Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader’s coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 – although part of the reason might be that they are now so valuable people are taking more care with them.

Source: North Korea made ‘$400m’ in cryptocurrency heists last year • The Register

Yet another developer of open source software has tired of companies utilizing the code he helps maintain without giving anything back to support the project.

On Tuesday, Christofer Dutz, creator of Apache PLC4X, said he will stop providing community support for the software if corporate users fail to step up and open their wallets.

“The industry seems to like using PLC4X and open-source in general, but doesn’t seem to be willing to support the people working on it,” he wrote in a post to GitHub. “So, I will stop providing free community support for PLC4X.”

Dutz is one of six listed maintainers of Apache PLC4X, a set of libraries for communicating with programmable logic controllers – industry-specific devices involved in the automation of various manufacturing tasks. His demand for support exists outside his involvement with the Apache Foundation; he maintains a separate IT consultancy called c-ware to help companies design and implement PLC4X software to suit their respective businesses.

C-ware has launched several crowdfunding initiatives to adapt Apache PLC4X to Python, Rust, and TypeScript, among other enhancements, but these have barely attracted any funding commitments.

[…]

Source: Open source maintainer hits out at corporate freeloaders • The Register

With log4j fresh in memory it’s pretty clear that this widespread use of FOSS without any money going the way of the non-university funded maintainers is not sustainable

The Federal Trade Commission’s antitrust complaint that Facebook, er, Meta operates as a monopoly will be heard by the courts after the US watchdog’s initial lawsuit was dismissed.

In December 2020, the FTC accused Meta of “illegally maintaining its personal social networking (PSN) monopoly through a years-long course of anticompetitive conduct.” It threatened to break up the mega-corporation and undo its acquisitions Instagram and Whatsapp.

This legal challenge fell flat, however, when judges threw the case out six months later. Evidence supporting the idea it unlawfully dominated social media was said to be lacking though the regulator was given another chance to file an amended lawsuit. A federal judge has now agreed to hear the case this time.

“First, the FTC has now alleged enough facts to plausibly establish that Facebook exercises monopoly power in the market for PSN services,” Judge James Boasberg ruled [PDF] this week.

“Second, it has adequately alleged that the company’s dominant market share is protected by barriers to entry into that market. Third, the agency has also explained that Facebook not only possesses monopoly power, but that it has willfully maintained that power through anticompetitive conduct — specifically, the acquisitions of Instagram and WhatsApp.”

The amended lawsuit brings up pretty much the same allegations as the first lawsuit. It claims Meta has been operating as a monopoly for years with Instagram and Whatsapp under its belt, and that it has enforced anticompetitive practices to deter or thwart rivals.

[…]

Source: FTC’s latest monopoly lawsuit against Meta gets go-ahead • The Register

The Dutch antitrust authority has found that Apple’s rules requiring software developers to use its in-app payment system are anti-competitive and ordered it to make changes, four people familiar with the matter said, in the latest regulatory setback for the iPhone maker.

Apple’s app-store payment policies, in particular its requirement that app developers exclusively use its payment system where commissions range between 15% and 30%, have long drawn complaints from developers.

[…]

The Netherlands’ Authority for Consumers and Markets (ACM) last month informed the U.S. technology giant of its decision, making it the first antitrust regulator to make a finding the company has abused market power in the app store, though Apple is facing challenges in multiple countries.

ACM has not levied a fine against Apple, but demanded changes to the in-app payment system, the people said. The decision has not been seen by Reuters.

An ACM spokesperson declined to comment, saying that the matter is currently under legal review. The regulator has previously said it expects to publish its decision this year.

[…]

Source: EXCLUSIVE Dutch watchdog finds Apple app store payment rules anti-competitive – sources | Reuters

Game-making platform and fledgling metaverse Roblox made the news yesterday as the focus of a New York Times report about a ‘90s era tax cut that’s spun out of control. Originally created to foster investment in small businesses, the Qualified Small Business Stock, or Q.S.B.S., exemption has transformed into a way for ultra-wealthy businesses to avoid paying taxes on huge amounts of profits.

I’d say it seemed like a good idea at the time, but it really wasn’t. Launched in 1993, the Qualified Small Business Stock exemption was presented as a means to get more people investing in start-ups by shielding some of a company’s profits from taxation. Originally the exemption meant an investor would be shielded from paying taxes on half of profits up to 10 million dollars, but that was eventually changed to exempt the entire 10 million

[…]

the U.S. tax system for voting into being a loophole-laden exemption that would eventually be so abused that participating in it would be considered a right-of-passage for Silicon Valley’s ultra-wealthy. The problem with the Q.S.B.S. exemption is that it can be cloned. All it takes is gifting stock to friends and family. Though they haven’t invested in the company, they nevertheless still qualify for the exemption, so you can ensure that large chunks of money stay within close orbit of your control without needing to pay taxes on said cash.

According to financial reports and the New York Times’ sources, Roblox founder David Baszucki has been able to multiply the exemption 12 times over, gifting stock to his wife, his four children, and various other relatives. In the fall of 2020, months before Roblox went public, Baszucki’s mother-in-law started giving away shares to relatives. Since they were gifted, those shares also qualified for the exemption. In March of 2021, Roblox went public, valued at 45 billion.

While this all sounds horrible and super-cheaty, there’s nothing at all illegal about this practice. It has a name, stacking, but is also known as peanut-buttering

[…]

 

Source: Roblox Saves Millions Taking Advantage Of A Shocking Tax Dodge

Norton antivirus’s inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.

The addition of Ncrypt.exe, Norton 360’s signed cryptocurrency-mining binary, to installations of Norton antivirus isn’t new – but it seems to have taken the non-techie world a few months to realise what’s going on.

Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock’s pitch, as we reported, was that people dabbling in cryptocurrency mining probably weren’t paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?

In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. While this compares well to the 100 per cent takings that criminals covertly deploying cryptominers help themselves to, some might say it’s a bit excessive for minimal effort on Norton’s part.

[…]

“If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard,” says the FAQ on Norton’s website.

Uninstalling it altogether takes a bit more persistence, it appears, with users needing to disable Norton Product Tamper Protection (intended to protect the antivirus product from being disabled or deleted by malware) before going through the usual Windows uninstallation steps.

Norton isn’t alone: last year a maker of Wi-Fi routers offered to mine cryptocurrency on users’ devices if they supplied connectivity to the general public.

[…]

Source: Yes, Norton 360 has a built in cryptominer. Deletion is easy • The Register

Google and Facebook have come a little unstuck in the cookie department as French watchdog Commission Nationale de l’Informatique et des Libertés (CNIL) slapped the pair with a €150m and €60m fine respectively.

The CNIL kicked off its investigations after receiving complaints regarding the way cookies can be refused on facebook.com, youtube.com and google.fr. The crux of the matter is that while there is a button to permit immediate acceptance of cookies, there is not the equivalent to refuse them as easily. “Several clicks are required to refuse all cookies, against a single one to accept them,” explained the CNIL.

“The restricted committee,” it went on, “considered that this process affects the freedom of consent: since, on the internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent. This constitutes an infringement of Article 82 of the French Data Protection Act.”

[…]

Source: France fines Meta, Google: Cookies must be easier to reject • The Register

Electric- and hydrogen-powered truck startup Nikola has agreed to a $125 million settlement over charges that it defrauded investors after misleading them about its products, technical advances and financial prospects.

Nikola violated the antifraud and disclosure control provisions of the federal securities laws, the Securities and Exchange Commission said Tuesday.

In July the founder and one-time chair of Nikola, Trevor Milton, was freed on $100 million bail after pleading not guilty to charges alleging he lied about the company.

The U.S. Attorney’s Office in Manhattan, New York, charged Milton, 39, with two counts of securities fraud and wire fraud. He resigned as chairman in September.

The SEC said in its order that Milton embarked on a public-relations campaign aimed at inflating and maintaining Nikola’s stock price before the company had produced a vehicle.

The SEC also found that Milton misled investors about Nikola’s technological advancements, in-house production capabilities, hydrogen production, truck reservations and orders, and financial outlook. In addition, it found that Nikola misled investors by misrepresenting or omitting information about the refueling time of its prototype vehicles, as well as the economic risks and benefits associated with a potential partnership with General Motors.

[…]

Source: EV startup Nikola settles with U.S. for $125 million | The Seattle Times

Also see: Nikola Admits Prototype Was Rolling Downhill In Promo Video

[…]

According to court documents, Ishii switched the transfer address for a Sony Life transaction to use a Silvergate Bank account under his control..

Ishii later converted the stolen funds into more than 3879 bitcoins via A Coinbase set up to automatically transfer all added funds to an offline cryptocurrency cold wallet with a Bitcoin address of bc1q7rhc02dvhmlfu8smywr9mayhdph85jlpf6paqu.

After converting the money to cryptocurrency, Ishii also tried persuading his supervisor and several Sony Life executives not to help investigators by emailing them a ransom note typed in English and Japanese.

“If you accept the settlement, we will return the funds back. If you are going to file criminal charges, it will be impossible to recover the funds,” the note read.

“We might go down behind all of this, but one thing is for sure, you are going to be right there next to us. We strongly recommend to stop communicate (sic) with any third parties including law enforcement.”

Cryptocurrency seized following FBI investigation

However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet.

“Sony and Citibank immediately contacted and cooperated with law enforcement as soon as the theft was detected, and the FBI worked in partnership with both to locate the funds,” explained FBI Special Agent in Charge Suzanne Turner.

“Second, the FBI’s footprint internationally through our Legal Attaché offices and the pre-existing relationships we have established in foreign countries – in this instance with Japan – enabled law enforcement to coordinate and identify the subject.”

Tokyo’s Metropolitan Police Department arrested the 32-year-old Ishii the same day and criminally charged him on suspicion of obtaining $154 million dollars following fraudulent money transfers from mid-May.

[…]

Source: US returns $154 Million in bitcoins stolen by Sony employee