"$5,000 in cash had been withdrawn from my checking account — but not by me," writes journalist Linda Matchan in the Boston Globe. A police station manager reviewed footage from the bank — which was 200 miles away — and deduced that "someone had actually come into the bank and spoken to a teller, presented a driver's license, and then correctly answered some authentication questions to validate the account..." "You're pitting a teller against a national crime syndicate with massive resources behind them," says Paul Benda, executive vice president for risk, fraud, and cybersecurity at the American Bankers Association. "They're very well-funded, well-resourced criminal gangs doing this at an industrial scale." The reporter writes that "For the past two years, I've worked to determine exactly who and what lay behind this crime..." [N]ow I had something new to worry about: Fraudsters apparently had a driver's license with my name on it... "Forget the fake IDs adolescents used to get into bars," says Georgia State's David Maimon, who is also head of fraud insights at SentiLink, a company that works with institutions across the United States to support and solve their fraud and risk issues. "Nowadays fraudsters are using sophisticated software and capable printers to create virtually impossible-to-detect fake IDs." They're able to create synthetic identities, combining legitimate personal information, such as a name and date of birth, with a nine-digit number that either looks like a Social Security number or is a real, stolen one. That ID can then be used to open financial accounts, apply for a bank or car loan, or for some other dodgy purpose that could devastate their victims' financial lives. And there's a complex supply chain underpinning it all — "a whole industry on the dark web," says Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that helps victims undo the damage wrought by identity crime. It starts with the suppliers, Maimon told me — "the people who steal IDs, bring them into the market, and manufacture them. There's the producers who take the ID and fake driver's licenses and build the facade to make it look like they own the identity — trying to create credit reports for the synthetic identities, for example, or printing fake utility bills." Then there are the distributors who sell them in the dark corners of the web or the street or through text messaging apps, and finally the customers who use them and come from all walks of life. "We're seeing females and males and people with families and a lot of adolescents, because social media plays a very important role in introducing them to this world," says Maimon, whose team does surveillance of criminals' activities and interactions on the dark web. "In this ecosystem, folks disclose everything they do." The reporter writes that "It's horrifying to discover, as I have recently, that someone has set up a tech company that might not even be real, listing my home as its principal address." Two and a half months after the theft the stolen $5,000 was back in their bank account — but it wasn't until a year later that the thief was identified. "The security video had been shared with New York's Capital Region Crime Analysis Center, where analysts have access to facial recognition technology, and was run through a database of booking photos. A possible match resulted.... She was already in custody elsewhere in New York... Evidently, Deborah was being sought by law enforcement in at least three New York counties. [All three cases involved bank-related identity fraud.]" Deborah was finally charged with two separate felonies: grand larceny in the third degree for stealing property over $3,000, and identity theft. But Deborah missed her next two court dates, and disappeared. "She never came back to court, and now there were warrants for her arrest out of two separate courts." After speaking to police officials the reporter concludes "There was a good chance she was only doing the grunt work for someone else, maybe even a domestic or foreign-organized crime syndicate, and then suffering all the consequences." The UK minister of state for security even says that "in some places people are literally captured and used as unwilling operators for fraudsters."

Read more of this story at Slashdot.

In an elaborate scam in January, "a finance worker, was duped into attending a video call with people he believed were the chief financial officer and other members of staff," remembers CNN. But Hong Kong police later said that all of them turned out to be deepfake re-creations which duped the employee into transferring $25 million. According to police, the worker had initially suspected he had received a phishing email from the company's UK office, as it specified the need for a secret transaction to be carried out. However, the worker put aside his doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized. Now the targeted company has been revealed: a major engineering consulting firm, with 18,500 employees across 34 offices: A spokesperson for London-based Arup told CNN on Friday that it notified Hong Kong police in January about the fraud incident, and confirmed that fake voices and images were used. "Unfortunately, we can't go into details at this stage as the incident is still the subject of an ongoing investigation. However, we can confirm that fake voices and images were used," the spokesperson said in an emailed statement. "Our financial stability and business operations were not affected and none of our internal systems were compromised," the person added... Authorities around the world are growing increasingly concerned about the sophistication of deepfake technology and the nefarious uses it can be put to. In an internal memo seen by CNN, Arup's East Asia regional chairman, Michael Kwok, said the "frequency and sophistication of these attacks are rapidly increasing globally, and we all have a duty to stay informed and alert about how to spot different techniques used by scammers." The company's global CIO emailed CNN this statement. "Like many other businesses around the globe, our operations are subject to regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes. "What we have seen is that the number and sophistication of these attacks has been rising sharply in recent months." Slashdot reader st33ld13hl adds that in a world of Deep Fakes, insurance company USAA is now asking its customers to authenticate with voice. (More information here.) Thanks to Slashdot reader quonset for sharing the news.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: An Arizona woman has been accused of helping generate millions of dollars for North Korea's ballistic missile program by helping citizens of that country land IT jobs at US-based Fortune 500 companies. Christina Marie Chapman, 49, of Litchfield Park, Arizona, raised $6.8 million in the scheme, federal prosecutors said in an indictment unsealed Thursday. Chapman allegedly funneled the money to North Korea's Munitions Industry Department, which is involved in key aspects of North Korea's weapons program, including its development of ballistic missiles. Part of the alleged scheme involved Chapman and co-conspirators compromising the identities of more than 60 people living in the US and using their personal information to get North Koreans IT jobs across more than 300 US companies. As another part of the alleged conspiracy, Chapman operated a "laptop farm" at one of her residences to give the employers the impression the North Korean IT staffers were working from within the US; the laptops were issued by the employers. By using proxies and VPNs, the overseas workers appeared to be connecting from US-based IP addresses. Chapman also received employees' paychecks at her home, prosecutors said. Federal prosecutors said that Chapman and three North Korean IT workers -- using the aliases of Jiho Han, Chunji Jin, Haoran Xu, and others -- had been working since at least 2020 to plan a remote-work scheme. In March of that year, prosecutors said, an individual messaged Chapman on LinkedIn and invited her to "be the US face" of their company. From August to November of 2022, the North Korean IT workers allegedly amassed guides and other information online designed to coach North Koreans on how to write effective cover letters and resumes and falsify US Permanent Resident Cards. Under the alleged scheme, the foreign workers developed "fictitious personas and online profiles to match the job requirements" and submitted fake documents to the Homeland Security Department as part of an employment eligibility check. Chapman also allegedly discussed with co-conspirators about transferring the money earned from their work. Chapman was arrested Wednesday. It wasn't immediately known when she or Didenko were scheduled to make their first appearance in court. If convicted, Chapman faces 97.5 years in prison, and Didenko faces up to 67.5 years.

Read more of this story at Slashdot.

Plumpaquatsch writes: Investigators teamed up with colleagues from the Balkans and Lebanon in raids set up by months of intense surveillance. Authorities say the operation thwarted over 10 million euro in damages and led to 21 arrests. Dubbed 'Operation Pandora,' the sting began in Germany in December 2023, after a suspicious bank teller contacted police when a 76-year-old customer from Freiburg sought to hurriedly withdraw 120,000 euro ($128,232) from her savings account to hand over to a fake police officer. When real police investigators tracked the internet-based telephone number that had been used to lure the woman, they discovered a veritable goldmine. Rather than shutting down the number, authorities instead went on the offensive, setting up their own call center in which hundreds of officers from Baden-Wurttemberg, Bavaria, Berlin and Saxony worked around the clock monitoring some 1.3 million calls in real time, as the number from the initial scam was tied to an entire network of fraud call centers. Police were able to trace and record data from the calls, as well as warn potential victims of what was in fact happening, in turn winning valuable time to put together the April 18 sting. Police say their efforts allowed them to thwart some 10 million euro in damages in roughly 6,000 cases of attempted fraud.

Read more of this story at Slashdot.

One of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential therapy notes he stole. From a report: Julius Kivimaki obtained them after breaking into the databases of Finland's largest psychotherapy company, Vastaamo. After his attempt to extort the company failed, he emailed patients directly, threatening to reveal what they had told their therapists. At least one suicide has been linked to the case, which has shocked the country. Kivimaki has been sentenced to six years and three months in prison. In terms of the number of victims, his trial was the biggest criminal case in Finnish history. One of them gave their reaction to the BBC. "The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence," said Tiina Parrika. "After this there rise thoughts about how short the conviction is, when reflected against the number of victims," she added. "But, that's the Finnish law and I must accept that."

Read more of this story at Slashdot.

Longtime Slashdot reader ArchieBunker shares a report from The Mirror: The city court in Syktyvkar, the largest city in Russia's northwestern Komi region, announced it had arrested [former world chess champion Garry Kasparov] in absentia alongside former Russian parliament member Gennady Gudkov, Ivan Tyutrin co-founder of the Free Russia Forum -- which has been designated as an "undesirable organization in the country -- as well as former environmental activist Yevgenia Chirikova. All were charged with setting up a terrorist society, according to the court's press service. As all were charged in their absence, none were physically held in custody. "The court has selected a measure of restraint for Garry Kasparov, Gennady Gudkov, Yevgenia Chirikova and Ivan Tyutrin, charged with establishing and heading a terrorist society, funding terrorist activity and justifying it publicly," the court said according to Kremlin-backed outlet TASS. "The court granted the investigative bodies' motions to remand Kasparov, Gudkov, Chirikova and Tyutrin in custody as a measure of restraint." Kasparov responded to the court's bizarre arrest statement in an April 24 post shared on X, formerly Twitter. "In absentia is definitely the best way I've ever been arrested," he said. "Good company, as well. I'm sure we're all equally honored that Putin's terror state is spending time on this that would otherwise go persecuting and murdering." The report notes that Kasparov "found himself in Russian President Vladimir Putin's firing line after he voiced his opposition to the country's leader." The report continues: "He has also pursued pro-democracy initiatives in Russia. But he felt unable to continue living in Russia after he was jailed and allegedly beaten by police in 2012, according to the Guardian. He was granted Croatian citizenship in 2014 following repeated difficulties in Russia."

Read more of this story at Slashdot.

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]... Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term. The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up. What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April... The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless... Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities. The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.

Read more of this story at Slashdot.

Crypto entrepreneur Sam Bankman-Fried was sentenced Thursday to 25 years [non-paywalled link] in prison for a massive fraud that unraveled with the collapse of FTX, once one of the world's most popular platforms for exchanging digital currency. From a report: Bankman-Fried, 32, was convicted in November of fraud and conspiracy -- a dramatic fall from a crest of success. U.S. District Judge Lewis A. Kaplan imposed the sentence in the same Manhattan courtroom where, four months ago, Bankman-Fried testified that his intention had been to revolutionize the emerging cryptocurrency market with his innovative and altruistic ideas, not to steal. Kaplan said the sentence reflected "that there is a risk that this man will be in position to do something very bad in the future. And it's not a trivial risk at all." He added that it was "for the purpose of disabling him to the extent that can appropriately be done for a significant period of time." Prior to sentencing, Bankman-Fried had said, "My useful life is probably over. It's been over for a while now, from before my arrest."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Techdirt: Nigeria doesn't exactly have a stellar reputation when it comes to respecting the speech rights of its own citizens, nor the rights of platforms that its citizens use. But I will admit that even with that reputation in place, I'm a bit at a loss as to why the country decided to arrest and charge a woman for violating those same laws because she wrote an unkind review of a can of tomato puree on Facebook: "A Nigerian woman who wrote an online review of a can of tomato puree is facing imprisonment after its manufacturer accused her of making a 'malicious allegation' that damaged its business. Chioma Okoli, a 39-year-old entrepreneur from Lagos, is being prosecuted and sued in civil court for allegedly breaching the country's cybercrime laws, in a case that has gripped the West African nation and sparked protests by locals who believe she is being persecuted for exercising her right to free speech." By now you're wondering what actually happened here. Well, Okoli got on Facebook after having tried a can of Nagiko Tomato Mix, made by local Nigerian company Erisco Foods. Her initial post essentially complained about it being too sugary. So pretty standard fair for a review-type post on Facebook. When she started getting some mixed replies, some of them told her to stop trying to ruin the company and just buy something else, with one such message supposedly coming from a relative of the company's ownership. To that, she replied: "Okoli responded: 'Help me advise your brother to stop ki***ing people with his product, yesterday was my first time of using and it's pure sugar.'" By the way, you can see all of this laid out by Erisco Foods itself on its own Facebook page. The company also claims that she exchanged messages with others talking about how she wanted to trash the product online so that nobody would buy it and that sort of thing. Whatever the truth about that situation is, this all stems from a poor review of a product posted online, which is the kind of speech countries with free speech laws typically protect. In Okoli's case, she was arrested shortly after those posts. [...] Okoli is pregnant and was placed in a cell during her arrest that had water leaking into it, by her account. She was also forced to apologize to Erisco Foods as part of her bond release, which she then publicly stated was done under duress and refused to apologize once out of holding. Okoli is also countersuing both Erisco Foods and the police, arguing for a violation of her speech rights.

Read more of this story at Slashdot.

A SWAT team in St. Louis County mistakenly raided the home of Brittany Shamily and her family, based on the inaccurate tracking of stolen AirPods by the "FindMy" app. The family is suing for damages stemming from embarrassment, unreasonable use of force, loss of liberty, and other factors. The Riverfront Times reports: Around 6:30 p.m. on May 26, Brittany Shamily was at home with her children, including an infant, when police used a battering ram to bust in her front door. "What the hell is going on?" she screamed, terrified for herself and her family. "I got a three-month-old baby!" Body camera footage from the scene shows Shamily come to the front door, her hands up, her face a mix of fright and utter confusion at the heavily armed folly making its way from her front porch into her foyer. "Oh my god," she says. The SWAT team was looking for guns and other material related to a carjacking that had occurred that morning. Their search didn't turn up any of that -- though it has led to a lawsuit, filed Friday, that may lead to a better public understanding of how county police decide whether to deploy a SWAT team or serve a search warrant in a less menacing manner. Because in this case, the police clearly made the wrong call. The carjacking that led to the raid happened about 12 hours prior, 16 miles away, in south county. Around 6 a.m., two brothers were leaving the Waffle House on Telegraph Road near Jefferson Barracks when a group of six people pulled up outside the restaurant and carjacked them. Two of the carjackers took off in the brothers' Dodge Charger while the other four fled the scene in their own vehicles. St. Louis County Police were summoned to the scene. As part of their investigation, a friend of the carjacked brothers told police that his AirPods were in the stolen car and that he could track them using the "FindMy" application, a feature that lets users locate one Apple device using another. Police did just that and, according to the lawsuit, the app showed the AirPods to be at Shamily's house. There was just one problem. "FindMy is not that accurate," says the family's lawyer, Bevis Schock. "I actually went to my house with my co-counsel and played around with it for an hour. It's just not that good." Yet based on the "FindMy" result, an officer signed an application for a search warrant saying he had reason to believe that "firearms, ammunition, holsters" and other "firearm-related material" were inside. That evening, police showed up in full combat gear carrying a battering ram. [...] While the family was detained outside, the SWAT team "ransacked" their house, the lawsuit says. One SWAT team member punched a basketball-sized hole in the drywall. Another broke through a drop ceiling. They turned over drawers and left what had been an orderly house in disarray. After this had gone on for more than half an hour, the AirPods were located -- on the street outside the family's home. Unfortunately, this isn't the first time something like this has happened. In January 2022, SWAT teams in Denver raided an elderly woman's home after the "FindMy" app falsely pinged her home as the location of a stolen iPhone. The woman was recently awarded $3.76 million in compensation and damages.

Read more of this story at Slashdot.