Indonesia has lifted its ban on Steam and Yahoo now that both companies complied with the country's restrictive laws that regulate online activity. From a report: The Indonesian Ministry of Communication and Information (Kominfo) announced the news in a translated update on Twitter, noting that Counter-Strike: Global Offensive and Dota 2 are back online as well. Last week, Indonesia blocked access to Steam, PayPal, Yahoo, Epic Games, and Origin after the companies failed to meet a deadline to register with the country's database. This requirement is bundled with a broader law, called MR5, that Indonesia first introduced in 2020. The law gives the Indonesian government the authority to order platforms to take down content considered illegal as well as request the data of specific users. In 2021, the digital rights group Electronic Frontier Foundation (EFF) called the policy "invasive of human rights." Although PayPal has yet to comply, Indonesia unblocked access to the service for five days starting July 31st to give users a chance to withdraw money and make payments. According to the Indonesian news outlet Antara News, PayPal reportedly plans on registering with the country's database soon.

Long-time Slashdot reader tsu doh nimh writes: 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations, KrebsOnSecurity reports.
From the article: "On July 28th, a large number of users reported that they could not log in the system," the statement continues. "We found that the data on the server was maliciously damaged by the hacker, resulting in the loss of data and backups. Its [sic] confirmed that the recharge system was also hacked the same way. We were forced to make this difficult decision due to the loss of important data that made the service unrecoverable."

Operated largely out of China, 911 was an enormously popular service across many cybercrime forums, and it became something akin to critical infrastructure for this community after two of 911's longtime competitors — malware-based proxy services VIP72 and LuxSock — closed their doors in the past year...

911 wasn't the only major proxy provider disclosing a breach this week tied to unauthenticated APIs: On July 28, KrebsOnSecurity reported that internal APIs exposed to the web had leaked the customer database for Microleaves, a proxy service that rotates its customers' IP addresses every five to ten minutes. That investigation showed Microleaves — like 911 — had a long history of using pay-per-install schemes to spread its proxy software.

New Jersey police may have used blood samples taken from babies to investigate crimes, according to public defenders in the state. From a report: According to a lawsuit filed by the New Jersey Office of the Public Defender (OPD), the practice came to light after a case in which New Jersey State Police successfully subpoenaed a testing lab for a blood sample drawn from a child. Police then performed DNA analysis on the blood sample that reportedly linked the child's father to a crime committed more than 25 years ago. The suspect then became a client of the OPD, which alerted the office to the techniques used to identify the man.

The lawsuit, filed jointly by the OPD and the New Jersey Monitor, now seeks to compel the state of New Jersey to disclose information on the full extent of the practice. All babies born in the state of New Jersey are required to have a blood sample drawn within 48 hours as part of a mandatory testing program that screens them for 60 different disorders. These samples are processed in a state-run lab, which shares data with the state health authority and communicates results to parents. The blood samples are not directly shared with law enforcement agencies. But if police are able to reliably obtain the samples through subpoena, then effectively, the disease screening process is entering all babies born in the state into a DNA database with no ability to opt out.

AI has deciphered the structure of virtually every protein known to science, paving the way for the development of new medicines or technologies to tackle global challenges such as famine or pollution. From a report: Proteins are the building blocks of life. Formed of chains of amino acids, folded up into complex shapes, their 3D structure largely determines their function. Once you know how a protein folds up, you can start to understand how it works, and how to change its behaviour. Although DNA provides the instructions for making the chain of amino acids, predicting how they interact to form a 3D shape was more tricky and, until recently, scientists had only deciphered a fraction of the 200m or so proteins known to science. In November 2020, the AI group DeepMind announced it had developed a program called AlphaFold that could rapidly predict this information using an algorithm. Since then, it has been crunching through the genetic codes of every organism that has had its genome sequenced, and predicting the structures of the hundreds of millions of proteins they collectively contain.

Last year, DeepMind published the protein structures for 20 species â" including nearly all 20,000 proteins expressed by humans -- on an open database. Now it has finished the job, and released predicted structures for more than 200m proteins. "Essentially, you can think of it as covering the entire protein universe. It includes predictive structures for plants, bacteria, animals, and many other organisms, opening up huge new opportunities for AlphaFold to have an impact on important issues, such as sustainability, food insecurity, and neglected diseases," said Demis Hassabis, DeepMind's founder and chief executive. Scientists are already using some of its earlier predictions to help develop new medicines.

A respected Polish scientific institute has classified domestic cats as an "invasive alien species," citing the damage they cause to birds and other wildlife. From a report: Some cat lovers have reacted emotionally to this month's decision and put the key scientist behind it on the defensive. Wojciech Solarz, a biologist at the state-run Polish Academy of Sciences, wasn't prepared for the disapproving public response when he entered "Felis catus," the scientific name for the common house cat, into a national database run by the academy's Institute of Nature Conservation. The database already had 1,786 other species listed with no objections, Solarz told The Associated Press on Tuesday.

The uproar over invasive alien species No. 1,787, he said, may have resulted from some media reports that created the false impression his institute was calling for feral and other cats to be euthanized. Solarz described the growing scientific consensus that domestic cats have a harmful impact on biodiversity given the number of birds and mammals they hunt and kill. The criteria for including the cat among alien invasive species, "are 100% met by the cat," he said. In a television segment aired by independent broadcaster TVN, the biologist faced off last week against a veterinarian who challenged Solarz's conclusion on the dangers cats pose to wildlife.

Google, Microsoft, Meta and Amazon launched a public effort Monday to scrap the leap second, an occasional extra tick that keeps clocks in sync with the Earth's actual rotation. US and French timekeeping authorities concur. From a report: Since 1972, the world's timekeeping authorities have added a leap second 27 times to the global clock known as the International Atomic Time (TAI). Instead of 23:59:59 changing to 0:0:0 at midnight, an extra 23:59:60 is tucked in. That causes a lot of indigestion for computers, which rely on a network of precise timekeeping servers to schedule events and to record the exact sequence of activities like adding data to a database.

The temporal tweak causes more problems -- like internet outages -- than benefits, they say. And dealing with leap seconds ultimately is futile, the group argues, since the Earth's rotational speed hasn't actually changed much historically. "We are predicting that if we just stick to the TAI without leap second observation, we should be good for at least 2,000 years," research scientist Ahmad Byagowi of Facebook parent company Meta said via email. "Perhaps at that point we might need to consider a correction."

9to5Mac reports: A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted. The data — which ties Twitter handles to phone numbers and email addresses — has been offered for sale on a hacking forum, for $30,000... There is as yet no way to check whether your account is included in the Twitter data breach.
More details from the Restore Privacy security news site: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database allegedly acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.... The seller on the hacking forum goes by the username "devil" and claims that the dataset includes "Celebrities, to Companies, randoms, OGs, etc."

An anonymous reader quotes a report from Politico: The Trump administration's immigration enforcers used mobile location data to track people's movements on a larger scale than previously known, according to documents that raise new questions about federal agencies' efforts to get around restrictions on warrantless searches. The data, harvested from apps on hundreds of millions of phones, allowed the Department of Homeland Security to obtain data on more than 336,000 location data points across North America, the documents show. Those data points may reference only a small portion of the information that CBP has obtained.

These data points came from all over the continent, including in major cities like Los Angeles, New York, Chicago, Denver, Toronto and Mexico City. This location data use has continued into the Biden administration, as Customs and Border Protection renewed a contract for $20,000 into September 2021, and Immigration and Customs Enforcement signed another contract in November 2021 that lasts until June 2023. The American Civil Liberties Union obtained the records from DHS through a lawsuit it filed in 2020. It provided the documents to POLITICO and separately released them to the public on Monday.

The documents highlight conversations and contracts between federal agencies and the surveillance companies Babel Street and Venntel. Venntel alone boasts that its database includes location information from more than 250 million devices. The documents also show agency staff having internal conversations about privacy concerns on using phone location data. In just three days in 2018, the documents show that the CBP collected data from more than 113,000 locations from phones in the Southwestern United States -- equivalent to more than 26 data points per minute -- without obtaining a warrant. The documents highlight the massive scale of location data that government agencies including CBP and ICE received, and how the agencies sought to take advantage of the mobile advertising industry's treasure trove of data. "It was definitely a shocking amount," said Shreya Tewari, the Brennan fellow for the ACLU's Speech, Privacy and Technology Project. "It was a really detailed picture of how they can zero in on not only a specific geographic area, but also a time period, and how much they're collecting and how quickly."

Amazon is developing cancer vaccines in collaboration with the Fred Hutchinson Cancer Research Center, and it recently launched an FDA-approved clinical trial. From a report: Amazon and Fred Hutchinson are looking to recruit 20 participants over the age of 18 for the early stage, or phase 1, trial, according to a filing on clinicaltrials.gov, a database of clinical trials run by the National Library of Medicine. The goal is to develop "personalized vaccines" that can treat breast cancer and melanoma, a form of skin cancer, the filing states. Fred Hutchinson is listed as a sponsor of the study, while Amazon is listed as a collaborator, according to the filing. News of the partnership was first reported by Business Insider. The study was first posted last October, and it began June 9. It's expected to be complete by Nov. 1 of 2023. An Amazon spokesperson confirmed the partnership, and said it's being led by Fred Hutch. "Amazon is contributing scientific and machine learning expertise to a partnership with Fred Hutch to explore the development of a personalized treatment for certain forms of cancer," the spokesperson told CNBC in a statement. "It's very early, but Fred Hutch recently received permission from the U.S. Food and Drug Administration to proceed with a Phase I clinical trial, and it's unclear whether it will be successful. This will be a long, multi-year process -- should it progress, we would be open to working with other organizations in health care and life sciences that might also be interested in similar efforts."

An anonymous reader quotes a report from The Drive: Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner's key fob. Dubbed "Rolling Pwn," the attack allows any individual to "eavesdrop" on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future without owner's knowledge. Despite Honda's dispute that the technology in its key fobs "would not allow the vulnerability," The Drive has independently confirmed the validity of the attack with its own demonstration.

Older vehicles used static codes for keyless entry. These static codes are inherently vulnerable, as any individual can capture and replay them at will to lock and unlock a vehicle. Manufacturers later introduced rolling codes to improve vehicle security. Rolling codes work by using a Pseudorandom Number Generator (PRNG). When a lock or unlock button is pressed on a paired key fob, the fob sends a unique code wirelessly to the vehicle encapsulated within the message. The vehicle then checks the code sent to it against its internal database of valid PRNG-generated codes, and if the code is valid, the car grants the request to lock, unlock, or start the vehicle. The database contains several allowed codes, as a key fob may not be in range of a vehicle when a button is pressed and may transmit a different code than what the vehicle is expecting to be next chronologically. This series of codes is also known as a "window," When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks. This attack works by eavesdropping on a paired keyfob and capturing several codes sent by the fob. The attacker can later replay a sequence of valid codes and re-sync the PRNG. This allows the attacker to re-use older codes that would normally be invalid, even months after the codes have been captured.

[...] Contrary to Honda's claim, I independently confirmed the vulnerability by capturing and replaying a sequence of lock and unlock requests with my 2021 Honda Accord and a Software-Defined Radio. Despite being able to start and unlock the car, the vulnerability doesn't allow the attacker to actually drive off with the vehicle due to the proximity functionality of the key fob. However, the fact that a bad actor can get this far is already a bad sign. At this time, the following vehicles may be affected by the vulnerability: 2012 Honda Civic, 2018 Honda X-RV, 2020 Honda C-RV, 2020 Honda Accord, 2021 Honda Accord, 2020 Honda Odyssey, 2021 Honda Inspire, 2022 Honda Fit, 2022 Honda Civic, 2022 Honda VE-1, and 2022 Honda Breeze. It's not yet clear if this affects any Acura-branded vehicles. "[W]e've looked into past similar allegations and found them to lack substance," said a Honda spokesperson in a statement to The Drive. "While we don't yet have enough information to determine if this report is credible, the key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report. In addition, the videos offered as evidence of the absence of rolling code do not include sufficient evidence to support the claims."

15-year-old Ellis Pinsky stole $23.8 million worth of cryptocurrency — and his life was never the same. For example, Rolling Stone reports, in his last year of high school, "Four men wearing ski masks and gloves, armed with knives, rope, brass knuckles, and a fake 9 mm," crept around the back of his home in the suburbs: Two weeks before the break-in, a lawsuit had been filed against him, and news stories had circulated connecting him to the hack. He knew that the thieves wanted this money, the millions and millions of dollars he had stolen. He also knew that he couldn't give it to them. He didn't have it. Not anymore.
The magazine paints the portrait of "an anxious young man in Invisalign braces" who describes the revelation he'd had at the age of 13. "The internet held such secrets. All he had to do was uncover them." As he soon found, there were plenty of people working to uncover them all the time, and willing to share their methods — for a price.... Realizing that a lot of the information social engineers used came from hacked databases, he began teaching himself to program, particularly to do the Structured Query Language injections and cross-site scripting that allowed him to attack companies' database architecture. The terabyte upon terabyte of databases he extracted, traded, and hoarded made him valuable to OGUsers as well as to others, like the Russian hackers he was able to converse with thanks to his fluency with his mother's native language... By the time he was 14, he tells me, "I think it's fair to say I had the capabilities to hack anyone."
The article describes him as "attending high school by day and extracting the source code of major corporations by night.... He was 14 years old and taken with the thrill of possessing a hidden superpower, of spending his nights secretly tapping into an underground world where he was esteemed and even feared. And then, in the morning, being called downstairs to breakfast." He wrote a Python script to comb through social media networks and seek out any mentions of working for a [cellphone] carrier. Then he'd reach out with an offer of compensation for helping him with a task. Every fifth or sixth person — underpaid and often working a short-term contract — would say they were game, as Pinsky tells it. For a couple hundred dollars' worth of bitcoin, they'd be willing to do a SIM swap, no questions asked. Eventually, Pinsky says, he had employees at every major carrier also working for him. Then the stakes got even higher. It was only a matter of time before OG hackers, known to each other as "the Community," realized that if they could use the SIM-swapping method to steal usernames, they could just as easily use it to steal cryptocurrency...
In one massive heist Pinksky stole 10% of all the Trigger altcoins on the market from crypto impresario Michael Terpin. ("As Pinsky's money launderers were converting it, the market was crashing in real time.") Pinsky recruited a crew to launder the money — at least one of which simply kept it — but even with all the conversion fees, he still made off with millions. And then... For a while, he half-expected the FBI to knock on his door at any moment, just like in the movies; but as time passed, he grew less anxious.... He says he moved on to learning different types of programming. He ran a sneaker business that used bots and scripts to snap up limited pairs then flip them... He went to soccer practice. He and his friends had started hanging out with girls on the weekend, driving down to the docks where you could see the glowing lights from the Tappan Zee Bridge.
Until Terpin figured out it was Pinsky who'd robbed him: Pinsky and his legal team preempted his arrest by contacting the U.S. attorney directly and offering his cooperation. In February 2020, he voluntarily returned every last thing he says he got from the Terpin heist: 562 bitcoins, the Patek watch, and the cash he'd stored in the safe under his bed.... When I ask if he has also worked with the FBI to help bring down other hackers, he blinks quickly and then changes the subject.
Pinsky has not been criminally charged — partly because he was a minor, but also because of his cooperation with law enforcement. But filing a civil suit, Terpin wants to be compensated with triple the amount stolen, arguing that the teenager who robbed him was running an organized crime racket and that he should be heavily punished to set an example.

Rolling Stone's article raisees the question: what should happen next?

An anonymous reader quotes a report from TechCrunch: The burgeoning low-code and no-code movement is showing little sign of waning, with numerous startups continuing to raise sizable sums to help the less-technical workforce develop and deploy software with ease. Arguably one of the most notable examples of this trend is Airtable, a 10-year-old business that recently attained a whopping $11 billion valuation for a no-code platform used by firms such as Netflix and Shopify to create relational databases. In tandem, we're also seeing a rise in "open source alternatives" to some of the big-name technology incumbents, from Google's backend-as-a-service platform Firebase to open source scheduling infrastructure that seeks to supplant the mighty Calendly. A young Dutch company called Baserow sits at the intersection of both these trends, pitching itself as an open source Airbase alternative that helps people build databases with minimal technical prowess. Today, Baserow announced that it has raised $5.2 million in seed funding to launch a suite of new premium and enterprise products in the coming months, transforming the platform from its current database-focused foundation into a "complete, open source no-code toolchain," co-founder and CEO Bram Wiepjes told TechCrunch.

So what, exactly, does Baserow do in its current guise? Well, anyone with even the most rudimentary spreadsheet skills can use Baserow for use-cases spanning content marketing, such as managing brand assets collaboratively across teams; managing and organizing events; helping HR teams or startups manage and track applicants for a new role; and countless more, which Baserow provides pre-built templates for. [...] Baserow's open source credentials are arguably its core selling point, with the promise of greater extensibility and customizations (users can create their own plug-ins to enhance its functionality, similar to how WordPress works) -- this is a particularly alluring proposition for businesses with very specific or niche use cases that aren't well supported from an off-the-shelf SaaS solution. On top of that, some sectors require full control of their data and technology stack for security or compliance purposes. This is where open source really comes into its own, given that businesses can host the product themselves and circumvent vendor lock-in.

With a fresh 5 million euros in the bank, Baserow is planning to double down on its commercial efforts, starting with a premium incarnation that's officially launching out of an early access program later this month. This offering will be available as a SaaS and self-hosted product and will include various features such as the ability to export in different formats; user management tools for admin; Kanban view; and more. An additional "advanced" product will also be made available purely for SaaS customers and will include a higher data storage limit and service level agreements (SLAs). Although Baserow has operated under the radar somewhat since its official foundation in Amsterdam last year, it claims to have 10,000 active users, 100 sponsors who donate to the project via GitHub and 800 users already on the waiting list for its premium version. Later this year, Baserow plans to introduce a paid enterprise version for self-hosting customers, with support for specific requirements such as audit logs, single sign-on (SSO), role-based access control and more.

What is likely one of history's largest heists of personal data -- and the largest known cybersecurity breach in China -- occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year. WSJ: The Shanghai police records -- containing the names, government ID numbers, phone numbers and incident reports of nearly 1 billion Chinese citizens -- were stored securely, according to the cybersecurity experts. But a dashboard for managing and accessing the data was set up on a public web address and left open without a password, which allowed anyone with relatively basic technical knowledge to waltz in and copy or steal the trove of information, they said. "That they would leave this much data exposed is insane," said Vinny Troia, founder of dark web intelligence firm Shadowbyte, which scans the web for unsecured databases and found the Shanghai police database in January.

The database stayed exposed for more than a year, from April 2021 through the middle of last month, when its data was suddenly wiped clean and replaced with a ransom note for the Shanghai police to discover, according to Bob Diachenko, owner of the cybersecurity research firm SecurityDiscovery, which similarly found the database -- and later the note -- through its periodic web scans earlier this year. "your_data_is_safe," the ransom note read, according to screenshots provided by Mr. Diachenko. "contact_for_your_data...recovery10btc," meaning the data would be returned for 10 bitcoin, roughly $200,000. The ransom amount matches the price that an anonymous user began asking for last Thursday on an online cybercrime forum in exchange for access to a database the user claimed contained billions of records of Chinese citizens' information stolen from a Shanghai national police database.

To much surprise, the lead developer of systemd Lennart Poettering who also led the creation of PulseAudio, Avahi, and has been a prolific free software contributor has reportedly left Red Hat. Michael Larabel writes via Phoronix: So far no public announcement appears to have been made, but according to a source has been reportedly removed from Red Hat's internal employee database. Yesterday Lennart did comment on the public Fedora devel mailing list to having now created a personal Red Hat Bugzilla account for his Fedora contributions after it was raised in bug reports and brought up on the mailing list that Lennart's Red Hat account is disabled. Emailing his Red Hat address this morning indeed yields an auto-response that it's no longer in use.

He's still active in systemd world with new commits made as of today, so it will be interesting to see where he ends up or his next moves with his vast Linux ecosystem expertise and pivotal role in spearheading systemd's direction.

Miguel Grinberg, a Principal Software Engineer for Technical Content at Twilio, writes in a blog post: We take blogging very seriously at Twilio. To help us understand what content works well and what doesn't on our blog, we have a dashboard that combines the metadata that we maintain for each article such as author, team, product, publication date, etc., with traffic information from Google Analytics. Users can interactively request charts and tables while filtering and grouping the data in many different ways. I chose SQLite for the database that supports this dashboard, which in early 2021 when I built this system, seemed like a perfect choice for what I thought would be a small, niche application that my teammates and I can use to improve our blogging. But almost a year and a half later, this application tracks daily traffic for close to 8000 articles across the Twilio and SendGrid blogs, with about 6.5 million individual daily traffic records, and with a user base that grew to over 200 employees.

At some point I realized that some queries were taking a few seconds to produce results, so I started to wonder if a more robust database such as PostgreSQL would provide better performance. Having publicly professed my dislike of performance benchmarks, I resisted the urge to look up any comparisons online, and instead embarked on a series of experiments to accurately measure the performance of these two databases for the specific use cases of this application. What follows is a detailed account of my effort, the results of my testing (including a surprising twist!), and my analysis and final decision, which ended up being more involved than I expected. [...] If you are going to take one thing away from this article, I hope it is that the only benchmarks that are valuable are those that run on your own platform, with your own stack, with your own data, and with your own software. And even then, you may need to add custom optimizations to get the best performance.

A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history. From a report: The anonymous internet user, identified as "ChinaDan," posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin BTC=, equivalent to about $200,000. "In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen," the post said. "Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details." Reuters was unable to verify the authenticity of the post. The Shanghai government and police department did not respond to requests for comment on Monday.

Reuters shares the results of its investigation into what it calls "mercenary hackers": Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails. The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets' inboxes and, ultimately, private or attorney-client privileged information.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers' hit list, and it reveals a down-to-the-second look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.... The targets' lawyers were often hit, too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found....

"It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles," said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

The legal cases identified by Reuters varied in profile and importance. Some involved obscure personal disputes. Others featured multinational companies with fortunes at stake. From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or suddenly entered into evidence in the middle of their trials. In several cases, stolen documents shaped the verdict, court records show.
Reuters spoke to email experts including Linkedin, Microsoft and Google to help confirm the authenticity of the data they'd received, and reports that one high-profile victim was WeWork co-founder Adam Neumann. (After Reuters told him he'd been targetted starting in 2017, Neumann hired a law firm.) "Reuters reached out to every person in the database — sending requests for comment to each email address — and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way."

America's FBI has been investigating the breachers since at least early 2018, Reuters reports, adding that pressure is now increasing on private eyes who acted as go-betweens for interested clients.

Meanwhile, Reuters found former employees of the mercenary firms, who told them that the firms employed dozens of workers — though "a month's salary could be as low as 25,000 rupees (then worth about $370), according to two former workers and company salary records...

"Asked about the hacker-for-hire industry, an official with India's Ministry of Justice referred Reuters to a cybercrime hotline, which did not respond to a request for comment."

An anonymous reader quotes a report from NBC News: A teen charged with setting a fire that killed five members of a Senegalese immigrant family in Denver, Colorado, has become the first person to challenge police use of Google search histories to find someone who might have committed a crime, according to his lawyers. In documents filed Thursday in Denver District Court, lawyers for the 17-year-old argue that the police violated the Constitution when they got a judge to order Google to check its vast database of internet searches for users who typed in the address of a home before it was set ablaze on Aug. 5, 2020. Three adults and two children died in the fire.

That search of Google's records helped point investigators to the teen and two friends, who were eventually charged in the deadly fire, according to police records. All were juveniles at the time of their arrests. Two of them, including the 17-year-old, are being tried as adults; they both pleaded not guilty. The defendant in juvenile court has not yet entered a plea. The 17-year-old's lawyers say the search, and all evidence that came from it, should be thrown out because it amounted to a blind expedition through billions of Google users' queries based on a hunch that the killer typed the address into a search bar. That, the lawyers argued, violated the Fourth Amendment, which protects against unreasonable searches. "People have a privacy interest in their internet search history, which is really an archive of your personal expression," said Michael Price, who is lead litigator of the National Association of Criminal Defense Lawyers' Fourth Amendment Center and one of the 17-year-old's attorneys. "Search engines like Google are a gateway to a vast trove of information online and the way most people find what they're looking for. Every one of those queries reveals something deeply private about a person, things they might not share with friends, family or clergy."

Price said that allowing the government to sift through Google's vast trove of searches is akin to allowing the government access to users' "thoughts, concerns, questions, fears." He added: "Every one of those queries reveals something deeply private about a person, things they might not share with friends, family or clergy," Price said. "'Psychiatrists in Denver.' 'Abortion providers near me.' 'Does God exist.' Every day, people pose those questions to Google seeking information."

An anonymous reader quotes a report from Gizmodo: The FBI wrote to its Internet Crime Complaint Center Tuesday that it has received multiple complaints of people using stolen information and deepfaked video and voice to apply to remote tech jobs. According to the FBI's announcement, more companies have been reporting people applying to jobs using video, images, or recordings that are manipulated to look and sound like somebody else. These fakers are also using personal identifiable information from other people -- stolen identities -- to apply to jobs at IT, programming, database, and software firms. The report noted that many of these open positions had access to sensitive customer or employee data, as well as financial and proprietary company info, implying the imposters could have a desire to steal sensitive information as well as a bent to cash a fraudulent paycheck.

What isn't clear is how many of these fake attempts at getting a job were successful versus how many were caught and reported. Or, in a more nefarious hypothetical, whether someone secured an offer, took a paycheck, and then got caught. These applicants were apparently using voice spoofing techniques during online interviews where lip movement did not match what's being said during video calls, according to the announcement. Apparently, the jig was up in some of these cases when the interviewee coughed or sneezed, which wasn't picked up by the video spoofing software. Companies who suspect a fake applicant can report it to the complaint center site.

"China's ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known," reports the New York Times, after their Visual Investigations team with reporters in Asia "spent more than a year analyzing more than 100,000 government bidding documents." The Chinese government's goal is clear: designing a system to maximize what the state can find out about a person's identity, activities and social connections.... The Times analysis found that the police strategically chose locations to maximize the amount of data their facial recognition cameras could collect.... The police also wanted to install facial recognition cameras inside private spaces, like residential buildings, karaoke lounges and hotels. In the police's own words, the strategy to upgrade their video surveillance system was to achieve the ultimate goal of "controlling and managing people."

Authorities are using phone trackers to link people's digital lives to their physical movements. Devices known as Wi-Fi sniffers and IMSI catchers can glean information from phones in their vicinity, which allow the police to track a target's movements... In a 2017 bidding document from Beijing, the police wrote that they wanted the trackers to collect phone owners' usernames on popular Chinese social media apps.... As of today, all 31 of mainland China's provinces and regions use phone trackers.

DNA, iris scan samples and voice prints are being collected indiscriminately from people with no connection to crime. The police in China are starting to collect voice prints using sound recorders attached to their facial recognition cameras. In the southeast city of Zhongshan, the police wrote in a bidding document that they wanted devices that could record audio from at least a 300-foot radius around cameras. Software would then analyze the voice prints and add them to a database. Police boasted that when combined with facial analysis, they could help pinpoint suspects faster.
The Times also created a separate video summarizing the results of their investigation.

And their article notes estimates that more than half the world's 1 billion surveillance cameras are already in China — but there's more information to be gathered. One of China's largest surveillance contractors also pitched software that to the government displays a person's "movements, clothing, vehicles, mobile device information and social connections," according to the Times. "The Times investigation found that this product was already being used by Chinese police."

Thanks to Slashdot reader nray for sharing the story.