An anonymous reader quotes a report from CBS News: New details about how Uber responded to a massive hack attack in 2016 raise questions about the way it handled sensitive customer information. Instead of reporting the hackers to police, the company allegedly paid $100,000 in exchange for a promise to delete 57 million user files the men stole off a third party server, prosecutors said. Within weeks of paying the ransom, Uber employees showed up at Brandon Glover's Winter Park, Florida, home and found Vasile Mereacre at a hotel restaurant in Toronto, Canada, the Justice Department said. The pair admitted their crimes, but Uber didn't turn them over to the cops. Instead, they had the hackers sign non-disclosure agreements, promising to keep quiet. The two hackers pleaded guilty on Wednesday.

But there was a third person involved who was unknown to Uber, U.S. attorney for Northern California Dave Anderson told CBS News correspondent Kris Van Cleave in an exclusive interview. Anderson, who investigated the hack, said there's "no way to know definitively" what actually happened to the stolen data. [...] The hackers also targeted a company owned by LinkedIn in December of 2016, but prosecutors say LinkedIn did not pay and promptly reported the hack to police. Uber eventually did as well -- a year after the hack, when new CEO, Dara Khosrowshahi, publicly disclosed the attack. The two known hackers were eventually arrested and pleaded guilty on Wednesday to conspiracy to commit extortion charges. They face a maximum of five years in prison. The third person involved remains at large.

Microbial health company Seed is launching a campaign to collect 100,000 fecal photos to build what developers say is the world's first poop image database. The campaign dares you to "give a shit" for science by uploading photos of your feces so that scientists can use it to train an AI platform launched out of MIT. Developers say that your photos could potentially help the approximately 1 in 5 people in the U.S. who have chronic gut conditions like irritable bowel syndrome. The Verge reports: Here's how citizen scientists can contribute to the cause. To participate, go to seed.com/poop on your phone (because taking your laptop to the loo is weird, and the page doesn't allow you to submit a photo unless you're using your phone). Click on the big purple button that says "#GIVEaSHIT." You'll be prompted to enter your email address and whether you're on a morning, afternoon, or evening poop schedule. Then, if you've already dropped a deuce, you can take or upload your photo or you can ask for an email reminder to be sent to you according to the time you indicated. After you've submitted your stool for posterity, the image is separated from the metadata (your email address and other potentially identifying information) so that your donation can remain anonymous and HIPAA compliant.

A team of doctors will diligently look through every image received. (Yes, that is a real job for seven gastroenterologists who take notes on what they see in the pictures.) Poop can fall into seven categories identified along the Bristol stool scale, which can tell you and your doctor whether you're constipated, lacking fiber, have a serious case of the runs, or somewhere in between. The doctors' insights into your poop will help train artificial intelligence models to understand the same things the doctors see in the image. Similar training systems are used to teach self-driving cars how to identify a tree or a cat in the road, according to David Hachuel, a co-founder of the startup Auggi, which is building the platform.

An anonymous reader quotes a report from Fast Company: Motorola Solutions (not to be confused with Motorola Mobility, which makes the smartphones you know), the biggest global player in these LMR walkies, is releasing what appears to be the most advanced walkie-talkie ever. Called the APX Next, it's a chunky black brick with a thick antenna and a giant push-to-talk button on its side. Much like an iPhone, it also features a touchscreen on its front -- but don't be distracted by that. Its real innovation was born from 2,000 hours of interviews and testing with more than 50 emergency service agencies, including SWAT teams and detectives. It's a voice-recognition system that can operate in extremely loud environments, with artificial intelligence software that can look up 95 of the most common things a police officer or firefighter would call into dispatch -- like a driver's license, or license plate -- without any human operator on the other end of the line. But its ultimate promise is simply to free up the user's hands as much as possible, ensuring that someone is as safe and capable as possible during an emergency.

APX Next is a walkie-talkie and a cellphone combined. It has both the high-powered radio chip for land communications and a low-powered 4G/LTE chip for cell-tower data. These two chips can work at the same time, which is an engineering challenge, especially because the walkie-radio has 25 times the wattage of the 4G chip. The core buttons, including the large talk button, are all designed as you'd expect, to ensure they can be used without looking, and purely by muscle memory in stressful situations. Four separate microphones capture your voice, with programming designed specifically to cancel out exceptionally loud noises. But it isn't always listening for a wake word like the Echo or Google Home. You need to hit a button to cue the assistant. The company says it's using unnamed third parties to handle the natural language processing in the cloud. "What Motorola did was train the model specifically to handle things like ten-codes and even regionally specific dialects across the U.S," the report says.

"Once a question is sent to the cloud, the AI is able to scour a city or force's database for the same private information a dispatcher would be looking up." What's also neat is that the AI won't automatically read sensitive information out loud. Instead, the radio will beep when it has an answer, and the user can get to a private place, if they wish, before hitting a button to hear the results.

An anonymous reader quotes a report from Ars Technica: Lawmakers in Australia (like their counterparts in the United Kingdom) are looking for an effective way to limit kids' access to online pornography. Australia's Department of Home Affairs has a possible solution: face-recognition technology. "Home Affairs is developing a Face Verification Service which matches a person's photo against images used on one of their evidence of identity documents to help verify their identity," the government agency wrote in a recent regulatory filing. "This could assist in age verification, for example by preventing a minor from using their parent's driver license to circumvent age verification controls."

Australia's government face-matching system has been years in the making. In 2016, the government announced that (in the words of CNET) "the first phase of its new biometric Face Verification Service (FVS) is up and running, giving a number of government departments and the Australian Federal Police the ability to share and match digital photos of faces." Initially, the system was fairly limited. It only included photos of people who had applied to become Australian citizens. And use of the database was supposed to be limited to a handful of government agencies with a compelling need for it. But since then, the government has steadily expanded the system. Photos from other sources were added to the database. And Australia has been trying to develop a more sophisticated Face Identification Service that can identify unknown persons. "The Face Verification Service is not yet fully operational," the government acknowledges. "Whilst it is intended to be made available to private sector organizations in future, this will be subject to the passage of the Identity-matching Services Bill 2019 which is currently before Parliament."

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Threatpost reports: Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects and others. Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database. The Elasticsearch database could be tapped without a password or any other authentication; offering an attacker access to email addresses, account information and which Adobe products that users purchased. The data did not include payment information or passwords. The user data "wasn't particularly sensitive," but it could be used to create convincing phishing emails aimed at Adobe users, according to Comparitech researcher Paul Bischoff, in Friday research shared with Threatpost. "The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams," Bischoff noted. "Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example."

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. ZDNet reports: On Monday, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing.

In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor's web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. The team says that "thousands" of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. Some of the records were logs for U.S. Army generals visiting Russia and Israel, the report says. In total, the AWS-hosted database contained over 179GB of data.

An anonymous reader quotes a report from The Associated Press: The Trump administration is planning to collect DNA samples from asylum-seekers and other migrants detained by immigration officials and will add the information to a massive FBI database used by law enforcement hunting for criminals, a Justice Department official said. The Justice Department on Monday issued amended regulations that would mandate DNA collection for almost all migrants who cross between official entry points and are held even temporarily. The official said the rules would not apply to legal permanent residents or anyone entering the U.S. legally, and children under 14 are exempt, but it's unclear whether asylum-seekers who come through official crossings will be exempt. The new policy, which was first reported in October, would allow the government to collect DNA samples from hundreds of thousands of people booked into federal immigration custody each year for entry into a national criminal database. Immigrant and privacy advocates said at the time that the move "raised privacy concerns for an already vulnerable population that could face profiling or discrimination as a result of their personal data being shared among law enforcement authorities."

Trump administration officials say hope the database will lead to more crimes being solved and act as a deterrent to prevent migrants from trying to enter the United States. The new regulations go into effect Tuesday.

Microsoft today announced a new initiative to combat threats specifically targeted at the firmware level and data stored in memory: Secured-core PCs. From a report: Microsoft partnered with chip and computer makers to apply "security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system." Secured-core PCs will be available from Dell, Dynabook, HP, Lenovo, Panasonic, and Surface. Microsoft hasn't released a full list of Secured-core PCs, but two examples include HP's Elite Dragonfly and Microsoft's Surface Pro X.

Firmware is used to initialize the hardware and other software on the device. The firmware layer runs underneath the OS, where it has more access and privilege than the hypervisor and kernel. Firmware is thus emerging as a top target for attackers since the malicious code can be hard to detect and difficult to remove, persisting even with an OS reinstall or a hard drive replacement. Microsoft points to the National Vulnerability Database, which shows the number of discovered firmware vulnerabilities growing each year. As such, Secured-core PCs are designed for industries like financial services, government, and healthcare. They are also meant for workers who handle highly sensitive IP, customer, or personal data that poses higher-value targets for nationstate attackers.

More than 40 of America's 50 states now use Amazon's technology infrastructure for their elections, according to this Reuters article shared by joeblog. And so do both of America's political parties:

While it does not handle voting on election day, AWS -- along with a broad network of partners -- now runs state and county election websites, stores voter registration rolls and ballot data, facilitates overseas voting by military personnel and helps provide live election-night results, according to company documents and interviews... Amazon pitches itself as a low-cost provider of secure election technology at a time when local officials and political campaigns are under intense pressure to prevent a repeat of 2016 presidential elections, which saw cyber-attacks on voting systems and election infrastructure....

Most security experts Reuters spoke to said that while Amazon's cloud is likely much harder to hack than systems it is replacing, putting data from many jurisdictions on a single system raises the prospect that a single major breach could prove damaging. "It makes Amazon a bigger target" for hackers, "and also increases the challenge of dealing with an insider attack," said Chris Vickery, director of cyber risk research at cybersecurity startup Upguard. A recent hack into Capital One Financial Corp's data stored on Amazon's cloud service was perpetrated by a former Amazon employee. The breach affected more than 100 million customers, underscoring how rogue employees or untrained workers can create security risks even if the underlying systems are secure...

Vickery uncovered at least three instances where voter data on Amazon's cloud servers was exposed to the internet, which have been reported previously. For example, in 2017, he found a Republican contractor's database for nearly every registered American voter hosted on AWS exposed on the internet for 12 days. In 2016, he found Mexico's entire voter database on AWS servers was leaked. Amazon said the breaches were caused by customer errors, adding that while AWS secures the cloud infrastructure, customers are responsible for security of what goes in the cloud.

DoNotPay, a free chatbot that offers AI-powered legal counsel, is launching a new feature that will call you when it's your turn in a customer service phone queue. TechCrunch reports: The app today is launching "Skip Waiting On Hold." Just type in the company you need to talk to, and DoNotPay calls for you using tricks to get a human on the line quickly. Then it calls you back and connects you to the agent so you never have to listen to that annoying hold music. And in case the company tries to jerk you around or screw you over, the DoNotPay app lets you instantly share to social media a legal recording of the call to shame them.

Skip Waiting On Hold comes as part of the $3 per month DoNotPay suite of services designed to save people time and money by battling bureaucracy on their behalf. It can handle DMV paperwork for you, write legal letters to scare businesses out of overcharging you and it provides a credit card that automatically cancels subscriptions when your free trial ends. For Skip Waiting On Hold, DoNotPay built out a database of priority and VIP customer service numbers for tons of companies. For legality, if you opt in to recording the exchanges, the app automatically plays a message informing both parties they'll be recorded. A human voice detection system hears when a real agent picks up the phone, and then rings your phone. It's like having customer service call you.

Current machine learning models aren't yet up to the task of distinguishing false news reports, two new papers by MIT researchers show. From a report: After different researchers showed that computers can convincingly generate made-up news stories without much human oversight, some experts hoped that the same machine-learning-based systems could be trained to detect such stories. But MIT doctoral student Tal Schuster's studies show that, while machines are great at detecting machine-generated text, they can't identify whether stories are true or false. Many automated fact-checking systems are trained using a database of true statements called Fact Extraction and Verification (FEVER). In one study, Schuster and team showed that machine learning-taught fact-checking systems struggled to handle negative statements ("Greg never said his car wasn't blue") even when they would know the positive statement was true ("Greg says his car is blue"). The problem, say the researchers, is that the database is filled with human bias. The people who created FEVER tended to write their false entries as negative statements and their true statements as positive statements -- so the computers learned to rate sentences with negative statements as false. That means the systems were solving a much easier problem than detecting fake news.

An anonymous reader quotes a report from Ars Technica: A thriving online bazaar selling stolen payment card data has been hacked in a heist that leaked the records for more than 26 million cards, KrebsOnSecurity reported on Tuesday. The 26 million figure isn't significant only to the legitimate consumers and businesses who own the stolen cards or the financial institutions that issued them. Fortunately for the card owners, the database is now in the hands of affected financial institutions, who can invalidate and replace the cards.

The hacked market is called BriansClub, a site available at BriansClub[.]at that, for years, has imitated Krebs' site and likeness. The data taken in the hack shows that BriansClub acquired 1.7 million cards in 2015, 2.9 million in 2016, 4.9 million in 2017, 9.2 million in 2018, and 7.6 million in the first eight months of this year. Most of the pilfered data is composed of "dumps," the term card thieves use to describe data that's stored on the magnetic stripe of payment cards. The stolen dumps can be transferred to new cards that crooks use to buy electronics, gift cards, and other large-ticket items from big-box stores. An analysis based on how many of the cards had expiration dates in the future suggests that more than 14 million of the leaked records could still be valid. Based on the pricing tiers listed on BriansClub, the haul represents about $414 million worth of lost sales, security intelligence firm Flashpoint told Krebs. By tracking the cards that were once available for sale and later removed, Flashpoint estimated that BriansClub has sold data for about 9.1 million cards for about $126 million. Federal prosecutors often value each stolen credit card record at $500, a sum that represents the average cost incurred from each compromised holder. Based on that estimate, the 9.1 million cards translates to about $2.27 billion in losses.

"A user got his revenge on the ransomware gang who encrypted his files by hacking their server and releasing the decryption keys for all victims," writes ZDNet.

ccnafr shared their report: One of the gang's victims was Tobias Frömel, a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks' database from their server. "I know it was not legal from me," the researcher wrote in a text file he published online on Pastebin earlier Monday, containing 2,858 decryption keys. "I'm not the bad guy here," Frömel added.

Besides releasing the decryption keys, the German developer also published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [VirusTotal scan], and usage instructions are avaiable on the Bleeping Computer forum.

In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the decrypter's availability, advising users against paying the ransom.

dryriver writes: Picture this: You want to buy 3 small items from some online retailer totalling about 50 bucks. A programming book, a USB thumbdrive and an HDMI cable. But you don't want to give this online retailer your full name, credit card number, email address, home postal address, phone number or other data for this insignificant little 50 Dollar online transaction, nor do you want to bother with 'registering an account' at the online retailer's webpage with password hassles and such. You want to buy quickly and anonymously, just like you can from a bricks and mortar shop with cash. You now instruct your bank -- or another online shopping intermediary you DO trust with your data -- to pay for those 3 items, receive them, and send them on to your home address. The online retailer gets 50 bucks as usual, but does NOT get identifying private data about you. You just shopped online, without having to bend over and ID yourself in X different ways to some online retailer, and your private info didn't go into yet another who-knows-where forever-database that may some day be hacked or compromised. Why is this simple, simple service not really a thing in the real world? Why can you walk into a bricks and mortar shop in most countries, pick out some products, pay in cash and walk out, and when you want to buy the exact same (non-dangerous) items online, you have to tell some profit-oriented retailer all sorts of stuff about yourself? Why is real world store shopping pretty much anonymous -- as it has been for centuries -- and online shopping almost like being ID'd before boarding a flight at an airport?

The New York Times published findings from an analysis of new data released through Boston University's Database of Road Transportation Emissions. The map embedded in the report shows a year's worth of CO2 from passenger and freight traffic on every road in the United States. From the report: The database provides the most detailed estimates available of local on-road CO2 over the past three decades. Even as the United States has reduced carbon dioxide emissions from its electric grid, largely by switching from coal power to less-polluting natural gas, emissions from transportation have remained stubbornly high. The bulk of those emissions, nearly 60 percent, come from the country's 250 million passenger cars, S.U.V.s and pickup trucks, according to the Environmental Protection Agency. Freight trucks contribute an additional 23 percent.

Reducing emissions from driving has been a big challenge, said Conor Gately, who led the project mapping CO2 on America's roads as a postdoctoral researcher at Boston University. Emissions dipped during the recession of the late 2000s, but have been ticking back up since 2013. National fuel economy standards put in place under the Obama administration have helped temper the rise in automotive emissions because the rules require cars and trucks to use less gasoline per mile traveled. But even as vehicles have become more efficient, Americans, buoyed by a strong economy and low gas prices, have been driving more miles and buying more S.U.V.s and pickup trucks, which have lower gas mileage. Freight trucking is also on the rise. Boston University's emissions database, first published in 2015 and updated this week with an additional five years of data, reveals that much of the increase in driving-related CO2 has occurred in and around cities. The report goes on to say that in nearly every metro area, total emissions have increased since 1990. "The New York area, home to 20 million Americans, accounted for the largest share of driving-related CO2," reports The New York Times. "After years of increase, emissions ebbed during the late-2000s recession but rebounded by 2017. In more car-dependent areas, like Dallas-Fort Worth, emissions from driving barely dipped during the recession and have increased rapidly in recent years. But, adjusted for population, these cities flip: Residents in the denser, more transit-friendly New York area contribute far less CO2 from driving on average than their counterparts in Dallas."

As for how the database was created, "Boston University researchers used federal traffic data to calculate the number of miles travelled on local segments of each road in the United States and converted those miles to carbon dioxide emissions by estimating how much fuel is consumed by different types of vehicles using those roads."

An anonymous reader quotes a report from The Wall Street Journal: Some of the Federal Bureau of Investigation's electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program (Warning: source paywalled; alternative source), a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI's pursuit of data about Americans ensnared in a warrantless internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution's Fourth Amendment protections against unreasonable searches.

The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans -- raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers -- in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database -- searching information on himself, other FBI personnel and his relatives, the court revealed. U.S. District Judge James Boasberg said that the Trump administration failed to persuasively argue that the bureau would not be able to properly tackle national security threats if the program was altered to better protect citizen privacy.

The Transaction Processing Performance Council is a many-decades-old nonprofit that defines transaction processing and database benchmarks and shares its performance results with the industry.

Long-time Slashdot reader hackingbear says they've just released some surprising news: The TPC organization reported on October 5 that OceanBase, an open-source relational database from Ant Financial, a business unit of Chinese e-commerce giant Alibaba Group, has topped the TPC-C benchmark, more than doubling the score achieved by Oracle Corp. which had held the world record for the past 9 years.

OceanBase v2.2 Enterprise Edition with Partitioning scored at 60,880,800, while Oracle Database 11g R2 Enterprise Edition w/RAC and Partitioning achieved 30,249,688.

TPC Benchmark C is industrial standard OLTP benchmark, measuring on-line transactions per minute (tpmC).

An anonymous reader writes: Billy Mitchell is the intense videogamer made famous in the 2007 documentary The King of Kong. Last month he threatened to sue both the Guinness Book of World Records and the videogame record-keepers at Twin Galaxies for defamation after they revoked an entire lifetime's worth of videogame high scores. An online discussion had argued that videotapes of three of Mitchell's performances suggested they'd been achieved using a MAME emulator -- but the organization revoked all of Mitchell's high scores (including his uncontested perfect game of Pac-Man in 1999).

Last week Twin Galaxies finally posted their response to Mitchell's lawsuit. "It is not necessary to hire lawyers and threaten Twin Galaxies out of the blue to get it to review and consider relevant new evidence -- all anyone has to do is simply reach out and directly request an opportunity to present the information...

"There will be no retraction or reinstatement. It should be noted that Twin Galaxies is under no obligation to maintain Mr. Mitchell's scores in its database. He has no divine right to be part of the Twin Galaxies community either. Twin Galaxies has unlimited authority to maintain the integrity of its score database." They also write that any lawsuit will be considered a strategic lawsuit against public participation and countered accordingly, followed by a second suit over malicious prosecution. "Please advise Mr. Mitchell to tread lightly, and choose wisely."

Last week a massive new 16,000-word profile of Mitchell pointed out that after his records were revoked, Mitchell had actually webcast himself playing Donkey Kong on Twitch, "obtaining scores equal to those that had been disputed, broadcast live from public venues.... Mitchell had proven he could earn those scores now. But he hadn't outlined a clear defense to prove he'd achieved them at the time of the original submissions."

An anonymous reader quotes a report from Ars Technica: Hackers with likely ties to Egypt's government used Google's official Play Store to distribute spyware in a campaign that targeted journalists, lawyers, and opposition politicians in that country, researchers from Check Point Technologies have found. The app, called IndexY, posed as a means for looking up details about phone numbers. It claimed to tap into a database of more than 160 million Arabic numbers. One of the permissions it required was access to a user's call history and contacts. Despite the sensitivity of that data, those permissions were understandable, given the the app's focus on phone numbers. It had about 5,000 installations before Google removed it from Play in August. Check Point doesn't know when IndexY first became available in Play.

Behind the scenes, IndexY logged whether each call was incoming, outgoing, or missed as well as its date and duration. Publicly accessible files left on indexy[.]org, a domain hardcoded into the app, showed not only that the data was collected but that the developers actively analyzed and inspected that information. Analysis included the number of users per country, call-log details, and lists of calls made from one country to another. IndexY was one piece of a broad and far-ranging surveillance campaign that was first documented in March by Amnesty International. It targeted people who played adversarial roles to Egypt's government and prompted warnings from Google to some of those targeted that "government-backed attackers are trying to steal your password." Check Point found that, at the same time, Google was playing a key supporting role in the campaign. According to Lotem Finkelshtein, Check Point's threat intelligence group manager, one of the ways the attackers evaded Google vetting of the app was that the analysis and inspection of the data happened on the attacker-designated server and not on an infected phone itself. "Google couldn't see the info that was collected," he said.

IndexY was one of at least three pieces of Android malware that Check Point tied to the campaign. "A different app purported to increase the volume of devices, even though it had no such capability," reports Ars Technica. "Called iLoud 200%, it collected location data as soon as it was started. In the event it stopped running, iLoud was able to restart itself. Finkelshtein said that that app was distributed on third-party sites and was installed an unknown number of times." v1.apk was another app that communicated with the domain drivebackup[.]co and appeared to be in an early testing phase.

An anonymous reader quotes a report from The New York Times: The Trump administration is moving to begin collecting DNA samples from hundreds of thousands of people booked into federal immigration custody each year for entry into a national criminal database, an immense expansion of the use of technology to enforce the nation's immigration laws. Senior officials at the Department of Homeland Security said Wednesday that the Justice Department was developing a federal regulation that would give immigration officers the authority to collect DNA in detention facilities that are holding more than 40,000 people.

The move would constitute a major expansion of the use of a database maintained by the F.B.I., which has been limited mainly to genetic data collected from people who have been arrested, charged or convicted in connection with serious crimes. Immigrant and privacy advocates said the move raised privacy concerns for an already vulnerable population that could face profiling or discrimination as a result of their personal data being shared among law enforcement authorities. The new rules would allow the government to collect DNA from children, as well as those who seek asylum at legal ports of entry and have not broken the law. They warned that United States citizens, who are sometimes accidentally booked into immigration custody, could also be forced to hand over their private genetic information. Homeland security officials said the new initiative was permitted under the DNA Fingerprint Act of 2005. "Up until now, immigrant detainees have been exempt from the law, they said, because of an agreement between Eric H. Holder Jr. and Janet Napolitano, who served as attorney general and homeland security secretary, respectively, under President Barack Obama," reports The New York Times.

The new program "would provide a comprehensive DNA profile of individuals who are tested, as opposed to the more narrow test that was used only to determine parentage," the report says. "And unlike the testing under the pilot program, the results would be shared with other law enforcement agencies."