A Massachusetts man has agreed to plead guilty to hacking into one of the top education tech companies in the United States and stealing tens of millions of schoolchildren's personal information for profit. From a report: Matthew Lane, 19, of Worcester County, Massachusetts, signed a plea agreement related to charges connected to a major hack on an educational technology company last year, as well as another company, according to court documents published Tuesday. While the documents refer to the education company only as "Victim-2" and the U.S. attorney's office declined to name the victim, a person familiar with the matter told NBC News that it is PowerSchool. The hack of PowerSchool last year is believed to be the largest breach of American children's sensitive data to date. According to his plea agreement, Lane admitted obtaining information from a protected computer and aggravated identity theft and agreed not to challenge a prison sentence shorter than nine years and four months. He got access simply by trying an employee's stolen username and password combination, the complaint says, echoing a private third-party assessment of the incident previously reported by NBC News.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: On Thursday, Telegram announced it had removed two huge black markets estimated to have generated more than $35 billion since 2021 by serving cybercriminals and scammers. Blockchain research firm Elliptic told Reuters that the Chinese-language markets Xinbi Guarantee and Huione Guarantee together were far more lucrative than Silk Road, an illegal drug marketplace that the FBI notoriously seized in 2013, which was valued at about $3.4 billion. Both markets were forced offline on Tuesday, Elliptic reported, and already, Huione Guarantee has confirmed that its market will cease to operate entirely due to the Telegram removal. The disruption of both markets will be "a big blow for online fraudsters," Elliptic confirmed, cutting them off from a dependable source for "stolen data, money laundering services, and telecoms infrastructure." [...] Elliptic reported that Telegram connected black markets with an audience of a billion users, noting that Telegram tried to remove several Huione Guarantee channels earlier this year, but "the marketplace was ready" with backups and remained online until this week. Wired suggested that Huione Guarantee "operated in plain sight" on Telegram for years. But Telegram suggested it just discovered it. Huione Guarantee is a subsidiary of Huione Group, which was recently sanctioned by the U.S. Treasury for supporting "criminal syndicates who have stolen billions of dollars from Americans." According to Reuters, that included allegedly laundering "at least $37 million in crypto from cyber heists by North Korea and $36 million of crypto from so-called 'pig butchering' scams."

Read more of this story at Slashdot.

Identity thieves have found an insidious target: death row inmates. A SentiLink report published this week reveals scammers are stealing identities of Texas prisoners awaiting execution to orchestrate "bust-out" fraud schemes -- patiently building credit before disappearing with up to $100,000. Nearly 10% of Texas' 172 death row inmates have fallen victim. The operation, active since March 2023, exploits inmates' isolation from financial communications. "They wouldn't receive text or email alerts from a financial institution," said Robin Maher of the Death Penalty Information Center. Beyond opening credit accounts, NBC reports, fraudsters have registered fake businesses using inmates' identities, including a landscaping company created under Ronald Haskell's name -- a man imprisoned since 2014 for killing six people. TransUnion estimates bust-out scams now cost banks $1 billion annually.

Read more of this story at Slashdot.

A 25-year-old from Santa Clarita has pleaded guilty to hacking a Disney employee's computer using malware disguised as an AI art tool, stealing over 1 terabyte of confidential Disney data and threatening to leak it under the guise of a fake Russian hacktivist group. Variety reports: Santa Clarita resident Ryan Mitchell Kramer, 25, pleaded guilty to two felony charges, including one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison. According to the plea agreement, in early 2024 Kramer posted a computer program on various online platforms that appeared to be used to create AI-generated art, when it really contained a malicious file to gain access to victims' computers. Between April and May 2024, a Disney employee downloaded the program, and Kramer gained access to the victim's personal and work accounts, including a non-public Disney Slack channel. Kramer dowloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels. In July, Kramer contacted the victim by pretending to be a member of a fake Russian hacktivist group called "Nullbulge" and threatened to leak their personal information and Disney Slack data. On July 12, Kramer publicly released the data, including the victim's bank, medical, and personal information on multiple online platforms.

Read more of this story at Slashdot.

Investigative journalist and cybersecurity expert Brian Krebs reports: A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world's largest technology companies. Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. The complain against Buchanan is available here (PDF).

Read more of this story at Slashdot.

A former Disney employee who hacked into the company's servers to alter its restaurant menus, including falsifying allergen information and printing profane language, has been sentenced to three years in prison. From a report: Michael Scheuer, a Florida resident, was sentenced last week in federal court and ordered to pay nearly $690,000 in restitution, with most of that going to Disney. He pled guilty in January to one count of computer fraud and one count of aggravated identity theft. "Scheuer remains remorseful and apologetic to his former co-workers. We are grateful that the judge heard all of our arguments and mitigation when fashioning a sentence that was half of what the government was seeking," said David Haas, Scheuer's lawyer, in a statement to CNN. Scheuer worked as a menu production manager for Disney and was fired last June for misconduct, according to the original complaint. He had access to, and also used, secure internal servers for creating and publishing menus for all of Disney's restaurants as part of his job at the company.

Read more of this story at Slashdot.

The UN warns that scam call centers, once concentrated in Southeast Asia, are rapidly expanding worldwide like a "cancer" as organized crime groups exploit weak governance in regions like Africa, South America, the Pacific Islands, and parts of Europe. The Register reports: Previous UN reports flagged growing activity in regions like South America and the Middle East. The latest update expands that scope, citing overseas crackdowns and evidence of scam operations tied to Southeast Asian crime syndicates in Africa, South Asia, select Pacific islands, and links to related criminal services -- such as laundering and recruitment -- as far as Europe, North America, and beyond. These spillover sites, as the UN calls them, allow Asian OCGs to expand their pool of victims by hiring/trafficking locals with different language skills and "dramatically scale up profits," according to the UN's latest report [PDF]. "We are seeing a global expansion of East and Southeast Asian organized crime groups," said Benedikt Hofmann, acting regional representative for Southeast Asia and the Pacific at the UN's Office on Drugs and Crime (UNODC). "This reflects both a natural expansion as the industry grows and seeks new ways and places to do business, but also a hedging strategy against future risks should disruption continue and intensify in the region." Previously, the hotspots for this type of activity have been in places like Myanmar, Cambodia, the Philippines, and Laos since 2021 when the UN and Interpol started tracking the phenomenon. "It spreads like a cancer," Hofmann added. "Authorities treat it in one area, but the roots never disappear; they simply migrate. This has resulted in a situation in which the region has essentially become an interconnected ecosystem, driven by sophisticated syndicates freely exploiting vulnerabilities, jeopardizing state sovereignty, and distorting and corrupting policy-making processes and other government systems and institutions." The UN said these scam gangs typically relocate to jurisdictions with weak governance, allowing them to expand operations -- and rake in between $27.4 and $36.5 billion annually, according to estimates based on labour force size and average haul per scammer.

Read more of this story at Slashdot.

Albert Saniger, the founder and former CEO of Nate, an AI shopping app that promised a "universal" checkout experience, was charged with defrauding investors on Wednesday, according to a press release from the U.S. Department of Justice. From a report: Founded in 2018, Nate raised over $50 million from investors like Coatue and Forerunner Ventures, most recently raising a $38 million Series A in 2021 led by Renegade Partners. Nate said its app's users could buy from any e-commerce site with a single click, thanks to AI. In reality, however, Nate relied heavily on hundreds of human contractors in a call center in the Philippines to manually complete those purchases, the DOJ's Southern District of New York alleges. Saniger raised millions in venture funding by claiming that Nate was able to transact online "without human intervention," except for edge cases where the AI failed to complete a transaction. But despite Nate acquiring some AI technology and hiring data scientists, its app's actual automation rate was effectively 0%, the DOJ claims.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Europol has shut down one of the largest dark web pedophile networks in the world, prompting dozens of arrests worldwide and threatening that more are to follow. Launched in 2021, KidFlix allowed users to join for free to preview low-quality videos depicting child sex abuse materials (CSAM). To see higher-resolution videos, users had to earn credits by sending cryptocurrency payments, uploading CSAM, or "verifying video titles and descriptions and assigning categories to videos." Europol seized the servers and found a total of 91,000 unique videos depicting child abuse, "many of which were previously unknown to law enforcement," the agency said in a press release. KidFlix going dark was the result of the biggest child sexual exploitation operation in Europol's history, the agency said. Operation Stream, as it was dubbed, was supported by law enforcement in more than 35 countries, including the United States. Nearly 1,400 suspected consumers of CSAM have been identified among 1.8 million global KidFlix users, and 79 have been arrested so far. According to Europol, 39 child victims were protected as a result of the sting, and more than 3,000 devices were seized. Police identified suspects through payment data after seizing the server. Despite cryptocurrencies offering a veneer of anonymity, cops were apparently able to use sophisticated methods to trace transactions to bank details. And in some cases cops defeated user attempts to hide their identities -- such as a man who made payments using his mother's name in Spain, a local news outlet, Todo Alicante, reported. It likely helped that most suspects were already known offenders, Europol noted. Arrests spanned the globe, including 16 in Spain, where one computer scientist was found with an "abundant" amount of CSAM and payment receipts, Todo Alicante reported. Police also arrested a "serial" child abuser in the US, CBS News reported.

Read more of this story at Slashdot.

Online scam operations across Southeast Asia are rapidly adapting to recent crackdowns, adopting AI and expanding globally despite the release of 7,000 trafficking victims from compounds along the Myanmar-Thailand border, experts say. These releases represent just a fraction of an estimated 100,000 people trapped in facilities run by criminal syndicates that rake in billions through investment schemes and romance scams targeting victims worldwide, CNN reports. "Billions of dollars are being invested in these kinds of businesses," said Kannavee Suebsang, a Thai lawmaker leading efforts to free those held in scam centers. "They will not stop." Crime groups are exploiting AI to write scamming scripts and using deepfakes to create personas, while networks have expanded to Africa, South Asia, and the Pacific region, according to the United Nations Office of Drugs and Crime. "This is a situation the region has never faced before," said John Wojcik, a UN organized crime analyst. "The evolving situation is trending towards something far more dangerous than scams alone."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Trevor Milton, the founder of electric vehicle start-up Nikola who was sentenced to prison last year, was pardoned by Donald Trump late on Thursday, the White House confirmed on Friday. The pardon of Milton, who was sentenced to four years in prison for exaggerating the potential of his technology, could wipe out hundreds of millions of dollars in restitution that prosecutors were seeking for defrauded investors. Milton and his wife donated more than $1.8 million to a Trump re-election campaign fund less than a month before the November election, according to the Federal Election Commission. At Milton's trial, prosecutors say a company video of a prototype truck appearing to be driven down a desert highway was actually a video of a non-functioning Nikola that had been rolled down a hill. Milton had not been incarcerated pending an appeal. Milton said late on Thursday on social media and via a press release that he had been pardoned by Trump. "I am incredibly grateful to President Trump for his courage in standing up for what is right and for granting me this sacred pardon of innocence," Milton said. Here's a timeline of notable events surrounding Nikola: June, 2016: Nikola Motor Receives Over 7,000 Preorders Worth Over $2.3 Billion For Its Electric Truck December, 2016: Nikola Motor Company Reveals Hydrogen Fuel Cell Truck With Range of 1,200 Miles February, 2020: Nikola Motors Unveils Hybrid Fuel-Cell Concept Truck With 600-Mile Range June, 2020: Nikola Founder Exaggerated the Capability of His Debut Truck September, 2020: Nikola Motors Accused of Massive Fraud, Ocean of Lies September, 2020: Nikola Admits Prototype Was Rolling Downhill In Promo Video September, 2020: Nikola Founder Trevor Milton Steps Down as Chairman in Battle With Short Seller October, 2020: Nikola Stock Falls 14 Percent After CEO Downplays Badger Truck Plans November, 2020: Nikola Stock Plunges As Company Cancels Badger Pickup Truck July, 2021: Nikola Founder Trevor Milton Indicted on Three Counts of Fraud December, 2021: EV Startup Nikola Agrees To $125 Million Settlement September, 2022: Nikola Founder Lied To Investors About Tech, Prosecutor Says in Fraud Trial December, 2023: Nikola Founder Trevor Milton Sentenced To 4 Years For Securities Fraud February 19, 2025: Nikola Files for Bankruptcy With Plans To Sell Assets, Wind Down

Read more of this story at Slashdot.