An anonymous reader quotes a report from Ars Technica: The 4th Circuit Court of Appeals ruled Friday in favor of the American government's seizure of a large number of Megaupload founder Kim Dotcom's overseas assets. Seized items include millions of dollars in various seized bank accounts in Hong Kong and New Zealand, multiple cars, four jet skis, the Dotcom mansion, several luxury cars, two 108-inch TVs, three 82-inch TVs, a $10,000 watch, and a photograph by Olaf Mueller worth over $100,000. After years of delay, in December 2015, Dotcom was finally ordered to be extradited to the United States to face criminal charges. But his appeal is set to be heard before the High Court in Auckland on August 29. In its court filings, prosecutors argued that because Dotcom had not appeared to face the charges against him in the United States, he is therefore susceptible to "fugitive disentitlement." That legal theory posits that if a defendant has fled the country to evade prosecution, he or she cannot make a claim to the assets that the government wants to seize under civil forfeiture. But as the Dotcom legal team claimed, the U.S. can neither use its legal system to seize assets abroad nor can Dotcom be considered a fugitive if he has never set foot in the United States. However, the 4th Circuit disagreed: "Because the statute must apply to people with no reason to come to the United States other than to face charges, a "sole" or "principal" purpose test cannot stand. The principal reason such a person remains outside the United States will typically be that they live elsewhere. A criminal indictment gives such a person a reason to make the journey, and the statute is aimed at those who resist nevertheless." Civil forfeiture in the United States allows law enforcement to seize one's assets if they are believed to be illegally acquired -- even without filing any criminal charges.

An anonymous reader quotes a report from SiliconBeat: Data thieves used a massive "botnet" against professional networking site LinkedIn and stole member's personal information, a new lawsuit reveals. "LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information," said the company's complaint, filed in Northern California U.S. District Court (PDF). "During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as 'bots') have extracted and copied data from many LinkedIn pages." It is unclear to what extent LinkedIn has been able to stymie the attack. A statement from the firm's legal team suggests one avenue of penetration has been permanently closed, but does not address other means of incursion listed in the lawsuit. "Their actions have violated the trust that LinkedIn members place in the company to protect their information," the complaint said. "LinkedIn will suffer ongoing and irreparable harm to its consumer goodwill and trust, which LinkedIn has worked hard for years to earn and maintain, if the conduct continues." LinkedIn says it has more than 128 million U.S. members and more than 400 million worldwide. According to the complaint, the hackers got around six LinkedIn cybersecurity systems, and also manipulated a cloud-services company that was on the company's "whitelist" of "popular and reputable service providers, search engines and other platforms" which interact with LinkedIn under less severe security measures than other third parties. The manipulation allowed the hackers to send requests to LinkedIn servers. "This was not an attack or data breach where confidential data was stolen," LinkedIn's legal team said in a statement. "This suit is about unknown entities using automated systems to scrape and copy data that members have made available on LinkedIn, violating the law and our Terms of Service."

Another day, another leak. A suspected Russian hacker known as "Guccifer 2.0" has published the phone numbers of House Democrats on his website Friday. The Hill reports: "The document was obtained from the cyberattack on the Democratic Congressional Campaign Committee (DCCC). The hacker also published DCCC shared passwords to several online databases and news networks. The dump also included the memos on the House race for Florida's 18th district, including opposition research on the Republican contenders, which is being vacated by Democrat Patrick Murphy as he vies for the Senate. The hacker also claimed to have breached House Minority Leader Nancy Pelosi's computer and published a memo sent to her about a 2015 fundraiser for Morgan Carroll, who is running for a Colorado House seat against Republican Mike Coffman."

The Edmonton Police Service has admitted to Motherboard that it owns a Stingray and that it used the [surveillance] device in the past during investigations. After Vancouver cops admitted to using the phone tracker to investigate an abduction in 2007, Motherboard called up other local police stations in Canada to ask if they had also previously used one. As you can imagine, the other stations kept mum. In the US, Stingrays are a regular part of government and law enforcement agencies' surveillance arsenal. But Vancouver's and Edmonton's police services are the first law enforcement offices in Canada to confirm that they've used the device. Motherboard adds: According an emailed statement from police spokesperson Anna Batchelor, Edmonton's cops have "used the device in the past during investigations," but would not release any additional details in order to "to protect [Edmonton Police Service] operations." Until now, the only law enforcement in the country known to use the devices was the Royal Canadian Mounted Police, the country's analogue to the US Federal Bureau of Investigation. These suitcase-sized surveillance tools have been used in the past by the Vancouver and Toronto police, but the Vancouver police have said they borrowed the Stingray from the RCMP, and in Toronto an RCMP technician was on hand, at least in that incident. The Edmonton police's comment to Motherboard is the first time a local police department in Canada has publicly admitted to owning a Stingray device.

An anonymous reader writes: Following a court win by its client BMG over Cox Communications this week, Rightscorp has issued an unprecedented warning to every ISP in the United States today. Boasting a five-year trove of infringement data against Internet users, Rightscorp warned ISPs that they can either cooperate or face the consequences. "For nearly five years, Rightscorp has warned US internet service providers (ISPs) that they risk incurring huge liabilities if they fail to implement and enforce policies under which they terminate the accounts of their subscribers who repeatedly infringe copyrights," the company said in a statement. "Over that time, many ISPs have taken the position that it was simply impossible for an ISP to be held liable for its subscribers' actions -- even when the ISP had been put on notice of massive infringements and supplied with detailed evidence. There had never been a judicial decision holding an ISP liable."

Security researchers have found a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet -- otherwise known as "air-gap" computers -- to prevent the leakage of sensitive information it stores, reports ArsTechnica. From the article: The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.