Crime

Vast Pedophile Network Shut Down In Europol's Largest CSAM Operation (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: Europol has shut down one of the largest dark web pedophile networks in the world, prompting dozens of arrests worldwide and threatening that more are to follow. Launched in 2021, KidFlix allowed users to join for free to preview low-quality videos depicting child sex abuse materials (CSAM). To see higher-resolution videos, users had to earn credits by sending cryptocurrency payments, uploading CSAM, or "verifying video titles and descriptions and assigning categories to videos."

Europol seized the servers and found a total of 91,000 unique videos depicting child abuse, "many of which were previously unknown to law enforcement," the agency said in a press release. KidFlix going dark was the result of the biggest child sexual exploitation operation in Europol's history, the agency said. Operation Stream, as it was dubbed, was supported by law enforcement in more than 35 countries, including the United States. Nearly 1,400 suspected consumers of CSAM have been identified among 1.8 million global KidFlix users, and 79 have been arrested so far. According to Europol, 39 child victims were protected as a result of the sting, and more than 3,000 devices were seized.

Police identified suspects through payment data after seizing the server. Despite cryptocurrencies offering a veneer of anonymity, cops were apparently able to use sophisticated methods to trace transactions to bank details. And in some cases cops defeated user attempts to hide their identities -- such as a man who made payments using his mother's name in Spain, a local news outlet, Todo Alicante, reported. It likely helped that most suspects were already known offenders, Europol noted. Arrests spanned the globe, including 16 in Spain, where one computer scientist was found with an "abundant" amount of CSAM and payment receipts, Todo Alicante reported. Police also arrested a "serial" child abuser in the US, CBS News reported.

Crime

Global Scam Industry Evolving at 'Unprecedented Scale' Despite Recent Crackdown (cnn.com) 9

Online scam operations across Southeast Asia are rapidly adapting to recent crackdowns, adopting AI and expanding globally despite the release of 7,000 trafficking victims from compounds along the Myanmar-Thailand border, experts say. These releases represent just a fraction of an estimated 100,000 people trapped in facilities run by criminal syndicates that rake in billions through investment schemes and romance scams targeting victims worldwide, CNN reports.

"Billions of dollars are being invested in these kinds of businesses," said Kannavee Suebsang, a Thai lawmaker leading efforts to free those held in scam centers. "They will not stop." Crime groups are exploiting AI to write scamming scripts and using deepfakes to create personas, while networks have expanded to Africa, South Asia, and the Pacific region, according to the United Nations Office of Drugs and Crime. "This is a situation the region has never faced before," said John Wojcik, a UN organized crime analyst. "The evolving situation is trending towards something far more dangerous than scams alone."
Privacy

Alleged Deel Spy Confesses To Coordinating with Deel CEO Alex Bouaziz (newcomer.co) 8

Newcomer: Keith O'Brien, the man who allegedly spied for Deel while working at Rippling, is apparently clearing his conscience, according to a sworn Irish affidavit. O'Brien says in the affidavit that Deel paid him to spy on Rippling and that he coordinated directly with Deel's CEO, Alex Bouaziz.

For some background, Alex Bouaziz is Deel's CEO and Philippe Bouaziz is his father, Deel's CFO. Rippling, which competes directly with Deel, has sued Deel over the alleged spying.
O'Brien says in the affidavit: I decided to cooperate after I got a text from a friend on March 25, 2025 saying, "the truth will set you free." I was also driving with a family member to meet my solicitors and she told me that if I had done something wrong that I should "just tell the truth." I was having bad thoughts at the time; it was a horrible time for me. I was getting sick concealing this lie. I realised that I was harming myself and my family to protect Deel. I was concerned, and I am still concerned, about how wealthy and powerful Alex and Philippe are, but I know that what I was doing was wrong. After I spoke with my solicitors at Fenecas Law, I started to feel a sense of relief. I want to do what I can to start making amends and righting these wrongs. Deel CEO allegedly agreed to pay O'Brien 5000 euros a month.
Government

Substack Says It'll Legally Defend Writers 'Targeted By the Government' (theverge.com) 53

Substack has announced it will legally support foreign writers lawfully residing in the U.S. who face government targeting over their published work, partnering with the nonprofit FIRE to expand its existing Defender program. The Verge reports: In their announcement, Substack and FIRE mention the international Tufts University student who was arrested by federal agents last week. Her legal team links her arrest to an opinion piece she co-wrote for the school's newspaper last year, which criticized Tufts for failing to comply with requests to divest from companies with connections to Israel. "If true, this represents a chilling escalation in the government's effort to target critics of American foreign policy," Substack and FIRE write.

The initiative builds on Substack's Defender program, which already offers legal assistance for independent journalists and creators on the platform. The company says it has supported "dozens" of Substack writers facing claims of defamation and trademark infringement since it launched the program in the US in 2020. It has since brought Substack Defender to writers in Canada and the UK.

The Courts

Donkey Kong Champion Wins Defamation Case Against Australian YouTuber Karl Jobst (theguardian.com) 56

An anonymous reader quotes a report from The Guardian: A professional YouTuber in Queensland has been ordered to pay $350,000 plus interest and costs to the former world record score holder for Donkey Kong, after the Brisbane district court found the YouTuber had defamed him "recklessly" with false claims of a link between a lawsuit and another YouTuber's suicide. William "Billy" Mitchell, an American gamer who had held world records in Donkey Kong and Pac-Man going back to 1982, as recognized by the Guinness World Records and the video game database Twin Galaxies, brought the case against Karl Jobst, seeking $400,000 in general damages and $50,000 in aggravated damages.

Jobst, who makes videos about "speed running" (finishing games as fast as possible), as well as gaming records and cheating in games, made a number of allegations against Mitchell in a 2021 YouTube video. He accused Mitchell of cheating, and "pursuing unmeritorious litigation" against others who had also accused him of cheating, the court judgment stated. The court heard Mitchell was accused in 2017 of cheating in his Donkey Kong world records by using emulation software instead of original arcade hardware. Twin Galaxies investigated the allegation, and subsequently removed Mitchell's scores and banned him from participating in its competitions. The Guinness World Records disqualified Mitchell as a holder of all his records -- in both Donkey Kong and Pac-Man -- after the Twin Galaxies decision. The judgment stated that Jobst's 2021 video also linked the December 2020 suicide of another YouTuber, Apollo Legend, to "stress arising from [his] settlement" with Mitchell, and wrongly asserted that Apollo Legend had to pay Mitchell "a large sum of money."

Privacy

FTC Says 23andMe Purchaser Must Uphold Existing Privacy Policy For Data Handling (therecord.media) 28

The FTC has warned that any buyer of 23andMe must honor the company's current privacy policy, which ensures consumers retain control over their genetic data and can delete it at will. FTC Chair Andrew Ferguson emphasized that such promises must be upheld, given the uniquely sensitive and immutable nature of genetic information. The Record reports: The letter, sent to the DOJ's United States Trustee Program, highlights several assurances 23andMe makes in its privacy policy, including that users are in control of their data and can determine how and for what purposes it is used. The company also gives users the ability to delete their data at will, the letter says, arguing that 23andMe has made "direct representations" to consumers about how it uses, shares and safeguards their personal information, including in the case of bankruptcy.

Pointing to statements that the company's leadership has made asserting that user data should be considered an asset, Ferguson highlighted that 23andMe's privacy statement tells users it does not share their data with insurers, employers, public databases or law enforcement without a court order, search warrant or subpoena. It also promises consumers that it only shares their personal data in cases where it is needed to provide services, Ferguson added. The genetic testing and ancestry company is explicit that its data protection guidelines apply to new entities it may be sold or transferred to, Ferguson said.

Social Networks

Arkansas Social Media Age Verification Law Blocked By Federal Judge (engadget.com) 15

A federal judge struck down Arkansas' Social Media Safety Act, ruling it unconstitutional for broadly restricting both adult and minor speech and imposing vague requirements on platforms. Engadget reports: In a ruling (PDF), Judge Timothy Brooks said that the law, known as Act 689 (PDF), was overly broad. "Act 689 is a content-based restriction on speech, and it is not targeted to address the harms the State has identified," Brooks wrote in his decision. "Arkansas takes a hatchet to adults' and minors' protected speech alike though the Constitution demands it use a scalpel." Brooks also highlighted the "unconstitutionally vague" applicability of the law, which seemingly created obligations for some online services, but may have exempted services which had the "predominant or exclusive function [of]... direct messaging" like Snapchat.

"The court confirms what we have been arguing from the start: laws restricting access to protected speech violate the First Amendment," NetChoice's Chris Marchese said in a statement. "This ruling protects Americans from having to hand over their IDs or biometric data just to access constitutionally protected speech online." It's not clear if state officials in Arkansas will appeal the ruling. "I respect the court's decision, and we are evaluating our options," Arkansas Attorney general Tim Griffin said in a statement.

Privacy

UK's GCHQ Intern Transferred Top Secret Files To His Phone (bbc.co.uk) 49

Bruce66423 shares a report from the BBC: A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing an unauthorised act which risked damaging national security.

Arshad, from Rochdale in Greater Manchester, is said to have transferred sensitive data from a secure computer to his phone, which he had taken into a top secret area of GCHQ on 24 August 2022. [...] The court heard that Arshad took his work mobile into a top secret GCHQ area and connected it to work station. He then transferred sensitive data from a secure, top secret computer to the phone before taking it home, it was claimed. Arshad then transferred the data from the phone to a hard drive connected to his personal home computer.
"Seriously? What on earth was the UK's equivalent of the NSA doing allowing its hardware to carry out such a transfer?" questions Bruce66423.
The Courts

Google To Pay $100 Million To Settle 14-Year-Old Advertising Lawsuit (msn.com) 6

An anonymous reader quotes a report from Reuters: Google has agreed to pay $100 million in cash to settle a long-running lawsuit claiming it overcharged advertisers by failing to provide promised discounts and charged for clicks on ads outside the geographic areas the advertisers targeted. A preliminary settlement of the 14-year-old class action, which began in March 2011, was filed late Thursday in the San Jose, California, federal court, and requires a judge's approval.

Advertisers who participated in Google's AdWords program, now known as Google Ads, accused the search engine operator of breaching its contract by manipulating its Smart Pricing formula to artificially reduce discounts. The advertisers also said Google, a unit of Mountain View, California-based Alphabet, misled them by failing to limit ad distribution to locations they designated, violating California's unfair competition law. Thursday's settlement covers advertisers who used AdWords between January 1, 2004, and December 13, 2012.

Google denied wrongdoing in agreeing to settle. "This case was about ad product features we changed over a decade ago and we're pleased it's resolved," spokesman Jose Castaneda said in an emailed statement. Lawyers for the plaintiffs may seek fees of up to 33% of the settlement fund, plus $4.2 million for expenses. According to court papers, the case took a long time as the parties produced extensive evidence, including more than 910,000 pages of documents and multiple terabytes of click data from Google, and participated in six mediation sessions before four different mediators.

Biotech

Open Source Genetic Database Shuts Down To Protect Users From 'Authoritarian Governments' (404media.co) 28

An anonymous reader quotes a report from 404 Media: The creator of an open source genetic database is shutting it down and deleting all of its data because he has come to believe that its existence is dangerous with "a rise in far-right and other authoritarian governments" in the United States and elsewhere. "The largest use case for DTC genetic data was not biomedical research or research in big pharma," Bastian Greshake Tzovaras, the founder of OpenSNP, wrote in a blog post. "Instead, the transformative impact of the data came to fruition among law enforcement agencies, who have put the genealogical properties of genetic data to use."

OpenSNP has collected roughly 7,500 genomes over the last 14 years, primarily by allowing people to voluntarily submit their own genetic information they have downloaded from 23andMe. With the bankruptcy of 23andMe, increased interest in genetic data by law enforcement, and the return of Donald Trump and rise of authoritarian governments worldwide, Greshake Tzovaras told 404 Media he no longer believes it is ethical to run the database. "I've been thinking about it since 23andMe was on the verge of bankruptcy and been really considering it since the U.S. election. It definitely is really bad over there [in the United States]," Greshake Tzovaras told 404 Media. "I am quite relieved to have made the decision and come to a conclusion. It's been weighing on my mind for a long time."

Greshake Tzovaras said that he is proud of the OpenSNP project, but that, in a world where scientific data is being censored and deleted and where the Trump administration has focused on criminalizing immigrants and trans people, he now believes that the most responsible thing to do is to delete the data and shut down the project. "Most people in OpenSNP may not be at particular risk right now, but there are people from vulnerable populations in here as well," Greshake Tzovaras said. "Thinking about gender representation, minorities, sexual orientation -- 23andMe has been working on the whole 'gay gene' thing, it's conceivable that this would at some point in the future become an issue."
"Across the globe there is a rise in far-right and other authoritarian governments. While they are cracking down on free and open societies, they are also dedicated to replacing scientific thought and reasoning with pseudoscience across disciplines," Greshake Tzovaras wrote. "The risk/benefit calculus of providing free & open access to individual genetic data in 2025 is very different compared to 14 years ago. And so, sunsetting openSNP -- along with deleting the data stored within it -- feels like it is the most responsible act of stewardship for these data today."

"The interesting thing to me is there are data preservation efforts in the U.S. because the government is deleting scientific data that they don't like. This is approaching that same problem from a different direction," he added. "We need to protect the people in this database. I am supportive of preserving scientific data and knowledge, but the data comes second -- the people come first. We prefer deleting the data."
Privacy

FBI Raids Home of Prominent Computer Scientist Who Has Gone Incommunicado (arstechnica.com) 98

An anonymous reader shares a report: A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer, Indiana University, and had his homes raided by the FBI. No one knows why.

Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University's Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there.

He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data.

Privacy

Nearly 1.5 Million Private Photos from Five Dating Apps Were Exposed Online (bbc.com) 32

"Researchers have discovered nearly 1.5 million pictures from specialist dating apps — many of which are explicit — being stored online without password protection," reports the BBC, "leaving them vulnerable to hackers and extortionists."

And the images weren't limited to those from profiles, the BBC learned from the ethical hacker who discovered the issue. "They included pictures which had been sent privately in messages, and even some which had been removed by moderators..." Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile [including two kink/BDSM sites and two LGBT apps]... These services are used by an estimated 800,000 to 900,000 people.

M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images. Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services...

None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex.

In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash.

"Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it..."
Transportation

'Why Did the Government Declare War on My Adorable Tiny Truck?' (bloomberg.com) 173

Automotive historian Dan Albert loves the "adorable tiny truck" he's driving. It's one of the small Japan-made "kei" pickups and minivans that "make up about a third of car sales in Japan." Americans can legally import older models for less than $10,000, and getting 40 miles per gallon they're "Cheap to buy and run... rugged, practical, no-frills machines — exactly what the American-built pickup truck used to be."

But unfortunately, kei buyers face "bureaucratic roadblocks that states like Massachusetts have erected to keep kei cars and trucks out of the hands of U.S. drivers." Several state departments of motor vehicles (DMVs) have balked at registering the imported machines, saying that they're too unsafe for American streets. Owners have responded with a righteous mix of good humor, lobbying and lawsuits... Kei trucks do not meet the Federal Motor Vehicle Safety Standards, or FMVSS — the highly specific rules US-market new cars must meet. But since 1988, the Imported Vehicle Safety Compliance Act has exempted vehicles that are at least 25 years old from these crash safety standards, allowing drivers to bring over vintage European and Asian market models...

Getting insurance coverage was the next barrier, as the company that had long been underwriting the Albert family's fleet also rejected me, forcing me to seek out a specialty "collector car" insurer. (I did eventually get regular coverage....) Maine, Rhode Island, New York, Pennsylvania, Georgia, Virginia, and Michigan also tightened their rules on registering small Japanese imports in recent years. The culprit, according to the auto enthusiast press, was the American Association of Motor Vehicle Administrators, the trade organization that serves as the lobbying and policy arm of DMVs across North America. Much of AAMVA's work involves integrating the databases of the 69 US and Canadian motor vehicle jurisdictions who are its members, so that a car stolen in one state can't be titled in another... The kei truck's regulatory troubles can be traced to a 2011 AAMVA report, "Best Practices Regarding Registration and Titling of Mini-Trucks," which called for outright bans and encouraged DMVs to lobby state legislatures to outlaw keis entirely.

The Insurance Institute of Highway Safety concurred, telling AAMVA that its recommendation did not go far enough: The IIHS said that keis should join the class of conveyances that the U.S. government calls Low Speed Vehicles, which are mechanically limited to 25 miles per hour or less and should be used only for short local trips on low-speed-limit roads because they can't protect occupants in the event of a collision with a regular vehicle... [But] By 2008, Japan's kei trucks did feature crumple zones and driver airbags in compliance with that country's safety standards...

Despite its name, the Imported Vehicle Safety Compliance Act that lets older cars into the US from overseas isn't really about safety: Car industry lobbyists secured passage of the law to protect dealer profits. Newer keis — which are banned — are safer and cleaner than the 25-year-old ones that can be imported now. (Battery-powered keis debuted in 2009.) But even mine has an airbag, front crumple zone, seatbelt pretensioners, and anti-lock brakes.

The article notes that kie fans have "a distinctly libertarian streak... Some owners I've talked to report forging titles, setting up shell companies in Montana and finding other means of skirting DMV rules."

Thanks to long-time Slashdot reader schwit1 for sharing the article.
Privacy

Madison Square Garden Bans Fan After Surveillance System IDs Him as Critic of Its CEO (theverge.com) 98

An anonymous reader quotes a report from The Verge: A concert on Monday night at New York's Radio City Music Hall was a special occasion for Frank Miller: his parents' wedding anniversary. He didn't end up seeing the show -- and before he could even get past security, he was informed that he was in fact banned for life from the venue and all other properties owned by Madison Square Garden (MSG). After scanning his ticket and promptly being pulled aside by security, Miller was told by staff that he was barred from the MSG properties for an incident at the Garden in 2021. But Miller says he hasn't been to the venue in nearly two decades.

"They hand me a piece of paper letting me know that I've been added to a ban list," Miller says. "There's a trespass notice if I ever show up on any MSG property ever again," which includes venues like Radio City, the Beacon Theatre, the Sphere, and the Chicago Theatre. He was baffled at first. Then it dawned on him: this was probably about a T-shirt he designed years ago. MSG Entertainment won't say what happened with Miller or how he was picked out of the crowd, but he suspects he was identified via controversial facial recognition systems that the company deploys at its venues.

In 2017, 1990s New York Knicks star Charles Oakley was forcibly removed from his seat near Knicks owner and Madison Square Garden CEO James Dolan. The high-profile incident later spiraled into an ongoing legal battle. For Miller, Oakley was an "integral" part of the '90s Knicks, he says. With his background in graphic design, he made a shirt in the style of the old team logo that read, "Ban Dolan" -- a reference to the infamous scuffle. A few years later, in 2021, a friend of Miller's wore a Ban Dolan shirt to a Knicks game and was kicked out and banned from future events. That incident spawned ESPN segments and news articles and validated what many fans saw as a pettiness on Dolan and MSG's part for going after individual fans who criticized team ownership.
"Frank Miller Jr. made threats against an MSG executive on social media and produced and sold merchandise that was offensive in nature," Mikyl Cordova, executive vice president of communications and marketing for the company, said in an emailed statement. "His behavior was disrespectful and disruptive and in violation of our code of conduct."

Miller responded to the ban, saying: "I just found it comical, until I was told that my mom was crying [in the lobby]. I was like, 'Oh man, I ruined their anniversary with my shit talk on the internet. Memes are powerful, and so is the surveillance state. It's something that we all have to be aware of -- the panopticon. We're [being] surveilled at all times, and it's always framed as a safety thing, when rarely is that the case. It's more of a deterrent and a fear tactic to try to keep people in line."
Programming

DOGE To Rewrite SSA Codebase In 'Months' (wired.com) 331

Longtime Slashdot reader frank_adrian314159 writes: According to an article in Wired, Elon Musk has appointed a team of technologists from DOGE to "rewrite the code that runs the SSA in months." This codebase has over 60 million lines of COBOL and handles record keeping for all American workers and payments for all Social Security recipients. Given that the code has to track the byzantine regulations dealing with Social Security, it's no wonder that the codebase is this large. What is in question though is whether a small team can rewrite this code "in months." After all, what could possibly go wrong? "The project is being organized by Elon Musk lieutenant Steve Davis ... and aims to migrate all SSA systems off COBOL ... and onto a more modern replacement like Java within a scheduled tight timeframe of a few months," notes Wired.

"Under any circumstances, a migration of this size and scale would be a massive undertaking, experts tell WIRED, but the expedited deadline runs the risk of obstructing payments to the more than 65 million people in the US currently receiving Social Security benefits."

In 2017, SSA announced a plan to modernize its core systems with a timeline of around five years. However, the work was "pivoted away" because of the pandemic.

Slashdot Top Deals