The Carnegie Endowment for Peace, a nonpartisan international affairs think tank, points out that when subsea internet cables were cut in November, Europe was more prepared: Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector...

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance's Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first "Recommendation on Secure and Resilient Submarine Cable Infrastructures," encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.
The article points out that the Chinese ship suspected in the 2023 cable cutting "ignored requests from Finnish and Estonian authorities to halt" and returned to China. But the Chinese ship suspected in November's cable-cutting "remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by." Yet "Under international maritime law, these countries' authorities are not allowed to board..." Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality... Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place....

A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.
The article also notes that "Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes."

A handful of countries should be held legally responsible for the ongoing impacts of climate change, representatives of vulnerable states have told judges at the international court of justice (ICJ). From a report: During a hearing at the Peace Palace in The Hague, which began on Monday, Ralph Regenvanu, Vanuatu's special envoy for climate change and environment, said responsibility for the climate crisis lay squarely with "a handful of readily identifiable states" that had produced the vast majority of greenhouse gas emissions but stood to lose the least from the impacts.

The court heard how Pacific island states such as Vanuatu were bearing the brunt of rising sea levels and increasingly frequent and severe disasters. "We find ourselves on the frontlines of a crisis we did not create," Regenvanu said. The hearing is the culmination of years of campaigning by a group of Pacific island law students and diplomacy spearheaded by Vanuatu. In March last year the UN general assembly unanimously approved a resolution calling on the ICJ to provide an advisory opinion on what obligations states have to tackle climate change and what the legal consequences could be if they fail to do so.

Over the next two weeks, the court will hear statements from 98 countries, including wealthy developed states with the greatest historical responsibility for the climate emergency, such as the UK and Russia, and states that have contributed very little to global greenhouse gas emissions but stand to bear the brunt of their impact, including Bangladesh and Sudan as well as Pacific island countries.

An anonymous reader shared this report from NBC News: Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers...

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...

The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."

"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"

The Federal Trade Commission on Tuesday announced sweeping action against some of the most important companies in the location data industry, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship. From a report: Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself.

Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics. The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in "limited circumstances" involving national security or law enforcement.

Getty Images CEO has criticized AI companies' stance on copyright, particularly pushing back against claims that all web content is fair use for AI training. The statement comes amid Getty's ongoing litigation against Stability AI for allegedly using millions of Getty-owned images without permission to train its Stable Diffusion model, launched in August 2022.

Acknowledging AI's potential benefits in areas like healthcare and climate change, Getty's chief executive argued against the industry's "all-or-nothing" approach to copyright. He specifically challenged Microsoft AI CEO Mustafa Suleyman's assertion that web content has been "freeware" since the 1990s. The Getty chief advocated for applying fair use principles case-by-case, distinguishing between AI models for scientific advancement and commercial content generation. He also drew parallels to music streaming's evolution from Napster to licensed platforms like Spotify, suggesting AI companies could develop similar permission-based models.

He adds: As litigation slowly advances, AI companies advance an argument that there will be no AI absent the ability to freely scrape content for training, resulting in our inability to leverage the promise of AI to solve cancer, mitigate global climate change, and eradicate global hunger. Note that the companies investing in and building AI spend billions of dollars on talent, GPUs, and the required power to train and run these models -- but remarkably claim compensation for content owners is an unsurmountable challenge.

My focus is to achieve a world where creativity is celebrated and rewarded AND a world that is without cancer, climate change, and global hunger. I want the cake and to eat it. I suspect most of us want the same.

A new lawsuit filed by a current Apple employee accuses the company of spying on its workers via their personal iCloud accounts and non-work devices. From a report: The suit, filed Sunday evening in California state court, alleges Apple employees are required to give up the right to personal privacy, and that the company says it can "engage in physical, video and electronic surveillance of them" even when they are at home and after they stop working for Apple.

Those requirements are part of a long list of Apple employment policies that the suit contends violate California law. The plaintiff in the case, Amar Bhakta, has worked in advertising technology for Apple since 2020. According to the suit, Apple used its privacy policies to harm his employment prospects. For instance, it forbade Bhakta from participating in public speaking about digital advertising and forced him to remove information from his LinkedIn page about his job at Apple.

America's FBI "has been investigating a longtime Exxon Mobil consultant," reports Reuters, "over the contractor's alleged role in a hack-and-leak operation that targeted hundreds of the oil company's biggest critics, according to three people familiar with the matter." The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters. The scheme allegedly began in late 2015, when U.S. authorities contend that the names of the hacking targets were compiled by the DCI Group, a public affairs and lobbying company working for Exxon at the time, one of the sources said. DCI provided the names to an Israeli private detective, who then outsourced the hacking, according to the source.

In an effort to push a narrative that Exxon was the target of a political vendetta aimed at destroying its business, some of the stolen material was subsequently leaked to the media by DCI, Reuters determined. The Federal Bureau of Investigation found that DCI shared the information with Exxon before leaking it, the source said. Some environmental activists interviewed by Reuters say the hacking operation disrupted preparations for lawsuits by cities and state attorneys general against Exxon and other energy companies... The stolen material continues to be used today to counter litigation claiming the oil giant misled the public and its investors about the risks of climate change...

The investigation into the hack-and-leak operation comes amid growing concern among law enforcement agencies worldwide about how such cyberespionage schemes threaten to taint judicial proceedings. The FBI has been investigating the broader use of mercenary hackers to tamper with lawsuits since early 2018, Reuters has previously reported. The Israeli private detective hired by DCI, Amit Forlit, was arrested this year at London's Heathrow Airport and is fighting extradition to the United States on charges of hacking and wire fraud... Federal prosecutors have secured a related conviction: that of Forlit's former business associate, private investigator Aviram Azari. Azari pleaded guilty in 2022 to wire fraud, conspiracy to commit hacking and aggravated identity theft, which included targeting the environmental activists.

United Nations members gathered this week in Busan, South Korea to negotiate the first treaty reducing plastic pollution. But Politico reports that "talks collapsed late Sunday after negotiators failed to resolve their differences and agree on a global plastic treaty. At the heart of the disagreement was a refusal by oil-rich nations led by Saudi Arabia to accept a deal that put limits on plastic production... Throughout the two years of talks, oil-rich and plastic-producing states had repeatedly clashed with nations that wanted to reduce plastic production to solve a worsening plastic pollution crisis. Many went to Busan hopeful differences would be put aside in the name of combatting a common global threat. But in the end this proved too optimistic...

The EU, alongside more than 100 other countries that included the U.K., on Thursday had backed a new proposal spearheaded by Panama pushing for a global target to reduce plastic production to "sustainable levels", drawing a clear battle line for the talks. But three negotiators from countries in the High Ambition Coalition to End Plastic Pollution — granted anonymity to discuss closed-door talks — told POLITICO Saudi Arabia had coordinated a push from oil-rich and plastic-producing countries to block any proposals for the treaty that threatened to reduce plastic production. The vast majority of plastic is made from oil or natural gas...

Along with disagreements over plastic production, countries were also unable to agree on whether and how to target particularly polluting plastic products, and how to finance the treaty. Two of the "high-ambition" negotiators referenced above suggested the talks were doomed to fail from the beginning, arguing that there was never going to be enough time given the scope of the mandate. "I think the pressure on us to deliver that in 18 months ... was kind of stupid then, and it's still stupid now," said one. "Usually these processes take a number of years — beyond what we are doing...." But many observers and some delegates said the summit's collapse demonstrated the failures of consensus-based environmental multilateralism, arguing that requiring all countries to agree by consensus gave reluctant nations too much veto power. NGOs like the Center for International Environmental Law hope this week's failed talks will serve as a lesson for future U.N. talks...

The date and time of the next round of talks is yet to be announced.
Greenpeace issued a statement saying "over 100 Member States, representing billions of people, rejected a toothless deal that would have accomplished nothing, and stood before the world committing to an ambitious treaty."

And they argued that the message is clear. "Ambitious countries must not allow the fossil fuel and petrochemical industries, backed by a small minority of countries, to prevent the will of the vast majority. A strong agreement that protects people and the planet is our only option."

Bluesky (Slashdot is on Bluesky here and Threads here) now has more active website users than Threads in the U.S., according to a graph from the Financial Times. And though Threads still leads in app usage, "Prior to November 5 Threads had five times more daily active users in the U.S. than Bluesky... Now, Threads is only 1.5 times larger than its rival, Similarweb said."

But "the influx of new users has opened up new opportunities for scammers and impersonators," Engadget reported this week: A recent analysis by Alexios Mantzarlis, director of the Security Trust and Safety Initiative at Cornell Tech found that 44 percent of the top 100 most-followed accounts on Bluesky had at least one "doppelganger," with most looking like "cheap knock-offs of the bigger account, down to the same bio and profile picture," Mantzarlis wrote in his newsletter Faked Up.
The article highlighted issues with Bluesky's loose account verification policies. And then, Bluesky announced a new change-of-policy Friday. Engadget reports: The Bluesky Safety account said that the social media service is removing accounts that are impersonating other people and those squatting on handles... Bluesky now requires parody, satire or fan accounts to label themselves as such in both their handles and their bio. If they don't, or if they only indicate the nature of their account in one of those elements, then they'll be treated as an impersonator and will be removed from the platform. Bluesky now explicitly prohibits identity churning, as well. Accounts that start as impersonators with the purpose of gaining new users, and who then switch to a different identity in an attempt to circumvent the ban, will still get booted off the app. Finally, it says it's exploring "additional options to enhance account verification," though they're not quite ready for rollout.
Bluesky says they've "quadrupled the size of our moderation team, in part to action impersonation reports more quickly. We still have a large backlog of moderation reports due to the influx of new users as we shared previously, though we are making progress." And in addition, "We are working behind the scenes to help many organizations and high-profile individuals set up their verified domain handles."

And there's another problem. "The EU's executive arm on Monday said Bluesky didn't provide information it was required to share under the bloc's Digital Services Act," reports Bloomberg. Bluesky responded that it's working to comply, " consulting with its lawyer to follow the EU's information disclosure rules, a Bluesky spokesperson wrote on Tuesday in an email." "All platforms in the EU have to have a dedicated page on their websites where it says how many user numbers they have in the EU and where they are legally established," Thomas Regnier, the commission's spokesperson on digital matters, told reporters. "This is not the case with Bluesky, so this is not followed...."

Under the DSA, platforms with more than 45 million users in the bloc qualify as "very large online platforms" and need to follow stricter content moderation rules under the commission's supervision. Breaches can result in fines of up to 6% of their global annual sales... Smaller platforms are still required to comply with the law, but are regulated by the EU country where they have a legal presence. That's so far unclear in the case of Bluesky, which was created expressly to avoid a centralized ownership structure.

The commission asked EU member countries' national authorities to investigate "and see if they can find any trace of Bluesky" in their jurisdictions, Regnier said

Primarily used by law enforcement, Graykey unlocks mobile devices to extract data from both Android and iOS systems, according to the blog AppleInsider, "though its effectiveness varies depending on the specific hardware and software involved." But while its capabilities are rarely disclosed, "a leak of some Grayshift's internal documents was recently reported on by 404 Media." According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports. Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

SpzToid writes: A Chinese commercial vessel that has been surrounded by European warships in international waters for a week is central to an investigation of suspected sabotage that threatens to test the limits of maritime law -- and heighten tensions between Beijing and European capitals.

Investigators suspect that the crew of the Yi Peng 3 bulk carrier -- 225 meters long, 32 meters wide and loaded with Russian fertilizer -- deliberately severed two critical data cables last week as its anchor was dragged along the Baltic seabed for over 100 miles.

Their probe now centers on whether the captain of the Chinese-owned ship, which departed the Russian Baltic port of Ust-Luga on Nov. 15, was induced by Russian intelligence to carry out the sabotage. It would be the latest in a series of attacks on Europe's critical infrastructure that law-enforcement and intelligence officials say have been orchestrated by Russia.

A broad coalition of Canada's major news organizations, including the Toronto Star, Metroland Media, Postmedia, The Globe and Mail, The Canadian Press and CBC, is suing tech giant OpenAI, saying the company is illegally using news articles to train its ChatGPT software. From a report: It's the first time all of a country's major news publishers have come together in litigation against OpenAI. The suit, filed in Ontario's Superior Court of Justice Friday morning, seeks punitive damages, disgorgement of any profits made by OpenAI from using the news organizations' articles, and an injunction barring OpenAI from using any of the news articles in the future.

"Journalism is in the public interest. OpenAI using other companies' journalism for their own commercial gain is not. It's illegal," said a joint statement from the media organizations, which are represented by law firm Lenczner Slaght.

Major technology companies criticized Australia's new law banning social media access for users under 16, which passed parliament on Thursday with bipartisan support. The legislation threatens fines up to $32 million for platforms failing to block minors. TikTok warned the ban could drive young users to riskier online spaces, while Meta called it a "predetermined process," questioning the rushed parliamentary review that gave stakeholders only 24 hours for submissions. Reuters adds: Snapchat parent Snap said it leaves many questions unanswered. [...] Sunita Bose, managing director of Digital Industry Group, which has most social media companies as members, said no one can confidently explain how the law will work in practice. "The community and platforms are in the dark about what exactly is required of them," she said.

Record numbers of plastic industry lobbyists are attending global talks that are the last chance to hammer out a treaty to cut plastic pollution around the world. From a report: The key issue at the conference will be whether caps on global plastic production will be included in the final UN treaty. Lobbyists and leading national producers are furiously arguing against any attempt to restrain the amount that can be produced, leaving the talks on a knife-edge.

New analysis by the Center for International Environmental Law (CIEL) shows 220 fossil fuel and chemical industry representatives -- more plastic producers than ever -- are represented at the UN talks in Busan, South Korea. Taken as a group, they would be the biggest delegation at the talks, with more plastic industry lobbyists than representatives from the EU and each of its member states, (191) or the host country, South Korea (140), according to the Centre for International Environmental Law. Their numbers overwhelm the 89 delegates from the Pacific small island developing states (PSIDs), countries that are among those suffering the most from plastic pollution.

Sixteen lobbyists from the plastics industry are at the talks as part of country delegations. China, the Dominican Republic, Egypt, Finland, Iran, Kazakhstan and Malaysia all have industry vested interests within their delegations, the analysis shows. The plastic producer representatives outnumber delegates from the Scientists' Coalition for an Effective Plastics Treaty by three to one. Approximately 460m tonnes of plastics are produced annually, and production is set to triple by 2060 under business-as-usual growth rates.

Australia will ban children under 16 from using social media after its senate approved what will become a world-first law. From a report: Children will be blocked from using platforms including TikTok, Instagram, Snapchat and Facebook, a move the Australian government argue is necessary to protect their mental health and wellbeing.

The online safety amendment (social media minimum age) bill will impose fines of up to 50 million Australian dollars ($32.5 million) on platforms for systemic failures to prevent young children from holding accounts. It would take effect a year after the bill becomes law, allowing platforms time to work out technological solutions that would also protect users' privacy. The senate passed the bill 34 votes to 19. The house of representatives overwhelmingly approved the legislation 102 votes to 13 on Wednesday.

A U.S. federal appeals court ruled that sanctions against Tornado Cash, a crypto transaction anonymization service, must be abandoned, stating that its immutable smart contracts do not constitute "property" under U.S. law and that the Treasury overstepped its authority. The ruling is available here (PDF). CoinDesk reports: The decision answers a controversial privacy debate on whether the government -- via a sanctions list maintained by the U.S. Treasury Department -- has a right to target the technology because it's associated with criminals. The ruling reversed a district court's August ruling that had sided with the government's pursuit of what it had characterized as a "notorious" crypto-mixing service.

OFAC had sanctioned Tornado Cash last year, contending that it was a vital tool used by bad actors including North Korea's Lazarus Group to launder crypto tokens pilfered from platforms and games such as Axie Infinity. Coinbase (COIN) and others had sued the government, claiming it had overreached. Paul Grewal, chief legal officer of crypto exchange Coinbase, cheered the ruling in a Tuesday post on X, calling it a "historic win for crypto." "These smart contracts must now be removed from the sanctions list and U.S. persons will once again be allowed to use this privacy-protecting protocol," Grewal wrote. "Put another way, the government's overreach will not stand." "We readily recognize the real-world downsides of certain uncontrollable technology falling outside of OFAC's sanctioning authority," the judges said, referencing the ineffectiveness of a law that was established well before the world moved online. "But we must uphold the statutory bargain struck (or mis-struck) by Congress, not tinker with it."

Tornado Cash's TORN token has since rallied 500%, passing the $20 mark.

American hospitals and healthcare organizations would be required to adopt multi-factor authentication (MFA) and other minimum cybersecurity standards under new legislation proposed by a bipartisan group of US senators. From a report: The Health Care Cybersecurity and Resiliency Act of 2024 [PDF], introduced on Friday by US Senators Bill Cassidy (R-Louisiana), Mark Warner (D-Virginia), John Cornyn (R-Texas), and Maggie Hassan (D-New Hampshire), would, among other things, require better coordination between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) around cybersecurity in the healthcare and public health sector.

This includes giving HHS a year to implement a cybersecurity incident response plan and update the types of information displayed publicly via the department's breach reporting portal. Currently, all healthcare orgs that are considered "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) are required to notify HHS if they are breached. The new law would require breached entities to report how many people were affected by the security incident.

It would also mandate that the portal include details on "any corrective action taken against a covered entity that provided notification of a breach" as well as "recognized security practices that were considered" during the breach investigation, plus any other information that the HHS secretary deems necessary.

Lawyers for the United States on Monday said that Google had created a monopoly with its services to place ads online, closing out an antitrust trial over the company's dominance in advertising technology that could add to the Silicon Valley giant's mounting woes. From a report: The legal case concerns a system of software that is used by advertisers to place ads on websites around the internet. Aaron Teitelbaum, a lawyer for the Justice Department, told Judge Leonie M. Brinkema of the U.S. District Court for the Eastern District of Virginia that the company had linked its products together in a way that made it hard for publishers and advertisers to use alternatives.

"Google is once, twice, three times a monopolist," he said. "These are the markets that make the free and open internet possible." Google's lead lawyer, Karen Dunn, countered that the government had failed to offer the evidence to prove its case and was on shaky legal ground. "Google's conduct is a story of innovation in response to competition," she said. The arguments conclude U.S. et al. v. Google, an antitrust suit that the Justice Department and eight states filed against Google last year. (More states have joined the suit since then.) The agency and states accused the internet giant of abusing control of its ad technology and violating antitrust law, in part through the acquisition of the advertising software company Doubleclick in 2008. Next, Judge Brinkema will decide the merits of the case in the coming months.

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress.

Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington.

That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads.
The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

An anonymous reader shared this report from CNET: Meta says it's taken down more than 2 million accounts this year linked to overseas criminal gangs behind scam operations that human rights activists say forced hundreds of thousands of people to work as scammers and cost victims worldwide billions of dollars.

In a Thursday blog post, the parent of Facebook, Instagram and WhatsApp says the pig butchering scam operations — based in Myanmar, Laos, Cambodia, the United Arab Emirates and the Philippines — use platforms like Facebook and Instagram; dating, messaging, crypto and other kinds of apps; and texts and emails, to globally target people... [T]he scammers strike up an online relationship with their victims and gain their trust. Then they move their conversations to crypto apps or scam websites and dupe victims into making bogus investments or otherwise handing over their money, Meta said. They'll ask the victims to deposit money, often in the form of cryptocurrency, into accounts, sometimes even letting the victims make small withdrawals, in order to add a veneer of legitimacy. But once the victim starts asking for their investment back, or it becomes clear they don't have any more money to deposit, the scammer disappears and takes the money with them.

And the people doing the scamming are often victims themselves. During the COVID-19 pandemic, criminal gangs began building scam centers in Southeast Asia, luring in often unsuspecting job seekers with what looked like amazing postings on local job boards and other platforms, then forcing them to work as scammers, often under the threat of physical harm. The scope of what's become a global problem is staggering. In a report issued in May, the US Institute of Peace estimates that at least 300,000 people are being forced to work, or are otherwise suffering human rights violations, inside these scam centers. The report also estimates global financial losses stemming from the scams at $64 billion in 2023, with the number of financial victims in the millions.

Meta says it has focused on investigating and disrupting the scam operations for more than two years, working with nongovernmental organizations and other tech companies, like OpenAI, Coinbase and dating-app operator Match Group, along with law enforcement in both the US and the countries where the centers are located.
Meta titled its blog post "Cracking Down On Organized Crime Behind Scam Centers," writing "We hope that sharing our insights will help inform our industry's defenses so we can collectively help protect people from criminal scammers."