Tech News
Spy-catcher saw “stupid” tech errors others made. FBI says he then made his own.
Security - Posted On:2025-05-30 17:15:00 Source: arstechnica
Twenty-eight-year-old Nathan Laatsch was, until yesterday, a cybersecurity employee at the Defense Intelligence Agency (DIA). He had a Top Secret clearance and worked in the Insider Threat Division. Laatsch spent his days—you'll understand the past tense in a moment—"enabling user monitoring on individuals with access to DIA systems," including employees under surreptitious internal investigation.
Given that Laatsch was one of those who "watched the watchers," he appears to have had supreme confidence in his own ability to avoid detection should he decide to go rogue. "Stupid mistakes" made by other idiots would "not be difficult for me to avoid," he once wrote. DIA couldn't even launch an investigation of Laatsch without him knowing that something was up.
The Greeks had a word for this: hubris.
After latest kidnap attempt, crypto types tell crime bosses: Transfers are traceable
Security - Posted On:2025-05-15 17:45:00 Source: arstechnica
Masked men jumped out of a white-panel van in Paris this week, attempting to snatch a 34-year-old woman off the street. The woman's husband fought back and suffered a fractured skull, according to France24. The woman continued resisting long enough for a bike shop owner named Nabil to rush out swinging a fire extinguisher, which he hurled after the departing van as the attackers finally fled. The entire altercation was captured on video.
The woman was identified as the daughter of a "crypto boss," and her attempted kidnapping is part of a disquieting surge in European crypto-related abductions—two of which have already involved fingers being chopped off. The last major abduction happened in Paris only two weeks ago, and it ended with French police storming a house in the Paris suburbs and rescuing a crypto mogul's now-four-fingered father.
The attacks have spooked the industry, which has called, somewhat ironically, for enhanced protections from the government. Reuters notes that the issue has been escalated all the way to the top of the French government, where Interior Minister Bruno Retailleau announced plans this week to "meet with French crypto entrepreneurs to make them aware of the risks and to take measures to protect them."
An $8.4 billion money launderer has been operating for years on US soil
Security - Posted On:2025-05-14 14:30:01 Source: arstechnica
As the underground industry of crypto investment scams has grown into one of the world's most lucrative forms of cybercrime, the secondary market of money launderers for those scammers has grown to match it. Amid that black market, one such Chinese-language service on the messaging platform Telegram blossomed into an all-purpose underground bazaar: It has offered not only cash-out services to scammers but also money laundering for North Korean hackers, stolen data, targeted harassment-for-hire, and even what appears to be sex trafficking. And somehow, it's all overseen by a company legally registered in the United States.
According to new research released today by crypto-tracing firm Elliptic, a company called Xinbi Guarantee has since 2022 facilitated no less than $8.4 billion in transactions via its Telegram-based marketplace prior to Telegram’s actions in recent days to remove its accounts from the platform. Money stolen from scam victims likely represents the “vast majority” of that sum, according to Elliptic's cofounder Tom Robinson. Yet even as the market serves Chinese-speaking scammers, it also boasts on the top of its website—in Mandarin—that it's registered in Colorado.
“Xinbi Guarantee has served as a giant, purportedly US-incorporated illicit online marketplace for online scams that primarily offers money laundering services,” says Robinson. He adds, though, that Elliptic has also found a remarkable variety of other criminal offerings on the market: child-bearing surrogacy and egg donors, harassment services that offer to threaten or throw feces at any chosen victim, and even sex workers in their teens who are likely trafficking victims.
We have reached the “severed fingers and abductions” stage of the crypto revolution
Security - Posted On:2025-05-07 17:30:00 Source: arstechnica
French gendarmes have been busy policing crypto crimes, but these aren't the usual financial schemes, cons, and HODL! shenanigans one usually reads about. No, these crimes involve abductions, (multiple) severed fingers, and (multiple) people rescued from the trunks of cars—once after being doused with gasoline.
This previous weekend was particularly nuts, with an older gentleman snatched from the streets of Paris' 14th arrondissement on May 1 by men in ski masks. The 14th is a pleasant place—I highly recommend a visit to the catacombs in Place Denfert-Rochereau—and not usually the site of snatch-and-grab operations. The abducted man was apparently the father of someone who had made a packet in crypto. The kidnappers demanded a multimillion-euro ransom from the man's son.
According to Le Monde, the abducted father was taken to a house in a Parisian suburb, where one of the father's fingers was cut off in the course of ransom negotiations. Police feared "other mutilations" if they were unable to find the man, but they did locate and raid the house this weekend, arresting five people in their 20s. (According to the BBC, French police used "phone signals" to locate the house.)
CVE, global source of cybersecurity info, was hours from being cut by DHS
Security - Posted On:2025-04-16 13:30:01 Source: arstechnica
The Common Vulnerability and Exposures, or CVE, repository holds the answers to some of information security's most vital questions. Namely, which security issue are we talking about, exactly, and how does it work?
The 25-year-old CVE program, an essential part of global cybersecurity, is cited in nearly any discussion or response to a computer security issue, including Ars posts. CVE was at real risk of closure after its contract was set to expire on April 16. The nonprofit MITRE runs CVE and related programs (like Common Weakness Enumeration, or CWE) on a contract with the US Department of Homeland Security (DHS). A letter to CVE board members sent Tuesday by Yosry Barsoum, vice president of MITRE, gave notice of the potential halt to operations.
"If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum wrote.
CEO of AI ad-tech firm pledging “world free of fraud” sentenced for fraud
Security - Posted On:2025-03-21 13:45:00 Source: arstechnica
In May 2024, the website of ad-tech firm Kubient touted that the company was "a perfect blend" of ad veterans and developers, "committed to solving the growing problem of fraud" in digital ads. Like many corporate sites, it also linked old blog posts from its home page, including a May 2022 post on "How to create a world free of fraud: Kubient's secret sauce."
These days, Kubient's website cannot be reached, the team is no more, and CEO Paul Roberts is due to serve one year and one day in prison, having pled guilty Thursday to creating his own small world of fraud. Roberts, according to federal prosecutors, schemed to create $1.3 million in fraudulent revenue statements to bolster Kubient's initial public offering (IPO) and significantly oversold "KAI," Kubient's artificial intelligence tool.
The core of the case is an I-pay-you, you-pay-me gambit that Roberts initiated with an unnamed "Company-1," according to prosecutors. Kubient and this firm would each bill the other for nearly identical amounts, with Kubient purportedly deploying KAI to find instances of ad fraud in the other company's ad spend.
X is reportedly blocking links to secure Signal contact pages
Security - Posted On:2025-02-17 11:15:01 Source: arstechnica
X, the social platform formerly known as Twitter, is seemingly blocking links to Signal, the encrypted messaging platform, according to journalist Matt Binder and other firsthand accounts.
Binder wrote in his Disruptionist newsletter Sunday that links to Signal.me, a domain that offers a way to connect directly to Signal users, are blocked on public posts, direct messages, and profile pages. Error messages—including "Message not sent," "Something went wrong," and profiles tagged as "considered malware" or "potentially harmful"—give no direct suggestion of a block. But posts on X, reporting at The Verge, and other sources suggest that Signal.me links are broadly banned.
Signal.me links that were already posted on X prior to the recent change now show a "Warning: this link may be unsafe" interstitial page rather than opening the link directly. Links to Signal handles and the Signal homepage are still functioning on X.
Serial “swatter” behind 375 violent hoaxes targeted his own home to look like a victim
Security - Posted On:2025-02-12 15:45:01 Source: arstechnica
A teacher in high school once quoted an old proverb to me: "Do something you love, and you'll never work a day in your life!"
Perhaps 18-year-old Alan Filion encountered a similar teacher during his school years in California, because once Filion learned that he truly loved making fake "swatting" calls to law enforcement—well, he turned the crime into a job, using handles like "Nazgul Swattings" and "Third Reich of Kiwiswats." Originally it was all about the "power trip," but it soon became about "money and the power trip."
"Prices: $40-Gas leak/Fire for EMS/Fire/Gas Leak [$35 for returning customers]," Filion wrote in a 2023 advertisement that ran on various social media channels. "$50 for a major police response to the house [$40 for returning customers]; $75 for a bomb threat/mass shooting threat (they will shut down the school or public location for a day) [$60 for returning customers]. All swats will be done ASAP or present time."
VPN used for VR game cheat sells access to your home network
Security - Posted On:2024-12-20 11:00:01 Source: arstechnica
In the hit virtual reality game Gorilla Tag, you swing your arms to pull your primate character around—clambering through virtual worlds, climbing up trees and, above all, trying to avoid an infectious mob of other gamers. If you’re caught, you join the horde. However, some kids playing the game claim to have found a way to cheat and easily “tag” opponents.
Over the past year, teenagers have produced video tutorials showing how to side-load a virtual private network (VPN) onto Meta’s virtual reality headsets and use the location-changing technology to get ahead in the game. Using a VPN, according to the tutorials, introduces a delay that makes it easier to sneak up and tag other players.
While the workaround is likely to be an annoying but relatively harmless bit of in-game cheating, there’s a catch. The free VPN app that the video tutorials point to, Big Mama VPN, is also selling access to its users’ home internet connections—with buyers essentially piggybacking on the VR headset’s IP address to hide their own online activity.
Microsoft president asks Trump to “push harder” against Russian hacks
Security - Posted On:2024-11-22 09:45:00 Source: arstechnica
Microsoft’s president has called on Donald Trump to “push harder” against cyber attacks from Russia, China, and Iran amid a wave of state-sponsored hacks targeting US government officials and election campaigns.
Brad Smith, who is also the Big Tech company’s vice chair and top legal officer, told the Financial Times that cyber security “deserves to be a more prominent issue of international relations” and appealed to the US president-elect to send a “strong message.”
“I hope that the Trump administration will push harder against nation-state cyber attacks, especially from Russia and China and Iran,” Smith said. “We should not tolerate the level of attacks that we are seeing today.”
Hundreds of code libraries posted to NPM try to install malware on dev machines
Security - Posted On:2024-11-04 19:45:00 Source: arstechnica
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries there, researchers said.
The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency. The campaign, which was active at the time this post was going live on Ars, was reported by researchers from the security firm Phylum. The discovery comes on the heels of a similar campaign a few weeks ago targeting developers using forks of the Ethers.js library.
“Out of necessity, malware authors have had to endeavor to find more novel ways to hide intent and to obfuscate remote servers under their control,” Phylum researchers wrote. “This is, once again, a persistent reminder that supply chain attacks are alive and well.”
Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked
Security - Posted On:2024-10-17 17:15:01 Source: arstechnica
US officials charged a man with compromising the official Twitter/X account of the Securities and Exchange Commission for purposes of posting false information that caused the price of bitcoin to spike.
The January attack, federal prosecutors said, started with a SIM swap, a form of fraud that takes control of a cell phone number by assuming the identity of the person the number belongs to. The attacker then uses the false identity to induce an employee of the cellular carrier to move the phone number off the current Subscriber Identity Module card, a small chip that connects a device to a specific carrier account. Then, the attacker has the number transferred to a new SIM card, usually under the pretense that the fraudulent account holder has just obtained a new device.
The number at issue in the SIM swap, an indictment unsealed on Thursday said, was used to provide two-factor authentication for the SEC X account, which authorized commission personnel to post official communications. One of the people connected to the conspiracy then used the 2FA code to compromise the X account to tweet false information that caused the price of a single bitcoin to increase by $1,000.
How alleged SIM swap and hacked X account drove up price of bitcoin by $1K
Security - Posted On:2024-10-17 16:30:00 Source: arstechnica
US officials charged a man with compromising the official Twitter/X account of the Securities and Exchange Commission for purposes of posting false information that caused the price of bitcoin to spike.
The January attack, federal prosecutors said, started with a SIM-swap, a form of fraud that takes control of a cell phone number by assuming the identity of the person the number belongs to. The attacker then uses the false identity to induce an employee of the cellular carrier to move the phone number off the current Subscriber Identity Module card, a small chip that connects a device to a specific carrier account. Then, the attacker has the number transferred to a new SIM card, usually under the pretense that the fraudulent account holder has just obtained a new device.
The number at issue in the SIM swap, an indictment unsealed on Thursday said, was used to provide two-factor authentication for the SEC X account, which authorized commission personnel to post official communications. One of the people connected to the conspiracy then used the 2FA code to compromise the X account to tweet false information that caused the price of a single bitcoin to increase by $1,000.
DNA confirms these 19th-century lions ate humans
Security - Posted On:2024-10-17 09:30:00 Source: arstechnica
For several months in 1898, a pair of male lions turned the Tsavo region of Kenya into their own human hunting grounds, killing many construction workers who were building the Kenya-Uganda railway. A team of scientists has now identified exactly what kinds of prey the so-called "Tsavo Man-Eaters" fed upon, based on DNA analysis of hairs collected from the lions' teeth, according to a recent paper published in the journal Current Biology. They found evidence of various species the lions had consumed, including humans.
The British began construction of a railway bridge over the Tsavo River in March 1898, with Lieutenant-Colonel John Henry Patterson leading the project. But mere days after Patterson arrived on site, workers started disappearing or being killed. The culprits: two maneless male lions, so emboldened that they often dragged workers from their tents at night to eat them. At their peak, they were killing workers almost daily—including an attack on the district officer, who narrowly escaped with claw lacerations on his back. (His assistant, however, was killed.)
Patterson finally managed to shoot and kill one of the lions on December 9 and the second 20 days later. The lion pelts decorated Patterson's home as rugs for 25 years before being sold to Chicago's Field Museum of Natural History in 1924. The skins were restored and used to reconstruct the lions, which are now on permanent display at the museum, along with their skulls.
DNA confirms these 19th century lions ate humans
Security - Posted On:2024-10-16 18:45:00 Source: arstechnica
For several months in 1898, a pair of male lions turned the Tsavo region of Kenya into their own human hunting grounds, killing many construction workers who were building the Kenya-Uganda railway. A team of scientists has now identified exactly what kinds of prey the so-called "Tsavo Man-Eaters" fed upon, based on DNA analysis of hairs collected from the lions' teeth, according to a recent paper published in the journal Current Biology. They found evidence of various species the lions had consumed, including humans.
The British began construction of a railway bridge over the Tsavo River in March 1898, with Lieutenant-Colonel John Henry Patterson leading the project. But mere days after Patterson arrived on site, workers started disappearing or being killed. The culprits: two maneless male lions, so emboldened that they often dragged workers from their tents at night to eat them. At their peak, they were killing workers almost daily—including an attack on the district officer, who narrowly escaped with claw lacerations on his back. (His assistant, however, was killed.)
Patterson finally managed to shoot and kill one of the lions on December 9 and the second 20 days later. The lion pelts decorated Patterson's home as rugs for 25 years before being sold to Chicago's Field Museum of Natural History in 1924. The skins were restored and used to reconstruct the lions, which are now on permanent display at the museum, along with their skulls.
Indicted NYC mayor to FBI: I, uh, forgot my phone’s passcode
Security - Posted On:2024-09-27 13:15:01 Source: arstechnica
New York City mayor Eric Adams was stopped on the street by the FBI after an event in November 2023. Agents had a warrant for his electronic devices, which they seized. At the time, Adams made clear that he had nothing to hide, saying in a statement, "As a former member of law enforcement, I expect all members of my staff to follow the law and fully cooperate with any sort of investigation—and I will continue to do exactly that."
Thanks to this week's federal indictment (PDF) of Adams—the first for a sitting NYC mayor, and one that alleges bribery from Turkish sources—we now have the same story from the government's perspective. It sounds quite a bit different.
According to the feds, agents seized not one but two cell phones from Adams on November 6, 2023—but neither of these was Adams' "personal" phone, which he was not carrying. It was the personal phone that Adams allegedly used "to communicate about the conduct described in this indictment."
14 dead as Hezbollah walkie-talkies explode in second, deadlier attack
Security - Posted On:2024-09-18 15:45:00 Source: arstechnica
Wireless communication devices have exploded again today across Lebanon in a second attack even deadlier than yesterday's explosion of thousands of Hezbollah pagers. According to Lebanon's Ministry of Health, the new attack has killed at least 14 more people and injured more than 450.
Today's attack targeted two-way radios ("walkie-talkies") issued to Hezbollah members. The radios exploded in the middle of the day, with at least one going off during a funeral for people killed in yesterday's pager attacks. A New York Times report on that funeral described the moment:
When the blast went off, a brief, eerie stillness descended on the crowd. Mourners looked at one another in disbelief. The religious chants being broadcast over a loudspeaker abruptly stopped.
Then panic set in. People started scrambling in the streets, hiding in the lobbies of nearby buildings, and shouting at one another, “Turn off your phone! Take out the battery!” Soon a voice on the loudspeaker at the funeral urged everyone to do the same...
One woman, Um Ibrahim, stopped a reporter in the middle of the confusion and begged to use the reporter’s cellphone to call her children. The woman dialed a number with her hands shaking, then screamed into the phone, “Turn off your phones now!”
The story appears to capture the current mood in Lebanon, where no one seems quite sure what will explode next. While today's attack against walkie-talkies is well-attested, various unconfirmed reports suggest that people fear an explosion from just about anything with a battery.
Elon Musk threatens to sue FAA after feds propose fining SpaceX $633,000
Security - Posted On:2024-09-18 12:30:01 Source: arstechnica
The Federal Aviation Administration alleged Tuesday that SpaceX violated its launch license requirements on two occasions last year by using an unauthorized launch control center and fuel farm at NASA's Kennedy Space Center in Florida.
The regulator seeks to fine SpaceX $633,009 for the alleged violations, which occurred during a Falcon 9 launch and a Falcon Heavy launch last year. Combined, the proposed fines make up the largest civil penalty ever imposed by the FAA's commercial spaceflight division.
“Safety drives everything we do at the FAA, including a legal responsibility for the safety oversight of companies with commercial space transportation licenses,” said Marc Nichols, the FAA's chief counsel, in a statement. “Failure of a company to comply with the safety requirements will result in consequences.”
11 dead, thousands injured in explosive supply chain attack on Hezbollah pagers
Security - Posted On:2024-09-18 01:30:00 Source: arstechnica
A massive wave of pager explosions across Lebanon and Syria beginning at 3:30 pm local time today killed at least 11 people and injured more than 2,700, according to local officials. Many of the injured appear to be Hezbollah members, although a young girl is said to be among the dead.
Anonymous officials briefed on the matter are now describing it as a supply chain attack in which Israel was able to hide small amounts of explosives inside Taiwanese pagers shipped to Lebanon. The explosive was allegedly triggered by a small switch inside the pagers that would be activated upon receiving a specific code. Once that code was received, the pagers beeped for several seconds—and then detonated.
New York Times reporters captured the chaos of the striking scene in two anecdotes:
8 dead, 2,700 injured after simultaneous pager explosions in Lebanon
Security - Posted On:2024-09-17 13:30:00 Source: arstechnica
A massive wave of pager explosions across Lebanon and Syria around 3:30 pm local time today has killed at least eight people and injured more than 2,700, according to local officials. Many of the injured appear to be Hezbollah members, although a young girl is said to be among the dead.
New York Times reporters captured the chaos of the striking scene in two anecdotes:
Ahmad Ayoud, a butcher from the Basta neighborhood in Beirut, said he was in his shop when he heard explosions. Then he saw a man in his 20s fall off a motorbike. He appeared to be bleeding. “We all thought he got wounded from random shooting,” Ayoud said. “Then a few minutes later we started hearing of other cases. All were carrying pagers.”
...
Residents of Beirut’s southern suburbs, where many of the explosions took place, reported seeing smoke coming from people’s pockets followed by a blast like a firework. Mohammed Awada, 52, was driving alongside one of the victims. “My son went crazy and started to scream when he saw the man’s hand flying away from him,” he said.
Video from the region already shows a device exploding in a supermarket checkout line, and pictures show numerous young men lying on the ground with large, bloody wounds on their upper legs and thighs.