A jury found Avraham "Avi" Eisenberg guilty on all three counts of fraud and manipulation in a $110 million crypto trade scheme using the Mango Markets platform. Axios: The case was the first known test for a jury to decide whether existing U.S. laws governing fraud and market manipulation apply to the world of decentralized finance (DeFi). The 28-year-old Eisenberg will be held to account for his actions on Oct. 11, 2022, when a series of trades he made intentionally boosted the price of Mango Markets' native token, MNGO, as well as the price of futures contracts.

He used the inflated futures holdings as collateral to borrow other cryptocurrencies on the platform, then quickly withdrew those assets and walked away from his collateral. Eisenberg never disputed the facts of the strategy but contended that what he did was legal and permitted by the DeFi protocol, a principle in the industry known as "code is law." U.S. laws apply to DeFi: "Avraham Eisenberg ran a con," prosecutors said Wednesday, during closing arguments, continuing its momentum from last week. The word "con" was used at least six more times in those remarks.

An anonymous reader shares a report: A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for "know your customer" checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm. A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

An anonymous reader quotes a report from The Hill: The House on Wednesday approved a bill that would limit how the government can purchase data from third parties — legislation that scored a vote after negotiations with a group of GOP colleagues who briefly tanked a vote on warrantless spy powers. Dubbed the Fourth Amendment is Not For Sale, the legislation passed 219-199. It requires law enforcement and other government entities to get a warrant before buying information from third-party data brokers who purchase information gleaned from apps. [...] Senior administration officials said the measure would blind U.S. intelligence outfits from getting information easily purchased by foreign intelligence operations.

"In practice, these standards make it impossible for the [intelligence community], law enforcement to acquire a whole host of readily available information that they currently rely on," an administration official said. "Covered customer records as defined in the bill is very broad and includes records pertaining to any U.S. person or indeed any foreigner inside the United States. And as a practical matter, there's often no way to establish whether a particular individual was in the U.S. at a particular time a piece of data was created. Unless you did one thing, which is paradoxically to intrude further into their privacy just to figure out whether you could obtain some data." "It can be impossible to know what's in a data set before one actually obtains a data set," the official continued. "So you'd be barred from getting that which you don't even know."

CNBC reports that nine Google workers were arrested on trespassing charges Tuesday night in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in happened at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. From the report: The arrests, which were livestreamed on Twitch by participants, follow rallies outside Google offices in New York, Sunnyvale and Seattle, which attracted hundreds of attendees, according to workers involved. [...] Protesters in Sunnyvale sat in Kurian's office for more than nine hours until their arrests, writing demands on Kurian's whiteboard and wearing shirts that read "Googler against genocide." In New York, protesters sat in a three-floor common space. Five workers from Sunnyvale and four from New York were arrested.

"On a personal level, I am opposed to Google taking any military contracts -- no matter which government they're with or what exactly the contract is about," Cheyne Anderson, a Google Cloud software engineer based in Washington, told CNBC. "And I hold that opinion because Google is an international company and no matter which military it's with, there are always going to be people on the receiving end... represented in Google's employee base and also our user base." Anderson had flown to Sunnyvale for the protest in Kurian's office and was one of the workers arrested Tuesday. "Google Cloud supports numerous governments around the world in countries where we operate, including the Israeli government, with our generally available cloud computing services," a Google spokesperson told CNBC, adding, "This work is not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services."

Pablo Escobar, the name of the late Colombian drug kingpin, can't be registered as a trademark in the European Union after judges said that approving his brother's bid would go against "principles of morality." From a report: The public "associate that name with drug trafficking and narco-terrorism and with the crimes and suffering resulting therefrom, rather than with his possible good deeds in favor of the poor in Colombia," the EU's General Court in Luxembourg said on Wednesday. Trademarking the name is "counter to the fundamental values and moral standards prevailing within Spanish society," the court said.

404 Media: An online service is scraping Discord servers en masse, archiving and tracking users' messages and activity across servers including what voice channels they join, and then selling access to that data for as little as $5. Called Spy Pet, the service's creator says it scrapes more than ten thousand Discord servers, and besides selling access to anyone with cryptocurrency, is also offering the data for training AI models or to assist law enforcement agencies, according to its website.

The news is not only a brazen abuse of Discord's platform, but also highlights that Discord messages may be more susceptible to monitoring than ordinary users assume. Typically, a Discord user's activity is spread across disparate servers, with no one entity, except Discord itself, able to see what messages someone has sent across the platform more broadly. With Spy Pet, third-parties including stalkers or potentially police can look up specific users and see what messages they've posted on various servers at once. "Have you ever wondered where your friend hangs out on Discord? Tired of basic search tools like Discord.id? Look no further!" Spy Pet's website reads. It claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.

Pavel Durov, the founder of Telegram messaging app, has accused tech giants Google and Apple of threatening to censor content on smartphones [YouTube link]. In an interview with Tucker Carlson, Durov claimed that these companies told Telegram to comply with their guidelines or face removal from their app stores.

"Those two platforms, they could basically censor everything you can read, access on your smart phone," Durov said. With 900 million active users, Telegram is expected to cross the one billion mark within a year.

The SEC has blocked third-party messaging apps and texts from employees' work phones, "bringing its own practices closer to the standards it's enforcing for the industry," reports Bloomberg. From the report: The SEC's decision to block disappearing-messaging apps will help improve record-keeping and address potential security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year. It follows about $3 billion in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta's WhatsApp.

The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff's communications on agency-issued phones. The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts "to lower risk that our systems could be compromised and to enhance recordkeeping," an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.

An anonymous reader quotes a report from Wired: Dozens of Google employees began occupying company offices in New York City and Sunnyvale, California, on Tuesday in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in, organized by the activist group No Tech for Apartheid, is happening at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. The sit-in will be accompanied by outdoor protests at Google offices in New York, Sunnyvale, San Francisco, and Seattle beginning at 2 pm ET and 11 am PT. Tuesday's actions mark an escalation in a series of recent protests organized by tech workers who oppose their employer's relationship with the Israeli government, especially in light of Israel's ongoing assault on Gaza. Since Hamas killed about 1,100 Israelis on October 7, the IDF has killed more than 34,000 Palestinians.

Just over a dozen people gathered outside Google's offices in New York and Sunnyvale on Tuesday. Among those in New York was Google cloud software engineer Eddie Hatfield, who was fired days after disrupting Google Israel's managing director at March's Mind The Tech, a company-sponsored conference focused on the Israeli tech industry, in early March. Several hours into the sit-ins on Tuesday, Google security began to accuse the workers of "trespassing" and disrupting work, prompting several people to leave while others vowed to remain until they were forced out. The 2021 contract, known as Project Nimbus, involves Google and Amazon jointly providing cloud computing infrastructure and services across branches of the Israeli government. Last week, Time reported that Google's work on Project Nimbus involves providing direct services to the Israel Defense Forces. [...]

On March 4, more than600 other Googlers signed a petition opposing the company's sponsorship of the conference. After Hatfield was fired three days later, Google trust-and-safety-policy employee Vidana Abdel Khalek resigned from her position in opposition to Project Nimbus. Then, in late March, more than 300 Apple workers signed an open letter that alleged retaliation against workers who have expressed support for Palestinians, and urged company leadership to show public support for Palestinians. Hasan Ibraheem, a Google software engineer, is participating in the sit-in at his local Google office in New York. "This has really been a culmination of our efforts," he tells WIRED. Since joining No Tech for Apartheid in December, Ibraheem says, he has been participating in weekly "tabling" actions being held at Google office cafes in New York, Sunnyvale, San Francisco, and Mountain View, California. It involves holding a sign that says "Ask me about Project Nimbus" during lunch break, passing out flyers, and answering questions from coworkers. "It's actually shocking how many people at Google don't even know that this contract exists," Ibraheem says. "A lot of people who don't know about it, who then learn about it through us, are reasonably upset that this contract exists. They just didn't know that it existed beforehand."

According to Bloomberg's Mark Gurman, Apple's initial set of AI-related features in iOS 18 "will work entirely on device," and won't connect to cloud services. AppleInsider reports: In practice, these AI features would be able to function without an internet connection or any form of cloud-based processing. AppleInsider has received information from individuals familiar with the matter that suggest the report's claims are accurate. Apple is working on an in-house large language model, or LLM, known internally as "Ajax." While more advanced features will ultimately require an internet connection, basic text analysis and response generation features should be available offline. [...] Apple will reveal its AI plans during WWDC, which starts on June 10.

Richard Currie reports via The Register: A simple misclick at a London law firm led to a surprise divorce for an unsuspecting couple. An employee at Vardags, self-described specialists in high-net-worth marital breakdowns, opened the wrong file when applying for a divorce in His Majesty's Courts and Tribunals Service (HMCTS) online portal. With a click more potent than Cupid's arrow, the solicitor "issued a final order of divorce in proceedings between Mrs Williams, the applicant wife, and Mr Williams," court papers [PDF] say.

The digital slip occurred on October 3, and thanks to the system's "now customary speed," as described by Judge Sir Andrew McFarlane, President of the Family Division, marital bonds were finally and totally severed in a mere 21 minutes, less time than most couples spend arguing over what to watch on Netflix. When Vardags realized the blunder two days later, it scrambled to reverse the order. The application was made "without notice to the Husband's solicitors -- the Wife's solicitors considered at the time that this was the correct approach given that the Final Order itself had been made without notice."

In the ensuing legal melee, Mr Williams, previously unaware of his sudden single status, received a letter sent by HMCTS the same day as the accidental divorce, stating that he was no longer married. But it was not until October 11, a week later, that he was formally informed of his bachelorhood by his ex-wife's solicitors. Meanwhile, his solicitors entered the fray, demanding that the case be brought before the President of the Family Division to sort out this matrimonial muddle.

The United States Senate is poised to vote on legislation this week that, for the next two years at least, could dramatically expand the number of businesses that the US government can force to eavesdrop on Americans without a warrant. From a report: Some of the nation's top legal experts on a controversial US spy program argue that the legislation, known as the Reforming Intelligence and Securing America Act (RISAA), would enhance the US government's spy powers, forcing a variety of new businesses to secretly eavesdrop on Americans' overseas calls, texts, and email messages. Those experts include a handful of attorneys who've had the rare opportunity to appear before the US government's secret surveillance court.

The Section 702 program, authorized under the Foreign Intelligence Surveillance Act, or FISA, was established more than a decade ago to legalize the government's practice of forcing major telecommunications companies to eavesdrop on overseas calls in the wake of the September 11, 2001, terrorist attacks. On the one hand, the government claims that the program is designed to exclusively target foreign citizens who are physically located abroad; on the other, the government has fiercely defended its ability to access wiretaps of Americans' emails and phone conversations, often years after the fact and in cases unrelated to the reasons the wiretaps were ordered in the first place.

The 702 program works by compelling the cooperation of US businesses defined by the government as "electronic communications service providers" -- traditionally phone and email providers such as AT&T and Google. Members of the House Intelligence Committee, whose leaders today largely serve as lobbyists for the US intelligence community in Congress, have been working to expand the definition of that term, enabling the government to force new categories of businesses to eavesdrop on the government's behalf.

The Justice Department is preparing to sue Live Nation as soon as next month [non-paywalled link], an antitrust challenge that could spur major changes at the biggest name in concert promotion and ticketing. WSJ: The agency is preparing to file an antitrust lawsuit against the Ticketmaster parent in the coming weeks that would allege the nation's biggest concert promoter has leveraged its dominance in a way that undermined competition for ticketing live events, according to people familiar with the matter.

The specific claims the department would allege couldn't be learned. The federal government opted out of trying to block Live Nation and Ticketmaster's 2010 tie up. Since then, the company has faced accusations of exorbitant ticket fees, flawed customer service and anticompetitive practices from lawmakers, regulators and state attorneys general. Critics of the merger say it has stifled competition in ticketing and that the company should be broken up. Live Nation's size and power in concert promotion, ticketing and venues are at the heart of a Justice Department investigation that began in 2022. The investigation gained momentum in November 2022 after Ticketmaster crashed during a fan presale to Taylor Swift's "Eras Tour."

An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective.

By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life."

While the users might be a happy group, however, there weren't many of them compared to other tax filing options -- and their positive reviews likely won't budge the opposition that Direct File has faced from tax software companies and Republicans from the outset. These headwinds will likely continue if the IRS wants to renew it for another tax season. The program opened to the public midway through tax season, when many low-income filers had already claimed their refunds -- and was restricted to taxpayers in 12 states, with only four types of income (wages, interest, Social Security and unemployment). But it gained popularity as tax season went on: The Treasury Department said more than half of the total users of Direct File completed their returns during the last week.

Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials."

All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."