Posts with «language|en-us» label

Hitting the Books: How the 'Godfather of Cybercrime' got his start on eBay

The internet has connected nearly everybody on the planet to a global network of information and influence, enabling humanity's best and brightest minds unparalleled collaborative capabilities. At least that was the idea, more often than not these days, it serves as a popular medium for scamming your more terminally-online relatives out of large sums of money. Just ask Brett Johnson, a reformed scam artist who at his rube-bilking pinnacle, was good at separating fools from their cash that he founded an entire online learning forum to train a new generation of digital scam artist.

Johnson's cautionary tale in one of many in the new book, Fool Me Once: Scams, Stories, and Secrets from the Trillion-Dollar Fraud Industry, from Harvard Business Review Press. In it, Professor of Forensic Accounting at DePaul University, Dr. Kelly Richmond Pope, chronicles some of the 20th and 21st century's most heinous financial misdeeds — from Bernie Madoff's pyramid schemes to Enron and VW, and all the Nigerian Princes in between — exploring how the grifts worked and why they often left their marks none the wiser.

Harvard Business Review Press

Reprinted by permission of Harvard Business Review Press. Excerpted from Fool Me Once: Scams, Stories, and Secrets from the Trillion-Dollar Fraud Industry by Kelly Richmond Pope. Copyright 2023 Kelly Richmond Pope. All rights reserved.


Cyber Monday

I was doing my morning reading before class, and a story about a reformed cybercriminal caught my attention. I always wanted to learn more about cybercrime, but I’d never interacted with a convicted cyber offender. Here was my chance.

I did a quick Google search and found his personal website. I reached out, explained my interest in his story, and waited. By evening, I had an email from gollum@anglerphish.com. I was immediately suspicious, but it was a legit address of Brett Johnson, the man from the article.

After a few email exchanges, we got on a call. He was super friendly and had the voice of a radio DJ. I invited him to come speak to my class at DePaul.

“I teach on Monday nights for the next eight weeks, so whatever works for you will work for me,” I said.

“How about I hop in my car and come visit your class this coming Monday?” he said.

I was a little shocked—Birmingham, Alabama was a long drive— but I immediately took him up on his offer.

Brett was born and raised in Hazard, Kentucky, “one of these areas like the Florida Panhandle and parts of Louisiana, where if you’re not fortunate enough to have a job, you may be involved in some sort of scam, hustle, fraud, whatever you want to call it,” he said.

Maybe there was something in the water because his entire family engaged in fraud. Insurance fraud, document forgery, drug trafficking, mining illegal coal. You name it, Brett’s family did it.

Young Brett was a natural liar. As he grew up, he participated in the family scams.

Eventually, he branched out on his own. His first scam: in 1994, he faked his own car accident. Second scam: eBay fraud.

He reached his peak in the mid-’90s, during the Beanie Baby heyday. The Royal Blue Peanut, essentially a cobalt stuffed elephant toy, sold for as much as $1,700. Only five hundred of the dolls were manufactured, making it one of the most valuable Beanie Babies.

Brett was trying to earn some extra money. A Beanie Baby scam seemed easy and quick.

He advertised on eBay that he was selling Royal Blue Peanut for $1,500. Except he was actually selling a gray Beanie Baby that he dipped in blue dye to look like Royal Blue Peanut for $1,500.

He accepted a bid and instructed the winner to send a US postal money order. “It protects us both,” he said via email. “As soon as I get that and it clears, I’ll send you your elephant.”

The bidder sent Brett the money order; Brett cashed it and sent her his version of the blue Beanie Baby. The phone rang almost immediately.

“This is not what I ordered!” yelled a voice on the other line.

Brett’s response was swift. “Lady, you ordered a blue elephant. I sent you a blue-ish elephant.”

Brett gave her the runaround for a few weeks until she finally disappeared.

This experience taught Brett two very important lessons about cybercrime:

  • Delay the victim as long as possible.

  • Victims rarely report the crime and eventually go away.

Brett continued to perfect his skills and graduated to selling pirated software. From pirated software, he moved to install mod chips (a small electronic device used to disable artificial restrictions of computers or entertainment devices) into gaming systems so owners could play the pirated games. Then he began installing mod chips in the cable boxes that would turn on all the pay-per-view on clients’ TV channels for free. Then it was programming satellite DSS cards (the satellite DSS card allows access to tv channels).

He was getting requests for his cable boxes from customers all over the United States and Canada. He was on a roll. Finally, it occurred to him: Why even fulfill the cable box order? Just take the money and run. He knew that no customer would complain about losing money in an illegal transaction. He stole even more money with this updated version of his cable box scam but soon worried that he’d get flagged for money laundering. He decided he needed a fake driver’s license so he could open up a bank account and launder the money through cash taken out of the ATM.

He found a person online who sold fake licenses. He sent a picture, $200, and waited. He waited and waited. Then reality punched him in the face: He’d been scammed. The nerve.

No one hates being deceived more than someone who deceives for a living. Brett was so frustrated he started ShadowCrew.com, an online forum where people could learn the ins and outs of cybercrime. Forbes called it “a one-stop marketplace for identity theft.” The ShadowCrew operated from August 2002 through November 2004, attracting as many as four thousand criminals or aspiring criminals. It’s considered the forerunner of today’s cybercrime forums and marketplaces; Brett is known as the Godfather of Cybercrime.

“Before ShadowCrew, the only avenue you had to commit online crime was a rolling chat board,” he told my students. “It’s called a IRC chat session and stands for Internet Relay Chat.” The problem with these rolling chat screens was that you had no idea if you were talking to a cop or a crook. Either was possible.

ShadowCrew gave criminals a trust mechanism. It was a large communication channel where people in different time zones could reference conversations. “By looking at someone’s screen name, you could tell if you could trust that person, if you could network with that person, or if you could learn from that person,” he said. The screen name on the dark web became the criminal’s brand name. They keep this brand name throughout their entire criminal tenure and it helps establish trust with others, so the screen name matters.

When Brett was in class, he showed my students how information ended up on the dark web. “You can find social security numbers, home addresses, driver’s license numbers, credit card numbers on the dark web for $3,” he explained. All the information is there, practically begging to be taken.

In 2004, authorities arrested twenty-eight men in six countries, claiming they had swapped 1.7 million stolen card numbers and caused $4.3 million in losses. But Brett escaped. He was placed on the Secret Service’s Most Wanted list. After four months on the run, he was arrested.

Brett has been in and out of prison five times and spent 7.5 years in federal prison. Today he considers himself a reformed white-collar offender.

This article originally appeared on Engadget at https://www.engadget.com/hitting-the-books-fool-me-once-kelly-richmond-pope-harvard-business-review-press-143031129.html?src=rss

Epic made a Rivian R1T demo to show off its latest Unreal Engine 5 tools

In 2020, Epic Games publicly demoed Unreal Engine 5 for the first time. Nearly three years later, gamers are still waiting for the tech to go mainstream. Outside of Fortnite and The Matrix Awakens, there aren’t any UE5 games you can play right now, and the first salvo probably won’t arrive until the end of the year at the earliest. None of that stopped Epic from showcasing the engine’s latest capabilities with a handful of new demos during its recent State of Unreal keynote at GDC 2023.

Arguably the most impressive one saw Senua’s Saga: Hellblade 2 developer Ninja Theory show off Epic’s new MetaHuman Animator. The tool promises to make realistic facial capture accessible to indie developers by allowing them to use an iPhone, instead of dedicated equipment, to capture facial performances. As you can see from the two demos Epic shared, the tool makes it possible to quickly and accurately transform a closeup video of an actor into something a studio can use in-game. Epic said the animator would launch this summer.

Separately, Epic showed off some of the enhancements coming to Unreal Engine 5.2 with a demo that featured, of all things, a digital recreation of Rivian’s R1T electric truck. The EV turned out to be the perfect showcase for UE 5’s new Substrate shading system. The technology allows artists to create different shading models and layer them as they see fit. In the demo, Epic gave the R1T an opal body to show how Substrate can allow different material layers to interact with one another without creating lighting artifacts. The demo was also a showcase for Epic’s new set of Procedural Content Generation tools. They allow artists to create expansive, highly detailed levels from a small set of hand-crafted assets.

If all goes according to plan, it won’t be much longer before the first slate of Unreal Engine 5 games arrive. Provided it’s not delayed again, Stalker 2: Heart of Chornobyl is slated to release this year. Lords of the Fallen and Black Myth: Wukong, two other UE5 projects, don’t have a release date yet but have been in development for a few years now.

This article originally appeared on Engadget at https://www.engadget.com/epic-made-a-rivian-r1t-demo-to-show-off-its-latest-unreal-engine-5-tools-214300199.html?src=rss

Microsoft releases fix for Windows 11 screenshot privacy bug

Microsoft has released a pair of emergency updates to address the “aCropalypse” security flaw found within its native Windows 10 and 11 screenshot editing apps. As Bleeping Computer reports, the company began testing a fix for the vulnerability earlier this week shortly after it was discovered by retired software engineer Chris Blume.

On Friday evening, Microsoft began rolling out public updates for Windows 11’s Snipping Tool as well as Windows 10’s Snip & Sketch app. You can manually prompt Windows to patch the app you use by opening the Microsoft Store and clicking on “Library,” followed by “Get Updates.” Microsoft recommends all users install the updates.

The aCropalypse flaw was first discovered on Pixel devices, and subsequently addressed by Google in Android’s recent March security update. In the case of Windows 11’s Snipping Tool, it turned out the utility wasn’t properly overwriting cropped PNG data. The issue did not affect all PNG files, but the concern was that bad actors could exploit the vulnerability to partially recover edited images, particularly those that had been cropped to omit sensitive information. As with Google's March Android update, Microsoft's patches won't protect images that were previously created with its screenshot tools. 

This article originally appeared on Engadget at https://www.engadget.com/microsoft-releases-fix-for-windows-11-screenshot-privacy-bug-195412172.html?src=rss

Internet Archive violated publisher copyrights by lending ebooks, court rules

A federal judge has ruled against the Internet Archive in its high-profile case against a group of four US publishers led by Hachette Book Group. Per Reuters, Judge John G. Koeltl declared on Friday the nonprofit had infringed on the group’s copyrights by lending out digitally scanned copies of their books.

The lawsuit originated from the Internet Archive’s decision to launch the “National Emergency Library” during the early days of the pandemic. The program saw the organization offer more than 1.4 million free ebooks, including copyrighted works, in response to libraries worldwide closing their doors due to coronavirus lockdown measures.

Before March 2020, the Internet Archive’s Open Library program operated under what’s known as a “controlled digital lending” system, meaning there was often a waitlist to borrow a book from its collection. When the pandemic hit, the Internet Archive lifted those restrictions to make it easier for people to access reading material while stuck at home. The Copyright Alliance was quick to take issue with the effort. And in June 2020, Hachette, as well as HarperCollins, Penguin Random House and John Wiley & Sons, sued The Internet Archive, accusing the organization of enabling “willful mass copyright infringement.” That same month, the Internet Archive shuttered the National Emergency Program early.

Going into this week’s trial, the Internet Archive argued the initiative was protected by the principle of Fair Use, which allows the unlicensed use of copyrighted works under some circumstances. As The Verge notes, HathiTrust, an offshoot of the Google Books Search project, successfully used a similar argument in 2014 to fend off a legal challenge from The Authors Guild. However, Judge Koeltl rejected the Internet Archive’s stance, declaring “there is nothing transformative” about lending unauthorized copies of books. "Although [the Internet Archive] has the right to lend print books it lawfully acquired, it does not have the right to scan those books and lend the digital copies en masse," he wrote. Maria Pallante, the president and CEO of the Association of American Publishers, said the ruling “underscored the importance of authors, publishers, and creative markets in a global society."

On Saturday, the Internet Archive said it would appeal the decision. “Libraries are more than the customer service departments for corporate database products. For democracy to thrive at global scale, libraries must be able to sustain their historic role in society — owning, preserving, and lending book,” the nonprofit wrote in a blog post. “This ruling is a blow for libraries, readers, and authors and we plan to appeal it.”

This article originally appeared on Engadget at https://www.engadget.com/internet-archive-violated-publisher-copyrights-by-lending-ebooks-court-rules-164629790.html?src=rss

Intel co-founder Gordon Moore has passed away

Gordon Moore, co-founder and former CEO of Intel, has passed away at 94. He was the last surviving member of the Intel Trinity, which also included his fellow founder Robert Noyce and their first hire Andy Grove. Moore and Noyce previously worked with the co-inventor of the transistor, William Shockley, before helping found Fairchild Semiconductor. In 1968, the two struck out on their own and founded NM Electronics, which eventually became Intel. 

A few years before that, in 1965, Moore wrote a paper that envisioned the miniaturization of computers. To be precise, he predicted that the number of transistors on an integrated circuit would double every year, leading to the creation and production of smaller and more powerful chips that would, in turn, enable advancements in technology. His prediction was dubbed "Moore's Law," and it was proven accurate in the years that followed. By 1975, he adjusted his estimate for the doubling of transistors to every two years, though now top chipmakers disagree on whether Moore's Law still holds. 

In 1979, Moore was named chairman of the board and CEO at Intel before giving up the latter role in 1987. He apparently served as mediator between Noyce and Grove, and he and Grove were the ones who decided that Intel would focus on microprocessors instead of continuing with its memory business. The rest, as they say, is history. Before Moore completely stepped down from his duties at Intel in 2006, he and his wife established the Gordon and Betty Moore Foundation with $5 billion in funding. The foundation supported environmental conservation efforts, mostly in the San Francisco Bay area, and donated to various educational institutions' science and technology departments. 

This article originally appeared on Engadget at https://www.engadget.com/intel-co-founder-gordon-moore-has-passed-away-073145647.html?src=rss

Blue Origin pins last summer's NS-23 rocket failure on a faulty engine nozzle

Blue Origin now has an explanation for the booster failure that cut a New Shepard flight short last September. Jeff Bezos' company has determined that a "thermo-structural failure" in the NS-23 rocket's engine nozzle was to blame. Operational temperatures for the nozzle climbed higher than expected following cooling system design changes, creating fatigue that misaligned the thrust and activated the crew capsule's escape system.

Engineers are already taking "corrective actions" that include redesigning the combustion chamber and operating conditions. Blue Origin has also tweaked the nozzle design to improve its structural integrity. The capsule wasn't damaged and will fly again, Blue Origin says.

The company says it hopes to resume flights "soon," but hasn't provided an exact date. It intends to restart operations by re-flying the research payload from the aborted mission. The Federal Aviation Administration has to accept the incident findings before Blue Origin can move forward.

There's plenty of pressure on Blue Origin to address the issues. The company recently obtained a NASA contract to fly a science mission to Mars using its yet-to-launch New Glenn rocket, and has been pushing for a lunar lander agreement. The sooner Blue Origin can prove that its rocketry is trustworthy, the sooner it can secure customers that include governments and space tourists.

Rivals are facing problems of their own. Relativity Space's first 3D-printed rocket failed to reach orbit earlier this month. SpaceX, meanwhile, has yet to successfully fire all of Starship's engines at the same time. That's not including past problems like Rocket Lab's setbacks. Private spaceflight remains difficult, and Blue Origin is just the latest to illustrate that fact.

This article originally appeared on Engadget at https://www.engadget.com/blue-origin-pins-last-summers-ns-23-rocket-failure-on-a-faulty-engine-nozzle-195714293.html?src=rss

Levi’s will ‘supplement’ human models with AI-generated fakes

Levi’s is partnering with an AI company on computer-generated fashion models to “supplement human models.” The company frames the move as part of a “digital transformation journey” of diversity, equity, inclusion and sustainability. Although that sounds noble on the surface, Levi’s is essentially hiring a robot to generate the appearance of diversity while ridding itself of the burden of paying human beings who represent the qualities it wants to be associated with its brand.

Levi Strauss is partnering with Amsterdam-based digital model studio Lalaland.ai for the initiative. Founded in 2019, the company’s mission is “to see more representation in the fashion industry” and “create an inclusive, sustainable, and diverse design chain.” It aims to let customers see what various fashion items would look like on a person who looks like them via “hyper-realistic” models “of every body type, age, size and skin tone.”

Levi’s announcement echoes that branding, saying the partnership is about “increasing the number and diversity of our models for our products in a sustainable way.” The company continues, “We see fashion and technology as both an art and a science, and we’re thrilled to be partnering with Lalaland.ai, a company with such high-quality technology that can help us continue on our journey for a more diverse and inclusive customer experience.”

Lalaland.ai

Levi’s claims, “AI will likely never fully replace human models for us” (note the qualifying “likely”). But I can’t help but see this as the first step in a dystopian slow walk toward automating the industry. As AI-generated “photography,” art and writing grow ever more convincing, we would be naive to take corporations at face value when they insist moves like this are about PR-friendly principles like celebrating diversity and looking out for the environment. At the very least, it’s awfully convenient that those high-minded motives also let them mass-produce something that previously required hiring people.

Levi Strauss reportedly began a 12-to-19-month process of cutting around 800 jobs — almost 20 percent of its corporate workforce — last year. It was part of a restructuring plan to save about $75 million to $100 million annually.

This article originally appeared on Engadget at https://www.engadget.com/levis-will-supplement-human-models-with-ai-generated-fakes-190011557.html?src=rss

France bans TikTok (and Candy Crush) from government phones

It's no shock to see another country banning TikTok from government phones, but France is taking the restrictions a step further. Le Mondereports the French government is banning "recreational" apps like TikTok, Twitter, Netflix and even Candy Crush from public servants' devices. The apps represent cybersecurity risks that could jeopardize data for both the employees and the administration, according to the office of public service minister Stanislas Guerini.

The government hasn't provided an exact list of banned apps. However, Guerini said certain there could be some exceptions for the sake of necessary communication. This won't prevent a social media team from posting content, in other words. The ban takes effect immediately, but the penalties for defying the rule can be decided at the "managerial level," Guerini's office says. The approach doesn't affect personal devices.

The clampdown comes after the US federal government, dozens of states, Canada, the European Commission and the UK have banned TikTok on their workers' devices. In those cases, the rationale has been similar: officials are worried the Chinese government could collect data about important individuals, spread propaganda and compel ByteDance (TikTok's parent company) to hand over sensitive information.

TikTok has repeatedly denied collaborating with the Chinese government. In testimony before a House committee yesterday, CEO Shou Chew said ByteDance was "not an agent of China" and that American user data wouldn't be accessible to staff in other countries by the time a migration project wraps up later this year.

The French policy, however, isn't aimed at any one country or app category. Instead, it represents a general concern that entertainment apps may put government data at unnecessary risk. That's not so hot for employees hoping to watch Netflix during lunch, but it may reassure politicians worried employees might inadvertently expose info through their social media accounts.

This article originally appeared on Engadget at https://www.engadget.com/france-bans-tiktok-and-candy-crush-from-government-phones-170434409.html?src=rss

OpenAI says a bug leaked sensitive ChatGPT user data

OpenAI was forced to take its wildly-popular ChatGPT bot offline for emergency maintenance on Tuesday after a user was able to exploit a bug in the system to recall the titles from other users' chat histories. On Friday the company announced its initial findings from the incident.

In Tuesday's incident, users posted screenshots on Reddit that their ChatGPT sidebars featured previous chat histories from other users. Only the title of the conversation, not the text itself, were visible. OpenAI, in response, took the bot offline for nearly 10 hours to investigate. The results of that investigation revealed a deeper security issue: the chat history bug may have also potentially revealed personal data from 1.2 percent of ChatGPT Plus subscribers (a $20/month enhanced access package). 

"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time," the OpenAI team wrote Friday. The issue has since been patched for the faulty library which OpenAI identified as the Redis client open-source library, redis-py.

The company has downplayed the likelihood of such a breach occurring, arguing that either of the following criteria would have to be met to place a user at risk:

- Open a subscription confirmation email sent on Monday, March 20, between 1 a.m. and 10 a.m. Pacific time. Due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users. These emails contained the last four digits of another user’s credit card number, but full credit card numbers did not appear. It’s possible that a small number of subscription confirmation emails might have been incorrectly addressed prior to March 20, although we have not confirmed any instances of this.

- In ChatGPT, click on “My account,” then “Manage my subscription” between 1 a.m. and 10 a.m. Pacific time on Monday, March 20. During this window, another active ChatGPT Plus user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date might have been visible. It’s possible that this also could have occurred prior to March 20, although we have not confirmed any instances of this. 

The company has taken additional steps to prevent this from happening again in the future including adding redundant checks to library calls, "programatically examined our logs to make sure that all messages are only available to the correct user," and "improved logging to identify when this is happening and fully confirm it has stopped." The company says that it has also reached out to alert affected users of the issue.

This news follows a costly public faux pas committed by Google's rival Bard AI in February when it incorrectly assured Twitter that the JWST was the first telescope to image an exoplanet, as well as revelations that CNET had surreptitiously used generative AI to write financial explainer posts (a week before laying off a sizable chunk of its editorial department). Whether OpenAI will suffer the same market-based repercussions as its competitors remains to be seen. 

This article originally appeared on Engadget at https://www.engadget.com/openai-says-a-bug-leaked-sensitive-chatgpt-user-data-165439848.html?src=rss

The next game from the makers of ‘Genshin Impact’ arrives in April

The next game from the makers of Genshin Impact has a release date. Honkai: Star Rail — a turn-based, space-fantasy, tactical RPG — arrives on April 26th. In addition to previously announced PC and mobile availability, developer HoYoverse announced today that a PlayStation (PS5 / PS4) version is coming “later.”

Although much is unknown about Honkai: Star Rail, we do know it trades in Genshin Impact’s Breath of the Wild type of open-world action for turn-based combat. Based on its trailers, it looks like a visual spectacle with an anime-esque art style and a cast of memorable characters. 

The story, set in the same universe as Honkai Impact 3rd, follows a protagonist with an implanted Stellaron (mysterious life forms that respond to the world’s desire to advance) on a quest to discover the truth about the “Cancer of All Worlds.” It begins at a tutorial level on Herta Space Station before moving on to snow-covered Jarilo-VI and other diverse worlds.

The free-to-play game will use gacha (item and character-based loot boxes) for monetization. It’s rated T for Teen and will be available for PC (standalone installation or the Epic Games Store), iOS and Android. That PS5 / PS4 version will arrive at an unknown later date.

This article originally appeared on Engadget at https://www.engadget.com/the-next-game-from-the-makers-of-genshin-impact-arrives-in-april-165030309.html?src=rss