The shift from paywalled to open-access scientific publishing is progressing, driven in part by platforms like Sci-Hub -- a website that allows users to upload PDFs of published papers and share them with anyone. While the shadow library website has faced ongoing attempts by publishers to block access, it has another problem: the platform features many outdated or retracted papers that could spread misinformation or flawed findings. Ars Technica reports: Sci-Hub works a bit like a combination of cache and aggregator for published materials. Whenever it gets a request for a paper that's not already in its database, it uses leaked login credentials to go to the website of whatever journal published the paper and obtain a copy. If it already has a copy, however, it will simply serve that up instead. This leaves open the possibility that it will have obtained a copy of a paper prior to its retraction and continue to distribute that copy after the paper has been retracted.

To check this, the researchers obtained a list of nearly 17,000 retracted papers and searched for them on Sci-Hub. They then visually examined the documents that were returned. They found that 85 percent of them contained no indication that the paper had been retracted. "The availability of [unlabeled retracted articles] in the field of health sciences is particularly high," they note, "which indicates a significant risk of their unintended use and further citation in future research."

While corrections are less severe than retractions, they're likely to suffer a similar problem. And corrections will often involve the technical details of a paper -- the experimental approaches or raw data that will be critical for anyone wanting to replicate or extend previously published results. So, if anything, their impact will be more significant. Ars notes that a system called Crossmark is available to help find the most up-to-date version of a paper, including any corrections or retraction notices.

According to police, the man killed in the January 1st Las Vegas Cybertruck blast used ChatGPT to plan the explosion. The Hill reports: In a press conference, Tuesday, Las Vegas police released more details of the intentions of 37-year-old Matthew Livelsberger, who died of a gunshot wound prior to the car exploding. Las Vegas Sheriff Kevin McMahill said it was concerning that Livelsberger used ChatGPT, a popular artificial intelligence model created by OpenAI, to carry out the explosion. According to police, Livelsberger asked ChatGPT various questions, including where the largest gun stores in Denver were, information about the explosive targets Tannerite and pistols. "We knew that AI was going to change the game at some point or another in really all of our lives and certainly, I think this is the first incidence that I'm aware of on U.S. soil where ChatGPT is utilized to help an individual build a particular device, to learn information all across the country as they're moving forward," McMahill said.

"And so, absolutely, it's a concerning moment for us," he continued.

An anonymous reader quotes a report from Ars Technica: The US Justice Department today announced it filed an antitrust lawsuit against "six of the nation's largest landlords for participating in algorithmic pricing schemes that harmed renters." One of the landlords, Cortland Management, agreed to a settlement "that requires it to cooperate with the government, stop using its competitors' sensitive data to set rents and stop using the same algorithm as its competitors without a corporate monitor," the DOJ said. The pending settlement requires Cortland to "cooperate fully and truthfully... in any civil investigation or civil litigation the United States brings or has brought" on this subject matter.

The US previously sued RealPage, a software maker accused of helping landlords collectively set prices by giving them access to competitors' nonpublic pricing and occupancy information. The original version of the lawsuit described actions by landlords but did not name any as defendants. The Justice Department filed an amended complaint (PDF) today in order to add the landlords as defendants. The landlord defendants are Greystar, LivCor, Camden, Cushman, Willow Bridge, and Cortland, which collectively "operate more than 1.3 million units in 43 states and the District of Columbia," the DOJ said. "The amended complaint alleges that the six landlords actively participated in a scheme to set their rents using each other's competitively sensitive information through common pricing algorithms," the DOJ said. The phrase "price fixing" came up in discussions between landlords, the amended complaint said: "For example, in Minnesota, property managers from Cushman & Wakefield, Greystar, and other landlords regularly discussed competitively sensitive topics, including their future pricing. When a property manager from Greystar remarked that another property manager had declined to fully participate due to 'price fixing laws,' the Cushman & Wakefield property manager replied to Greystar, 'Hmm... Price fixing laws huh? That's a new one! Well, I'm happy to keep sharing so ask away. Hoping we can kick these concessions soon or at least only have you guys be the only ones with big concessions! It's so frustrating to have to offer so much.'"

The Justice Department is joined in the case by the attorneys general of California, Colorado, Connecticut, Illinois, Massachusetts, Minnesota, North Carolina, Oregon, Tennessee, and Washington. The case is in US District Court for the Middle District of North Carolina.

Further reading: Are We Entering an AI Price-Fixing Dystopia?

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. 404 Media: The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.

An anonymous reader quotes a report from Reuters: The U.S. Defense Department said on Monday it has added Chinese tech giants including gaming and social media leader Tencent Holdings and battery maker CATL to a list of firms it says work with China's military. The list also included chip maker Changxin Memory Technologies, Quectel Wireless and drone maker Autel Robotics, according to a document published on Monday. The annually updated list (PDF) of Chinese military companies, formally mandated under U.S. law as the "Section 1260H list," designated 134 companies, according to a notice posted to the Federal Register.

U.S.-traded shares of Tencent, which is also the parent of Chinese instant messaging app WeChat, fell 8% in over-the-counter trading. Tencent said in a statement that its inclusion on the list was "clearly a mistake." It added: "We are not a military company or supplier. Unlike sanctions or export controls, this listing has no impact on our business." CATL called the designation a mistake, saying it "is not engaged in any military related activities." A Quectel spokesperson said the company "does not work with the military in any country and will ask the Pentagon to reconsider its designation, which clearly has been made in error."

While the designation does not involve immediate bans, it can be a blow to the reputations of affected companies and represents a stark warning to U.S. entities and firms about the risks of conducting business with them. It could also add pressure on the Treasury Department to sanction the companies. Two previously listed companies, drone maker DJI and Lidar-maker Hesai Technologies, both sued the Pentagon last year over their previous designations, but remain on the updated list. The Pentagon also removed six companies it said no longer met the requirements for the designation, including AI firm Beijing Megvii Technology, China Railway Construction Corporation Limited, China State Construction Group Co and China Telecommunications Corporation.

A U.S. Appeals Court ruled this week that net neutrality couldn't be reinstated by America's Federal Communications Commission. But "Despite the dismantling of the FCC's efforts to regulate broadband internet service, state laws in California, New York and elsewhere remain intact," notes the Los Angeles Times: This week's decision by the 6th U.S. Circuit Court of Appeals, striking down the FCC's open internet rules, has little bearing on state laws enacted during the years-long tug-of-war over the government's power to regulate internet service providers, telecommunications experts said. In fact, some suggested that the Cincinnati-based 6th Circuit's decision — along with other rulings and the U.S. Supreme Court's posture on a separate New York case — has effectively fortified state regulators' efforts to fill the gap. "Absent an act of Congress, the FCC has virtually no role in broadband any more," Ernesto Falcon, a program manager for the California Public Utilities Commission, said in an interview. "The result of this decision is that states like California, New York and others will have to govern and regulate broadband carriers on our own."

California has one of the nation's strongest laws on net neutrality, the principle that internet traffic must be treated equally to ensure a free and open network. Former Gov. Jerry Brown signed the measure into law in 2018, months after federal regulators in President elect-Donald Trump's first administration repealed the net neutrality rules put in place under President Obama. Colorado, Oregon and other states also adopted their own standards.

The Golden State's law has already survived legal challenges. It also prompted changes in the way internet service providers offered plans and services. "California's net neutrality law, which is seen as the gold standard by consumer advocates, carries national impact," Falcon said.... "The state's authority and role in broadband access has grown dramatically now," Falcon said.
California's net neutrality rules prohibit "throttling" data speeds, according to the article.

Brazil ended daylight saving time in 2019, reports the Washington Post, adding that some Brazilians loved the change, "particularly those who commute long distances and are no longer forced to leave their houses in pitch blackness." But "In the heavily populated southeast, the sky begins to brighten at the unconscionable hour of 4:30 a.m. during the summer, and by 8 a.m., it feels like high noon... Polls showed it ultimately lost majority support..."

And then "After several energy emergencies, and with the prospect of more to come as the effects of climate change intensify, the vanquished daylight saving time is suddenly looking a whole lot better than it once did to some in the Brazilian government." Authorities almost mandated the return of daylight saving — a portion of the calendar when clocks are turned forward to maximize seasonal daylight — late last year to conserve energy amid a historic drought that had threatened hydroelectric power generation and drove up light bills. The government is already laying the political groundwork to restore it as soon as this year...

Latin America's largest country is a global leader in green energy. An astounding 93 percent of its electricity comes from renewable sources, according to Brazil's Electric Energy Commercialization Chamber, the majority of which is hydropower. This strength, however, has also left it vulnerable to global warming. As temperatures have warmed and punishing droughts have grown more frequent, the country's water reserves have dropped precariously low at times, jeopardizing its primary source of energy. In 2021, an extended drought depleted the country's water stores, driving up light bills by an estimated 20 percent, according to the National Chamber of Electric Energy. Then came last year's drought, the worst in 70 years, and government officials started to look more seriously at daylight saving.

Alexandre Silveira [Brazil's mining and energy minister] said that month that the decision to eliminate daylight saving had been extravagance Brazil could scarcely afford. "It was massively irresponsible, without any basis in science," the energy official said. "We're living in a period of denial in Brazil in all aspects." José Sidnei Colombo Martini, an electrical engineer at the University of São Paulo, told The Washington Post that decision to end daylight saving amounted to a "national bet on whether it is going to rain." And the bet is expected to become increasingly risky as the years pass. "Brazil has always had a massive amount of available water compared to other countries — storing 12 percent of the planet's surface — but this is being altered," said Suely Araújo, public policy coordinator at the Climate Observatory. Estimates show "we could have a 40 percent reduction in our water availability in Brazil's principal hydro regions by 2040. Brazil has entered a new reality... "
Should other countries end Daylight Saving Time? "People and governments all over the world are having the same debate," the article points out, "often coming to conflicting conclusions." Countries including Azerbaijan, Mexico and Samoa have done away with daylight saving time. Meanwhile, Jordan, Namibia and Turkey have gone the opposite direction, opting for permanent daylight saving time. And Russia, discovering there's no way to tell time that pleases everyone, first tried permanent daylight saving time, then scuttled it.

Remember that massive botnet run by Chinese government hackers? Flax Typhoon "compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan," according to the U.S. Treasury Department. (The group's botnet breaching this autumn affected "at least 260,000 internet-connected devices," reports the Washington Post, "roughly half of which were located in the United States.")

Friday America's Treasury Department sanctioned "a Beijing-based cybersecurity company for its role in multiple computer intrusion incidents against U.S. victims..." according to an announcement from the department's Office of Foreign Assets Control. "Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure."

From the Washington Post: The group behind the attacks was active since at least 2021, but U.S. authorities only managed to wrest control of the devices from the hackers in September, after the FBI won a court order that allowed the agency to send commands to the infected devices...

Treasury's designation follows sanctions announced last month on Sichuan Silence Information Technology Company, in which U.S. officials accused the company of exploiting technology flaws to install malware in more than 80,000 firewalls, including those protecting U.S. critical infrastructure. The new sanctions on Beijing Integrity Technology are notable due to the company's public profile and outsize role in servicing China's police and intelligence services via state-run hacking competitions. The company, which is listed in Shanghai and has a market capitalization of more than $327 million, plays a central role in providing state agencies "cyber ranges" — technology that allows them to simulate cyberattacks and defenses...

In September, FBI Director Christopher A. Wray said the Flax Typhoon attack successfully infiltrated universities, media organizations, corporations and government agencies, and in some cases caused significant financial losses as groups raced to replace the infected hardware. He said at the time that the operation to shut down the network was "one round in a much longer fight...." A 2024 assessment by the Office of the Director of National Intelligence said China is the most "active and persistent" cyberthreat and that actors under Beijing's direction have made efforts to breach U.S. critical infrastructure with the intention of lying in wait to be able to launch attacks in the event of major conflict.
"The Treasury sanctions bar Beijing Integrity Technology from access to U.S. financial systems and freeze any assets the company might hold in the United States," according to the article, "but the moves are unlikely to have a significant effect on the company," (according to Dakota Cary, a fellow at the Atlantic Council who has studied the company's role in state-sponsored hacking).

The Register's Jude Karabus reports: IBM and semiconductor maker GlobalFoundries have settled all of their litigation against each other, including breach of contract, patent, and trade secret suits, the pair say. The details of the settlement are confidential. All that both companies were prepared to say in yesterday's statements was that the deal they'd agreed would resolve "all litigation matters, inclusive of breach of contract, trade secrets, and intellectual property claims between the two companies." They added that the settlement would allow the companies to "explore new opportunities for collaboration in areas of mutual interest." In 2021, IBM sued GlobalFoundries for $2.5 billion, accusing it of failing to deliver on 10nm and 7nm chip production commitments, which disrupted IBM's hardware roadmap. GlobalFoundries poaching engineers countersued in 2023, alleging IBM misused trade secrets and poached engineers to support partnerships with Intel and Rapidus, potentially compromising proprietary technologies.

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services.

MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...]

According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries. MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.

A federal judge in Connecticut refused to dismiss a long-running lawsuit accusing the former Nestle Waters North America of defrauding consumers by labeling its Poland Spring bottled water as "spring water." From a report: While rejecting some claims in the proposed class action, U.S. District Judge Jeffrey Alker Meyer in New Haven called it an open question whether Poland Spring qualified as spring water under the laws of Connecticut, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania and Rhode Island. Poland Spring is now owned by Tampa, Florida-based Primo Brands, following multiple corporate transactions. Consumers sued Nestle Waters, then owned by Nestle, in 2017, saying it deceived them into overpaying for Poland Spring with labels declaring it to be "Natural Spring Water" or "100% Natural Spring Water."

The plaintiffs said "not one drop" of the 1 billion gallons sold annually in the United States came from a natural spring, and that the actual Poland Spring in Maine "ran dry" two decades before Nestle bought the brand in 1992. In seeking a dismissal, Nestle Waters said geologists and officials in the eight states agreed that Poland Spring complied with a U.S. Food and Drug Administration rule defining spring water, and each state authorized its sale as "spring water."

More than half-a-dozen VPN apps, including Cloudflare's widely-used 1.1.1.1, have been pulled from India's Apple App Store and Google Play Store following intervention from government authorities, TechCrunch reported Friday. From the report: The Indian Ministry of Home Affairs issued removal orders for the apps, according to a document reviewed by TechCrunch and a disclosure made by Google to Lumen, Harvard University's database that tracks government takedown requests globally.

An anonymous reader quotes a report from Reuters: Constellation Energy has been awarded a record $1 billion in contracts to supply nuclear power to the U.S. government over the next decade, the company said on Thursday. Constellation, the country's largest operator of nuclear power plants, will deliver electricity to more than 13 federal agencies as part of the agreements with the U.S. General Services Administration. The deal is the biggest energy purchase in the history of the GSA, which constructs and manages federal buildings, and is among the first major climate-focused energy agreement by the U.S. government to include electricity generated from existing nuclear reactors.

The GSA estimated that the contracts, set to begin on April 25, will comprise over 10 million megawatt-hours over 10 years and provide electricity equivalent to powering more than 1 million homes annually. The procurement will deliver electricity to 80 federal facilities located throughout the PJM Interconnection, a regional transmission operator with service covering more than 65 million people. The U.S. Department of Transportation, the Federal Reserve Board of Governors and the Army Corps of Engineers are some of the facilities that will receive the power. [...] Constellation said the deal will enable it to extend the licenses of existing nuclear plants and invest in new equipment and technology that will increase output by about 135 megawatts. "The investments we make as a result of this contract will keep these plants operating reliably for decades to come and put new, clean nuclear energy on the grid while making the best use of taxpayer dollars," Constellation CEO Joe Dominguez said in a release.

An anonymous reader quotes a report from The Record: Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...]

It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."

An anonymous reader quotes a report from Ars Technica: Apple has agreed (PDF) to pay $95 million to settle a lawsuit alleging that its voice assistant Siri routinely recorded private conversations that were then sold to third parties for targeted ads. In the proposed class-action settlement (PDF) -- which comes after five years of litigation -- Apple admitted to no wrongdoing. Instead, the settlement refers to "unintentional" Siri activations that occurred after the "Hey, Siri" feature was introduced in 2014, where recordings were apparently prompted without users ever saying the trigger words, "Hey, Siri." Sometimes Siri would be inadvertently activated, a whistleblower told The Guardian, when an Apple Watch was raised and speech was detected. The only clue that users seemingly had of Siri's alleged spying was eerily accurate targeted ads that appeared after they had just been talking about specific items like Air Jordans or brands like Olive Garden, Reuters noted. It's currently unknown how many customers were affected, but if the settlement is approved, the tech giant has offered up to $20 per Siri-enabled device for any customers who made purchases between September 17, 2014, and December 31, 2024. That includes iPhones, iPads, Apple Watches, MacBooks, HomePods, iPod touches, and Apple TVs, the settlement agreement noted. Each customer can submit claims for up to five devices.

A hearing when the settlement could be approved is currently scheduled for February 14. If the settlement is certified, Apple will send notices to all affected customers. Through the settlement, customers can not only get monetary relief but also ensure that their private phone calls are permanently deleted. While the settlement appears to be a victory for Apple users after months of mediation, it potentially lets Apple off the hook pretty cheaply. If the court had certified the class action and Apple users had won, Apple could've been fined more than $1.5 billion under the Wiretap Act alone, court filings showed. But lawyers representing Apple users decided to settle, partly because data privacy law is still a "developing area of law imposing inherent risks that a new decision could shift the legal landscape as to the certifiability of a class, liability, and damages," the motion to approve the settlement agreement said. It was also possible that the class size could be significantly narrowed through ongoing litigation, if the court determined that Apple users had to prove their calls had been recorded through an incidental Siri activation -- potentially reducing recoverable damages for everyone.

A U.S. appeals court ruled on Thursday the Federal Communications Commission did not have legal authority to reinstate landmark net neutrality rules. From a report: The decision is a blow to the outgoing Biden administration that had made restoring the open internet rules a priority. President Joe Biden signed a 2021 executive order encouraging the FCC to reinstate the rules.

A three-judge panel of the Cincinnati-based 6th U.S. Circuit Court of Appeals said the FCC lacked authority to reinstate the rules initially implemented in 2015 by the agency under Democratic former President Barack Obama, but then repealed by the commission in 2017 under Republican former President Donald Trump.

The rules also forbid special arrangements in which ISPs give improved network speeds or access to favored users. The court cited the Supreme Court's June decision in a case known as Loper Bright to overturn a 1984 precedent that had given deference to government agencies in interpreting laws they administer, in the latest decision to curb the authority of federal agencies. "Applying Loper Bright means we can end the FCC's vacillations," the court ruled.

Earlier this year, Russia President Vladimir Putin called on the government to develop its own domestically produced gaming consoles with proprietary operating systems and cloud-based platforms. "With Russia heavily sanctioned and looking to promote its own products, one of its in-development consoles is powered by the Elbrus processor," notes TechSpot. However, the processor is "designed primarily for domestic applications in critical infrastructure, defense, and other sensitive areas" and "can't match high-end CPUs from Intel, AMD, and Arm." From the report: The Russian government admits that this device isn't going to be on the same level as current-gen machines. "I hope my colleagues will approach this task with full responsibility and come up with something truly groundbreaking," said Anton Gorelkin, Deputy Chairman of the State Duma Committee on Information Policy. "It is obvious to everyone: Elbrus processors are not yet at the level required to compete equally with the PS5 and Xbox, which means the solution must be unconventional." Gorelkin said that Russian consoles aren't being designed only to play ports of hundreds of old, less-demanding games. He added that they should primarily serve the purpose of promoting and popularizing domestic video game products.

Another organization following Putin's instructions is Russian telecommunications firm MTS. Its console (above) will use the company's cloud-based gaming platform, called Fog Play. It allows owners of high-end PCs to rent out their computing power to those with less-powerful equipment, charging an hourly price. Those with more powerful PCs can access games on the service and use their own hardware to play them. MTS' device is expected to cost no more than $45 and come with an Xbox-like controller, suggesting it's unlikely to appeal to those who enjoy current-gen console games.

An anonymous reader quotes a report from KrebsOnSecurity: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn't reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius' mother -- Minnesota native Alicia Roen -- filled in the gaps.

Roen said that prior to her son's arrest he'd acknowledged being associated with Connor Riley Moucka, a.k.a. "Judische," a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake. In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he'd stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon. On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea.

[...] Immediately after news broke of Moucka's arrest, Kiberphant0m posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] On that same day, Kiberphant0m posted what they claimed was the "data schema" from the U.S. National Security Agency. On Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders. On Nov. 9, Kiberphant0m posted a sales thread on BreachForums offering a "SIM-swapping" service targeting Verizon PTT customers. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target's phone calls and text messages to a device they control.

Nobel laureate Geoffrey Hinton has backed Elon Musk's legal challenge against OpenAI, criticizing the AI startup's shift from its nonprofit origins toward a for-profit model. "OpenAI was founded as an explicitly safety-focused non-profit and made various safety related promises in its charter," Hinton said in a statement through AI advocacy group Encode. "Allowing it to tear all of that up when it becomes inconvenient sends a very bad message to other actors in the ecosystem."

Musk, who co-founded OpenAI in 2015 but left in 2018, filed an injunction last month to block the company's transition to a for-profit entity. OpenAI dismissed the filing as "utterly without merit." Hinton, who won the 2024 Physics Nobel Prize for his pioneering work in neural networks, has previously criticized OpenAI CEO Sam Altman in October for prioritizing profits over safety concerns.

An anonymous reader quotes a report from Reuters: Chinese state-sponsored hackers broke into the U.S. Treasury Department earlier this month and stole documents from its workstations, according to a letter to lawmakers that was provided to Reuters on Monday. The hackers compromised a third-party cybersecurity service provider and were able to access unclassified documents, the letter said, calling it a "major incident."

According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users." After being alerted by cybersecurity provider BeyondTrust, the Treasury Department said it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack's impact. Developing...