schwit1 shares a report from Yahoo News: Megaupload founder Kim Dotcom suffered a major setback in his epic legal battle against online piracy charges Thursday when New Zealand's Court of Appeal ruled he was eligible for extradition to the United States. The German national, who is accused of netting millions from his file sharing Megaupload empire faces charges of racketeering, fraud and money laundering in the U.S., carrying jail terms of up to 20 years. Dotcom had asked the court to overturn two previous rulings that the Internet mogul and his three co-accused be sent to America to face charges. Instead, a panel of three judges backed the FBI-led case, which began with a raid on Dotcom's Auckland mansion in January 2012 and has dragged on for more than six years. His lawyer tweeted he would appeal to the NZ Supreme Court.

According to The Wall Street Journal, hundreds of app developers have access to millions of inboxes belonging to Gmail users (Warning: source paywalled; alternative source). The developers reportedly receive access to messages from Gmail users who signed up for things like price-comparison services or automated travel-itinerary planners. Some of these companies train software to scan the email, while others enable their workers to pore over private messages. INSIDER reports: It's not news that Google and many top email providers enable outside developers to access users' inboxes. In most cases, the people who signed up for the price-comparison deals or other programs agreed to provide access to their inboxes as part of the opt-in process. In Google's case, outside developers must pass a vetting process, and as part of that, Google ensures they have an acceptable privacy agreement, The Journal reported, citing a Google representative.

What is unclear is how closely these outside developers adhere to their agreements and whether Google does anything to ensure they do, as well as whether Gmail users are fully aware that individual employees may be reading their emails, as opposed to an automated system, the report says. It's interesting to note that, judging from The Journal's story, very little indicates that Google is doing anything different from Microsoft or other top email providers. According to the newspaper, nothing in Microsoft or Yahoo's policy agreements explicitly allows people to read others' emails.

There are cyberheists, and then there's Carbanak, a cybercriminal gang that has stolen about $1.2 billion from more than 100 banks in 40 nations. The suspected 34-year-old ringleader is under arrest, but the whopping $1.2 billion amount remains missing. And to add insult to the injury, the malware attacks live on. Bloomberg Businessweek has an insightful story on this, which includes comments from none other than Europol itself, on the chase to catch Carabanak which has lasted for three years. Some excerpts from the story: Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn't created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it.

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld.

Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.

An anonymous reader writes: A survey conducted among the tech workers, including many employees of Silicon Valley's elite tech companies, has revealed that over 57% of respondents are suffering from job burnout. The survey was carried out by the makers of an app that allows employees to review workplaces and have anonymous conversations at work, behind their employers' backs. Over 11K employees answered one question -- if they suffer from job burnout, and 57.16% said "Yes."

The company with the highest employee burnout rate was Credit Karma, with a whopping 70.73%, followed by Twitch (68.75%), Nvidia (65.38%), Expedia (65.00%), and Oath (63.03% -- Oath being the former Yahoo company Verizon bought in July 2017). On the other end of the spectrum, Netflix ranked with the lowest burnout rate of only 38.89%, followed by PayPal (41.82%), Twitter (43.90%), Facebook (48.97%), and Uber (49.52%).

America's Department of Defense "has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups," reports the New York Times. Long-time Slashdot reader TheSauce shares their report: In the spring, as the Pentagon elevated the command's status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed, according to strategy documents and military and intelligence officials... The new strategy envisions constant, disruptive "short of war" activities in foreign computer networks... "Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks"...

The risks of escalation -- of U.S. action in foreign networks leading to retaliatory strikes against U.S. banks, dams, financial markets or communications networks -- are considerable, according to current and former officials... The chief risk is that the internet becomes a battleground of all-against-all, as nations not only place "implants" in the networks of their adversaries -- something the United States, China, Russia, Iran and North Korea have done with varying levels of sophistication -- but also begin to engage in daily attack and counterattack.
An article shared by schwit1 notes that officials in the Obama administration "were also worried that a vigorous cyber response...could escalate into a full scale cyber war."

Yet the Times reports that this new policy reflects "a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America."

hackingbear shares a report from Yahoo News: Google will invest $550 million in Chinese e-commerce powerhouse JD.com, part of the U.S. internet giant's efforts to expand its presence in fast-growing Asian markets and battle rivals including Amazon.com. The two companies described the investment announced on Monday as one piece of a broader partnership that will include the promotion of JD.com products on Google's shopping service. This could help JD.com expand beyond its base in China and Southeast Asia and establish a meaningful presence in U.S. and European markets. For JD.com, the Google deal shows its determination to build a set of global alliances as it seeks to counter Alibaba, which has been more focused on forging domestic retail tie-ups.

Slashdot reader grep -v '.*' * shares a surprising story. The Kansas City Star profiles the victim of a three-year con that started with an email to a Yahoo inbox back in 2005. A decade ago, Fred Haines was wandering the Wichita airport looking for a Nigerian man hauling two chests full of cash. After an hour of waiting and asking around, he finally came to the realization that the $65 million Nigerian fortune he thought he was inheriting was not coming after all. What is now coming, though, is the $110,000 he had been scammed out of, thanks to the work of the Kansas Attorney General's Office.

From 2005 to 2008, swindlers hoodwinked Haines, a self-employed handyman in Wichita, into spending thousands in pursuit of an imaginary inheritance from a Nigerian government official -- a con known as the Nigerian Prince Scam. Haines re-mortgaged his house three times in the process. Last year, in a settlement with the Department of Justice, Western Union admitted it knew some of its employees had conspired with scam artists to bilk people out of money and had failed to fix the problem. The company set aside $586 million to create a fund to refund victims across the U.S. and Canada... All victims who'd sent money to hucksters using the service were able to request refunds, but only those who had complained to law enforcement or Western Union were notified directly of the settlement.

"It got to the point where they were showing me that the president of Nigeria had sent me a letter. It had his picture on it and everything," Haines said. "I looked it up on the computer to see what the Nigerian president looked like, and it was him." Once, he received an email claiming to be from Robert Mueller, who was then the FBI director. The email was addressed to Haines, code-name "B-DOG," and it was signed with the FBI's address and official seal. "I wish you can remove doubt and suspicious and go ahead I assured you that you will never regret this fund release," the email said in part.
Haines is one of 344 victims who recovered a total of $1,758,988 through the Kansas Attorney General's office -- though when the office sent out 25,000 letters to possible scam victims, many of them were now skeptical of the promise of unclaimed money, and "Some were even angry when employees called to follow up on those who hadn't responded."

An anonymous reader quotes a report from The Register: Yahoo's U.K. limb has finally been handed a $334,300 (250,000 GBP) fine for the 2014 cyber attack that exposed data of half a million Brit users. Today, the Information Commissioner's Office issued Yahoo U.K. Services Ltd a $334,300 (250,000 GBP) fine following an investigation that focused on the 515,121 U.K. accounts that the London-based branch of the firm had responsibility for. The ICO said "systemic failures" had put user data at risk as the U.K. arm of Yahoo did not take appropriate technical and organizational measures to prevent a data breach of this size.

In particular, the watchdog said there should have been proper monitoring systems in place to protect the credentials of Yahoo employees who could access customer's data, and to ensure that instructions to transfer very large quantities of personal data from Yahoo's servers would be flagged for investigation. It also noted that, as a data controller, Yahoo U.K. services Ltd had a responsibility to ensure its processors -- in this case Yahoo, whose U.S. servers held the data on U.K. users -- complied with data protection standards.

Yahoo Messenger is to be discontinued in just over a month. Yahoo owner Oath has announced that it is killing off its famous Messenger service on July 17. From a report: After this date, chatting will no longer be available, and users have just six months to download their chat histories. At the moment, there is no direct replacement for Yahoo Messenger, but users are being advised that they can request an invite for the beta version of the invite-only group messaging app Yahoo Squirrel. In an FAQ about the announcement, Yahoo addresses why the decision to shutter the service was taken. "We know we have many loyal fans who have used Yahoo Messenger since its beginning as one of the first chat apps of its kind. As the communications landscape continues to change over, we're focusing on building and introducing new, exciting communications tools that better fit consumer needs."

hackingbear shares a report from Yahoo Finance: Micron Technology Inc., the largest U.S. maker of computer memory chips, said Chinese regulatory authority representatives visited its offices in that country, potentially opening another front in a growing trade dispute between the world's two largest economies. Chinese media reported that Samsung and SK Hynix also received visits from local regulators seeking information. Micron got about half of its sales from China last year, according to data compiled by Bloomberg. China has been spending heavily on attempts to boost its domestic supply of semiconductors and lessen a bill that has exceeded the cost of oil imports. "In 2015, Qualcomm, another U.S. chip giant currently under antitrust investigation in Europe, paid near $1 billion to settle its antitrust matter in China," notes Slashdot reader hackingbear.

The computer hacker who worked with Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo. "U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco," The Associated Press reports. From the report: Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. Prosecutors allege he was "an international hacker for hire" who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia's Federal Security Service. Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person's webmail passwords by tricking them to enter their credentials into a fake password reset page. Prosecutors said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.

"Deterrence is particularly important in a case like this," the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov's age and clean criminal record prior to his arrest. Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been "a very humbling and eye-opening experience." He apologized to those he hacked and promised "to be a better man" and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

john of sparta shares a report from Yahoo: American forces in Syria are increasingly facing attacks from Russian and Syrian electronic warfare weapons, as Moscow uses the conflict to test its future arsenal. General Raymond Thomas, head of the U.S. Special Operations Command, said that Syria has become "the most aggressive electronic warfare environment on the planet," Breakingdefense.com reported. Speaking at a geospatial intelligence conference in Florida, Gen. Thomas said that Russian and Syrian regime forces "are testing us everyday, knocking our communications down, disabling our [EC-130 aircraft]."

The Lockheed Martin EC-130 Compass Call is one of America's most advanced electronic warfare weapons. Based on the C-130 Hercules, the plane was developed to disrupt enemy communications, radar and command operations. The craft's presence in Syrian skies gives Russia the chance to test its weapons against the best the U.S. has to offer, whether directly or through its Syrian allies. Earlier this month, four anonymous officials told NBC News that Russia has also been regularly targeting smaller U.S. surveillance drones. One of those quoted said Russian operations were having a significant impact on U.S. capabilities. The sophisticated attacks were even successful against encrypted signals and anti-jamming devices, the official said. Slashdot reader john of sparta adds, "Well, it's war; not a surprise..."

Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.

Former Yahoo Chief Executive Officer Marissa Mayer is starting a technology business incubator, Lumi Labs, with longtime colleague Enrique Munoz Torres, she revealed in an interview with The New York Times. Bloomberg: The venture will focus on consumer media and artificial intelligence, according to the company's website, which is set against a backdrop of snow-covered peaks. Lumi means snow in Finnish, Mayer told the New York Times, which reported the news earlier Wednesday. The next project for Mayer, who was an early employee at Google and worked there until leaving to run Yahoo in 2012, had been a matter of considerable speculation in Silicon Valley. She left Yahoo, once a leading search engine and web destination, after it was sold to Verizon Communications last year.

"Yahoo is now part of Oath and there is a new Privacy and Terms contract..." warns long-time Slashdot reader DigitalLogic. CNET reports: Oath notes that it has the right to read your emails, instant messages, posts, photos and even look at your message attachments. And it might share that data with parent company Verizon, too... When you dig further into Oath's policy about what it might do with your words, photos, and attachments, the company clarifies that it's utilizing automated systems that help the company with security, research and providing targeted ads -- and that those automated systems should strip out personally identifying information before letting any humans look at your data. But there are no explicit guarantees on that.
The update also warns that Oath is now "linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends." For example, Oath "may analyze user content around certain interactions with financial institutions," and "leverages information financial institutions are allowed to send over email."

Oath does offer a "Privacy Controls" page which includes a "legacy" AOL link letting you opt-out of internet-based advertising that's been targeted "based on your online activities" -- but it appears to be functioning sporadically.

CNET also reports that now Yahoo users are agreeing to a class-action waiver and mutual arbitration. "What it means is if you don't like what the company does with your data, you'll have a hard time suing."

Uber barreled into autonomous driving out of fear that it could end up as the MySpace or Yahoo of ride-hailing, a company with early gargantuan success that stumbled as times changed. Waymo, the self-driving offshoot of Google parent Alphabet, has pursued its ambitions more cautiously, accumulating long years of research and testing before pursuing a plan to bring its technology to the public. From a report: Now, as Waymo scales up its self-driving taxi service, Uber's fear could be coming to pass. This week, as Uber continued to reel from a fatal self-driving accident in Arizona, Waymo confidently pushed forward -- landing a deal to build 20,000 self-driving luxury SUVs with Jaguar Land Rover on top of its plan for thousands of Chysler hybrid minivans. Within two years, it aims to have thousands of fully autonomous taxis -- with no backup drivers behind the wheel -- on the roads, starting in Phoenix where it is already giving test rides.

The company predicts it will give 1 million robot-taxi rides a day by 2020. Waymo, the industry pioneer, logged millions of autonomous miles as it perfected self-driving technology. But over the years, engineers defected out of frustration that it was not commercializing the technology. Now with former auto executive John Krafcik at the helm, Waymo appears poised to launch a self-driving taxi service that could conceivably dominate that field, at least early on, the way Uber does now with human-driven cars.

Adrian Lamo, a well-known hacker known for his involvement in passing information on whistleblower Chelsea Manning and hacking into systems at The New York Times, Microsoft, and Yahoo in the early-2000s, has died at 37. ZDNet reports: His father, Mario, posted a brief tribute to his son in a Facebook group on Friday. "With great sadness and a broken heart I have to let know all of Adrian's friends and acquittances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son," he wrote. The coroner for Sedgwick County, where Lamo lived, confirmed his death, but provided no further details. Circumstances surrounding Lamo's death are not immediately known. A neighbor who found his body said he had been dead for some time.

After Reddit famously banned the creepshots sub-reddit, which shared non-consensual, revealing photos of women, Tumblr now has a slew of users pushing out similar photos across at least dozens of dedicated blogs, a Motherboard investigation has found. From the report: Simply typing 'creepshot' or related terms into Tumblr's built-in search function returns a steady stream of tagged posts, and Google queries easily reveal links to relevant Tumblr blogs. Motherboard found just under 70 Tumblr blogs focused on sharing creepshots, most with a bevy of content. In some cases, the Tumblrs also host 'upskirt' photos or videos, where a camera is deliberately, and stealthily, positioned to look up an unsuspecting person's skirt. Some of the subjects of these images, as well as many of the clothed creepshots, appear to be young, possibly teenagers.

"This is only the tip of the iceberg, there are probably hundreds of these accounts filming in high schools, college campuses, in malls, and on the streets. And Tumblr seems to not care at all about the problem," an anonymous tipster, who first alerted Motherboard to the issue, wrote in an email. One of the most popular creepshot Tumblrs has some 11,000 followers, and one of its posts has over 53,000 interactions linked to it, including reblogs, where the video or picture then appears on the user's own Tumblr, spreading the content further.

Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches. From a report: In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo's Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo's bid to dismiss some unfair competition claims.

[...] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs' decision to use Yahoo. 'Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo's terms of service were "unconscionable," given the allegations that Yahoo knew its security was deficient but did little.