Vanuatu, Fiji, and Samoa have proposed a change to the International Criminal Court (ICC) to recognize ecocide as a crime, allowing for the prosecution of individuals responsible for significant environmental harm. If successful, the change would recognize ecocide as a crime alongside genocide and war crimes. The Guardian reports: Vanuatu, Fiji and Samoa have proposed a formal recognition by the court of the crime of ecocide, defined as "unlawful or wanton acts committed with knowledge that there is a substantial likelihood of severe and either widespread or long-term damage to the environment being caused by those acts." The proposal was tabled before the ICC in New York on Monday afternoon, and will have to be discussed in full at a later date. Holding full discussions on the proposal is a process likely to take some years, and will face fierce opposition, though much of it will be behind the scenes as most countries will not wish to openly speak out against it.

Philippe Sands KC, a prominent international lawyer and professor of law at University College London, acted as a co-chair of the independent expert panel for the legal definition of ecocide, convened by the Stop Ecocide Foundation. He told the Guardian he was "100% certain" that ecocide would eventually be recognized by the court. "The only question is when," he said. "I was skeptical at first, but now I am a true believer. There has already been real change, as some countries have put it in domestic law. I think this is the right idea at the right time." Belgium recently adopted ecocide as a crime, and the EU has changed some of its guidance on international crime to include it as a "qualified" offense. Mexico is also considering such a law. [...]

Getting to the point where the ICC will consider the proposal has taken years. Stop Ecocide International has been campaigning on the issue since 2017, and Vanuatu made the first call for the crime to be recognized by the ICC in 2019. Although it could take as long as a decade from now before anyone is charged with ecocide even if the changes were implemented by the ICC, the proposal tabled on Monday was vital to gaining broader acceptance of the concept, according to [Jojo Mehta, a co-founder of the Stop Ecocide International campaigning group, which is an observer to the ICC]. "There has been growing progress, as people are increasingly aware of the threat of climate [breakdown]," she said. "People are saying that this much harm to the planet is just not acceptable."

An anonymous reader quotes a report from Reuters: The U.S. Commerce Department said Monday it is proposing to require detailed reporting requirements for advanced artificial intelligence developers and cloud computing providers to ensure the technologies are safe and can withstand cyberattacks. The proposal from the department's Bureau of Industry and Security would set mandatory reporting to the federal government about development activities of "frontier" AI models and computing clusters. It would also require reporting on cybersecurity measures as well as outcomes from so-called red-teaming efforts like testing for dangerous capabilities including the ability to assist in cyberattacks or lowering barriers to entry for non-experts to develop chemical, biological, radiological, or nuclear weapons. External red-teaming has been used for years in cybersecurity to identify new risks, with the term referring to U.S. Cold War simulations where the enemy was termed the "red team." [...] Commerce said the information collected under the proposal "will be vital for ensuring these technologies meet stringent standards for safety and reliability, can withstand cyberattacks, and have limited risk of misuse by foreign adversaries or non-state actors." Further reading: Biden Signs Executive Order To Oversee and Invest in AI

An anonymous reader quotes a report from the New York Times: For years, Google has faced complaints about how it dominates the online advertising market. Many of the concerns stem from the internet giant's suite of software known as Google Ad Manager, which websites around the world use to sell ads on their sites. The technology conducts split-second auctions to place ads each time a user loads a page. The dominance of that technology has landed Google in federal court. On Monday, Judge Leonie Brinkema of the U.S. District Court for the Eastern District of Virginia will preside over the start of a trial in which the Department of Justice accuses the company of abusing control of its ad technology and violating antitrust law (Warning: source may be paywalled; alternative source).

It would be Google's second antitrust trial in less than a year. In August, a federal judge ruled in a separate case that Google had illegally maintained a monopoly in online search, a major victory for the Justice Department. The new trial is the latest salvo by federal antitrust regulators against Big Tech, testing a century-old competition law against companies that have reshaped the way people shop, communicate and consume information. Federal regulators have also filed antitrust lawsuits against Apple,Amazon and Meta, which owns Facebook, Instagram and WhatsApp, saying those companies have also abused their power. Google's vice president for regulatory affairs, Lee-Anne Mulholland, said in a blog post on Sunday that the Justice Department was "picking winners and losers in a highly competitive industry."

"With the cost of ads going down and the number of ads sold going up, the market is working," she said. "The DOJ's case risks inefficiencies and higher prices -- the last thing that America's economy or our small businesses need right now."

Steven Levy, writing for Wired: My first story for WIRED -- yep, 31 years ago -- looked at a group of "crypto rebels" who were trying to pry strong encryption technology from the government-classified world and send it into the mainstream. Naturally I attempted to speak to someone at the National Security Agency for comment and ideally get a window into its thinking. Unsurprisingly, that was a no-go, because the NSA was famous for its reticence. Eventually we agreed that I could fax (!) a list of questions. In return I got an unsigned response in unhelpful bureaucratese that didn't address my queries. Even that represented a loosening of what once was total blackout on anything having to do with this ultra-secretive intelligence agency. For decades after its post-World War II founding, the government revealed nothing, not even the name, of this agency and its activities. Those in the know referred to it as "No Such Agency."

In recent years, the widespread adoption of encryption technology and the vital need for cybersecurity has led to more openness. Its directors began to speak in public; in 2012, NSA director Keith Alexander actually keynoted Defcon. I'd spent the entire 1990s lobbying to visit the agency for my book Crypto; in 2013, I finally crossed the threshold of its iconic Fort Meade Headquarters for an on-the-record conversation with officials, including Alexander. NSA now has social media accounts on Twitter, Instagram, Facebook. And there is a form on the agency website for podcasters to request guest appearances by an actual NSA-ite.

So it shouldn't be a total shock that NSA is now doing its own podcast. You don't need to be an intelligence agency to know that pods are a unique way to tell stories and hold people's attention. The first two episodes of the seven-part season dropped this week. It's called No Such Podcast, earning some self-irony points from the get-go. In keeping with the openness vibe, the NSA granted me an interview with an official in charge of the project -- one of the de facto podcast producers, a title that apparently is still not an official NSA job posting. Since NSA still gotta NSA, I can't use this person's name. But my source did point out that in the podcast itself, both the hosts and the guests -- who are past and present agency officials -- speak under their actual identities.

U.S. Justice Department officials "are turning to the 3D-printing industry to help stop the proliferation of tiny pieces of plastic transforming weapons into illegal homemade machine guns," reports the Associated Press: "Law enforcement cannot do this alone," [U.S. Deputy Attorney General Lisa Monaco said Friday] during a gathering in Washington of federal law enforcement officials, members of the 3D-printing industry and academia. "We need to engage software developers, technology experts and leaders in the 3-D-printing industry to identify solutions in this fight...."

Guns with conversion devices have been used in several mass shootings, including one that left four dead at a sweet sixteen party in Alabama last year... Monaco on Friday also announced several other efforts designed to crack down on the devices, including a national training initiative for law enforcement and prosecutors.

The deputy attorney general is also launching a committee designed to help spot trends and gather intelligence.

Security engineer Bryan Hance co-founded the nonprofit Bike Index, back in 2013, reports the Los Angeles Times, "where cyclists can register their bikes and contact information, making it easier to reunite lost or stolen bikes with their owners." It now holds descriptions and serial numbers of about 1.3 million bikes worldwide.

"But in spring 2020, Hance was tipped to something new: Scores of high-end bikes that matched the descriptions of bikes reported stolen from locations across the Bay Area were turning up for sale on Facebook Marketplace and Instagram pages attached to someone in Mexico, thousands of miles away..." The Facebook page he first spotted disappeared, replaced by pages that were blocked to U.S. computers; Hance managed to get in anyway, thanks to creative use of a VPN. He started reaching out to the owners whose stolen bikes he suspected he was seeing for sale. "Can you tell me a little bit about how your bike was stolen," he would ask. Often, the methods were sophisticated and selective. Thieves would break into a bicycle room at an apartment complex with a specialized saw and leave minutes later with only the fanciest mountain bikes...

Over time, he spoke to more than a dozen [police] officers in jurisdictions across the Bay Area, including Alameda, Santa Clara, Santa Cruz, Marin, Napa and Sonoma counties... [H]ere was Hance, telling officers that he believed he had located a stolen bike, in Mexico. "That's gone," the officer would inform him. Or, one time, according to Hance: "We're not Interpol." Hance also tried to get Meta to do something. After all, he had identified what could be hundreds of stolen bikes being sold on its platforms, valued, he estimated, at well over $2 million. He said he got nowhere...

[Hance] believed he'd figured out the identity of the seller in Jalisco, and was monitoring that person's personal social media accounts. In early 2021, he had spotted something that might break open the case: the name of a person who was sending the Jalisco seller photos of bikes that matched descriptions of those reported stolen by Bay Area cyclists. Hance theorized that person could be a fence who was collecting stolen bikes on this side of the border and sending photos to Jalisco so they could be posted for sale. Hance hunted through the Jalisco seller's Facebook friends until he found the name there: Victor Romero, of San Jose. More sleuthing revealed that a man by the name of Victor Romero ran an auto shop in San Jose, and, judging by his own Facebook photos, was an avid mountain biker. There was something else: Romero's auto shop in San Jose had distinctive orange shelves. One photo of a bike listed for sale on the Jalisco seller's site had similar orange shelves in the backdrop.

Hance contacted a San Francisco police detective who had seemed interested in what he was doing. Check out this guy's auto shop, he advised. San Francisco police raided Romero in the spring of 2021. They found more than $200,000 in cash, according to a federal indictment, along with screenshots from his phone they said showed Romero's proceeds from trafficking in stolen bikes. They also found a Kona Process 153 mountain bike valued at about $4,700 that had been reported stolen from an apartment garage in San Francisco, according to the indictment. It had been disassembled and packaged for shipment to Jalisco.

In January, a federal grand jury indicted Victoriano Romero on felony conspiracy charges for his alleged role in a scheme to purchase high-end stolen bicycles from thieves across the Bay Area and transport them to Mexico for resale.
But bikes continue to be stolen, and "The guy is still operating," Hance told the Los Angeles Times.

"We could do the whole thing again."

A schoolteacher using an interactive whiteboard is surprised by an alert. Their school is in "hard lockdown." They knew — instantly — something was about to happen, and "got everybody into a corner," they later told CNN. Classroom doors at the school are always locked, so they then "turned off the lights. And just kind of held everyone nice and tight, and just said, 'Wait for everything to happen, everything to pass.'"

The school was Apalachee High School in Winder, Georgia, where on Wednesday 11 students were shot and two killed. Two schoolteachers were also killed. But according to CNN, social studies teacher Stephen Kreyenbuhl "said the school's new alert system bought him critical time to prepare and protect his students before a shooter opened fire just down the hall..." The CrisisAlert system, designed by Centegix, includes a device the size of an ID badge. It's equipped with a button that, when pressed rapidly, can quietly notify administrators and local law enforcement to the exact location of an active emergency. The company works with school districts and law enforcement agencies to integrate the system into their current safety procedures and automate as much as possible. Barrow County Sheriff Jud Smith told CNN Apalachee High School had the system for less than a week and had tested it for the first time only the day before the shooting... Brent Cobb, the company's CEO, told CNN in an interview earlier this year that their CrisisAlert technology was designed following the 2018 Parkland high school shooting in Florida to give teachers and administrators a fast and discreet way to call for help.... "[Y]ou need everyone to know immediately" that a crisis is taking place.

Once a lockdown is activated, the CrisisAlert system is designed to trigger a series of responses: Pre-recorded warnings sound over the intercom system to alert the entire campus to the lockdown, while on-site safety administrators, like school resource officers [a law-enforcement officer with arrest powers, usually armed], are notified of the location of the incident. Cobb told CNN in some school districts the system is also integrated with local law enforcement agencies and can automatically call 911 and send messages to officers of the exact location of the incident. This is what happened in Barrow County. The goal, he said, is to help decrease police response times, an issue that has come under scrutiny in recent years following the shooting at Robb Elementary School in Uvalde, Texas, where it took officers 77 minutes to adequately respond to a shooter.

In an exclusive interview with CNN Thursday, Smith scrolled through the series of alerts and the detailed map his officers received to guide them to where the shooting was happening... [Social studies teacher] Kreyenbuhl said he is grateful the district implemented a system that enabled him to protect his students. "I actually saw the lockdown initiate before I even heard the gunshots, so I had time to prepare," he said.... "It's insane the technology we have access to."

The Wall Street Journal writes that Telegram "has become the premier internet platform to buy everything from hacked data and weapons to illicit drugs and child sexual abuse material, according to current and former law-enforcement officials and cybercrime researchers..."

And it's also being used by identity thieves: There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto... There are thousands of channels and groups on Telegram that offer stolen identities that can be used to open bank and investment accounts. Some claim to offer already created bank accounts created with stolen details. A channel called Bank Store Online listed accounts at over 60 banks and cryptocurrency exchanges for sale, ranging from $80 for a personal account to $1,800 for a business one. Payments were charged in crypto.

In Russia, where Durov launched Telegram in 2013, it is also the go-to platform where middlemen arrange deals that get around U.S. sanctions, such as smuggling in weapons parts, the Journal previously reported. Several groups advertise the sale of drones and Starlinks — small antennas to access the satellite internet network run by Elon Musk's SpaceX — to Russian combat units in Ukraine. In February, Musk tweeted that no Starlinks had been directly or indirectly sold to Russia, to the best of the company's knowledge. "It's ground zero for every illicit activity you can think of," said Evan Kohlmann, founder of Cloudburst Technologies, which monitors cybercrime on Telegram and elsewhere, and a frequent adviser to U.S. agencies.

Wired interviews America's foreign policy chief, Secretary of State Antony Blinken, about U.S. digital polices, starting with a new "cybersecurity bureau" created in 2022 (which Wired previously reported includes "a crash course in cybersecurity, telecommunications, privacy, surveillance, and other digital issues.") Look, what I've seen since coming back to the State Department three and a half years ago is that everything happening in the technological world and in cyberspace is increasingly central to our foreign policy. There's almost a perfect storm that's come together over the last few years, several major developments that have really brought this to the forefront of what we're doing and what we need to do. First, we have a new generation of foundational technologies that are literally changing the world all at the same time — whether it's AI, quantum, microelectronics, biotech, telecommunications. They're having a profound impact, and increasingly they're converging and feeding off of each other.

Second, we're seeing that the line between the digital and physical worlds is evaporating, erasing. We have cars, ports, hospitals that are, in effect, huge data centers. They're big vulnerabilities. At the same time, we have increasingly rare materials that are critical to technology and fragile supply chains. In each of these areas, the State Department is taking action. We have to look at everything in terms of "stacks" — the hardware, the software, the talent, and the norms, the rules, the standards by which this technology is used.

Besides setting up an entire new Bureau of Cyberspace and Digital Policy — and the bureaus are really the building blocks in our department — we've now trained more than 200 cybersecurity and digital officers, people who are genuinely expert. Every one of our embassies around the world will have at least one person who is truly fluent in tech and digital policy. My goal is to make sure that across the entire department we have basic literacy — ideally fluency — and even, eventually, mastery. All of this to make sure that, as I said, this department is fit for purpose across the entire information and digital space.
Wired notes it was Blinken's Department that discovered China's 2023 breach of Microsoft systems. And on the emerging issue of AI, Blinken cites "incredible work done by the White House to develop basic principles with the foundational companies." The voluntary commitments that they made, the State Department has worked to internationalize those commitments. We have a G7 code of conduct — the leading democratic economies in the world — all agreeing to basic principles with a focus on safety. We managed to get the very first resolution ever on artificial intelligence through the United Nations General Assembly — 192 countries also signing up to basic principles on safety and a focus on using AI to advance sustainable development goals on things like health, education, climate. We also have more than 50 countries that have signed on to basic principles on the responsible military use of AI. The goal here is not to have a world that is bifurcated in any way. It's to try to bring everyone together.

Digital rights activists want device manufacturers to disclose a "guaranteed minimum support time" for devices — and federal regulations ensuring a product's core functionality will work even after its software updates stop.

Influential groups including Consumer Reports, EFF, the Software Freedom Conservancy, iFixit, and U.S. Pirg have now signed a letter to the head of America's Consumer Protection bureau (at the Federal Trade Commision), reports The Register: In an eight-page letter to the Commission (FTC), the activists mentioned the Google/Levis collaboration on a denim jacket that contained sensors enabling it to control an Android device through a special app. When the app was discontinued in 2023, the jacket lost that functionality. The letter also mentions the "Car Thing," an automotive infotainment device created by Spotify, which bricked the device fewer than two years after launch and didn't offer a refund...

Environmental groups and computer repair shops also signed the letter... "Consumers need a clear standard for what to expect when purchasing a connected device," stated Justin Brookman, director of technology policy at Consumer Reports and a former policy director of the FTC's Office of Technology, Research, and Investigation. "Too often, consumers are left with devices that stop functioning because companies decide to end support without little to no warning. This leaves people stranded with devices they once relied on, unable to access features or updates...."

Brookman told The Register that he believes this is the first such policy request to the FTC that asks the agency to help consumers with this dilemma. "I'm not aware of a previous effort from public interest groups to get the FTC to take action on this issue — it's still a relatively new issue with no clear established norms," he wrote in an email. "But it has certainly become an issue" that comes up more and more with device makers as they change their rules about product updates and usage.
"Both switching features to a subscription and 'bricking' a connected device purchased by a consumer in many cases are unfair and deceptive practices," the groups write, arguing that the practices "infringe on a consumer's right to own the products they buy." They're requesting clear "guidance" for manufacturers from the U.S. government. The FTC has a number of tools at its disposal to help establish standards for IoT device support. While a formal rulemaking is one possibility, the FTC also has the ability to issue more informal guidance, such as its Endorsement Guides12 and Dot Com Disclosures.13 We believe the agency should set norms...
The groups are also urging the FTC to:

• Encourage tools and methods that enable reuse if software support ends.

• Conduct an educational program to encourage manufacturers to build longevity into the design of their products.

• Protect "adversarial interoperability"... when a competitor or third-party creates a reuse or modification tool [that] adds to or converts the old device.

Thanks to long-time Slashdot reader Z00L00K for sharing the article.

The New York Times analyzed over 3.2 million Telegram messages from 16,220 channels. Their conclusion? Telegram "offers features that enable criminals, terrorists and grifters to organize at scale and to sidestep scrutiny from the authorities" — and that Telegram "has looked the other way as illegal and extremist activities have flourished openly on the app."

Or, more succinctly: "Telegram has become a global sewer of criminal activity, disinformation, child sexual abuse material, terrorism and racist incitement, according to a four-month investigation." Look deeper, and a dark underbelly emerges. Uncut lumps of cocaine and shards of crystal meth are for sale on the app. Handguns and stolen checks are widely available. White nationalists use the platform to coordinate fight clubs and plan rallies. Hamas broadcast its Oct. 7 attack on Israel on the site... The Times investigation found 1,500 channels operated by white supremacists who coordinate activities among almost 1 million people around the world. At least two dozen channels sold weapons. In at least 22 channels with more than 70,000 followers, MDMA, cocaine, heroin and other drugs were advertised for delivery to more than 20 countries.

Hamas, the Islamic State and other militant groups have thrived on Telegram, often amassing large audiences across dozens of channels. The Times analyzed more than 40 channels associated with Hamas, which showed that average viewership surged up to 10 times after the Oct. 7 attacks, garnering more than 400 million views in October. Telegram is "the most popular place for ill-intentioned, violent actors to congregate," said Rebecca Weiner, the deputy commissioner for intelligence and counterterrorism at the New York Police Department. "If you're a bad guy, that's where you will land...." [Telegram] steadfastly ignores most requests for assistance from law enforcement agencies. An email inbox used for inquiries from government agencies is rarely checked, former employees said...
"It is easy to search and find channels selling guns, illicit narcotics, prescription drugs and fraudulent ATM cards, called clone cards..." according to the article. The Times "found at least 50 channels openly selling contraband, including guns, drugs and fraudulent debit cards." In December 2022, Hayden Espinosa began serving a 33-month sentence in federal prison in Louisiana for buying and selling illegal firearms and weapon parts he made with 3D printers. That did not stop his business. Using cellphones that had been smuggled into prison, Espinosa continued his illicit trade on a Telegram channel... Espinosa's gun market on Telegram might never have been uncovered except that one of its members was Payton Gendron, who massacred 10 people at a supermarket in Buffalo, New York, in 2022. Investigators scouring his life online for motives for the shooting discovered the channel, which also featured racist and extremist views he had shared.
"Operating like a stateless organization, Telegram has long behaved as if it were above the law," the article concludes — though it adds that "In many democratic countries, patience with the app is wearing thin.

"The European Union is exploring new oversight of Telegram under the Digital Services Act, a law that forces large online platforms to police their services more aggressively, two people familiar with the plans said."

Slashdot reader echo123 shared a new article from Wired titled "Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong." ("On its 10th anniversary, Signal's president wants to remind you that the world's most secure communications platform is a nonprofit. It's free. It doesn't track you or serve you ads. It pays its engineers very well. And it's a go-to app for hundreds of millions of people.") Ten years ago, WIRED published a news story about how two little-known, slightly ramshackle encryption apps called RedPhone and TextSecure were merging to form something called Signal. Since that July in 2014, Signal has transformed from a cypherpunk curiosity — created by an anarchist coder, run by a scrappy team working in a single room in San Francisco, spread word-of-mouth by hackers competing for paranoia points — into a full-blown, mainstream, encrypted communications phenomenon... Billions more use Signal's encryption protocols integrated into platforms like WhatsApp...

But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.

Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...

Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."
Key quotes from the interview:

• "Given that governments in the U.S. and elsewhere have not always been uncritical of encryption, a future where we have jurisdictional flexibility is something we're looking at."

• "It's not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who's the gold standard for privacy? It's Signal."

• "We also see growth in response to things like what we call a Big Tech Fuckup, like when WhatsApp changed its terms of service. We saw a boost in desktop after Zoom announced that they were going to scan everyone's calls for AI. And we anticipate more of those."

• "AI is a product of the mass surveillance business model in its current form. It is not a separate technological phenomenon."

• "...alternative models have not received the capital they need, the support they need. And they've been swimming upstream against a business model that opposes their success. It's not for lack of ideas or possibilities. It's that we actually have to start taking seriously the shifts that are going to be required to do this thing — to build tech that rejects surveillance and centralized control — whose necessity is now obvious to everyone."

SpyAgent is a new Android malware that uses optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from screenshots stored on mobile devices, allowing attackers to hijack wallets and steal funds. The malware primarily targets South Korea but poses a growing threat as it expands to other regions and possibly iOS. BleepingComputer reports: A malware operation discovered by McAfee was traced back to at least 280 APKs distributed outside of Google Play using SMS or malicious social media posts. This malware can use OCR to recover cryptocurrency recovery phrases from images stored on an Android device, making it a significant threat. [...] Once it infects a new device, SpyAgent begins sending the following sensitive information to its command and control (C2) server:

- Victim's contact list, likely for distributing the malware via SMS originating from trusted contacts.
- Incoming SMS messages, including those containing one-time passwords (OTPs).
- Images stored on the device to use for OCR scanning.
- Generic device information, likely for optimizing the attacks.

SpyAgent can also receive commands from the C2 to change the sound settings or send SMS messages, likely used to send phishing texts to distribute the malware. McAfee found that the operators of the SpyAgent campaign did not follow proper security practices in configuring their servers, allowing the researchers to gain access to them. Admin panel pages, as well as files and data stolen from victims, were easily accessible, allowing McAfee to confirm that the malware had claimed multiple victims. The stolen images are processed and OCR-scanned on the server side and then organized on the admin panel accordingly to allow easy management and immediate utilization in wallet hijack attacks.

For the first time, a U.S. court has ordered the exposure of identities behind anime leaker accounts on X following complaints from producers of Jujutsu Kaisen and Demon Slayer. The order was revealed by Japanese anti-piracy organization CODA (Content Overseas Distribution Association). CBR reports: The order to disclose their identities was issued on Aug. 20 and served on Aug. 30, meaning that these Jujutsu Kaisen and Demon Slayer leakers will be forced to out themselves, lest they face further legal troubles. Several CODA member companies, which include Kodansha (Attack on Titan), Toei Animation (One Piece) and more collected evidence on these accounts; CODA's report states that it has also received other inquiries about other anime and is preparing for further action. "We will continue to work with the rights holders of the victims to take strict action based on the information of the account owners that comes to light, and will demand severe punishment for these leak accounts," it concludes.

An anonymous reader shares a report: Telegram has quietly updated its policy to allow users to report private chats to its moderators following the arrest of founder Pavel Durov in France over "crimes committed by third parties" on the platform. [...] The Dubai-headquartered company has additionally edited its FAQ page, removing two sentences that previously emphasized its privacy stance on private chats. The earlier version had stated: "All Telegram chats and group chats are private amongst their participants. We do not process any requests related to them."

The United States, United Kingdom and European Union have signed the first "legally binding" international AI treaty on Thursday, the Council of Europe human rights organization said. Called the AI Convention, the treaty promotes responsible innovation and addresses the risks AI may pose. Reuters reports: The AI Convention mainly focuses on the protection of human rights of people affected by AI systems and is separate from the EU AI Act, which entered into force last month. The EU's AI Act entails comprehensive regulations on the development, deployment, and use of AI systems within the EU internal market. The Council of Europe, founded in 1949, is an international organization distinct from the EU with a mandate to safeguard human rights; 46 countries are members, including all the 27 EU member states. An ad hoc committee in 2019 started examining the feasibility of an AI framework convention and a Committee on Artificial Intelligence was formed in 2022 which drafted and negotiated the text. The signatories can choose to adopt or maintain legislative, administrative or other measures to give effect to the provisions.

Francesca Fanucci, a legal expert at ECNL (European Center for Not-for-Profit Law Stichting) who contributed to the treaty's drafting process alongside other civil society groups, told Reuters the agreement had been "watered down" into a broad set of principles. "The formulation of principles and obligations in this convention is so overbroad and fraught with caveats that it raises serious questions about their legal certainty and effective enforceability," she said. Fanucci highlighted exemptions on AI systems used for national security purposes, and limited scrutiny of private companies versus the public sector, as flaws. "This double standard is disappointing," she added.

AT&T has filed a lawsuit against Broadcom, alleging that Broadcom is refusing to honor an extended support agreement for VMware software unless AT&T purchases additional subscriptions it doesn't need. The company warns the consequences could risk massive outages for AT&T's customer support operations and critical federal services, including the U.S. President's office. The Register reports: A complaint [PDF] filed last week in the Supreme Court of New York State explains that AT&T holds perpetual licenses for VMware software and paid for support services under a contract that ends on September 8. The complaint also alleges that AT&T has an option to extend that support deal for two years -- provided it activates the option before the end of the current deal. AT&T's filing claims it exercised that option, but that Broadcom "is refusing to honor" the contract. Broadcom has apparently told AT&T it will continue to provide support if the comms giant "agrees to purchase scores of subscription services and software." AT&T counters that it "does not want or need" those subscriptions, because they:

- Would impose significant additional contractual and technological obligations on AT
- Would require AT&T to invest potentially millions to develop its network to accommodate the new software;
- May violate certain rights of first refusal that AT&T has granted to third parties;
- Would cost AT&T tens of millions more than the price of the support services alone.

[...] The complaint also suggests Broadcom's refusal to extend support creates enormous risk for US national security -- some of the ~8,600 servers that host AT&T's ~75,000 VMs "are dedicated to various national security and public safety agencies within the federal government as well as the Office of the President." Other VMs are relied upon by emergency responders, and still more "deliver services to millions of AT&T customers worldwide" according to the suit. Without support from Broadcom, AT&T claims it fears "widespread network outages that could cripple the operations of millions of AT&T customers worldwide" because it may not be able to fix VMware's software.

New Mexico Attorney General Raul Torrez has filed a lawsuit against Snap, accusing Snapchat of fostering and promoting illicit sexual material involving children, facilitating sextortion, and enabling trafficking of children, drugs, and guns. CNBC reports: The suit alleges that Snap "repeatedly made statements to the public regarding the safety and design of its platforms that it knew were untrue," or that were contradicted by the company's own internal findings. "Snap was specifically aware, but failed to warn children and parents, of 'rampant' and 'massive' sextortion on its platform -- a problem so grave that it drives children facing merciless and relentless blackmail demands or disclosure of intimate images to their families and friends to suicide," the suit says.

New Mexico's Department of Justice, which Torrez leads, in recent months conducted an investigation that found that there was a "vast network of dark web sites dedicated to sharing stolen, non-consensual sexual images from Snap" and that there were more than 10,000 records related to SNAP and child sexual abuse material "in the last year alone," the department said. The suit alleges violations of New Mexico's unfair trade practices law.

An anonymous reader shares a report: Passport numbers for a group of Disney cruise line workers. Disney+ streaming revenue. Sales of Genie+ theme park passes. The trove of data from Disney that was leaked online by hackers earlier this summer includes a range of financial and strategy information that sheds light on the entertainment giant's operations, according to files viewed by The Wall Street Journal. It also includes personally identifiable information of some staff and customers.

The leaked files include granular details about revenue generated by such products as Disney+ and ESPN+; park pricing offers the company has modeled; and what appear to be login credentials for some of Disney's cloud infrastructure. (The Journal didn't attempt to access any Disney systems.) "We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor's illegal activity," a Disney spokesman said. Disney told investors in an August regulatory filing that it is investigating the unauthorized release of "over a terabyte of data" from one of its communications systems. It said the incident hadn't had a material impact on its operations or financial performance and doesn't expect that it will.

Data that a hacking entity calling itself Nullbulge released online spans more than 44 million messages from Disney's Slack workplace communications tool, upward of 18,800 spreadsheets and at least 13,000 PDFs, the Journal found. The scope of the material taken appears to be limited to public and private channels within Disney's Slack that one employee had access to. No private messages between executives appear to be included. Slack is only one online forum in which Disney employees communicate at work.

Daniel Mthimkhulu, former chief "engineer" at South Africa's Passenger Rail Agency (Prasa), was sentenced to 15 years in prison for claiming false engineering degrees and a doctorate. His fraudulent credentials allowed him to rise rapidly within Prasa, contributing to significant financial losses and corruption within the agency. The BBC reports: Once hailed for his successful career, Daniel Mthimkhulu was head of engineering at the Passenger Rail Agency of South Africa (Prasa) for five years -- earning an annual salary of about [$156,000]. On his CV, the 49-year-old claimed to have had several mechanical engineering qualifications, including a degree from South Africa's respected Witwatersrand University as well as a doctorate from a German university. However, the court in Johannesburg heard that he had only completed his high-school education.

Mthimkhulu was arrested in July 2015 shortly after his web of lies began to unravel. He had started working at Prasa 15 years earlier, shooting up the ranks to become chief engineer, thanks to his fake qualifications. The court also heard how he had forged a job offer letter from a German company, which encouraged Prasa to increase his salary so the agency would not lose him. He was also at the forefront of a 600m rand deal to buy dozens of new trains from Spain, but they could not be used in South Africa as they were too high. [...] In an interview from 2019 with local broadcaster eNCA, Mthimkhulu admitted that he did not have a PhD. "I failed to correct the perception that I have it. I just became comfortable with the title. I did not foresee any damages as a result of this," he said.