20-year-old Matthew Lane sent a text message to ABC News as his parents drove him to federal prison in Connecticut. "I'm just scared," he said, calling the whole situation "extremely sad." Barely a year earlier, while still a teenager, he helped launch what's been described as the biggest cyberattack in U.S. education history — a data breach that concerned authorities so much, it prompted briefings with senior government officials inside the White House Situation Room. The breach pierced the education technology company PowerSchool — used by 80% of school districts in North America... [and operating in about 90 countries around the world]. With threats to expose social security numbers, dates of birth, family information, grades, and even confidential medical information, the breach cornered PowerSchool into paying millions of dollars in ransom. "I think I need to go to prison for what I did," Lane told ABC News in an exclusive interview, speaking publicly for the first time about the headline-grabbing heist and his life as a cybercriminal. "It was disgusting, it was greedy, it was rooted in my own insecurities, it was wrong in every aspect," he said in the interview, two days before reporting to prison... At about 6:30 on a Tuesday morning last April, FBI agents started banging on the door of Lane's second-floor dorm room. "FBI! We have a search warrant," Lane recalled them shouting. They seized his devices and many of the luxury items he bought with "dirty" money, as he put it. He said he felt a "wave of relief.... I'm honestly thankful for the FBI," he said. "After they left, I was like, 'It's over ... I'm done with this'..." A federal judge in Massachusetts sentenced him to four years in federal prison and ordered him to pay more than $14 million in restitution. "In the wake of the breach, PowerSchool offered two years' worth of credit-monitoring and identity protection services to concerned customer," the article points out. But it also notes two other arrests in September of teenaged cybercriminals: - A 15-year-old boy in Illinois who allegedly attacked Las Vegas casinos, reportedly costing MGM Resorts alone more than $100 million - A British national who when he was 16 helped breach over 110 companies around the world and extort $115 million. But ironically, Lane tells ABC News it all started on Roblox, where he'd met cheaters, password-stealers, and cybercriminals sharing photos of their stacks of money, creating a "sense of camaraderie" Lane and others warn that online forums also attract criminal groups seeking to recruit potential hackers. "The bad guys are on all the platforms watching the kids playing," Hay said. "And when they see an elite-level performer, they go approach that kid, masquerading as another kid, and they go, 'Hey, you want to earn some [money]? ... Here are the tools, here are the techniques'...." According to Lane, he spent his "ill-gotten gains" on designer clothes, diamond jewelry, DoorDash deliveries, Airbnb rentals for him and his friends, and drugs — "lots of drugs." He said he would numb ever-present feelings of guilt with drugs — from high-potency marijuana to acid. But it was hacking that gave him the strongest high. "It's indescribable the adrenaline you get when you do something like that," he said. "It's way more than driving 120 miles per hour. ... Incomparable to any drug at all, as well." "On Monday, Roblox announced that, starting in June, it will offer age-checked accounts for younger users that limit what games they can play, and add 'more closely align content access, communication settings, and parental controls with a user's age.'"

Read more of this story at Slashdot.

The FBI searched the Texas home of a 20-year-old man accused of throwing a Molotov cocktail at Sam Altman's San Francisco residence. Authorities say the suspect also made threats at OpenAI's headquarters, and reports indicate he had written extensively about fears over AI and opposition to AI executives. The suspect reportedly authored a Substack blog and was a member of the Discord server PauseAI, an activist group focused on banning the development of the most powerful AI models to protect the public. In one post, they wrote: "These machines have already shown themselves to be unaligned with the interest of the people creating them. Models have often been found lying, cheating on tasks, and blackmailing their own creators whenever convenient; let alone the broader question of aligning them to whatever general 'human interest' may be." The Houston Chronicle reports: The search happened hours before the Justice Department charged 20-year-old Daniel Moreno-Gama with possession of an unregistered firearm and damage and destruction of property by means of explosives. An FBI spokesperson on Monday morning confirmed agents were executing a search warrant in Spring, but provided no other information. Around the same time, FOX News reported the search was being conducted at the home of Daniel Moreno-Gama, 20, who last week was arrested by San Francisco police suspicion of attempted murder, making criminal threats and possession of a destructive device. The charges were first reported by the Associated Press. When Moreno-Gama was arrested Friday, he was carrying a document that "identified views opposed to Artificial Intelligence (AI) and the executives of various AI companies," the Associated Press reported. Moreno-Gama has no criminal history in Harris or Montgomery counties, according to public records. [...] Agents had left the cul-de-sac by 1 p.m. It was unclear if they removed any items from the house. Another incident occurred outside Sam Altman's residence early Sunday morning. "Early Sunday morning, a car stopped and appears to have fired a gun at the Russian Hill home of OpenAI's CEO," reports The San Francisco Standard, citing reports from the local police department. Two suspects were arrested and booked for negligent discharge. UPDATE: The suspect has been charged with attempted murder.

Read more of this story at Slashdot.

"Early Sunday morning, a car stopped and appears to have fired a gun at the Russian Hill home of OpenAI's CEO," reportsThe San Francisco Standard, citing reports from the local police department: The San Francisco Police Department announced the arrest of two suspects, Amanda Tom, 25, and Muhamad Tarik Hussein, 23, who were booked for negligent discharge... [The person in the passenger seat] put their hand out the window and appeared to fire a round on the Lombard side of the property, according to a police report on the incident, which cited surveillance footage and the compound's security personnel, who reported hearing a gunshot. The car then fled, and a camera captured its license plate, which later led police to take possession of the vehicle, according to the report... A search of the residence by officers turned up three firearms, according to police. The incident follows Friday's arrest of a man who allegedly threw a Molotov cocktail at Altman's house. The San Francisco Standard also notes that in November, "threats from a 27-year-old anti-AI activist prompted the lockdown of OpenAI's San Francisco offices." Sam Kirchner, whose whereabouts have been unknown since Nov. 21, was in the midst of a mental health crisis when he threatened to go to the company's offices to "murder people," according to callers who notified police that day.

Read more of this story at Slashdot.

San Francisco police arrested a suspect after a Molotov cocktail was allegedly thrown at Sam Altman's home and threats were later made outside OpenAI's headquarters. "Thankfully, no one was hurt," said OpenAI in a statement to WIRED. "We deeply appreciate how quickly SFPD responded and the support from the city in helping keep our employees safe. The individual is in custody, and we're assisting law enforcement with their investigation." From the report: "At approximately 3:45am PT, an unidentified individual approached Sam's residence and threw an incendiary device toward the property. The device landed nearby and extinguished. There were no injuries and only minimal damage was reported," the message to staff reads. "Shortly afterward, an individual matching the suspect's description was contacted by security outside MB1," the message continues, referring to OpenAI's headquarters in San Francisco's Mission Bay neighborhood. "This person made threatening statements about the building." OpenAI's corporate security team told staff it is cooperating with law enforcement on an investigation, and that employees may notice an increased police and security presence around the office on Friday. The security team said that the company's offices remain open, but employees were advised to "not let anyone tailgate into the building." "Officials subsequently confirmed that the suspect was arrested outside the OpenAI's Third Street offices as he threatened to burn down the building," reports the Financial Express. UPDATE: Sam Altman has responded to the incident.

Read more of this story at Slashdot.

Sponsorisé par Bitdefender

Acheter sur internet est inévitable de nos jours. Les arnaques pullulant sur la toile, voici comment détecter en un clin d'œil un site frauduleux et éviter de voir son numéro de carte bancaire tomber entre les mains de cybercriminels.

Sponsorisé par Bitdefender

Il s’agit d’un contenu créé par des rédacteurs indépendants au sein de l’entité Humanoid xp. L’équipe éditoriale de Numerama n’a pas participé à sa création. Nous nous engageons auprès de nos lecteurs pour que ces contenus soient intéressants, qualitatifs et correspondent à leurs intérêts.

En savoir plus

An anonymous reader quotes a report from KrebsOnSecurity: An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021. Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German Federal Criminal Police (the "Bundeskriminalamt" or BKA for short). The BKA said Shchukin and another Russian -- 43-year-old Anatoly Sergeevitsch Kravchuk -- extorted nearly $2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damage. Germany's BKA said Shchukin acted as the head of one of the largest worldwide operating ransomware groups GandCrab and REvil, which pioneered the practice of double extortion -- charging victims once for a key needed to unlock hacked systems, and a separate payment in exchange for a promise not to publish stolen data. Shchukin's name appeared in a Feb. 2023 filing (PDF) from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang's activities. The government said the digital wallet tied to Shchukin contained more than $317,000 in ill-gotten cryptocurrency. The BKA believes Shchukin resides in Krasnodar, Russia, where he is from. "Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia," the BKA advised. "Travel behavior cannot be ruled out."

Read more of this story at Slashdot.

One crime ring scammed 2,000 elderly people of more than $27 million between 2021 and 2023 using tech support/bank impersonation/refund scams. "Victims were in their 70s and 80s," reports the U.S. Attorney's office for California's southern district. Victims were first told they'd received a refund (either online or via phone), but then told they'd been "over-refunded" a massive amount, and asked to return that amount. But 42-year-old Jiandong Chen just admitted Thursday in a U.S. federal court that he was involved in the fraud and money laundering via cryptocurrency — pleading guilty to two charges with maximum penalties of 40 years in prison and a $1 million fine, plus 20 years in prison with a maximum fine of $500,000 or twice the amount laundered. "Chen, a Chinese national, is the second defendant charged in a five-defendant indictment." And what tripped him up seems to be that "Certain members of the conspiracy also did in-person pickups of money directly from victims..." And so YouTube enters the story — when the scammers called pranksters with 1,790,000 subscribers to their "Trilogy Media" channel. In an elaborate three-hour video, the team of pranksters lured the scammer to a rented Airbnb where they're staging a fake funeral with a nun. (One of the men acting in the video remembers "we start doing a prayer... I'm holding the scammer's hand in my nun outfit...") They convince the scammer to collect the cash from a dead man — "Is there anything you'd like to say to him?" Then there's demon voices. The scammer's victim resurrects from the dead. Did the cash mule bring holy water? The end result was a video titled "CONFRONTING SCAMMERS WITH A FAKE FUNERAL (EPIC REACTIONS)". But two and a half years later, their "cash mule sting house" video has racked up over 1.3 million views, 22,000 likes, and 2,979 comments. ("This video is longer than Oppenheimer. Thanks for the laughs fellas.") And the scammer is facing 60 years in prison.

Read more of this story at Slashdot.

Dans le jargon de la cybersécurité, le dwell time (ou temps de présence) est une statistique scrutée à la loupe. Elle représente le temps qui s'écoule lors d'une intrusion informatique. Mais contrairement à ce que l'on pourrait penser de prime abord, la façon dont ce délai est calculé cache une subtilité importante.

Longtime Slashdot reader AmiMoJo shares a report from CNN: The co-founder of Super Micro Computer and two others were charged with diverting $2.5 billion worth of servers with Nvidia's artificial intelligence chips to China, in violation of U.S. laws barring exports to that country without a license. Yih-Shyan Liaw, known as Wally; Ruei-Tsang Chang, known as Steven; and Ting-Wei Sun, known as Willy, were charged with conspiring to violate export control laws, smuggling goods from the U.S. and conspiring to defraud the U.S. Liaw, who co-founded Super Micro Computer and served on its board of directors, was arrested Thursday in California and released on bail. Sun, a contractor, is held awaiting a detention hearing. Chang, who worked in the Taiwan office of Super Micro, remains at large. [...] According to the indictment, the men used a pass-through company based in Southeast Asia to place orders to obscure that the servers would end up in China. The men worked with executives at the pass-through company to provide false documents to the server manufacturer to further the deception, the indictment said. They used a shipping and logistic company to repackage the servers into unmarked boxes to conceal their contents before they were shipped to China. To deceive the manufacturer's auditors, who checked the pass-through company for compliance with export laws, the men allegedly used "dummy" nonworking copies of the servers when the actual servers were on their way to China. Two of the defendants allegedly worked to stage the dummy servers at a warehouse rented by the pass-through company, according to the indictment. Sun took photos and videos of the staged servers to one of the compliance auditors who instead of conducting the audit was "off-site enjoying entertainment paid for" by the pass-through company, according to the indictment. In another instance, prosecutors said surveillance cameras documented individuals using hair dryers to remove labels and add labels and serial number stickers to the boxes and dummy servers. Super Micro said it's fully cooperating with the investigation, but that hasn't prevented its stock from plunging. It's down nearly 30% following the news. The company issued the following statement: "The conduct by these individuals alleged in the indictment is a contravention of the Company's policies and compliance controls, including efforts to circumvent applicable export control laws and regulations. Supermicro maintains a robust compliance program and is committed to full adherence to all applicable U.S. export and re-export control laws and regulations."

Read more of this story at Slashdot.

Mr. Dollar Ton shares a report from the Guardian: Angela Lipps, 50, spent nearly six months in jail after Fargo police identified her as a suspect in an organized bank fraud case using facial recognition software, according to south-east North Dakota news outlet InForum. Lipps told the outlet she had never been to North Dakota and did not commit the crimes. Lipps, a mother of three and grandmother of five, said she has lived most of her life in north-central Tennessee. She had never been on an airplane until authorities flew her to North Dakota last year to face charges. In July, U.S. marshals arrested Lipps at her Tennessee home while she was babysitting four children. She said she was taken away at gunpoint and booked into a county jail as a fugitive from justice from North Dakota. "I've never been to North Dakota, I don't know anyone from North Dakota," Lipps told WDAY News. She remained in a Tennessee jail for nearly four months without bail while awaiting extradition. She was charged with four counts of unauthorized use of personal identifying information and four counts of theft. According to Fargo police records obtained by WDAY News, detectives investigating bank fraud cases in April and May 2025 reviewed surveillance video of a woman using a fake U.S. army military ID to withdraw tens of thousands of dollars. The officers allegedly used facial recognition software to identify the suspect as Lipps. A detective reportedly wrote in court documents that Lipps appeared to match the suspect based on facial features, body type and hairstyle. Lipps told WDAY News that no one from the Fargo police department contacted her before the arrest. Lipps is now back home but says the experience has had lasting consequences. While jailed and unable to pay bills, Lipps lost her home, her car and her dog, she said. She also told WDAY News no one from the Fargo police department had apologized.

Read more of this story at Slashdot.

A Florida woman was sentenced to 22 months in federal prison and fined $50,000 for illegally trafficking thousands of Microsoft certificate-of-authenticity labels used to activate Windows and Office. Prosecutors said she bought genuine labels cheaply from suppliers and resold them without the accompanying licensed software, wiring over $5 million during the scheme. TechRadar reports: The indictment details how [52-year-old Heidi Richards] purchased tens of thousands of genuine COA labels from a Texas-based supplier between 2018 and 2023 for well below the retail value, before reselling them in bulk to customers globally without the licensed software. "COA labels are not to be sold separately from the license and hardware that they are intended to accompany, and they hold no independent commercial value," the US Attorney's Office wrote. Richards was found to have wired $5,148,181.50 to the unnamed Texas company during the scheme's operation. Some examples include the purchase of 800 Windows 10 COA labels in July 2018 for $22,100 (under $28 each) and a further 10,000 Windows 10 Pro COA labels in December 2022 for $200,000 ($20 each). Ultimately fined $50,000 and given a near-two-year sentence, prosecutors had sought to get Richards to pay $242,000, "which represents the proceeds obtained from the offenses."

Read more of this story at Slashdot.

A Greek court has convicted four individuals linked to the marketing of Predator spyware in the wiretapping scandal that shook the country in 2022. The BBC reports: In what became known as "Greece's Watergate," surveillance software called Predator was used to target 87 people -- among them government ministers, senior military officials and journalists. The four who had marketed the software were found guilty by an Athens court of misdemeanours of violating the confidentiality of telephone communications and illegally accessing personal data and conversations. The court sentenced the four defendants to lengthy jail sentences, suspended pending appeal. Although they each face 126 years, only eight would be typically served which is the upper limit for misdemeanors. One in three of the dozens of figures targeted had also been under legal surveillance by Greece's intelligence services (EYP). Prime Minister Kyriakos Mitsotakis, who had placed EYP directly under his supervision, called it a scandal, but no government officials have been charged in court and critics accuse the government of trying to cover up the truth. The case dates back to the summer of 2022, when the current head of Greek Socialist party Pasok, Nikos Androulakis - then an MEP - was informed by the European Parliament's IT experts that he had received a malicious text message containing a link. Predator spyware, marketed by the Athens-based Israeli company Intellexa, can get access to a device's messages, camera, and microphone. Its use was illegal in Greece at that time but a new law passed in 2022 has since legalised state security use of surveillance software under strict conditions. Androulakis also discovered that he had been tracked for "national security reasons" by Greece's intelligence services. The scandal has since escalated into a debate over democratic accountability in Greece.

Read more of this story at Slashdot.