The National Security Agency, the shadowy hub for the United States' electronic and cyber spying, has instructed its employees that foreign targets of its intelligence gathering "should be treated with dignity and respect," according to a new policy directive. The Intercept: The directive, released this summer as internal guidance, is for the NSA's vaunted signals intelligence, or SIGINT, division, which is responsible for covert surveillance and data collection worldwide. "In recognition that SIGINT activities must take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside," says the previously unreported directive, which was issued by NSA Director Gen. Paul Nakasone.

Civil liberties experts say the PR-friendly directive is an attempt to mollify European partners and American critics amid a simmering congressional debate over whether to reauthorize the NSA's broad surveillance authorities. Experts also pointed to the absurdity that the NSA, an intelligence agency that specializes in electronic eavesdropping including the interception of text messages and emails, could do so respectfully. "This is like the CIA putting out a statement saying that going forward they'll only waterboard people with dignity and respect," Evan Greer, director of the digital rights advocacy group Fight for the Future, told The Intercept. "Mass surveillance is fundamentally incompatible with basic human rights and democracy."

New submitter Slash_Account_Dot shares a report from 404 Media, a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox: Customs and Border Protection (CBP), part of the Department of Homeland Security, has bought millions of dollars worth of software from a company that uses artificial intelligence to detect "sentiment and emotion" in online posts, according to a cache of documents obtained by 404 Media. CBP told 404 Media it is using technology to analyze open source information related to inbound and outbound travelers who the agency believes may threaten public safety, national security, or lawful trade and travel. In this case, the specific company called Fivecast also offers "AI-enabled" object recognition in images and video, and detection of "risk terms and phrases" across multiple languages, according to one of the documents.

Marketing materials promote the software's ability to provide targeted data collection from big social platforms like Facebook and Reddit, but also specifically names smaller communities like 4chan, 8kun, and Gab. To demonstrate its functionality, Fivecast promotional materials explain how the software was able to track social media posts and related Persons-of-Interest starting with just "basic bio details" from a New York Times Magazine article about members of the far-right paramilitary Boogaloo movement. 404 Media also obtained leaked audio of a Fivecast employee explaining how the tool could be used against trafficking networks or propaganda operations. The news signals CBP's continued use of artificial intelligence in its monitoring of travelers and targets, which can include U.S. citizens. This latest news shows that CBP has deployed multiple AI-powered systems, and provides insight into what exactly these tools claim to be capable of while raising questions about their accuracy and utility. "CBP should not be secretly buying and deploying tools that rely on junk science to scrutinize people's social media posts, claim to analyze their emotions, and identify purported 'risks,'" said Patrick Toomey, deputy director of the ACLU's National Security Project. "The public knows far too little about CBP's Counter Network Division, but what we do know paints a disturbing picture of an agency with few rules and access to an ocean of sensitive personal data about Americans. The potential for abuse is immense."

An anonymous reader shares a report: German goals to cut greenhouse emissions by 65% by 2030 are likely to be missed, meaning a longer-term net zero by a 2045 target is also in doubt, reports by government climate advisers and the Federal Environment Agency (UBA) show. The European Union has sought to be a climate leader and Germany has set itself more ambitious targets than the bloc as a whole, but in many countries politics and the economic crisis have pushed the climate crisis down the agenda. Germany, Europe's largest economy, aims to cut its carbon dioxide emissions by 65% by 2030 compared with 1990. Last year its CO2 levels were already 40% below the 1990 level, but the new reports said that was not enough.

"The expected overall reduction is probably overestimated," Hans-Martin Henning, the chairman of a council of climate experts that advises the government, said in a statement on Tuesday. The German government has ordered 130 measures in various sectors. The buildings and transport sectors in particular are failing to implement them, the council of government climate advisers' report said. The buildings sector is expected to be 35 million tonnes of CO2 short of target by 2030, while the transport sector is expected to have excess emissions of between 117 million and 191 million tonnes compared with the government target. Tuesday's advisers' report coincided with another from the UBA that found that Germany cannot become climate neutral by 2045 on the basis of planned and existing government climate policy.

An anonymous reader quotes a report from Ars Technica: A newly discovered zeroday in the widely used WinRAR file-compression program has been under exploit for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families including DarkMe, GuLoader, and Remcos RAT. From there, the criminals withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month. "By exploiting a vulnerability within this program, threat actors were able to craft ZIP archives that serve as carriers for various malware families," Group-IB Malware Analyst Andrey Polovinkin wrote. "Weaponized ZIP archives were distributed on trading forums. Once extracted and executed, the malware allows threat actors to withdraw money from broker accounts. This vulnerability has been exploited since April 2023."

It's recommended that you update to version 6.23 before using WinRAR again.

The United States Space Force has activated its first and only unit dedicated to targeting other nations' satellites and the ground stations that support them. Space.com reports: The 75th Intelligence, Surveillance and Reconnaissance Squadron (ISRS) was activated on Aug. 11 at Peterson Space Force Base in Colorado. This unit is part of Space Delta 7, an element of the U.S. Space Force tasked with providing intelligence on adversary space capabilities. It'll do things like analyze the capabilities of potential targets, locate and track these targets as well as participate in "target engagement," which presumably refers to destroying or disrupting adversary satellites, the ground stations that support them and transmissions sent between the two.

Master Sgt. Desiree Cabrera, 75th ISRS operations superintendent, said the new unit will revolutionize the targeting capabilities of not just the Space Force, but also the entire U.S. military: "Not only are we standing up the sole targeting squadron in the U.S. Space Force, we are changing the way targeting is done across the joint community when it comes to space and electromagnetic warfare." The 75th ISRS will also analyze adversary space capabilities including "counterspace force threats," according to the Space Force's statement. Counterspace forces refer to adversary systems aimed at preventing the U.S. from using its own satellites during a conflict.

A phishing campaign has targeted a notable energy company in the U.S., bypassing email security filters to slip malicious QR codes into inboxes. BleepingComputer reports: Roughly one-third (29%) of the 1,000 emails attributed to this campaign targeted a large US energy company, while the remaining attempts were made against firms in manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector. Cofense did not name the energy company targeted in this campaign but categorized them as a "major" US-based company.

Cofense says the attack begins with a phishing email that claims the recipient must take action to update their Microsoft 365 account settings. The emails carry PNG or PDF attachments featuring a QR code the recipient is prompted to scan to verify their account. The emails also state that the target must complete this step in 2-3 days to add a sense of urgency. The threat actors use QR codes embedded in images to bypass email security tools that scan a message for known malicious links, allowing the phishing messages to reach the target's inbox.

To evade security, the QR codes in this campaign also use redirects in Bing, Salesforce, and Cloudflare's Web3 services to redirect the targets to a Microsoft 365 phishing page. Hiding the redirection URL in the QR code, abusing legitimate services, and using base64 encoding for the phishing link all help evade detection and get through email protection filters.

Four years into a plan to eliminate its carbon emissions, Amazon has lost a key endorsement from the world's leading watchdog of corporate climate goals. From a report: The Science Based Targets initiative, a United Nations-backed entity that validates net zero plans, has removed Amazon from its list of companies taking action on climate goals after the tech behemoth failed to implement its commitment to set a credible target for reducing carbon emissions. The move raises questions around Amazon's status as a preferred stock among funds marketing themselves as ESG. The world's largest ESG exchange-traded fund, which is managed by BlackRock, lists Amazon among its top three holdings. The company is also held in over 900 ESG funds registered in the European Union alone, representing about 2% of outstanding shares, according to data compiled by Bloomberg.

Monday sees the release of "The Billion Dollar Heist," a documentary about the theft of $81 million from the Bangladesh Bank, considered the biggest cyber-heist of all time. The film's executive producer wrote the book Dark Market: How Hackers Became the New Mafia (and is also a rector at the Institute for Human Sciences).

But he's also written an article for the Financial Times outlining the complicated background of Russian-speaking hacker gangs responsible for malware and ransomware, starting with "one of the most remarkable if little-known events in post-cold war history: the first and, to my knowledge, the last publicly organised conference of avowed criminals" in May, 2002.

The First Worldwide Carders Conference was the brainchild of the administrators of a landmark website, carderplanet.com. Known as "the family", this was a mixed group of young men, both Ukrainians and Russians, who had spent the previous 10 years growing up in a lively atmosphere of gangster capitalism. During the 1990s, conventional law and order in the former Soviet Union had broken down. The collapse of the communist system had left a vacuum in which new forms of economic activity were emerging...

Founded a year before the conference, CarderPlanet revolutionised web-based criminal activity, especially the lucrative trade in stolen or cloned credit card data, by solving the conundrum that until then had faced every bad guy on the web: how can I do business with this person, as I know he's a criminal, so he must be untrustworthy by definition? To obviate the problem, the CarderPlanet administrators created an escrow system for criminals. They would act as guarantor of any criminal sale of credit and debit card data — a disinterested party mediating between the vendor and the purchaser... The escrow system led to an explosion of credit card crime around the world in which many criminal fortunes were made....

Roman Stepanenko Vega, a Russian-speaking Ukrainian national who was one of the founders and administrators of CarderPlanet, explained to me how "two days before the conference's opening, we received a visit from an FSB [Federal Security Service] officer in Moscow. He explained that Moscow had no objections to us cloning credit cards or defrauding banks in Europe and the United States but anywhere within the CIS was off limits." In addition, the FSB officer let CarderPlanet know that if the Russian state ever required assistance from criminal gangs, it would be expected to co-operate...

Members of criminal gangs were later recruited into notorious state-backed hacking teams such as Advanced Persistent Threat 28.
A 2021 ransomware attack on Colonial Pipeline brought warnings of a U.S. counterattack, the article notes, after which "Russian police started arresting and imprisoning cyber criminal groups." Ransomware attacks now seem particularly focused on Europe, and "According to cyber-security experts, the Russian government is giving these criminal groups information on potential targets." But once more the hackers have been careful not to cross what the Americans consider red lines, as advised, presumably, by Russia's security services. Russia is probably confident that disrupting European businesses will be unlikely to provoke a cyber attack. But the U.S. — whether its government, municipalities or police — remains strictly off-limits.
Thanks to long-time Slashdot reader Geoffrey.landis for sharing the article.

Ars Technica reports that Microsoft "disclosed 15 high-severity vulnerabilities in a widely used collection of tools used to program operational devices inside industrial facilities" (like plants for power generation, factory automation, energy automation, and process automation).

On Friday Microsoft "warned that while exploiting the code-execution and denial-of-service vulnerabilities was difficult, it enabled threat actors to 'inflict great damage on targets.'" The vulnerabilities affect the CODESYS V3 software development kit. Developers inside companies such as Schneider Electric and WAGO use the platform-independent tools to develop programmable logic controllers, the toaster-sized devices that open and close valves, turn rotors, and control various other physical devices in industrial facilities worldwide... "A denial-of-service attack against a device using a vulnerable version of CODESYS could enable threat actors to shut down a power plant, while remote code execution could create a backdoor for devices and let attackers tamper with operations, cause a PLC to run in an unusual way, or steal critical information," Microsoft researchers wrote.

Friday's advisory went on to say: "[...] While exploiting the discovered vulnerabilities requires deep knowledge of the proprietary protocol of CODESYS V3 as well as user authentication (and additional permissions are required for an account to have control of the PLC), a successful attack has the potential to inflict great damage on targets. Threat actors could launch a denial-of-service attack against a device using a vulnerable version of CODESYS to shut down industrial operations or exploit the remote code execution vulnerabilities to deploy a backdoor to steal sensitive data, tamper with operations, or force a PLC to operate in a dangerous way."

Microsoft privately notified Codesys of the vulnerabilities in September, and the company has since released patches that fix the vulnerabilities. It's likely that by now, many vendors using the SDK have installed updates. Any who haven't should make it a priority.
"With the likelihood that the 15 vulnerabilities are patched in most previously vulnerable production environments, the dire consequences Microsoft is warning of appear unlikely," the article notes.

A malware/senior vulnerability analyst at industrial control security firm Dragos also pointed out that CODESYS "isn't widely used in power generation so much as discrete manufacturing and other types of process control. So that in itself should allay some concern when it comes to the potential to 'shut down a power plant'." (And in addition, "industrial systems are extremely complex, and being able to access one part doesn't necessarily mean the whole thing will come crashing down.")

An anonymous reader shared this report from the Wall Street Journal: U.S. spy agencies will share more intelligence with U.S. companies, nongovernmental organizations and academia under a new strategy released this week that acknowledges concerns over new threats, such as another pandemic and increasing cyberattacks. The National Intelligence Strategy, which sets broad goals for the sprawling U.S. intelligence community, says that spy agencies must reach beyond the traditional walls of secrecy and partner with outside groups to detect and deter supply-chain disruptions, infectious diseases and other growing transnational threats. The intelligence community "must rethink its approach to exchanging information and insights," the strategy says.

The U.S. government in recent years has begun sharing vast amounts of cyber-threat intelligence with U.S. companies, utilities and others who are often the main targets of foreign hackers, as well as information on foreign-influence operations with social-media companies... The emphasis on greater intelligence sharing is part of a broader trend toward declassification that the Biden administration has pursued.
"The new strategy is meant to guide 18 U.S. intelligence agencies with an annual budget of about $90 billion... "

An anonymous reader quotes a report from the New York Times: Rex Heuermann, the meticulous architectural consultant who the authorities say murdered three women and buried them on a Long Island beach more than a decade ago, may have been among the last of the dying breed of American serial killers. Even as serial killers came to inhabit a central place in the nation's imagination -- inspiring hit movies, television shows, books, podcasts and more -- their actual number was dwindling dramatically. There were once hundreds at large, and a spike in the 1970s and '80s terrified the country. Now only a handful at most are known to be active, researchers say. The techniques that led to the arrest of Mr. Heuermann, who has pleaded not guilty to the crimes, help explain the waning of serial killing, which the F.B.I. defines as the same person killing two or more victims in separate events at different times.

It is harder to hide. Rapid advances in investigative technology, video and other digital surveillance tools, as well as the ability to analyze mountains of information, quickly allow the authorities to find killers who before would have gone undetected. At the same time, Americans have adopted more cautious habits in their everyday lives -- hitchhiking, for example, is less common, and children are driven to and from school. That reduces easy targets. And, some theorize, those bent on killing now opt for spectacular mass murders. "The 'perfect crime' concept is more of a concept than it ever has been before," said Adam Scott Wandt, an assistant professor at John Jay College of Criminal Justice. More than a decade ago, prosecutors said, Mr. Heuermann tried to cover his digital tracks by communicating with victims using so-called burner phones, prepaid units purchased anonymously for temporary use. But thanks to exponential progress in technology since 2010, investigators were able not only to chart Mr. Heuermann's decade-old movements; they could also monitor exactly what he was searching online in recent months. They saw that he was using an anonymous account for internet queries like "Why could law enforcement not trace the calls made by the long island serial killer," prosecutors said. He had also been visiting massage parlors and contacting women working as escorts, they said.

The ubiquity of technology has made it harder to get away with murder, Mr. Wandt said. The amount of data people create in their daily lives is more than many can conceptualize, he said. Just by walking outside, people are now tracked by ever-present cameras, from Amazon's Ring units outside homes to surveillance at banks and retail stores, he said. Every use of a phone or computer creates streams of data that are collected directly on devices or immortalized on servers, he said. A concerted effort by the federal government to ensure that even the smallest police departments can use technology to their benefit has also helped give investigators an upper hand, Mr. Wandt said. In 1987, there were 198 known active serial killers -- people connected to at least two murders -- and 404 known victims across the United States, according to a report published three years ago by researchers who run Radford University and Florida Gulf Coast University's Serial Killer Database. By 2018, there were only 12 known serial killers and 44 victims, according to the report. "The big question is: Are they going underground and finding other techniques?â said Terence Leary, an associate professor in the psychology department at Florida Gulf Coast University and the team leader for the database.

He said that some serial murderers have killed for discrete periods before taking prolonged breaks: "Maybe they decided to give it up. Who knows?"

Britain faces being left with no hope of meeting its crucial climate crisis goals and losing its status as a world leader in offshore wind energy without an urgent overhaul of government support, ministers are being warned. From a report: The sudden halting of one of the country's biggest offshore windfarm projects last month could signal a "tipping point" in the construction of new sites unless ministers intervene, a number of senior energy industry figures told the Observer.

They warn that a swathe of new projects, which Britain is relying on to meet key climate targets, could also become economically unviable under the existing regime. While the industry has been hit by huge price inflationary pressures, it warns that the government has failed to adjust the scheme that guarantees the price it is paid for energy. "If the government doesn't do something, there's a very real risk that, come September, just before party conferences, the story won't just be about getting rid of the 'green crap' -- it'll be about failing to deliver on the projects they've already said that they wanted," said one industry insider.

"Scientists in Japan may be at the start of a truly monumental accomplishment: a vaccine that can slow or delay the progression of Alzheimer's disease," reports Gizmodo: In preliminary research released this week, the vaccine appeared to reduce inflammation and other important biomarkers in the brains of mice with Alzheimer's-like illness, while also improving their awareness.

More research will be needed before this vaccine can be tested in humans, however. The experimental vaccine is being developed primarily by scientists from Juntendo University in Japan.

It's intended to work by training the immune system to go after certain senescent cells, aging cells that no longer divide to make more of themselves, but instead stick around in the body. These cells aren't necessarily harmful, and some play a vital role in healing and other life functions. But they've also been linked to a variety of age-related diseases, including Alzheimer's. The vaccine specifically targets senescent cells that produce high levels of something called senescence-associated glycoprotein, or SAGP. Other research has suggested that people with Alzheimer's tend to have brains filled with these cells in particular.

The team tested their vaccine on mice bred to have brains that develop the same sort of gradual destruction seen in humans with Alzheimer's.

Dumi, a Zimbabwean, fell for E-Creator's review-writing job, investing $112. When the company's director disappeared with $1M, his account was frozen, leaving him scammed. Rest of World reports: Thousands of Zimbabweans have been lured into a scam in hopes of making a quick buck, at a time when unemployment in the country is high: Estimates vary from 7.9% to 20%, or even 90%, according to the Zimbabwe Congress of Trade Unions. Alongside the job crisis, the country has been reeling under an inflation of more than 100%, with many struggling to make ends meet. Dumi, who previously worked as a clerk, told Rest of World he found it hard to get another job due to scarce opportunities. He said he joined the E-Creator scheme hoping he'd earn an income while waiting to find the job of his dreams. "Some of us living in marginalized townships such as Mbare, with no decent employment, jumped at an opportunity, which seemed to be so technologically significant and rewarding. Losing money in the process was unexpected," Dumi said, adding that he would not have joined the scheme if he had a job of his choice.

E-Creator agents told Rest of World they had taken up the role because they were unemployed or couldn't find enough work. They said they were lured by the promise of earning 10% returns for posting 10 fake reviews if they invested between $15 and $100. There were higher rewards promised for bigger investments: Depositing $100-$500 and recruiting five agents meant an additional 4.5% return; depositing $500-$2,000 and recruiting over 50 others would take earnings to the highest level of a 5% commision and a 10% base payout. While they could withdraw money from their E-Creator wallets, the lure of getting higher returns stopped them from doing so. Watson Manjobo, a former manager and affiliate marketer for E-Creator, told Rest of World the company owed him his salary for June. His job was to recruit more users and help people reset their account passwords. When news of Jiaotong's escape went viral, users flooded his phone with messages demanding answers, he said, adding that his direct superiors have since been unreachable.

Meta intends to ask users in the European Union for their consent before allowing businesses to target advertising based on what they view on its services such as Facebook and Instagram, the social media giant said on Tuesday. From a report: Meta said the change is to address a number of evolving regulatory requirements in the region and stems from an order in January by Ireland's Data Protection Commissioner, Meta's lead EU regulator, to reassess the legal basis on how it targets ads.

Facebook and Instagram users had effectively agreed to allow their data to be used in targeted advertising when they signed up to the services' terms and conditions, until the regulator ruled it could not process personal information in that way. "Today, we are announcing our intention to change the legal basis that we use to process certain data for behavioural advertising for people in the EU, EEA (European Economic Area) and Switzerland from 'Legitimate Interests' to 'Consent'," Meta said in a blog post.

Google is starting a new pilot program where some employees will be restricted to internet-free desktop PCs. From a report: The company originally selected more than 2,500 employees to participate, but after receiving feedback, the company revised the pilot to allow employees to opt out, as well as opening it up to volunteers. The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

In addition, some employees will have no root access, meaning they won't be able to run administrative commands or do things like install software. Google is running the program to reduce the risk of cyberattacks, according to internal materials. "Googlers are frequent targets of attacks," one internal description viewed by CNBC stated. If a Google employee's device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust, the description added. Turning off most internet access ensures attackers cannot easily run arbitrary code remotely or grab data, the description explained.

A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA) advanced to the Senate floor Thursday, alarming privacy advocates who say the legislation turns the companies into de facto drug enforcement agents and exposes many of them to liability for providing end-to-end encryption. From a report: The bipartisan Cooper Davis Act -- named for a Kansas teenager who died after unknowingly taking a fentanyl-laced pill he bought on Snapchat -- requires social media companies and other web communication providers to give the DEA users' names and other information when the companies have "actual knowledge" that illicit drugs are being distributed on their platforms.

Many privacy advocates caution that, if passed in its current form, the bill could be a death blow to end-to-end encryption services because it includes particularly controversial language holding companies accountable for conduct they don't report if they "deliberately blind" themselves to the violations. Officials from the DEA have spent several months honing the bill with key senators, Judiciary Committee Chairman Dick Durbin (D-IL) said Thursday. Providers of encrypted services would face a difficult choice should the bill pass, said Greg Nojeim, Senior Counsel & Director of Security and Surveillance Project at the Center for Democracy and Technology. "They could maintain end-to-end encryption and risk liability that they had willfully blinded themselves to illegal content on their service and face the music later," Nojeim said. "Or they could opt to remove end-to-end encryption and subject all of their users who used to be protected by one of the best cybersecurity tools available to new threats and new privacy violations."

Researchers have discovered that samples of the Ryugu asteroid gathered in 2019 contain grains of stardust. NPR reports: The dust, which came from distant stars and drifted through space for millions or billions of years, could provide clues about how the solar system formed, according to Ann Nguyen, a cosmochemist at NASA's Johnson Space Center in Houston, Texas. Stars forged nearly all of the elements of the Universe. Many of the atoms that make up our bodies were themselves made inside of the core of a star somewhere else. That's because the high pressures and temperatures can fuse lightweight atomic nuclei into heavier elements. "The core is extremely hot, and then you go out in the atmosphere, it's cool enough so that gas can form and aggregate into tiny grains," Nguyen says.

Think of these little grains as cosmic dust motes. Sometimes the star that formed these grains would explode, blowing them across the galaxy like dandelion seeds. Other times they would drift away on their own -- traveling on the stellar wind into deep space. "Probably a lot of them do get destroyed," Nguyen says, "but some of them survive and they make it to our region of the universe where our solar system formed." The stardust swirled and clumped and eventually became part of the sun, and the planets, and even us. That idea led the astronomer Carl Sagan to famously remark that "We're made of star-stuff." [...]

Nguyen says the grains look different than the material from our own solar system, because different stars leave different nuclear signatures in the atoms. "It kind of lights up like a Christmas tree light," she says. "Their isotopic signatures are just so different than the material that formed in our solar system or got homogenized in the solar system." Nguyen says that the stardust grains provide some clues about the types of stars that contributed to our solar system. It also shows that exploding stars, or supernovae, probably contributed more of the dust than researchers had previously believed. But above all, she says, these tiny grains are a reminder of the way in which we fit into the vast cosmos. "It just shows us how rich our Universe is," she says. "These materials all played a part in our life here on Earth." The researchers published their findings in the journal Science Advances.

The Internet Archive has taken the rather unusual step of sending a DMCA notice to protect the copyrights of book publishers and authors. The non-profit organization asked GitHub to remove a tool that can strip DRM from books in its library. The protective move is likely motivated by the ongoing legal troubles between the Archive and book publishers. TorrentFreak reports: The Internet Archive sent a takedown request to GitHub, requesting the developer platform to remove a tool that circumvents industry-standard technical protection mechanisms for digital libraries. This "DeGouRou" software effectively allows patrons to save DRM-free copies of the books they borrow. "This DMCA complaint is about a tool made available on github which purports to circumvent technical protections in violation of the copyright act section 1201," the notice reads. "I am reporting a Git which provides a tool specifically used to circumvent industry standard library TPMs which are used by Internet Archive, and other libraries, to permit patrons to borrow an encrypted book, read the encrypted book, and return an encrypted book."

Interestingly, an IA representative states that they are "not authorized by the copyright owners" to submit this takedown notice. Instead, IA is acting on its duty to prevent the unauthorized downloading of copyright-protected books. It's quite unusual to see a party sending takedown notices without permission from the actual rightsholders. However, given the copyright liabilities IA faces, it makes sense that the organization is doing what it can to prevent more legal trouble. Permission or not, GitHub honored the takedown request. It removed all the DeGourou repositories that were flagged and took the code offline. [...] After GitHub removed the code, it soon popped up elsewhere.

In July 2015, the marital infidelity website AshleyMadison.com was hacked by a group called the Impact Team, threatening to release data on all 37 million users unless the site shut down. In an article published earlier today, security researcher Brian Krebs explores the possible involvement of a former employee and self-describe expert in search engine optimization (SEO), William Brewster Harrison, who had a history of harassment towards then-CEO Noel Biderman and may have had the technical skills to carry out the hack. However, Harrison committed suicide in 2014, raising doubts about his role in the breach. Here's an excerpt from the report: [...] Does Harrison's untimely death rule him out as a suspect, as his stepmom suggested? This remains an open question. In a parting email to Biderman in late 2012, Harrison signed his real name and said he was leaving, but not going away. "So good luck, I'm sure we'll talk again soon, but for now, I've got better things in the oven," Harrison wrote. "Just remember I outsmarted you last time and I will outsmart you and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition." Nothing in the leaked Biderman emails suggests that Ashley Madison did much to revamp the security of its computer systems in the wake of Harrison's departure and subsequent campaign of harassment -- apart from removing an administrator account of his a year after he'd already left the company.

KrebsOnSecurity found nothing in Harrison's extensive domain history suggesting he had any real malicious hacking skills. But given the clientele that typically employed his skills -- the adult entertainment industry -- it seems likely Harrison was at least conversant in the dark arts of "Black SEO," which involves using underhanded or else downright illegal methods to game search engine results. Armed with such experience, it would not have been difficult for Harrison to have worked out a way to maintain access to working administrator accounts at Ashley Madison. If that in fact did happen, it would have been trivial for him to sell or give those credentials to someone else. Or to something else. Like Nazi groups. As KrebsOnSecurity reported last year, in the six months leading up to the July 2015 hack, Ashley Madison and Biderman became a frequent subject of derision across multiple neo-Nazi websites.

Some readers have suggested that the data leaked by the Impact Team could have originally been stolen by Harrison. But that timeline does not add up given what we know about the hack. For one thing, the financial transaction records leaked from Ashley Madison show charges up until mid-2015. Also, the final message in the archive of Biderman's stolen emails was dated July 7, 2015 -- almost two weeks before the Impact Team would announce their hack. Whoever hacked Ashley Madison clearly wanted to disrupt the company as a business, and disgrace its CEO as the endgame. The Impact Team's intrusion struck just as Ashley Madison's parent was preparing go public with an initial public offering (IPO) for investors. Also, the hackers stated that while they stole all employee emails, they were only interested in leaking Biderman's. Also, the Impact Team had to know that ALM would never comply with their demands to dismantle Ashley Madison and Established Men. In 2014, ALM reported revenues of $115 million. There was little chance the company was going to shut down some of its biggest money machines. Hence, it appears the Impact Team's goal all along was to create prodigious amounts of drama and tension by announcing the hack of a major cheating website, and then let that drama play out over the next few months as millions of exposed Ashley Madison users freaked out and became the targets of extortion attacks and public shaming.

After the Impact Team released Biderman's email archives, several media outlets pounced on salacious exchanges in those messages as supposed proof he had carried on multiple affairs. Biderman resigned as CEO of Ashley Madison on Aug. 28, 2015. Complicating things further, it appears more than one malicious party may have gained access to Ashley's Madison's network in 2015 or possibly earlier. Cyber intelligence firm Intel 471 recorded a series of posts by a user with the handle "Brutium" on the Russian-language cybercrime forum Antichat between 2014 and 2016. Brutium routinely advertised the sale of large, hacked databases, and on Jan. 24, 2015, this user posted a thread offering to sell data on 32 million Ashley Madison users. However, there is no indication whether anyone purchased the information. Brutium's profile has since been removed from the Antichat forum. Note: This is Part II of a story published last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.