An anonymous reader quotes a report from KrebsOnSecurity: An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021. Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German Federal Criminal Police (the "Bundeskriminalamt" or BKA for short). The BKA said Shchukin and another Russian -- 43-year-old Anatoly Sergeevitsch Kravchuk -- extorted nearly $2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damage.

Germany's BKA said Shchukin acted as the head of one of the largest worldwide operating ransomware groups GandCrab and REvil, which pioneered the practice of double extortion -- charging victims once for a key needed to unlock hacked systems, and a separate payment in exchange for a promise not to publish stolen data. Shchukin's name appeared in a Feb. 2023 filing (PDF) from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang's activities. The government said the digital wallet tied to Shchukin contained more than $317,000 in ill-gotten cryptocurrency. The BKA believes Shchukin resides in Krasnodar, Russia, where he is from. "Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia," the BKA advised. "Travel behavior cannot be ruled out."

Russia's "great crackdown" on VPNs — and a clampdown on Telegram's messaging platform — had an unintended side effect, reports Bloomberg. It "triggered the widespread banking outage seen across the country this week, Telegram's billionaire founder Pavel Durov said." "Telegram was banned in Russia, yet 65 million Russians still use it daily via VPNs," Durov said Saturday in a post on Telegram. "The government has spent years trying to ban VPNs too. Their blocking attempts just triggered a massive banking failure; cash briefly became the only payment method nationwide yesterday." Attempts on Friday to limit VPN use could have sparked the disruption affecting banking apps, The Bell and other Russian media reported, citing industry sources who weren't identified.

The outage may have been caused by an overload in the filtering systems run by Russia's communications watchdog, according to the reports, with experts warning that major restrictions risk undermining network stability... Separately, payments for Apple Inc.'s app store and other services became unavailable in Russia from April 1, the US company said on its website, without saying why. Earlier, RBC newswire reported that the Digital Development Ministry had asked mobile operators to disable top-ups, which could help limit VPN use....

Durov, who's being investigated in Russia for allegedly aiding terrorist activity, compared the situation in his home country to Iran, where similar restrictions prompted widespread adoption of VPNs instead of the intended shift to state-backed messaging apps. "Welcome back to the Digital Resistance, my Russian brothers and sisters," said Durov, who has lived in Dubai and France in recent years. "The entire nation is now mobilized to bypass these absurd restrictions," he wrote, adding that Telegram would continue adapting to make its traffic harder to detect and block.

One crime ring scammed 2,000 elderly people of more than $27 million between 2021 and 2023 using tech support/bank impersonation/refund scams. "Victims were in their 70s and 80s," reports the U.S. Attorney's office for California's southern district. Victims were first told they'd received a refund (either online or via phone), but then told they'd been "over-refunded" a massive amount, and asked to return that amount.

But 42-year-old Jiandong Chen just admitted Thursday in a U.S. federal court that he was involved in the fraud and money laundering via cryptocurrency — pleading guilty to two charges with maximum penalties of 40 years in prison and a $1 million fine, plus 20 years in prison with a maximum fine of $500,000 or twice the amount laundered. "Chen, a Chinese national, is the second defendant charged in a five-defendant indictment." And what tripped him up seems to be that "Certain members of the conspiracy also did in-person pickups of money directly from victims..."

And so YouTube enters the story — when the scammers called pranksters with 1,790,000 subscribers to their "Trilogy Media" channel. In an elaborate three-hour video, the team of pranksters lured the scammer to a rented Airbnb where they're staging a fake funeral with a nun. (One of the men acting in the video remembers "we start doing a prayer... I'm holding the scammer's hand in my nun outfit...")

They convince the scammer to collect the cash from a dead man — "Is there anything you'd like to say to him?" Then there's demon voices. The scammer's victim resurrects from the dead. Did the cash mule bring holy water?

The end result was a video titled "CONFRONTING SCAMMERS WITH A FAKE FUNERAL (EPIC REACTIONS)". But two and a half years later, their "cash mule sting house" video has racked up over 1.3 million views, 22,000 likes, and 2,979 comments. ("This video is longer than Oppenheimer. Thanks for the laughs fellas.")

And the scammer is facing 60 years in prison.

A former U.S. spy spoke to The New Yorker about "years of clandestine work for the C.I.A. — which, he said, had 'prevented Iran from getting a nuke'." [Kevin] Chalker told me that, as he understood it, the Pentagon had suggested running commando operations to kill key Iranian scientists, as Israel subsequently did. But the C.I.A. proposed recruiting those scientists to defect, as U.S. spies had once courted Soviet physicists. Chalker paraphrased the agency's pitch: "We can debrief them and learn so much more — and, if they say no, then you can kill them." (A more senior agency official confirmed the broad strokes of his account.) The White House liked the agency's idea, and [president George W.] Bush authorized the C.I.A. to conduct clandestine operations to stop Iran from building a bomb. The C.I.A. program that Chalker described to me became publicly known in 2007, when the Los Angeles Times reported on the existence of an agency project called Brain Drain. But the details of the "invitations" to Iranian scientists have not previously been reported...

Chalker typically had about ten minutes to explain, as gently as possible, that he was from the C.I.A., that he had the power to secure the scientist and his family a comfortable new life in the U.S. — and that, if the offer was rejected, the scientist, regrettably, would be assassinated. (Chalker tried to emphasize the happier potential outcome.) Killing a civilian scientist would violate international law. The American government has denied ever doing it, and I found no evidence that the U.S. has carried out any such murders. A former senior agency official familiar with the Brain Drain project told me all that mattered was that Iranian scientists had believed they would be killed, regardless of whether the U.S. actually made good on the threat. And Israel had been conducting a campaign to assassinate Iranian scientists, which made the prospect of lethal reprisal highly plausible. Other former officials with knowledge of the project told me that the C.I.A. sometimes shared intelligence with Mossad which enabled its operatives to locate and kill a scientist. Such information exchanges were kept vague enough to preserve deniability if a more legalistic U.S. Administration later took office...

[Chalker] is confident that those who rebuffed him were, in fact, killed — one way or another... One of Chalker's colleagues told me that, against the backdrop of so many Israeli assassinations, Chalker's interactions with Iranian scientists could almost be considered humanitarian — he had been "throwing them a lifeline." Of the many scientists he approached, three-quarters ultimately agreed to coöperate.
Their 10,000-word article suggests Chalker may now be resentful the CIA didn't help him in a later unrelated lawsuit, noting it's "nearly unheard of for ex-spies to divulge their past activities."

But Chalker also says he "helped obtain pivotal information that laid the groundwork for more than a decade of American efforts to disrupt the Iranian nuclear-weapons program, from the Stuxnet cyberattacks, which occurred around 2010 [destroying 1,000 uranium-enriching centrifuges], to the Obama Administration's nuclear deal, in 2015, to the U.S. air strikes on Iranian atomic-energy facilities in the summer of 2025."

Amazon "must negotiate with a labor union representing some 5,000 workers at a company warehouse on Staten Island," reports Reuters, citing a ruling Wednesday from America's National Labor Relations Board (NLRB).

The union formed in 2022, according to the article, and "has been seeking to negotiate with Amazon over pay, working conditions and other matters." The NLRB said in its ruling that Amazon "has engaged in unfair labor practices" by refusing to bargain with the labor group or to recognize its legitimacy... Amazon said on Thursday it disagreed with the NLRB's ruling. "Representatives of the NLRB improperly influenced this election," the company said in a statement, suggesting it planned to appeal. "We're confident an unbiased court will overturn the original certification, and we look forward to the opportunity for our team to fairly voice their opinions." An appeal would likely preclude Amazon from having to comply with the NLRB's order while it makes its way through the courts...

Related to the Staten Island case, Amazon has argued that the NLRB itself is unconstitutional and sued to block the agency from ruling on it. The matter is still pending.
After forming independently, that union "has since aligned with the International Brotherhood of Teamsters," the article points out. The Teamsters represent 1.3 million American workers, according to a statement they issued this week, which also includes this quote from the president of Amazon Labor Union-e Local 1. "We are making history at Amazon, and we are doing it through undiluted worker power..."

Their statement adds that the ruling "came only one day after the union announced another historic victory that upheld Amazon Teamsters' right to strike."

A Rome court ruled that several Netflix price hikes in Italy were unlawful because the company's contracts didn't adequately explain or justify future pricing changes. As a result, Netflix has been ordered to issue refunds that could total roughly 500 euros for some long-term subscribers. Ars Technica reports: The lawsuit was brought by Italian consumer advocacy group Movimento Consumatori, which alleged that the price hikes violate the Consumer Code, Italian legislation that aims to protect consumer rights. The Consumer Code says it's unlawful for a "professional to unilaterally modify the clauses of the contract, or the characteristics of the product or service to be provided, without a justified reason indicated in the contract itself," according to a Google-provided translation.

The court's April 1 ruling determined that Netflix's contracts were required to explain in advance why prices or other terms might change in the future. Because the price hikes were found to be imposed without providing customers with valid justifications, the court ruled that the new prices are invalid and ordered Netflix to refund affected subscribers. This comes despite Netflix reportedly providing a 30-day advance notice of the higher fees and allowing customers to cancel their subscriptions to avoid price hikes.

The court gave Netflix 90 days to inform millions of current and former customers via email, mail, its website, and Italian newspapers of their right to refunds or else face a penalty of 700 euros per day, Italian newspaper Il Sole 24 Ore reported today. Per Italian law, price increases that Netflix has issued or will issue beyond April 2025 are legal. At that time, Netflix adjusted its terms to state that contract terms could one day change due to technological, security, or regulatory needs, to clarify clauses, or to provide changes to the service, Il Sole 24 Ore reported.

An anonymous reader quotes a report from Wired: Today at a hearing of the Colorado Senate Business, Labor, and Technology committee, lawmakers voted unanimously to move Colorado state bill SB26-090 -- titled Exempt Critical Infrastructure from Right to Repair -- out of committee and into the state senate and house for a vote. The bill modifies Colorado's Consumer Right to Repair Digital Electronic Equipment act, which was passed in 2024 and went into effect in January 2026. While the protections secured by that act are wide, the new SB26-090 bill aims to "exempt information technology equipment that is intended for use in critical infrastructure from Colorado's consumer right to repair laws."

The bill is supported by tech manufacturers like Cisco and IBM, according to lobbying disclosures. These are companies that have vested interests in manufacturing things like routers, server equipment, and computers and stand to profit if they can control who fixes their products and the tools, components, and software used to make those upgrades and repairs. They also cite cybersecurity concerns, saying that giving people access to the tools and systems they would need to repair a device could also enable bad actors to use those methods for nefarious means. (This is a common argument manufacturers make when opposing right-to-repair laws.)

[...] During the hearing, more than a dozen repair advocates spoke from organizations like Pirg, the Repair Association, and iFixit opposing the bill. YouTuber and repair advocate Louis Rossmann was there. The main problem, repair advocates say, is that the bill deliberately uses vague language to make the case for controlling who can fix their products. [...] The Colorado Labor and Technology committee advanced the bill, but it still needs to go through votes on the Colorado Senate and House floors before going into effect. Those votes may take place as early as next week. Regardless of how the bill goes in the state, it's likely that manufacturers will continue their push to alter or undo repair legislation in other states across the country. "The 'information technology' and 'critical infrastructure' thing is as cynical as you can possibly be about it," says Nathan Proctor, the leader of Pirg's US right-to-repair campaign. "It sounds scary to lawmakers, but it just means the internet."

The current wording of the bill "leaves it up to the manufacturers to determine which items they will need to provide repair tools and parts to owners and independent repairers and which ones they don't," says Danny Katz, executive director CoPIRG, the Colorado branch of the consumer advocate group Pirg. "This is a bad policy and would be a big step back for Coloradans' repair rights."

iFixit CEO Kyle Wiens said in the hearing: "There's a general principle in cybersecurity that obscurity is not security," iFixit CEO Kyle Wiens said in the hearing. "The money that's behind the scenes, that's what's driving the bill."

Tony Isaac shares a report from NPR: When it comes to using AI, it seems some lawyers just can't help themselves. Last year saw a rapid increase in court sanctions against attorneys for filing briefs containing errors generated by artificial intelligence tools. The most prominent case was that of the lawyers for MyPillow CEO Mike Lindell, who were fined $3,000 each for filing briefs containing fictitious, AI-generated citations. But as a cautionary tale, it doesn't seem to have had much effect. The numbers started taking off last year, and the rate is still increasing. He counts a total of more than 1,200 to date, of which about 800 are from U.S. courts. "I am surprised that people are still doing this when it's been in the news," says Carla Wale, associate dean of information & technology and director of the law library at the University of Washington School of Law. "Whatever the generative AI tool gives you -- as in, 'Look at these cases' -- you, under the rules of professional conduct, you have to read those cases. You have to read the cases to make sure what you are citing is accurate."

"I think that lawyers who understand how to effectively and ethically use generative AI replace lawyers who don't," she says. "That's what I think the future is."

An anonymous reader quotes a report from Ars Technica: Perplexity's AI search engine encourages users to go deeper with their prompts by engaging in chat sessions that a lawsuit has alleged are often shared in their entirety with Google and Meta without users' knowledge or consent. "This happened to every user regardless of whether or not they signed up for a Perplexity account," the lawsuit alleged, while stressing that "enormous volumes of sensitive information from both subscribed and non-subscribed users" are shared.

Using developer tools, the lawsuit found that opening prompts are always shared, as are any follow-up questions the search engine asks that a user clicks on. Privacy concerns are seemingly worse for non-subscribed users, the complaint alleged. Their initial prompts are shared with "a URL through which the entire conversation may be accessed by third parties like Meta and Google." Disturbingly, the lawsuit alleged, chats are also shared with personally identifiable information (PII), even when users who want to stay anonymous opt to use Perplexity's "Incognito Mode." That mode, the lawsuit charged, is a "sham."

"'Incognito' mode does nothing to protect users from having their conversations shared with Meta and Google," the complaint said. "Even paid users who turned on the 'Incognito' feature still had their conversations shared with Meta and Google, along with their email addresses and other identifiers that allowed Meta and Google to personally identify them." "Perplexity's failure to inform its users that their personal information has been disclosed to Meta and Google or to take any steps to halt the continued disclosure of users' information is malicious, oppressive, and in reckless disregard" of users' rights, the lawsuit alleged.

"Nothing on Perplexity's website warns users that their conversations with its AI Machine will be shared with Meta and Google," Doe alleged. "Much less does Perplexity warn subscribed users that its 'Incognito Mode' does not function to protect users' private conversations from disclosure to companies like Meta and Google."

An anonymous reader quotes a report from NPR: Responding to public health concerns about microplastics and pharmaceuticals in the nation's drinking water, the Trump administration for the first time has placed them on a draft list of contaminants maintained by the Environmental Protection Agency. The EPA announced the move Thursday, touting it as a "historic step" for the Make America Healthy Again, or MAHA, movement, which often raises concerns about toxic chemicals and plastic pollution in our food and environment. Also Thursday, the Department of Health and Human Services announced a $144 million initiative, called STOMP, to develop tools to measure and monitor microplastics in drinking water and in a later stage, to remove them.

The Safe Drinking Water Act requires the EPA to publish an updated version of its Contaminant Candidate List every five years. This is the sixth iteration of the list. Microplastics and pharmaceuticals appear in the draft of the upcoming list, alongside per- and polyfluoroalkyl substances, or PFAS, and dozens of other chemicals and microbes. Their inclusion on the list gives local regulators a tool to evaluate risks in their water supply, the EPA says, and it can set the stage for more research and regulatory action -- but doesn't actually guarantee that will happen.

schwit1 shares a report from the Kathmandu Post: In Nepal, helicopter rescue on high altitude is, by any measure, a genuine lifesaving operation. At high altitude, where oxygen thins and weather changes without warning, the ability to airlift a stricken trekker to Kathmandu within hours has saved countless lives. But threaded through that legitimate system, exploiting its urgency, its opacity, and its distance from oversight, is one of the most sophisticated insurance fraud networks in the world. Nepal's fake rescue scam is not new. The Kathmandu Post first exposed it in 2018. Months later, the government convened a fact-finding committee, produced a 700-page report, and announced reforms. In February 2019, The Kathmandu Post published a long investigative report. Last year, Nepal Police's Central Investigation Bureau reopened the file, and what they found is that the fraud did not stop -- instead it was growing.

The mechanics of the fake rescue racket are straightforward: stage a medical emergency, call in a helicopter, check a tourist into a hospital, and file an insurance claim that bears little resemblance to what actually happened. But the sophistication lies in how each link in the chain is compensated, and how difficult it is for a foreign insurer -- operating from Australia and the United Kingdom -- to verify events that occurred at 3,000 metres in a remote Himalayan valley. The CIB investigation identifies two primary methods for manufacturing an "emergency." The first involves tourists who simply don't want to walk back. After completing a demanding trek -- an Everest Base Camp trek, for instance, can take up to two weeks on foot -- guides offer an alternative: pretend to be sick, and a helicopter will come. The guide handles the rest. The second method is more troubling. At altitudes above 3,000 meters, mild symptoms of altitude sickness are common. Blood oxygen saturation can drop, hands and feet tingle, headaches develop. In most cases, rest, hydration or a gradual descent is all that is needed. But guides and hotel staff, according to the CIB investigation, have been trained to terrify trekkers at precisely this moment. They tell them they are at risk of dying, that only immediate evacuation will save them. In some cases, investigators found that Diamox (Acetazolamide) tablets, used to prevent altitude sickness, were administered alongside excessive water intake to induce the very symptoms that would justify a rescue call.

In at least one case cited in the investigation, baking powder was mixed into food to make tourists physically unwell. Once a "rescue" is called, the financial choreography begins. A single helicopter carries multiple passengers. But separate, full-price invoices are submitted to each passenger's insurance company, as if each had their own dedicated flight. A $4,000 charter becomes a $12,000 claim. Fake flight manifests and load sheets are fabricated. At the hospital, medical officers prepare discharge summaries using the digital signatures of senior doctors who were never involved in the case. In some cases, these are done without those doctors' knowledge. Fake admission records are created for tourists who were, in some documented instances, drinking beer in the hospital cafeteria at the time they were supposedly receiving treatment. In one case, an office assistant at Shreedhi Hospital admitted that he had provided his own X-ray report taken about a year ago at a different hospital, to be used as a case for treatment of foreign trekkers to claim insurance. The commission structure that holds the network together was described in detail during police interrogations. Hospitals pay 20 to 25 percent of the insurance payment to trekking companies and a further 20 to 25 percent to helicopter rescue operators in exchange for patient referrals. Trekking guides and their companies benefit from inflated invoices. In some cases, tourists themselves are offered cash incentives to participate.

Longtime Slashdot reader Elektroschock writes: When Ubisoft pulled the plug on The Crew's servers without warning, players were left with a worthless game they'd already paid for. Now, consumer watchdog UFC-Que Choisir is fighting back, demanding gamers' right to play regardless of publisher whims. Supported by the "Stop Killing Games" movement, this landmark case challenges unfair terms before the Creteil Judicial Court (Val-de-Marne near Paris), and aims to protect players from disappearing games. The lawsuit that UFC-Que Choisir filed against Ubisoft on Tuesday alleges that the video game publisher "misled consumers about the permanence of their purchase and imposed abusive contractual clauses stripping players of ownership rights," reports Reuters.

A top EU official is urging Europeans to work from home, drive less, and cut air travel as the bloc braces for a prolonged energy crisis triggered by the Gulf conflict. The European Commission is also pushing member states to accelerate renewables and other energy-security measures as oil and gas disruptions continue. Politico reports: In a speech with echoes of the early days of the coronavirus pandemic, EU energy chief Dan Jorgensen said Europe was facing a "very serious situation" with no clear end in sight. "Even if ... peace is here tomorrow, still we will not go back to normal in the foreseeable future," he said, following an extraordinary meeting of the EU's 27 energy ministers on Tuesday to discuss the crisis. "The more you can do to save oil, especially diesel, especially jet fuel, the better we are off," Jorgensen said, confirming an earlier report by POLITICO that Brussels wanted Europeans to travel less.

He urged member countries to follow the advice of the International Energy Agency, which he said included "work from home where possible, reduce highway speed limits by ten kilometers [an hour], encourage public transport, alternate private car access ... increase car sharing and adopt efficient driving practices." Longer term, he urged EU countries to double down on building more renewables, saying "this must be the time we finally turn the tide and truly become energy independent."

Australia is preparing possible court action against major social media platforms that are failing to enforce the country's social media ban on under-16s. "Three months after the ban came into effect, the eSafety Commissioner said it was probing Meta's Instagram and Facebook, Google's YouTube, Snapchat and TikTok for possible breaches of the law," reports Reuters. From the report: Communications Minister Anika Wells said the government was gathering evidence "so that the eSafety Commissioner can go to the Federal Court and win." "We have spent the summer building that evidence base of all the stories that no doubt you have all heard ... about how kids are getting around that," Wells told reporters in Canberra. The legal threat is a striking change of tone from a government which had hailed tech giants' shows of cooperation when the ban went live in December.

Under the Australian law, platforms must show they are taking reasonable steps to keep out underage users or face fines of up to $34 million per breach, something eSafety would need to pursue in a civil court. The regulator previously said it would only take enforcement action in cases of systemic noncompliance. But in its first comprehensive compliance report since the ban took effect, eSafety said measures taken by the platforms were substandard and it would make a decision about next steps by mid-year. "We are now moving âinto an enforcement stance," said commissioner Julie Inman Grant in a statement.

The regulator reported major compliance gaps, including platforms prompting children who had previously declared ages under 16 to do fresh age checks, allowing repeated attempts at age-assurance tests until a child got a result over 16 and poor pathways for people to report underage accounts. Some platforms did not use age-inference, which estimates age based on someone's online activity, and some only used age-assurance measures like photo-based checks after a user tried to change their age, rather than at sign-up. That made it "likely many Australian children aged under 16 have been able to create accounts on age-restricted social media platforms by simply declaring they are 16 or older", the regulator said. Nearly one-third of parents reported their under-16 child had at least one social media account after the ban took effect, of which two-thirds said the platform had not asked the child's age, it added.

An anonymous reader quotes a report from Reuters: The Trump administration on Monday issued a long-awaited proposed rule to open up retirement plans to alternative assets, paving the way for private equity and cryptocurrencies to be added to 401(k) accounts. The measure, announced by the U.S. Department of Labor, is intended to ease longstanding barriers to incorporating these less liquid and less transparent assets into American retirement plans. It follows an executive order from President Donald Trump last summer and could clear the way for alternative asset management firms to tap a large new source of capital.

Industry groups have argued private market investments can enhance long-term returns and diversification for retirement savers, while skeptics warn higher fees, complexity and limited liquidity could limit those gains and pose risks for retail investors. Some private market funds that are already available to wealthier individual investors have shown signs of strain in recent months. Private credit funds known as business development companies have seen a wave of withdrawals. Treasury Secretary Scott Bessent said the proposed rule was "an initial step" and aimed to be "mindful of the importance of protecting retirement assets."

The guidance lays out how plan trustees, who have a legal fiduciary duty to act in the best interest of members, can incorporate these assets. They would have to "objectively, thoroughly, and analytically consider, and make determinations on factors including performance, fees, liquidity, valuation, performance benchmarks, and complexity," the DOL said. Trustees who abide by them will be granted safe harbor that protects them from lawsuits, it added. The Supreme Court agreed earlier this year to hear one such case filed in 2019 by a former Intel employee claiming trustees made "imprudent" decisions by investing in hedge funds and private equity funds.