An anonymous reader quotes a report from KOMO: Ermenildo Castro, 28, of Tacoma, allegedly told detectives that he was inspired by the 90's movie "Office Space" when he devised a plan to divert customer fees from his employer, Zulily.com, into his own bank accounts. According to court documents, Castro wrote software code that manipulated the online retailer's checkout page to send the shipping fees into his own account. The charges allege Castro netted $260,000 in stolen shipping fees. Seattle police detectives said Castro also used his position as a software engineer to manipulate prices on Zulily to purchase approximately $41,000 in merchandise for 'pennies on the dollar'.

According to police, the company's cybersecurity staff found a document on Castro's laptop titled 'OfficeSpace project', which outlined Castro's scheme to 'cleanup evidence' by manipulating audit logs and disabling alarm logging. The theft began in February and by March the company had identified discrepancies in the shipping fees being charged to customers, an SPD report states. Castro was part of the team assigned to investigate the discrepancies in shipping fees, according to the report. Zulily investigators eventually caught on to Castro's scheme and went to his house in Tacoma where they found boxes of merchandise piled up outside the front door and driveway, the report states. In total, Zulily's team said Castro had sent over 1,000 items sent to his house. Seattle police detectives wrote a narrative explaining how Castro's alleged scheme related to the movie "Office Space," including the plot outline on IMDB.com.

"In the Initech office, the insecure Peter Gibbons hates his job. His best friends are two software engineers Michael Bolton and Samir Nagheenanajar, that also hate Initech. When he discovers that Michael and Samir will be downsized, they decide to plant a virus in the banking system to embezzle fraction of cents on each financial operation into Peter's account. However[,] Michael commits a mistake in the software on the decimal place and they siphon off over $300,000. The desperate trio tries to fix the problem, return the money and avoid going to prison."

Nobody is immune to being scammed online -- not even the people running the scams. From a report: Cybercriminals using hacking forums to buy software exploits and stolen login details keep falling for cons and are getting ripped off thousands of dollars at a time, a new analysis has revealed. And what's more, when the criminals complain that they are being scammed, they're also leaving a trail of breadcrumbs of their own personal information that could reveal their real-world identities to police and investigators. Hackers and cybercriminals often gather on specific forums and marketplaces to do business with each other. They can advertise upcoming work they need help with, sell databases of people's stolen passwords and credit card information, or tout new security vulnerabilities that can be used to break into people's devices or systems. However, these deals often don't go to plan.

The new research, published today by cybersecurity firm Sophos, examines these failed transactions and the complaints people have made about them. "Scammers scamming scammers on criminal forums and marketplaces is much bigger than we originally thought it was," says Matt Wixey, a researcher with Sophos X-Ops who studied the marketplaces. Wixey examined three of the most prominent cybercrime forums: the Russian-language forums Exploit and XSS, plus the English-language BreachForums, which replaced RaidForums when it was seized by US law enforcement in April. While the sites operate in slightly different ways, they all have "arbitration" rooms where people who think they've been scammed or wronged by other criminals can complain. For instance, if someone purchases malware and it doesn't work, they may moan to the site's administrators. The complaints sometimes lead to people getting their money back, but more often act as a warning for other users, Wixey says. In the past 12 months -- the period the research covers -- criminals on the forums have lost more than $2.5 million to other scammers, the analysis says. Some people complain about losing as little as $2, while the median scams on each of the sites ranges from $200 to $600, according to the research, which is being presented at the BlackHat Europe security conference.

An anonymous reader quotes a report from Motherboard: The Queensland, Australia police have used DNA phenotyping for the first time ever in hopes of leading to a breakthrough for a 1982 murder. The department partnered with a U.S.-based company called Parabon NanoLabs to create a profile image of the murder suspect, a Caucasian man with long blonde hair. Police claim that this image was generated using blood samples found at the scene of the murder of a man from 40 years ago; according to the Australian Broadcasting Corporation this is the first time "investigative genetic genealogy" has been used in Queensland.

This image does not factor in any environmental characteristics, such as tattoos, facial hair, and scars, and cannot determine the age or body mass of the suspect. However, Queensland investigators have published the image online and are offering a $500,000 reward and indemnity from prosecution to anyone who might have information about the suspect. The image is a vague rendering of a man that does not provide any more information than the sketch that the department already has of the suspect. This further perpetuates the hyper-surveillance of any man who resembles the image. Parabon NanoLabs has already been criticized by criminal justice and privacy experts for disseminating images that implicate too broad a pool of suspects.

The Queensland police department said that the DNA sample from the case generated a genealogy tree of "15,000 'linked' individuals" and they have not been able to find a close match yet. Instead of facing the possibility that DNA phenotyping may not be an effective tool for narrowing down a suspect, the police department's strategy is to ask the public for their DNA samples. Criminologist Xanthe Mallett said in a press release that to help police find a match, people can "opt-in" to share their own DNA samples with investigators through DNA services such as Family Tree and GEDMatch. "Many members of the public that see this generated image will be unaware that it's a digital approximation, that age, weight, hairstyle, and face shape may be very different, and that accuracy of skin/hair/eye color is approximate," said Callie Schroeder, the Global Privacy Counsel at the Electronic Privacy Information Center.

Australia's second-largest telecommunications company, Optus, has reported a cyber-attack. The breach exposed customers' names, dates of birth, phone numbers and email addresses. From a report: The company - which has more than ten million subscribers - says it has shut down the attack but not before other details such as driver's licences and passport numbers were hacked. Optus says payment data and account passwords were not compromised. The company said it would notify those at "heightened risk" but all customers should check their accounts. Chief executive Kelly Bayer Rosmarin apologised to its customers, on ABC TV. She said names, dates of birth and contact details had been accessed, "in some cases" the driving licence number, and in "a rare number of cases the passport and the mailing address" had also been exposed. The company had notified the Australian Federal Police after noticing "unusual activity." And investigators were trying "to understand who has been accessing the data and for what purpose."

An anonymous reader quotes a report from Wired: If you were born in the United States within the last 50 or so years, chances are good that one of the first things you did as a baby was give a DNA sample to the government. By the 1970s, states had established newborn screening programs, in which a nurse takes a few drops of blood from a pinprick on a baby's heel, then sends the sample to a lab to test for certain diseases. Over the years, the list has grown from just a few conditions to dozens. The blood is supposed to be used for medical purposes -- these screenings identify babies with serious health issues, and they have been highly successful at reducing death and disability among children. But a public records lawsuit filed last month in New Jersey suggests these samples are also being used by police in criminal investigations. The lawsuit, filed by the state's Office of the Public Defender and the New Jersey Monitor, a nonprofit news outlet, alleges that state police sought a newborn's blood sample from the New Jersey Department of Health to investigate the child's father in connection with a sexual assault from the 1990s.

Crystal Grant, a technology fellow at the American Civil Liberties Union, says the case represents a "whole new leap forward" in the misuse of DNA by law enforcement. "It means that essentially every baby born in the US could be included in police surveillance," she says. It's not known how many agencies around the country have sought to use newborn screening samples to investigate crimes, or how often those attempts were successful. But there is at least one other instance of it happening. In December 2020, a local TV station reported that police in California had issued five search warrants to access such samples, and that at least one cold case there was solved with the help of newborn blood. "This increasing overreach into the health system by police to get genetic information is really concerning," Grant says.

The New Jersey lawsuit alleges that police obtained the blood sample of a newborn child (who is now elementary-school aged) to perform a DNA analysis that linked the baby's father to a crime. This was done using a technique called investigative genetic genealogy, or forensic genealogy. It usually involves isolating DNA left at a crime scene and using it to create a digital genetic profile of a suspect. Investigators can upload this profile to genealogy websites where other people have freely shared their own DNA information in the hope of connecting with family members or learning about their ancestry. Because DNA is shared within families, investigators can use relative matches to map out a suspect's family tree and narrow down their identity. According to the New Jersey lawsuit, police had reopened an investigation into a cold case and had used genetics to place the suspect within a single family: one of several adults or their children. But police didn't yet have probable cause to obtain search warrants for DNA swabs from any of them. Instead, they asked the state's newborn screening lab for a blood sample of one of the children. Analysis of this genetic information revealed a close relationship between the baby's DNA and the DNA taken at the crime scene, indicating that the baby's father was the person police were seeking. That was enough to establish probable cause in the assault investigation, so police sought a warrant for a cheek swab from the father. After analyzing his DNA, the suit contends, police found that it was a match to the crime scene DNA. "Because there are no federal laws governing newborn screening programs, states set their own policies on which diseases they test for, how long samples are stored, and how they can be used," notes Wired. "Some states hold on to blood samples for months, others for years or decades. Virginia only keeps samples from infants with normal results for six months, while Michigan retains them for up to 100 years. New Jersey stores samples for 23 years before destroying them."

An anonymous reader quotes a report from The Daily Beast: On Sept. 5, 1992, computer engineer Laurie Houts, 25, was found fatally strangled in her car near a California garbage dump. Her boyfriend's roommate was arrested in connection with the case, but two trials -- and two hung juries -- later, a judge dismissed the case. The roommate moved to the Netherlands soon afterward. Over the weekend, the roommate -- now the chief executive of a small software company -- was arrested as he landed at John F. Kennedy International Airport in New York City, according to the Santa Clara County Office of the District Attorney. John Woodward, the 58-year-old CEO and president of ReadyTech, is expected to be extradited to Santa Clara County by the end of the month, District Attorney Jeff Rosen said Monday. Once there, Woodward will be arraigned for the third time in Houts' murder by strangulation.

Houts' body was discovered by a passerby less than a mile from her office at Adobe Systems in Mountain View more than 30 years ago, according to the San Francisco Chronicle. A rope was around her neck, and there were footprints on the inside of her windshield, which were called "a sign of her struggle with Woodward" by the district attorney's office. Forensic science at the time was able to match Woodward to fingerprints found outside the car, but investigators could not prove that he had been inside the vehicle. Still, when Houts' boyfriend made a call, monitored by police, to Woodward soon after the 25-year-old's death, he "did not deny" killing Houts. Instead, according to a police summary of the matter, Woodward asked what evidence the authorities had against him and suggested to the roommate that they "meet in a parking lot" to talk more.

Woodward, who had no alibi for the night Houts was killed, was arrested that same year. Prosecutors alleged that Woodward had developed an "unrequited" romantic interest in Houts' boyfriend. The theory was criticized as homophobic at Woodward's first trial by his defense lawyer in 1995, the The Mercury News reported Monday, and the jury deadlocked on his innocence, voting 8-4 for acquittal. A year later, despite a judge barring the romantic-rival argument, the jury hearing Woodward's second trial again hung itself, this time ruling 7-5. The judge soon dismissed the case for insufficient evidence. But advances in DNA technology allowed detectives to link Woodward to the rope around Houts' neck for the first time last year, Rosen's statement said. Investigators in both the Santa Clara County Crime Lab and Mountain View Police Department matched both Woodward's genetic material and fibers on his sweatpants to "the murder weapon," police said.

An anonymous reader quotes a report from NBC News: A teen charged with setting a fire that killed five members of a Senegalese immigrant family in Denver, Colorado, has become the first person to challenge police use of Google search histories to find someone who might have committed a crime, according to his lawyers. In documents filed Thursday in Denver District Court, lawyers for the 17-year-old argue that the police violated the Constitution when they got a judge to order Google to check its vast database of internet searches for users who typed in the address of a home before it was set ablaze on Aug. 5, 2020. Three adults and two children died in the fire.

That search of Google's records helped point investigators to the teen and two friends, who were eventually charged in the deadly fire, according to police records. All were juveniles at the time of their arrests. Two of them, including the 17-year-old, are being tried as adults; they both pleaded not guilty. The defendant in juvenile court has not yet entered a plea. The 17-year-old's lawyers say the search, and all evidence that came from it, should be thrown out because it amounted to a blind expedition through billions of Google users' queries based on a hunch that the killer typed the address into a search bar. That, the lawyers argued, violated the Fourth Amendment, which protects against unreasonable searches. "People have a privacy interest in their internet search history, which is really an archive of your personal expression," said Michael Price, who is lead litigator of the National Association of Criminal Defense Lawyers' Fourth Amendment Center and one of the 17-year-old's attorneys. "Search engines like Google are a gateway to a vast trove of information online and the way most people find what they're looking for. Every one of those queries reveals something deeply private about a person, things they might not share with friends, family or clergy."

Price said that allowing the government to sift through Google's vast trove of searches is akin to allowing the government access to users' "thoughts, concerns, questions, fears." He added: "Every one of those queries reveals something deeply private about a person, things they might not share with friends, family or clergy," Price said. "'Psychiatrists in Denver.' 'Abortion providers near me.' 'Does God exist.' Every day, people pose those questions to Google seeking information."

In 2018 police arrested "the Golden State Killer" — now a 72-year-old man who had committed 13 murders between 1974 and 1986, the New York Times remembers: What made the investigation possible was GEDmatch, a low-frills, online gathering place for people to upload DNA test results from popular direct-to-consumer services such as Ancestry or 23andMe, in hopes of connecting with unknown relatives. The authorities' decision to mine the genealogical enthusiasts' data for investigative leads was shocking at the time, and led the site to warn users. But the practice has continued, and has since been used in hundreds of cases.
But now using similar techniques, a wellness coach born in Mississippi (through a Facebook group called DNA Detectives) has helped over 200 strangers identify their unknown parents, the Times reports.

And she's recently donated more than $100,000 to a genetics lab called Othram — to fund the sequencing of DNA to solve cold cases back in her home state. "These families have waited so long for answers," she told the New York Times, which calls her "part of a growing cohort of amateur DNA detectives..." [Othram] created a site called DNASolves to tell the stories of horrific crimes and tragic John and Jane Does — with catchy names like "Christmas tree lady" and "angel baby" — to encourage people to fund budget-crunched police departments, so that they can hire Othram. A competitor, Parabon NanoLabs, had created a similar site called JusticeDrive, which has raised around $30,000.

In addition to money, Othram encouraged supporters to donate their DNA, a request that some critics called unseemly, saying donors should contribute to databases easily available to all investigators. "Some people are too nervous to put their DNA in a general database," said Mr. Mittelman, who declined to say how large his database is. "Ours is purpose-built for law enforcement."
Another group raising money for genetic investigations are the producers of true-crime podcasts — and their listeners. According to the article, the podcast-producing company Audiochuck has donated roughly $800,000 to organizations doing investigative genealogical research (including Othram), though the majority went to a nonprofit started by the host of the "Crime Junkie" podcast. (And that nonprofit raised another $250,000, some through crowdfunding.)

"Why just listen to a murder podcast when you can help police comb through genealogical databases for the second cousins of suspected killers and their unidentified victims?" the Times asks? So far donors around the country have given at least a million dollars to the cause. They could usher in a world where few crimes go unsolved — but only if society is willing to accept, and fund, DNA dragnets.... A group of well-off friends calling themselves the Vegas Justice League has given Othram $45,000, resulting in the solving of three murder-rape cases in Las Vegas, including those of two teenage girls killed in 1979 and in 1989.... [T]he perpetrators were dead....

Natalie Ram, a law professor at the University of Maryland, expressed concern about "the public picking and choosing between cases," saying investigative priorities could be determined by who can donate the most. Ms. Ram said the "largest share" of cases solved so far with the method "tend to involve white female victims...."

Ms. Ram is also concerned about the constitutional privacy issues raised by the searches, particularly for those people who haven't taken DNA tests or uploaded their results to the public internet. Even if you resolve never to put your DNA on a site accessible to law enforcement authorities, you share DNA with many other people so could still be discoverable. All it takes is your sibling, aunt or even a distant cousin deciding differently.

An anonymous reader quotes a report from Bloomberg: Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft and Nvidia, have traced the attacks to a 16-year-old living at his mother's house near Oxford, England. Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind.

The teen is suspected by the researchers of being behind some of the major hacks carried out by Lapsus$, but they haven't been able to conclusively tie him to every hack Lapsus$ has claimed. The cyber researchers have used forensic evidence from the hacks as well as publicly available information to tie the teen to the hacking group. Bloomberg News isn't naming the alleged hacker, who goes by the online alias "White" and "breachbase," who is a minor and hasn't been publicly accused by law enforcement of any wrongdoing. Another member of Lapsus$ is suspected to be a teenager residing in Brazil, according to the investigators. One person investigating the group said security researchers have identified seven unique accounts associated with the hacking group, indicating that there are likely others involved in the group's operations. The teen is so skilled at hacking — and so fast-- that researchers initially thought the activity they were observing was automated, another person involved in the research said. [...]

The teenage hacker in England has had his personal information, including his address and information about his parents, posted online by rival hackers. At an address listed in the leaked materials as the teen's home near Oxford, a woman who identified herself as the boy's mother talked with a Bloomberg reporter for about 10 minutes through a doorbell intercom system. The home is a modest terraced house on a quiet side street about five miles from Oxford University. The woman said she was unaware of the allegations against her son or the leaked materials. She said she was disturbed that videos and pictures of her home and the teen's father's home were included. The mother said the teenager lives at that address and had been harassed by others, but many of the other leaked details couldn't be confirmed. She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police.

What's the lesson after $3.6 billion in stolen bitcoin was seized by America's Justice Department from the couple who laundering it?

Wired argues it all just shows how hard it is to launder cryptocurrency: In the 24 hours since, the cybersecurity world has ruthlessly mocked their operational security screwups: Lichtenstein allegedly stored many of the private keys controlling those funds in a cloud-storage wallet that made them easy to seize, and Morgan flaunted her "self-made" wealth in a series of cringe-inducing rap videos on YouTube and Forbes columns. But those gaffes have obscured the remarkable number of multi-layered technical measures that prosecutors say the couple did use to try to dead-end the trail for anyone following their money.

Even more remarkable, perhaps, is that federal agents, led by IRS Criminal Investigations, managed to defeat those alleged attempts at financial anonymity on the way to recouping $3.6 billion of stolen cryptocurrency. In doing so, they demonstrated just how advanced cryptocurrency tracing has become — potentially even for coins once believed to be practically untraceable.

Ari Redbord, the head of legal and government affairs for TRM Labs, a cryptocurrency tracing and forensics firm...points to the couple's alleged use of "chain-hopping" — transferring funds from one cryptocurrency to another to make them more difficult to follow — including exchanging bitcoins for "privacy coins" like monero and dash, both designed to foil blockchain analysis. Court documents say the couple also allegedly moved their money through the Alphabay dark web market — the biggest of its kind at the time — in an attempt to stymie detectives....Lichtenstein and Morgan appear to have intended to use Alphabay as a "mixer" or "tumbler," a cryptocurrency service that takes in a user's coins and returns different ones to prevent blockchain tracing....

In July 2017, however — six months after the IRS says Lichtenstein moved a portion of the Bitfinex coins into AlphaBay wallets — the FBI, DEA, and Thai police arrested AlphaBay's administrator and seized its server in a data center in Lithuania. That server seizure isn't mentioned in the IRS's statement of facts. But the data on that server likely would have allowed investigators to reconstruct the movement of funds through AlphaBay's wallets and identify Lichtenstein's withdrawals to pick up their trail again, says Tom Robinson, a cofounder of the cryptocurrency tracing firm Elliptic.
The arrests and "largest financial seizure ever show that cryptocurrency is not a safe haven for criminals..." Deputy Attorney General Lisa O. Monaco said in a press release. "Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes."

Or, as Wired puts it, "Even if your rap videos and sloppy cloud storage accounts don't get you caught, your clever laundering tricks may still not save you from the ever-evolving sophistication of law enforcement's crypto-tracers."

The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. BleepingComputer reports: "According to the government's complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. ("Sony Life") in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts," the Justice Dept said today. "Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California."

According to court documents, Ishii switched the transfer address for a Sony Life transaction to use a Silvergate Bank account under his control. Ishii later converted the stolen funds into more than 3879 bitcoins via A Coinbase set up to automatically transfer all added funds to an offline cryptocurrency cold wallet [...]. After converting the money to cryptocurrency, Ishii also tried persuading his supervisor and several Sony Life executives not to help investigators by emailing them a ransom note typed in English and Japanese. "If you accept the settlement, we will return the funds back. If you are going to file criminal charges, it will be impossible to recover the funds," the note read. "We might go down behind all of this, but one thing is for sure, you are going to be right there next to us. We strongly recommend to stop communicate (sic) with any third parties including law enforcement."

However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii's wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI's bitcoin wallet. [...] Tokyo's Metropolitan Police Department arrested the 32-year-old Ishii the same day and criminally charged him on suspicion of obtaining $154 million dollars following fraudulent money transfers from mid-May.

Chinese officials said last week that a foreign intelligence agency hacked several of its airlines in 2020 and stole passenger travel records. From a report: The hacking campaign was disclosed last week by officials from the Ministry of State Security, China's civilian intelligence, security, and secret police agency. The hacking campaign was discovered after one of China's airlines reported a security breach to MSS officials in January 2020. Investigators said they linked the hacks to a custom trojan that the attackers used to exfiltrate passenger details and other data from this first target. A subsequent investigation found other airlines compromised in the same way. "After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency," the MSS said in a press release distributed via state news channels last Monday. The MSS did not formally attribute the attack to any foreign agency or country.

The U.S. Department of Defense's internet-defending Cyber Command teamed with "a foreign government" in two operations which shut down a major overseas ransomware group by hijacking its servers, reports the Washington Post. Several U.S. officials told the Post the operation left the ransomware gang's leaders "too frightened of identification and arrest to stay in business." "Domains hijacked from REvil," wrote 0_neday, an REvil leader, on a Russian-language forum popular with cyber criminals, on October 17.... "The server was compromised," he wrote hours later, "and they are looking for me." And then: "Good luck everyone, I'm taking off."

Soon after, REvil ceased operations, such as recruitment of affiliates, ransom negotiations and distribution of malware.

The Washington Post previously reported that REvil's servers ["reachable only through Tor"] had been hacked in the summer, permitting the FBI to have access. The compromise allowed the FBI, working with the foreign partner, to gain access to the servers and private keys, officials said. The bureau was then able to share that information last month with the U.S. Cyber Command, enabling the hijacking, they said... Cyber Command leader, General Paul Nakasone, said at the Aspen Security Forum on Wednesday that while he wouldn't comment on specific operations, "we bring our best people together ... the really good thinkers" to brainstorm ways to "get after folks" conducting ransomware attacks and other malign activities. "I'm pleased with the progress we've made," he said, "and we've got a lot more to do."

The group's departure may be temporary. Ransomware gangs have been known to go underground, regroup and reappear, sometimes under a new name. But the recent development suggests that ransomware crews can be influenced — even temporarily — to cease operations if they fear they will be outed and arrested, analysts say. "The latest voluntary disappearance of REvil highlights the powerful psychological impact of having these villains believe that they are being hunted and that their identities will be revealed," said Dmitri Alperovitch, executive chairman of the think tank Silverado Policy Accelerator and a cyber expert. "U.S. and allied governments should proudly acknowledge these cyber operations and make it clear that no ransomware criminal will be safe from the long reach of their militaries and law enforcement agencies...."

Recorded Future threat intelligence analyst Dmitry Smilyanets believes "REvil as a brand is done."
And meanwhile, an anonymous Slashdot reader shares the news that German investigators "have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang," according to Threatpost. "He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang." The showy billionaire goes by "Nikolay K." on social media, and German police are hoping he'll cruise out of Russia on his next vacation — preferably, to a country with a cooperation agreement with Germany so they can arrest him. In case he decides to kick back somewhere other than sunny Crimea, they've got an arrest warrant waiting for him....

According to Reuters, which broke the news about last week's law enforcement move against the gang, REvil's also behind the Colonial Pipeline attack, as opposed to a culprit presumed to be a ransomware group named DarkSide.

Long-time Slashdot reader Aighearach shares a report from the BBC: Investigators looking into a series of sightings of a mysterious "jetpack man" flying over Los Angeles say they may in fact have been balloons. The FBI launched an investigation after several pilots reported spotting "a guy in a jetpack" at 3,000ft (915m) above the city's LAX airport last year. But now officials say the pilots may have seen inflatables.

Police helicopter footage apparently shows a Halloween decoration that broke loose and drifted into the sky. The images show what appears to be life-sized balloon effigy of Jack Skellington, from the 1993 Tim Burton film The Nightmare Before Christmas.

A team of more than 40 specialists believes that they have identified the Zodiac Killer, an unnamed serial murderer who operated in the San Fransisco Bay area in the 1960s. From a report: The Case Breakers, a team consisting of former law enforcement investigators, journalists and military intelligence officers, said in a press release that they believe they have identified the Zodiac Killer as Gary Francis Poste, who died in 2018. The Zodiac Killer has been connected to five murders between 1968 and 1969. The killer notably taunted authorities through complex riddles and ciphers sent to media and police during the investigations. The Case Breakers say they identified Poste as the killer after uncovering forensic evidence and photos from Poste's darkroom. The team said a few images featured in the press release show scars on his forehead that similarly matches scars on a sketch of the Zodiac. Jen Bucholtz, a former Army counterintelligence agent who works on cold cases, said the team also found deciphered letters sent by the Zodiac that revealed Poste as the killer, according to Fox News. "So you've got to know Gary's full name in order to decipher these anagrams," she said. "I just don't think there's any other way anybody would have figured it out."

The Washington Post reports that the U.S. government "plans to expand its use of facial recognition to pursue criminals and scan for threats, an internal survey has found, even as concerns grow about the technology's potential for contributing to improper surveillance and false arrests." Ten federal agencies — the departments of Agriculture, Commerce, Defense, Homeland Security, Health and Human Services, Interior, Justice, State, Treasury and Veterans Affairs — told the Government Accountability Office they intend to grow their facial recognition capabilities by 2023, the GAO said in a report posted to its website Tuesday. Most of the agencies use face-scanning technology so employees can unlock their phones and laptops or access buildings, though a growing number said they are using the software to track people and investigate crime. The Department of Agriculture, for instance, said it wants to use it to monitor live surveillance feeds at its facilities and send an alert if it spots any faces also found on a watch list...

The GAO said in June that 20 federal agencies have used either internally developed or privately run facial recognition software, even though 13 of those agencies said they did not "have awareness" of which private systems they used and had therefore "not fully assessed the potential risks ... to privacy and accuracy." In the current report, the GAO said several agencies, including the Justice Department, the Air Force and Immigration and Customs Enforcement, reported that they had used facial recognition software from Clearview AI, a firm that has faced lawsuits from privacy groups and legal demands from Google and Facebook after it copied billions of facial images from social media without their approval... Many federal agencies said they used the software by requesting that officials in state and local governments run searches on their own software and report the results. Many searches were routed through a nationwide network of "fusion centers," which local police and federal investigators use to share information on potential threats or terrorist attacks...

U.S. Customs and Border Protection officials, who have called the technology "the way of the future," said earlier this month that they had run facial recognition scans on more than 88 million travelers at airports, cruise ports and border crossings. The systems, the officials said, have detected 850 impostors since 2018 — or about 1 in every 103,000 faces scanned.

A man who viewed documents online for a controversial London property development and shared them on social media was raided by police after developers claimed there had been a break-in to their systems. The Register reports: The raid by four Metropolitan Police constables took place after Southwark campaigner Robert Hutchinson was reportedly accused of illegally entering a password-protected area of a website. "I was searching in Google and found links to board meeting minutes," he told The Register. "Board reports, none of which were marked confidential. So I have no question that it was in the public domain." The Southwark News reported that Hutchinson was arrested at 8.20am on 10 June this year at home following allegations made by Leathermarket Community Benefit Society (CBS). The society is a property development firm that wants to build flats over a children's caged ball court in the south London borough, something Hutchinson "vocally opposes," according to the local paper.

"There's a directory, which you need to enter a password and a username to get into. But documents from that area were being published on Google," explained Hutchinson. "I didn't see a page saying 'this is the directors' area' or anything like that, the documents were just available. They were just linked directly." Police said in a statement that Hutchinson was arrested on suspicion of breaking section 1 of Britain's Computer Misuse Act 1990 "between the 17th and 24th February 2021 and had published documents from the website on social media." They added: "He was taken into custody and later released under investigation. Following a review of all available evidence, it was determined no offences had been committed and no further action was taken."

Hutchinson said his identification by Leathermarket and subsequent arrest raised questions in his mind, saying police confirmed to him that the company had handed over an access log containing IP addresses: "Now, how that ended up with me being in the frame, I don't know. There's part of this that doesn't add up..." While the property business did not respond to The Register's request for comment at the time of publication, in a statement given to the Southwark News it said: "When it came to the CBS's attention that confidential information had been accessed and subsequently shared via Twitter, the CBS made a general report of the data breach to the police â" who requested a full log of visitor access to the website before deciding whether or not to progress. The police carried out their own independent investigation into who accessed the documents and how, and have now concluded their investigation." The prepared police statement did not explain whether investigators tested Leathermarket CBS's version of events before arresting the campaigner.

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. Pegasus is the hacking software -- or spyware -- that is developed, marketed and licensed to governments around the world by NSO Group. The malware has the capability to infect billions of phones running either iOS or Android operating systems. It enables operators of the spyware to extract messages, photos and emails, record calls and secretly activate microphones. The Guardian reports: It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project -- a consortium of 17 media outlets, including the Guardian. Forbidden Stories, a Paris-based nonprofit media organization, and Amnesty International initially had access to a leaked list of 50,000 numbers that, it is believed, have been identified as those of people of interest by clients of Israeli firm NSO Group since 2016, and shared access with their media partners.

France's national agency for information systems security (Anssi) identified digital traces of NSO Group's hacking spyware on the television journalist's phone and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking. Anssi also found Pegasus on telephones belonging to Lenaig Bredoux, an investigative journalist at the French investigative website Mediapart, and the site's director, Edwy Plenel. Forbidden Stories believes at least 180 journalists worldwide may have been selected as people of interest in advance of possible surveillance by government clients of NSO.

Le Monde reported that the France 24 journalist, based in Paris, had been selected for "eventually putting under surveillance." Police experts discovered the spyware had been used to target the journalist's phone three times: in May 2019, September 2020 and January 2021, the paper said. Bredoux told the Guardian that investigators had found traces of Pegasus spyware on both her and Plenel's mobile phones. She said the confirmation of long-held suspicions that they had been targeted contradicted the repeated denials of those who were believed to be behind the attempt to spy on them.

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. Krebs on Security reports: Shane Sonderman, of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that's been "swatting" and harassing people for months in a bid to coerce targets into giving up their valuable Twitter and Instagram usernames. At Sonderman's sentencing hearing today, prosecutors told the court the defendant and his co-conspirators would text and call targets and their families, posting their personal information online and sending them pizzas and other deliveries of food as a harassment technique.

Other victims of the group told prosecutors their tormentors further harassed them by making false reports of child abuse to social services local to the target's area, and false reports in the target's name to local suicide prevention hotlines. Eventually, when subjects of their harassment refused to sell or give up their Twitter and Instagram usernames, Sonderman and others would swat their targets -- or make a false report to authorities in the target's name with the intention of sending a heavily armed police response to that person's address. [...]

Sonderman might have been eligible to knock a few months off his sentence had he cooperated with investigators and refrained from committing further crimes while out on bond. But prosecutors said that shortly after his release, Sonderman went right back to doing what he was doing when he got caught. Investigators who subpoenaed his online communications found he'd logged into the Instagram account "FreeTheSoldiers," which was known to have been used by the group to harass people for their social media handles. Sonderman was promptly re-arrested for violating the terms of his release, and prosecutors played for the court today a recording of a phone call Sonderman made from jail in which he brags to a female acquaintance that he wiped his mobile phone two days before investigators served another search warrant on his home. "Although it may seem inadequate, the law is the law," said Judge Norris after giving Sonderman the maximum sentence allowed by law under the statute. "The harm it caused, the death and destruction... it's almost unspeakable. This is not like cases we frequently have that involve guns and carjacking and drugs. This is a whole different level of insidious criminal behavior here."

The New York Times argues that this week changed Bitcoin's reputation as "secure, decentralized and anonymous" (adding "Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.")

"But this week's revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think..." [F]or the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry... The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain. "It is digital bread crumbs," said Kathryn Haun, a former federal prosecutor and investor at venture-capital firm Andreessen Horowitz. "There's a trail law enforcement can follow rather nicely." Haun added that the speed with which the Justice Department seized most of the ransom was "groundbreaking" precisely because of the hackers' use of cryptocurrency. In contrast, she said, getting records from banks often requires months or years of navigating paperwork and bureaucracy, especially when those banks are overseas...

Tracking down a user's transaction history was a matter of figuring out which public key they controlled, authorities said. Seizing the assets then required obtaining the private key, which is more difficult. It's unclear how federal agents were able to get DarkSide's private key. Justice Department spokesman Marc Raimondi declined to say more about how the F.B.I. seized DarkSide's private key. According to court documents, investigators accessed the password for one of the hackers' Bitcoin wallets, though they did not detail how. The F.B.I. did not appear to rely on any underlying vulnerability in blockchain technology, cryptocurrency experts said. The likelier culprit was good old-fashioned police work. Federal agents could have seized DarkSide's private keys by planting a human spy inside DarkSide's network, hacking the computers where their private keys and passwords were stored, or compelling the service that holds their private wallet to turn them over via search warrant or other means. "If they can get their hands on the keys, it's seizable," said Jesse Proudman, founder of Makara, a cryptocurrency investment site. "Just putting it on a blockchain doesn't absolve that fact...."

The F.B.I. has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Start-ups with names like TRM Labs, Elliptic and Chainalysis that trace cryptocurrency payments and flag possible criminal activity have blossomed as law enforcement agencies and banks try to get ahead of financial crime. Their technology traces blockchains looking for patterns that suggest illegal activity... "Cryptocurrency allows us to use these tools to trace funds and financial flows along the blockchain in ways that we could never do with cash," said Ari Redbord, the head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytic software to law enforcement and banks. He was previously a senior adviser on financial intelligence and terrorism at the Treasury Department.
The story includes three intriguing quotes:

• Justice Department spokesman Marc Raimondi said the Colonial Pipeline ransom seizure was only the latest of "many seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets" used for criminal activity.
• Hunter Horsley, chief executive of cryptocurrency investment company Bitwise Asset Management, said "The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed."
• A spokesperson for Chainalysis, a start-up that traces cryptocurrency payments, tells the Times that in the end, "cryptocurrencies are actually more transparent than most other forms of value transfer. Certainly more transparent than cash."