172450945
submission
Slash_Account_Dot writes:
The FBI investigated a man who allegedly posed as a police officer in emails and phone calls to trick Verizon to hand over phone data belonging to a specific person that the suspect met on the dating section of porn site xHamster, according to a newly unsealed court record. Despite the relatively unconvincing cover story concocted by the suspect, including the use of a clearly non-government ProtonMail email address, Verizon handed over the victim’s data to the alleged stalker, including their address and phone logs. The stalker then went on to threaten the victim and ended up driving to where he believed the victim lived while armed with a knife, according to the record.
The news is a massive failure by Verizon who did not verify that the data request was fraudulent, and the company potentially put someone’s safety at risk. The news also highlights the now common use of fraudulent emergency data requests (EDRs) or search warrants in the digital underworld, where criminals pretend to be law enforcement officers, fabricate an urgent scenario such as a kidnapping, and then convince telecoms or tech companies to hand over data that should only be accessible through legitimate law enforcement requests. As 404 Media previously reported, some hackers are using compromised government email accounts for this purpose.
172344821
submission
Slash_Account_Dot writes:
U.S. Special Operations Command (USSOCOM) has paid over ten million dollars for a new autonomous aircraft made by Anduril, the defense startup run by Palmer Luckey, which is capable of carrying explosive warheads and taking down other aircraft, or re-landing itself if it doesn’t engage in an attack, 404 Media has found.
On Friday, Anduril announced the existence of the person-size drone called “Roadrunner.” In his own Twitter thread, Luckey said Roadrunner has been “operationally validated with an existing U.S. government customer,” but did not name the agency. Multiple publications which appeared to have the news under embargo, including Bloomberg and Defense One, added that the company is not allowed to say which customer bought the technology.
It took 404 Media around 25 seconds to find the customer is likely USSOCOM.
172052477
submission
Slash_Account_Dot writes:
For years, a gang operating in New York allegedly offered a cash-for-Bitcoin service that generated at least $30 million, with men standing on street corners with plastic shopping bags full of money, drive-by pickups, and hundreds of thousands of dollars laid out on tables, according to court records.
The records provide rare insight into an often unseen part of the criminal underworld: how hackers and drug traffickers convert their Bitcoin into cash outside of the online Bitcoin exchanges that ordinary people use. Rather than turning to sites like Coinbase, which often collaborate with and provide records to law enforcement if required, some criminals use underground, IRL Bitcoin exchanges like this gang which are allegedly criminal entities in their own right.
172048961
submission
Slash_Account_Dot writes:
Hackers are targeting accounts on Kodex, a platform that connects law enforcement agencies and tech companies and which is designed to verify emergency requests for customer data, according to multiple online conversations between hackers viewed by 404 Media.
Screenshots from one of the compromised accounts shows a panel where a law enforcement officer, or a hacker, can potentially “create a new request.” The screenshots show a wide range of companies such as tech giants Meta and Microsoft’s LinkedIn; cryptocurrency exchanges Binance and Coinbase; social media platforms Pinterest, Discord, and Snapchat; financial service Fidelity, and gaming platform Roblox. The compromised account appears to belong to a national police force, but the screenshots do not include the agency’s full name.
171959771
submission
Slash_Account_Dot writes:
In a bombshell report, an oversight body for the Department of Homeland Security (DHS) found that Immigration and Customs Enforcement (ICE), Customs and Border Enforcement (CBP), and the Secret Service all broke the law while using location data harvested from ordinary apps installed on smartphones. In one instance, a CBP official also inappropriately used the technology to track the location of coworkers with no investigative purpose.
For years U.S. government agencies have been buying access to location data through commercial vendors, a practice which critics say skirts the Fourth Amendment requirement of a warrant. During that time, the agencies have typically refused to publicly explain the legal basis on which they based their purchase and use of the data. Now, the report shows that three of the main customers of commercial location data broke the law while doing so, and didn’t have any supervisory review to ensure proper use of the technology. The report also recommends that ICE stop all use of such data until it obtains the necessary approvals, a request that ICE has refused.
171918967
submission
Slash_Account_Dot writes:
I recently got my hands on an ordinary-looking iPhone-to-HDMI adapter that mimics Apple’s branding and, when plugged in, runs a program that implores you to “Scan QR code for use.” That QR code takes you to an ad-riddled website that asks you to download an app that asks for your location data, access to your photos and videos, runs a bizarre web browser, installs tracking cookies, takes “sensor data,” and uses that data to target you with ads. The adapter’s app also kindly informed me that it’s sending all of my data to China.
The cord was discovered by friend of 404 Media John Bumstead, an electronics refurbisher and artist who buys devices in bulk from electronics recyclers. Bumstead tweeted about the cord and was kind enough to send me one so I could try it myself. Joseph has written about malicious lightning cables and USB cables made by hackers that can be used for keystroke logging and spying. While those malicious lightning cables are products marketed for spying, the HDMI adapter Bumstead has been found in the wild and is just another crappy knockoff cable sold on Amazon’s increasingly difficult to navigate website. This HDMI adapter is designed to look exactly like Apple’s same adapter. Here they are side-by-side:
171899393
submission
Slash_Account_Dot writes:
A federal counterintelligence agency tracking hackers has bought data harvested from the backbone of the internet by a private company because it was easier and took less time than getting similar data from the NSA, according to internal U.S. government documents. According to the documents, going through an agency like the NSA could take “days,” whereas a private contractor could provide the same data instantly.
The news is yet another example of a government agency turning to the private sector for novel datasets that the public is likely unaware are being collected and then sold.
171861152
submission
Slash_Account_Dot writes:
The first thing you’ll see if you search Google for “tank man” right now will not be the iconic picture of the unidentified Chinese man who stood in protest in front of a column of tanks leaving Tiananmen Square, but an entirely fake, AI-generated selfie of that historical event.
While the AI-generated selfie doesn’t appear to be deliberate misinformation, it highlights an inherent problem with the current state of generative AI and the internet: It is exceedingly easy to use AI tools to generated endless images, text, and audio with little more than a click of a button, and as this content floods every online platform, we, and the platforms we use to surface information, still don’t have a good way to identify and differentiate it from human-made content, manually or automatically.
171801260
submission
Slash_Account_Dot writes:
That country “requested its participation be kept confidential,” according to a document I previously obtained. The document said the third country was a European Union member but did not name the country itself. “The FBI is neither now nor in the future in a position to release the identity of the aforementioned third country,” the document added.
That country was Lithuania, 404 Media has learned from a source briefed on the operation but who did not work on it on the U.S. side.
171774616
submission
Slash_Account_Dot writes:
An artificial intelligence company, whose founder Forbes included in a 30 Under 30 list recently, promises to use machine learning to convert clients’ 2D illustrations into 3D models. In reality the company, called Kaedim, uses human artists for “quality control.” According to two sources with knowledge of the process interviewed by 404 Media, at one point, Kaedim often used human artists to make the models. One of the sources said workers at one point produced the 3D design wholecloth themselves without the help of machine learning at all.
The news pulls back the curtain on a hyped startup and is an example of how AI companies can sometimes overstate the capabilities of their technology. Like other AI startups, Kaedim wants to use AI to do tedious labor that is currently being done by humans. In this case, 3D modeling, a time consuming job that video game companies are already outsourcing to studios in countries like China.
171768094
submission
Slash_Account_Dot writes:
Customs and Border Protection (CBP) has told airports it plans to increase its targets for scanning passengers with facial recognition as they leave the U.S., according to an internal airport email obtained by 404 Media. The new goal will be to scan 75 percent of all passengers, the email adds.
The news signals CBP’s increasing focus on biometric, and in particular facial recognition, systems at airports. Although it is unclear if related to the shift in goals, one traveler was also recently told by airline industry staff “CBP said everyone has to do it” when they asked to opt-out of facial recognition while boarding for an international flight last month.
171727400
submission
Slash_Account_Dot writes:
In the mid-afternoon one Saturday earlier this month, the target got on the New York subway. I knew what station they entered the subway at and at what specific time. They then entered another station a few hours later. If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live. I would also know what specific time this person may go to the subway each day.
During all this monitoring, I wasn’t anywhere near the rider. I didn’t even need to see them with my own eyes. Instead, I was sitting inside an apartment, following their movements through a feature on a Metropolitan Transportation Authority (MTA) website, which runs the New York City subway system.
With their consent, I had entered the rider’s credit card information—data that is often easy to buy from criminal marketplaces, or which might be trivial for an abusive partner to obtain—and punched that into the MTA site for OMNY, the subway’s contactless payments system. After a few seconds, the site churned out the rider’s travel history for the past 7 days, no other verification required.
171713830
submission
Slash_Account_Dot writes:
Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.
Become a paid subscriber for unlimited, ad-free articles and access to bonus content. This site is entirely funded by subscribers and you will be directly powering our journalism.
Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.
171690070
submission
Slash_Account_Dot writes:
Customs and Border Protection (CBP), part of the Department of Homeland Security, has bought millions of dollars worth of software from a company that uses artificial intelligence to detect “sentiment and emotion” in online posts, according to a cache of documents obtained by 404 Media.
CBP told 404 Media it is using technology to analyze open source information related to inbound and outbound travelers who the agency believes may threaten public safety, national security, or lawful trade and travel. In this case, the specific company called Fivecast also offers “AI-enabled” object recognition in images and video, and detection of “risk terms and phrases” across multiple languages, according to one of the documents.
