The notorious hacker IntelBroker claims to have stolen data from HPE systems, including source code, private repositories, digital certificates, and access to certain services. SecurityWeek reports: The compromised data allegedly includes source code for products such as Zerto and iLO, private GitHub repositories, digital certificates, Docker builds, and even some personal information that the hacker described as "old user PII for deliveries." IntelBroker is also offering access to some services used by HPE, including APIs, WePay, GitHub and GitLab. Contacted by SecurityWeek, HPE said it's aware of the breach claims and is conducting an investigation.

"HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims," said HPE spokesperson Adam R. Bauer. "There is no operational impact to our business at this time, nor evidence that customer information is involved," Bauer added.

The CIA has developed a chatbot to talk to virtual versions of foreign presidents and prime ministers. "Understanding leaders around the world is one of the CIA's most important jobs. Teams of analysts comb through intelligence collected by spies and publicly available information to create profiles of leaders that can predict behaviors," reports the New York Times. "A chatbot powered by artificial intelligence now helps do that work." From the report: The chatbot is part of the spy agency's drive to improve the tools available to CIA analysts and its officers in the field, and to better understand adversaries' technical advances. Core to the effort is to make it easier for companies to work with the most secretive agency. William Burns, CIA director for the past four years, prioritized improving the agency's technology and understanding of how it is used. Incoming Trump administration officials say they plan to build on those initiatives, not tear them down. [...]

The CIA has long used digital tools, spy gadgets and even AI. But with the development of new forms of AI, including the large language models that power chatbots, the agency has stepped up its investments. Making better use of AI, Burns said, is crucial to US competition with China. And better AI models have helped the agency's analysts "digest the avalanche of open-source information out there," he said. The new tools have also helped analysts process clandestinely acquired information, Burns said. New technologies developed by the agency are helping spies navigate cities in authoritarian countries where governments use AI-powered cameras to conduct constant surveillance on their population and foreign spies.

An anonymous reader quotes a report from TorrentFreak: Meta is among a long list of companies being sued for allegedly using pirated material to train its AI models. Meta has never denied using copyrighted works but stressed that it would rely on a fair use defense. However, with rightsholders in one case asking for torrent client data and 'seeding lists' for millions of books allegedly shared in public, the case now takes a geeky turn. [...] A few weeks ago, the plaintiffs asked for permission to submit a third amended complaint (PDF). After uncovering Meta's use of BitTorrent to source copyright-infringing training data from pirate shadow library, LibGen, the request was justified, they argued. Specifically, the authors say that Meta willingly used BitTorrent to download pirated books from LibGen, knowing that was legally problematic. As a result, Meta allegedly shared copies of these books with other people, as is common with the use of BitTorrent.

"By downloading through the bit torrent protocol, Meta knew it was facilitating further copyright infringement by acting as a distribution point for other users of pirated books," the amended complaint notes. "Put another way, by opting to use a bit torrent system to download LibGen's voluminous collection of pirated books, Meta 'seeded' pirated books to other users worldwide." Meta believed that the allegations weren't sufficiently new to warrant an update to the complaint. The company argued that it was already a well-known fact that it used books from these third-party sources, including LibGen. However, the authors maintained that the 'torrent' angle is novel and important enough to warrant an update. Last week, United States District Judge Vince Chhabria agreed, allowing the introduction of these new allegations. In addition to greenlighting the amended complaint, the Judge also allowed the authors to conduct further testimony on the "seeding" angle. "[E]vidence about seeding is relevant to the existing claim because it is potentially relevant to the plaintiffs' assertion of willful infringement or to Meta's fair use defense," Judge Chhabria wrote last week.

With the court recognizing the relevance of Meta's torrenting activity, the plaintiffs requested reconsideration of an earlier order, where discovery on BitTorrent-related matters was denied. Through a filing submitted last Wednesday, the plaintiffs hope to compel Meta to produce its BitTorrent logs and settings, including peer lists and seeding data. "The Order denied Plaintiffs' motion to compel production of torrenting data, including Meta's BitTorrent client, application logs, and peer lists. This data will evidence how much content Meta torrented from shadow libraries and how much it seeded to third parties as a host of this stolen IP," they write. While archiving lists of seeders is not a typical feature for a torrent client, the authors are requesting Meta to disclose any relevant data. In addition, they also want the court to reconsider its ruling regarding the crime-fraud exception. That's important, they suggest, as Meta's legal counsel was allegedly involved in matters related to torrenting. "Meta, with the involvement of in-house counsel, decided to obtain copyrighted works without permission from online databases of copyrighted works that 'we know to be pirated, such as LibGen," they write. The authors allege that this involved "seeding" files and that Meta attempted to "conceal its actions" by limiting the amount of data shared with the public. One Meta employee also asked for guidance, as "torrenting from a corporate laptop doesn't feel right."

An anonymous reader quotes a report from 404 Media: A powerful AI tool can predict with high accuracy the location of photos based on features inside the image itself -- such as vegetation, architecture, and the distance between buildings -- in seconds, with the company now marketing the tool to law enforcement officers and government agencies. Called GeoSpy, made by a firm called Graylark Technologies out of Boston, the tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women. The company's founder has aggressively pushed back against such requests, and GeoSpy closed off public access to the tool after 404 Media contacted him for comment.

Based on 404 Media's own tests and conversations with other people who have used it and investors, GeoSpy could radically change what information can be learned from photos posted online, and by whom. Law enforcement officers with very little necessary training, private threat intelligence companies, and stalkers could, and in some cases already are, using this technology. Dedicated open source intelligence (OSINT) professionals can of course do this too, but the training and skillset necessary can take years to build up. GeoSpy allows essentially anyone to do it. "We are working on something for LE [law enforcement] but it's ," Daniel Heinen, the founder of Graylark and GeoSpy, wrote in a message to the GeoSpy community Discord in July.

GeoSpy has been trained on millions of images from around the world, according to marketing material available online. From that, the tool is able to recognize "distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships." That marketing material says GeoSpy has strong coverage in the United States, but that it also "maintains global capabilities for location identification." [...] GeoSpy has not received much media attention, but it has become something of a sensation on YouTube. Multiple content creators have tested out the tool, and some try to feed it harder and harder challenges. Now that it's been shut off to the public, users have to request access, which is "available exclusively to qualified law enforcement agencies, enterprise users and government entities," according to the company's website.

The law enforcement-version of GeoSpy is more powerful than what was publicly available, according to Heinen's Discord posts. "Geospy.ai is a demo," he wrote in September. "The real work is the law enforcement models."

Donald Trump was sworn in as the 47th president of the United States on Monday in a ceremony inside the U.S. Capitol's Rotunda, returning to the White House after defeating Kamala Harris.

Trump, 78, took the oath of office before a packed crowd of lawmakers, dignitaries, and supporters, with Chief Justice John Roberts administering the ceremony. Former presidents Bill Clinton, George W. Bush, and Barack Obama attended, continuing a tradition of peaceful transitions of power.

In a notable show of corporate support, top technology executives including Apple's Tim Cook, Amazon's Jeff Bezos, and Tesla's Elon Musk sat in prominent positions near the stage.

Prior to the ceremony, Biden and Trump shared a limousine ride to the Capitol, maintaining another inaugural tradition despite their fierce rivalry. Biden, 82, issued several last-minute pardons before departing office, including one for Indigenous activist Leonard Peltier.

In 2022 California's Air Resources Board issued regulations to ban new diesel truck sales by 2036, remembers the Los Angeles Times, and force the owners of diesel trucks to take them off the road by 2042. "The idea was to replace those trucks with electric and hydrogen-powered versions, which dramatically reduce emissions but are currently two to three times more expensive."

But it would've required a federal waiver to enforce those rules — which isn't going to happen: The Biden administration hadn't granted the waivers as of this week, and rather than face almost certain denial by the incoming Trump administration, the state withdrew its waiver request... Trucking representatives had filed a lawsuit to block the rules, arguing they would cause irreparable harm to the industry and the wider economy.
The nonprofit news site CalMatters notes the withdrawal "comes after the Biden administration recently approved the California Air Resources Board's mandate phasing out new gas-powered cars by 2035, but had not yet approved other waivers for four diesel vehicle standards that the state has adopted... California may have to suspend any future rule-making for vehicles over the next four years of the Trump administration and rely instead on voluntary agreements with engine manufacturers, trucking companies, railroads and other industries."

The Los Angeles Times adds that California "could, however, pursue waivers at some point in the future." Under America's federal Clean Air Act, "California is allowed to set its own air standards, and other states are allowed to follow California's lead. But federal government waivers are required..."

America's outgoing national security adviser has "wide access to the world's secrets," writes Axios, adding that the security adviser delivered a "chilling" warning that "The next few years will determine whether AI leads to catastrophe — and whether China or America prevails in the AI arms race."

But in addition, Sullivan "said in our phone interview that unlike previous dramatic technology advancements (atomic weapons, space, the internet), AI development sits outside of government and security clearances, and in the hands of private companies with the power of nation-states... 'There's going to have to be a new model of relationship because of just the sheer capability in the hands of a private actor,' Sullivan says..." Somehow, government will have to join forces with these companies to nurture and protect America's early AI edge, and shape the global rules for using potentially God-like powers, he says. U.S. failure to get this right, Sullivan warns, could be "dramatic, and dramatically negative — to include the democratization of extremely powerful and lethal weapons; massive disruption and dislocation of jobs; an avalanche of misinformation..."

To distill Sullivan: America must quickly perfect a technology that many believe will be smarter and more capable than humans. We need to do this without decimating U.S. jobs, and inadvertently unleashing something with capabilities we didn't anticipate or prepare for. We need to both beat China on the technology and in shaping and setting global usage and monitoring of it, so bad actors don't use it catastrophically. Oh, and it can only be done with unprecedented government-private sector collaboration — and probably difficult, but vital, cooperation with China...

There's no person we know in a position of power in AI or governance who doesn't share Sullivan's broad belief in the stakes ahead...

That said, AI is like the climate: America could do everything right — but if China refuses to do the same, the problem persists and metastasizes fast. Sullivan said Trump, like Biden, should try to work with Chinese leader Xi Jinping on a global AI framework, much like the world did with nuclear weapons.
"I personally am not an AI doomer," Sullivan says in the interview. "I am a person who believes that we can seize the opportunities of AI. But to do so, we've got to manage the downside risks, and we have to be clear-eyed and real about those risks."

Thanks to long-time Slashdot reader Mr_Blank for sharing the article.

ABC News reported that the official newspaper of China's communist party is claiming TikTok refugees on RedNote found a "new home," and "openness, communication, and mutual learning are... the heartfelt desires of people from all countries."

But in fact, Wired reports, "China's Cyberspace Administration, the country's top internet watchdog, has reportedly already grown concerned about content being shared by foreigners on Xiaohongshu," and "warned the platform earlier this week to 'ensure China-based users can't see posts from U.S. users,' according to The Information."

And that's just the beginning. Wired reports that RedNote is now also "scrambling to hire English-speaking moderators." Social media platforms in China are legally required to remove a wide range of content, including nudity and graphic violence, but especially information that the government deems politically sensitive... "RedNote — like all platforms owned by Chinese companies — is subject to the Chinese Communist Party's repressive laws," wrote Allie Funk, research director for technology and democracy at the nonprofit human rights organization Freedom House, in an email to WIRED. "Independent researchers have documented how keywords deemed sensitive to those in power, such as discussion of labor strikes or criticism of Xi Jinping, can be scrubbed from the platform."

But the influx of American TikTok users — as many as 700,000 in merely two days, according to Reuters — could be stretching Xiaohongshu's content moderation abilities thin, says Eric Liu, an editor at China Digital Times, a California-based publication documenting censorship in China, who also used to work as a content moderator himself for the Chinese social media platform Weibo... Liu reposted a screenshot on Bluesky showing that some people who recently joined Xiaohongshu have received notifications that their posts can only be shown to other users after 48 hours, seemingly giving the company time to determine whether they may be violating any of the platform's rules. This is a sign that Xiaohongshu's moderation teams are unable to react swiftly, Liu says...

While the majority of the new TikTok refugees still appear to be enjoying their time on Xiaohongshu, some have already had their posts censored. Christine Lu, a Taiwanese-American tech entrepreneur who created a Xiaohongshu account on Wednesday, says she was suspended after uploading three provocative posts about Tiananmen, Tibet, and Taiwan. "I support more [Chinese and American] people engaging directly. But also, knowing China, I knew it wouldn't last for long," Lu tells WIRED.
Despite the 700,000 signups in two days, "It's also worth nothing that the migration to RedNote is still very small, and only a fraction of the 170 million people in the US who use TikTok," notes The Conversation. (And they add that "The US government also has the authority to pressure Apple to remove RedNote from the US App Store if it thinks the migration poses a national security threat.")

One nurse told the Los Angeles Times Americans signed up for the app because they "just don't want to give in" to "bullying" by the U.S. government. (The Times notes she later recorded a video acknowledging that on the Chinese-language app, "I don't know what I'm doing, I don't know what I'm reading, I'm just pressing buttons.") On Tuesday, the Wall Street Journal reported that Chinese officials had discussed the possibility of selling TikTok to a trusted non-Chinese party such as Elon Musk, who already owns social media platform X. However, analysts said that Bytedance is unlikely to agree to a sale of the underlying algorithm that powers the app, meaning the platform under a new owner could still look drastically different.

Chinese social-networking site RedNote became the #1 most-downloaded app in America, reports the Associated Press, with some new users considering it a way to protest America's possible TikTok ban.

So what happened next? They were met with surprise, curiosity and in-jokes on Xiaohongshu — literally, "Little Red Book" — whose users saw English-language posts take over feeds almost overnight. Americans introduced themselves with hashtag TikTok refugees, ask me anything attitude and posting photos of their pets to pay their hosts' "cat tax." Parents swapped stories about raising kids and Swifties from both countries, of course, quickly found each other. It's a rare moment of direct contact between two online worlds that are usually kept apart by language, corporate boundaries, and China's strict system of online censorship that blocks access to nearly all international media and social media services... Xiaohongshu's 300 million monthly active users are overwhelmingly Chinese — so much so that parts of its interface have no English-language version... [Press reports suggest about a million of TikTok's 170 million users tried switching to RedNote this week...]

On the platform, two versions of the TikTok refugee hashtag have over 24 million posts, with related posts appearing at the top of many users' feeds. A large number of American users say they've received a warm welcome from the community, with #TikTokrefugee. "Welcome the global villagers" remains the top one trending topic on Xiaohongshu, with 8.9 million views on Thursday. Users from both countries are comparing notes on grocery prices, rent, health insurance, medical bills and the relationship between mother-in-law and daughter-in-law. Parents talk about what the kids learn in school in two countries. Some have already joined book clubs and are building up a community. American users asked how Chinese see the LGBTQ community and got warned that it was among sensitive topics, Chinese users taught Americans what are sensitive topics and key words to avoid censorship on the app. Chinese students pulled out their English homework, looking for help.

Chinese state media, which have long dismissed U.S. allegations against TikTok, have welcomed the protest against the ban. People's Daily [the official newspaper of the Central Committee of the Chinese Communist Party], said in an op-ed about TikTok refugees on Thursday that says the TikTok refugees found a "new home," and "openness, communication, and mutual learning are the unchanging themes of mankind and the heartfelt desires of people from all countries."
Making the most of the moment is Jianlu Bi, who is apparently a senior content producer for Beijing's state-run China Global Television Network, which Wikipedia describes as "under the control of the Central Propaganda Department of the Chinese Communist Party". Friday Jianlu Bi crafted an article claiming "surprising" and "stark contrasts" were revealed: While the United States is often portrayed as a land of limitless opportunity, many American netizens have shared their struggles with high living costs, particularly in urban areas. One common theme is the exorbitant cost of healthcare. "I just got a simple bill for a routine checkup and it was over $500," shared one American user. "I can't imagine what a serious illness would cost! I feel like I'm constantly on the brink of financial ruin due to medical expenses." In contrast, Chinese netizens often express surprise at the affordability of many goods and services in their home country. For instance, the cost of housing, particularly in smaller cities, is often significantly lower in China compared to the United States.... This disparity is often attributed to factors such as government policies, economic development, and cultural differences...

Traditional media narratives often present simplified and often biased portrayals of China and the United States. For example, the U.S. is often portrayed as a land of opportunity with limitless possibilities, while China is sometimes depicted as a country with limited freedoms. Xiaohongshu, on the other hand, provides a platform for ordinary people to share their authentic experiences and perspectives... A Chinese student studying in the U.S. shared, "I was surprised to learn that many of my classmates are working part-time jobs to cover their tuition and living expenses. This is very different from the image of affluent American students I had in my mind. It really opened my eyes to the realities of life for many young people in the U.S."
"As social media continues to evolve, these platforms will undoubtedly play an increasingly important role in shaping global perceptions..." the article concludes.

Article suggested by long-time Slashdot reader hackingbear.

The BBC brings news from the Baltic Sea. After critical undersea cables were damaged or severed last year, "NATO has launched a new mission to increase the surveillance of ships..." Undersea infrastructure is essential not only for electricity supply but also because more than 95% of internet traffic is secured via undersea cables, [said NATO head Mark Rutte], adding that "1.3 million kilometres (800,000 miles) of cables guarantee an estimated 10 trillion-dollar worth of financial transactions every day". In a post on X, he said Nato would do "what it takes to ensure the safety and security of our critical infrastructure and all that we hold dear".... Estonia's Foreign Minister Margus Tsahkna said in December that damage to submarine infrastructure had become "so frequent" that it cast doubt on the idea the damage could be considered "accidental" or "merely poor seamanship".
The article also has new details about a late-December cable-cutting by the Eagle S (which was then boarded by Finland's coast guard and steered into Finnish waters). "On Monday, Risto Lohi of Finland's National Bureau of Investigation told Reuters that the Eagle S was threatening to cut a second power cable and a gas pipe between Finland and Estonia at the time it was seized." And there's reports that the ship was loaded with spying equipment.

UPDATE (1/19/2024): The Washington Post reports that the undersea cable ruptures "were likely the result of maritime accidents rather than Russian sabotage, according to several U.S. and European intelligence officials."

But whatever they're watching for, NATO's new surveillance of the Baltic Sea will include "uncrewed surface vessels," according to defense-news web site TWZ.com: The uncrewed surface vessels [or USVs], also known as drone boats, will help establish an enhanced common operating picture to give participating nations a better sense of potential threats and speed up any response. It is the first time NATO will use USVs in this manner, said a top alliance commander... There will be at least 20 USVs assigned [a NATO spokesman told The War Zone Friday]... In the first phase of the experiment, the USVs will "have the capabilities under human control" while "later phases will include greater autonomy." The USVs will augment the dozen or so vessels as well as an unspecified number of crewed maritime patrol aircraft committed
One highly-placed NATO official tells the site that within weeks "we will begin to use these ships to give a persistent, 24-7 surveillance of critical areas."

Last week the U.K. government also announced "an advanced UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet."

The system "harnesses AI to assess data from a range of sources, including the Automatic Identification System (AIS) ships use to broadcast their position, to calculate the risk posed by each vessel entering areas of interest." Harnessing the power of AI, this UK-led system is a major innovation which allows us the unprecedented ability to monitor large areas of the sea with a comparatively small number of resources, helping us stay secure at home and strong abroad.

A new law is being considered by New York's state legislature, reports a local news outlet, which "if passed, will require anyone buying a 3D printer to pass a background check. If you can't legally own a firearm, you won't be able to buy one of these printers..." It is illegal to print most gun parts in New York. Attorney Greg Rinckey believes the proposal is an overreach. "I think this is also gonna face some constitutional problems. I mean, it really comes down to a legal parsing of what are you printing and at what point is it technically a firearm...?"

[Ascent Fabrication owner Joe] Fairley thinks lawmakers should shift their focus on those partial gun kits that produce the metal firing components. Another possibility is to require printer manufacturers to install software that prevents gun parts from being printed. "They would need to agree on some algorithm to look at the part and say nope, that is a gun component, you're not allowed to print that part somehow," said Fairley. "But I feel like it would be extremely difficult to get to that point."

A county transit police detective fed a poor-quality image to an AI-powered facial recognition program, remembers the Washington Post, leading to the arrest of "Christopher Gatlin, a 29-year-old father of four who had no apparent ties to the crime scene nor a history of violent offenses." He was unable to post the $75,000 cash bond required, and "jailed for a crime he says he didn't commit, it would take Gatlin more than two years to clear his name." A Washington Post investigation into police use of facial recognition software found that law enforcement agencies across the nation are using the artificial intelligence tools in a way they were never intended to be used: as a shortcut to finding and arresting suspects without other evidence... The Post reviewed documents from 23 police departments where detailed records about facial recognition use are available and found that 15 departments spanning 12 states arrested suspects identified through AI matches without any independent evidence connecting them to the crime — in most cases contradicting their own internal policies requiring officers to corroborate all leads found through AI. Some law enforcement officers using the technology appeared to abandon traditional policing standards and treat software suggestions as facts, The Post found. One police report referred to an uncorroborated AI result as a "100% match." Another said police used the software to "immediately and unquestionably" identify a suspected thief.

Gatlin is one of at least eight people wrongfully arrested in the United States after being identified through facial recognition... All of the cases were eventually dismissed. Police probably could have eliminated most of the people as suspects before their arrest through basic police work, such as checking alibis, comparing tattoos, or, in one case, following DNA and fingerprint evidence left at the scene.
Some statistics from the article about the eight wrongfully-arrested people:

• In six cases police failed to check alibis

• In two cases police ignored evidence that contradicted their theory

• In five cases police failed to collect key pieces of evidence

• In three cases police ignored suspects' physical characteristics

• In six cases police relied on problematic witness statements

The article provides two examples of police departments forced to pay $300,000 settlements after wrongful arrests caused by AI mismatches. But "In interviews with The Post, all eight people known to have been wrongly arrested said the experience had left permanent scars: lost jobs, damaged relationships, missed payments on car and home loans. Some said they had to send their children to counseling to work through the trauma of watching their mother or father get arrested on the front lawn.

"Most said they also developed a fear of police."

America's Federal Trade Commission has been "raising antitrust concerns" about them for years, reports NBC News.

The latest? America's three largest drug middlemen "inflated the costs of numerous life-saving medications by billions of dollars over the past few years, the FTC said in a report Tuesday." The top pharmacy benefit managers (PBMs) — CVS Health's Caremark Rx, Cigna's Express Scripts and UnitedHealth Group's OptumRx — generated roughly $7.3 billion through price hikes over about five years starting in 2017, the FTC said. The "excess" price hikes affected generic drugs used to treat heart disease, HIV and cancer, among other conditions, with some increases more than 1,000% of the national average costs of acquiring the medications, the commission said. The FTC also said these so-called Big Three health care companies — which it estimates administer 80% of all prescriptions in the U.S. — are inflating drug prices "at an alarming rate, which means there is an urgent need for policymakers to address it...."

Some of the steepest drug markups were "hundreds and thousands of percent," according to Tuesday's report, which highlights just how profitable specialty drugs have become for the three leading PBMs. Cancer drugs alone made up nearly half of the $7.3 billion, the commission wrote, with multiple sclerosis medications accounting for another 25%. Dispensing highly marked-up specialty drugs was a massive income stream for the companies in 2021, the FTC found. Out of tens of thousands of drugs dispensed, the top 10 specialty generics alone made up nearly 11% of the companies' pharmacy-related operating income that year, the agency estimated. Across the 51 drugs the agency analyzed, the Big Three's price-markup revenue surged from $522 million in 2017 to $2.1 billion in 2021, the report said.
"The FTC found that 22 percent of specialty drugs dispensed by PBM-affiliated pharmacies were marked up by more than 1,000 percent," reports The Hill, "while 41 percent were marked up between 100 and 1,000 percent. Among those drugs marked up by more than 1,000 percent, half of them were marked up by more than 2,000 percent."

And the nonprofit site progressive news site Common Dreams shares some examples from the FTC's 60-page report: "For the pulmonary hypertension drug tadalafil (generic Adcirca), for example, pharmacies purchased the drug at an average of $27 in 2022, yet the Big Three PBMs marked up the drug by $2,079 and paid their affiliated pharmacies $2,106, on average, for a 30-day supply of the medication on commercial claims," the publication notes. That's a staggering average markup of 7,736%... The new analysis follows a July 2024 report that revealed Big Three PBM-affiliated pharmacies received 68% of the dispensing revenue generated by specialty drugs in 2023, a 14% increase from 2016...

Responding to the FTC report, Emma Freer, senior policy analyst for healthcare at the American Economic Liberties Project — a corporate accountability and antitrust advocacy group — said in a statement Tuesday that "the FTC's second interim report lays bare the blatant profiteering by PBM giants, which are marking up lifesaving drugs like cancer, HIV, and multiple sclerosis treatments by thousands of percent and forcing patients to pay the price."

"The FDIC sued 17 former executives and directors of Silicon Valley Bank on Thursday, seeking to recover billions of dollars for alleged gross negligence and breaches of fiduciary duty," reports Reuters. The move comes almost two years after Silicon Valley Bank's March 2023 collapse, which shocked financial markets and ended up benefiting big players like JPMorgan Chase. From the report: In a complaint filed in San Francisco federal court, the FDIC, in its capacity the bank's receiver, said the defendants ignored fundamental standards of prudent banking and the bank's own risk policies in letting the bank take on excessive risks to boost short-term profit and its stock price. The FDIC faulted the bank's overreliance on unhedged, interest rate-sensitive long-term government bonds such as US Treasuries and mortgage-backed securities, as rates looked set to -- and eventually did -- rise. It also objected to the payment of a "grossly imprudent" $294 million dividend to its parent that drained needed capital "at a time of financial distress and management weakness" in December 2022, less than three months before its demise.

"SVB represents a case of egregious mismanagement of interest-rate and liquidity risks by the bank's former officers and directors," the complaint said. The defendants include former Chief Executive Gregory Becker, former Chief Financial Officer Daniel Beck, four other former executives and 11 former directors.

The U.S. Department of the Treasury's OFAC has sanctioned Yin Kecheng and Sichuan Juxinhe Network Technology Co. for their roles in a recent Treasury breach and espionage operations targeting U.S. telecommunications. BleepingComputer reports: "Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People's Republic of China Ministry of State Security (MSS)," reads the Treasury's announcement. "Yin Kecheng was associated with the recent compromise of the Department of the Treasury's Departmental Offices network," says the agency.

OFAC also announced sanctions against Sichuan Juxinhe Network Technology Co., a Chinese cybersecurity firm believed to be directly involved with the Salt Typhoon state hacker group. Salt Typhoon was recently linked to several breaches on major U.S. telecommunications and internet service providers to spy on confidential communications of high-profile targets. "Sichuan Juxinhe Network Technology Co., LTD. (Sichuan Juxinhe) had direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies," the U.S. Treasury explains, adding that "the MSS has maintained strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe." [...]

The sanctions imposed on Kecheng and the Chinese cybersecurity firm under Executive Order (E.O.) 13694 block all property and financial assets located in the United States or are in the possession of U.S. entities, including banks, businesses, and individuals. Additionally, U.S. entities are prohibited from conducting any transactions with the sanctioned entities without OFAC's explicit authorization. It's worth noting that these sanctions come after OFAC sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. U.S. Treasury's announcement reiterates that the U.S. Department of State offers, through its Rewards for Justice program, up to $10,000,000 for information leading to uncovering the identity of hackers who have targeted the U.S. government or critical infrastructure in the country.

The FTC announced Thursday that it's banned General Motors and its subsidiary OnStar from selling customer geolocation and driving behavior data for five years. The Verge reports: The settlement comes after a New York Times investigation found that GM had been collecting micro-details about its customers' driving habits, including acceleration, braking, and trip length -- and then selling it to insurance companies and third-party data brokers like LexisNexis and Verisk. Clueless vehicle owners were then left wondering why their insurance premiums were going up.

FTC accused GM of using a "misleading enrollment process" to get vehicle owners to sign up for its OnStar connected vehicle service and Smart Driver feature. The automaker failed to disclose to customers that it was collecting their data, nor did GM seek out their consent to sell it to third parties. After the Times exposed the practice, GM said it was discontinuing its OnStar Smart Driver program. The settlement also requires GM to obtain consent from customers before collecting their driving behavior data, and allow them to request and delete their data if they choose.

Ars Technica's Jon Brodkin reports: AT&T has stopped offering its 5G home Internet service in New York instead of complying with a new state law that requires ISPs to offer $15 or $20 plans to people with low incomes. New York started enforcing its Affordable Broadband Act yesterday after a legal battle of nearly four years. [...] The law requires ISPs with over 20,000 customers in New York to offer $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The plans only have to be offered to households that meet income eligibility requirements, such as qualifying for the National School Lunch Program, Supplemental Nutrition Assistance Program, or Medicaid. [...]

Ending home Internet service in New York is relatively simple for AT&T because it is outside the 21-state wireline territory in which the telco offers fiber and DSL home Internet service. "AT&T Internet Air is currently available only in select areas and where AT&T Fiber is not available. New York is outside of our wireline service footprint, so we do not have other home Internet options available in the state," the company said. AT&T will continue offering its 4G and 5G mobile service in New York, as the state law only affects home Internet service. People with smartphones or other mobile devices connected to the AT&T wireless network should thus see no change.

Existing New York-based users of AT&T Internet Air can only keep it for 45 days and won't be charged during that time, AT&T said. "During this transition, customers will be able to keep their existing AT&T Internet Air service for up to 45 days, at no charge, as they find other options for broadband. We will work closely with our customers throughout this transition," AT&T said. Residential users will be sent "a recovery kit with instructions on how to return their AIA equipment, while business customers can keep any device they purchased at no charge," AT&T said.

An anonymous reader quotes a report from TechCrunch: On Tuesday, the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, which marks the first time this type of software -- also known as government or mercenary spyware -- has been discussed at the Security Council. The goal of the meeting, according to the U.S. Mission to the UN, was to "address the implications of the proliferation and misuse of commercial spyware for the maintenance of international peace and security." The United States and 15 other countries called for the meeting. While the meeting was mostly informal and didn't end with any concrete proposals, most of the countries involved, including France, South Korea, and the United Kingdom, agreed that governments should take action to control the proliferation and abuse of commercial spyware. Russia and China, on the other hand, dismissed the concerns.

John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, gave testimony in which he sounded the alarm on the proliferation of spyware made by "a secretive global ecosystem of developers, brokers, middlemen, and boutique firms," which "is threatening international peace and security as well as human rights." Scott-Railton called Europe "an epicenter of spyware abuses" and a fertile ground for spyware companies, referencing a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in the last few years.

Representatives of Poland and Greece, countries that had their own spyware scandals involving software made by NSO Group and Intellexa, respectively, also intervened. Poland's representative pointed at local legislative efforts to put "more control, including by the judiciary, on the relevant operational activities of the security and intelligence services," while also recognizing that spyware can be used in a legal way. "We are not saying that the use of spyware is never justified or even required," said Poland's representative. And the Greek representative pointed to the country's 2022 bill to ban the sale of spyware.

A pastor in Pasco, Washington, has been indicted on 26 counts of fraud for orchestrating a cryptocurrency scam that defrauded over 1,500 investors of nearly $5.9 million between 2021 and 2023. Many of the investors were members of his congregation. BleepingComputer reports: The US Department of Justice says the pastor, Francier Obando Pinillo, 51, used his position to recruit investors into a fraudulent cryptocurrency venture called "Solano Fi," which he told them "came to him in a dream" and was a guaranteed investment. "Pinillo used his position as pastor to induce members of his congregation and others to invest their money in a cryptocurrency investment business known as Solano Fi," reads the US Department of Justice announcement. "Pinillo claimed the idea for Solano Fi had come to him in a dream and that it was a safe and guaranteed investment."

The pastor also set up a Facebook page for Solano Fi to attract more investors outside his direct sphere of influence, as well as a Telegram group named 'Multimillionarios SolanoFi,' which had 1,500 members. The indictment alleged that Pinillo promised investors they would receive guaranteed monthly investment returns of 34.9% at no risk whatsoever. The indictment further claims he directed the victims to make cryptocurrency transfers to wallets under his control, and instead of investing the funds, he diverted them for personal use. Investors were provided access to a Solano Fi web app where they could manage their funds; however, the app showed fake balances and investment returns. Those convinced by the fraud were encouraged to recruit more investors for additional returns, expanding the victims' circle. As in similar scams, when the victims attempted to withdraw money from the Solano Fi app, the transaction failed.

An anonymous reader quotes a report from Ars Technica: Lots of startups use Google's productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google's OAuth, i.e. "Sign in with Google." It's a low-friction feedback loop -- up until the startup fails, the domain goes up for sale, and somebody forgot to close down all the Google stuff. Dylan Ayrey, of Truffle Security Co., suggests in a report that this problem is more serious than anyone, especially Google, is acknowledging. Many startups make the critical mistake of not properly closing their accounts -- on both Google and other web-based apps -- before letting their domains expire.

Given the number of people working for tech startups (6 million), the failure rate of said startups (90 percent), their usage of Google Workspaces (50 percent, all by Ayrey's numbers), and the speed at which startups tend to fall apart, there are a lot of Google-auth-connected domains up for sale at any time. That would not be an inherent problem, except that, as Ayrey shows, buying a domain allows you to re-activate the Google accounts for former employees if the site's Google account still exists.

With admin access to those accounts, you can get into many of the services they used Google's OAuth to log into, like Slack, ChatGPT, Zoom, and HR systems. Ayrey writes that he bought a defunct startup domain and got access to each of those through Google account sign-ins. He ended up with tax documents, job interview details, and direct messages, among other sensitive materials. A Google spokesperson said in a statement: "We appreciate Dylan Ayrey's help identifying the risks stemming from customers forgetting to delete third-party SaaS services as part of turning down their operation. As a best practice, we recommend customers properly close out domains following these instructions to make this type of issue impossible. Additionally, we encourage third-party apps to follow best-practices by using the unique account identifiers (sub) to mitigate this risk."