT would be rolled out for all employees at the agency. The deployment is being overseen by Clark Minor, a former Palantir employee who's now Chief Information Officer at HHS. "Artificial intelligence is beginning to improve health care, business, and government," the email, sent by deputy secretary Jim O'Neill and seen by 404 Media, begins. "Our department is committed to supporting and encouraging this transformation. In many offices around the world, the growing administrative burden of extensive emails and meetings can distract even highly motivated people from getting things done. We should all be vigilant against barriers that could slow our progress toward making America healthy again."

"I'm excited to move us forward by making ChatGPT available to everyone in the Department effective immediately," it adds. "Some operating divisions, such as FDA and ACF [Administration for Children and Families], have already benefitted from specific deployments of large language models to enhance their work, and now the rest of us can join them. This tool can help us promote rigorous science, radical transparency, and robust good health. As Secretary Kennedy said, 'The AI revolution has arrived.'" [...] The email says that the rollout was being led by Minor, who worked at the surveillance company Palantir from 2013 through 2024. It states Minor has "taken precautions to ensure that your work with AI is carried out in a high-security environment," and that "you can input most internal data, including procurement sensitive data and routine non-sensitive personally identifiable information, with confidence."

It then goes on to say that "ChatGPT is currently not approved for disclosure of sensitive personally identifiable information (such as SSNs and bank account numbers), classified information, export-controlled data, or confidential commercial information subject to the Trade Secrets Act." The email does not distinguish what "non-sensitive personally identifiable information" is. HHS did not immediately respond to a request for comment from 404 Media. [...] The agency has also said it plans to roll out AI through HHS's Centers for Medicare and Medicaid Services that will determine whether patients are eligible to receive certain treatments. These types of systems have been shown to be biased when they've been tried, and result in fewer patients getting the care they need.

Pakistan has built surveillance systems that it is actively using to spy on millions of its citizens and to block millions of internet sessions, according to Amnesty International. The Asian nation's Lawful Intercept Management System enables intelligence agencies to tap calls and texts across all four major mobile operators.

A Chinese-built firewall, WMS 2.0, currently blocks approximately 650,000 web links and restricts platforms including YouTube, Facebook, and X. The surveillance infrastructure combines technology from Chinese company Geedge Networks, U.S.-based Niagara Networks, France's Thales DIS, Germany's Utimaco, and UAE-based Datafusion. Balochistan province has experienced years-long internet blackouts under the system.

BrianFagioli shares a report from NERDS.xyz: Plex has alerted its customers about a security incident that may have affected user accounts. In an email sent to subscribers, the popular media server company confirmed that an unauthorized third party gained access to one of its databases. The breach exposed emails, usernames, and hashed passwords. Plex emphasized that passwords were encrypted following best practices, so attackers cannot simply read them. The company also reassured users that no credit card data was compromised, since Plex does not store that information on its servers. Still, out of caution, it is requiring all account holders to reset their credentials.

Users are being directed to reset their passwords at plex.tv/reset. During the process, Plex recommends enabling the option to sign out all connected devices. This measure logs out every device associated with the account, including Plex Media Servers, forcing a fresh login with the updated password. The company says it has already fixed the method used by the intruder to gain entry and is conducting additional security reviews. Plex is also urging subscribers to enable two-factor authentication if they have not already done so.

Signal has begun rolling out end-to-end encrypted cloud backups in its latest Android beta release. The opt-in feature allows users to restore message history if their phone is lost or damaged. Free backups include all text messages and 45 days of media attachments. A $1.99 monthly subscription extends media storage to 100GB.

Users generate a 64-character recovery key on their device that Signal's servers never access. Backups refresh daily, excluding view-once messages and those set to disappear within 24 hours. The nonprofit cited storage costs as the reason for its first paid tier. iOS and Desktop support will follow the Android rollout. Signal said it stores backup archives without linking them to specific user accounts or payment information.