Slashdot

Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy. Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?" Smith shrugged and shook his head. "Nothing special," he said. Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...." The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025. During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...) CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.) And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."

An anonymous reader shared this repost from the Washington Post: It's becoming standard practice at a growing number of U.S. airports: When you reach the front of the security line, an agent asks you to step up to a machine that scans your face to check whether it matches the face on your identification card. Travelers have the right to opt out of the face scan and have the agent do a visual check instead — but many don't realize that's an option. Sens. Jeff Merkley (D-Oregon) and John Neely Kennedy (R-Louisiana) think it should be the other way around. They plan to introduce a bipartisan bill that would make human ID checks the default, among other restrictions on how the Transportation Security Administration can use facial recognition technology. The Traveler Privacy Protection Act, shared with the Tech Brief on Wednesday ahead of its introduction, is a narrower version of a 2023 bill by the same name that would have banned the TSA's use of facial recognition altogether. This one would allow the agency to continue scanning travelers' faces, but only if they opt in, and would bar the technology's use for any purpose other than verifying people's identities. It would also require the agency to immediately delete the scans of general boarding passengers once the check is complete. "Facial recognition is incredibly powerful, and it is being used as an instrument of oppression around the world to track dissidents whose opinion governments don't like," Merkley said in a phone interview Wednesday, citing China's use of the technology on the country's Uyghur minority. "It really creates a surveillance state," he went on. "That is a massive threat to freedom and privacy here in America, and I don't think we should trust any government with that power...." [The TSA] began testing face scans as an option for people enrolled in "trusted traveler" programs, such as TSA PreCheck, in 2021. By 2022, the program quietly began rolling out to general boarding passengers. It is now active in at least 84 airports, according to the TSA's website, with plans to bring it to more than 400 airports in the coming years. The agency says the technology has proved more efficient and accurate than human identity checks. It assures the public that travelers' face scans are not stored or saved once a match has been made, except in limited tests to evaluate the technology's effectiveness. The bill would also bar the TSA from providing worse treatment to passengers who refuse not to participate, according to FedScoop, and would also forbid the agency from using face-scanning technology to target people or conduct mass surveillance: "Folks don't want a national surveillance state, but that's exactly what the TSA's unchecked expansion of facial recognition technology is leading us to," Sen. Jeff Merkley, D-Ore., a co-sponsor of the bill and a longtime critic of the government's facial recognition program, said in a statement... Earlier this year, the Department of Homeland Security inspector general initiated an audit of TSA's facial recognition program. Merkley had previously led a letter from a bipartisan group of senators calling for the watchdog to open an investigation into TSA's facial recognition plans, noting that the technology is not foolproof and effective alternatives were already in use.

Adafruit's managing director Phillip Torrone is also long-time Slashdot reader ptorrone. He stopped by Thursday to share what happened after a large portion of a recent import was subjected to a 125% +20% +25% import markup... We're no stranger to tariff bills, although they have definitely ramped up over the last two months. However, this is our first "big bill"... Unlike other taxes like sales tax where we collect on behalf of the state and then submit it back at the end of the month — or income taxes, where we only pay if we are profitable — tariff taxes are paid before we sell any of the products. And they're due within a week of receipt, which has a big impact on cash flow. In this particular case, we're buying from a vendor, not a factory, so we can't second-source the items. (And these particular products we couldn't manufacture ourselves even if we wanted to, since the vendor has well-deserved IP protections). And the products were booked & manufactured many months ago, before the tariffs were in place. Since they are electronics products/components, there's a chance we may be able to request reclassification on some items to avoid the 125% "reciprocal" tariff, but there's no assurance that it will succeed, and even if it does, it is many, many months until we could see a refund. We'll have to increase the prices on some of these products. But we're not sure if people will be willing to pay the higher cost, so we may well be "stuck" with unsellable inventory — that we have already paid a large fee on... Their blog post even includes a photo of the DHL customs invoice with the five-digit duty fee... Share your own stories and experiences in the comments. Any other Slashdot readers being affected by the new U.S. tariffs?

Google will pay $1.4 billion to the state of Texas, reports the Associated Press, "to settle claims the company collected users' data without permission, the state's attorney general announced Friday." Attorney General Ken Paxton described the settlement as sending a message to tech companies that he will not allow them to make money off of "selling away our rights and freedoms." "In Texas, Big Tech is not above the law." Paxton said in a statement. "For years, Google secretly tracked people's movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won...." The state argued Google was "unlawfully tracking and collecting users' private data." Paxton claimed, for example, that Google collected millions of biometric identifiers, including voiceprints and records of face geometry, through such products and services as Google Photos and Google Assistant. Google spokesperson José Castañeda said the agreement settles an array of "old claims," some of which relate to product policies the company has already changed. "We are pleased to put them behind us, and we will continue to build robust privacy controls into our services," he said in a statement. The company also clarified that the settlement does not require any new product changes. Google's settlement with Texas "far surpasses any other state's claims for similar violations," according to a statement from their attorney general's office. "To date, no state has attained a settlement against Google for similar data-privacy violations greater than $93 million. Even a multistate coalition that included forty states secured just $391 million — almost a billion dollars less than Texas's recovery." The statement calls the $1.375 billion settlement "a major win for Texans' privacy" that "tells companies that they will pay for abusing our trust."

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services. During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally. On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including: - Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550 - Linksys WRT320N, WRT310N, WRT610N - Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

joshuark shares a report from Axios: Bill Gates, once the richest man in the world, vowed to give away "virtually all" of his wealth through the Gates Foundation over the next two decades. Then, the foundation will close its doors on Dec. 31, 2045. [...] Gates wrote in a Thursday Gates Notes essay that the original plan was to sunset the foundation several decades after he and his then-wife died. Now, Gates believes that a "shorter timeline" is feasible. Gates pledged three "key aspirations" to guide the foundation's funding over the next two decades, which center on promoting child and maternal health and fighting infectious diseases and poverty. He emphasized that progress is not possible without government cooperation, as the U.S. and other nations slash their foreign aid budgets. "The reality is, we will not eradicate polio without funding from the United States," Gates wrote. It's unclear whether the world's richest countries will continue to stand up for its poorest people," Gates wrote. He added, "But the one thing we can guarantee is that, in all of our work, the Gates Foundation will support efforts to help people and countries pull themselves out of poverty."

Longtime Slashdot reader schwit1 shares a report from Earth.com: McDermitt Caldera in Oregon is attracting attention for what could be one of the largest lithium deposits ever identified in the United States. Many view it as a potential boost for domestic battery production, while local communities voice concern over the impact on wildlife and cultural sites. The excitement stems from estimates that value the deposit at about $1.5 trillion. Some geologists say these ancient volcanic sediments could contain between 20 and 40 million metric tons of lithium. The study is published in the journal Minerals.

An anonymous reader quotes a report from Ars Technica: Using AI can be a double-edged sword, according to new research from Duke University. While generative AI tools may boost productivity for some, they might also secretly damage your professional reputation. On Thursday, the Proceedings of the National Academy of Sciences (PNAS) published a study showing that employees who use AI tools like ChatGPT, Claude, and Gemini at work face negative judgments about their competence and motivation from colleagues and managers. "Our findings reveal a dilemma for people considering adopting AI tools: Although AI can enhance productivity, its use carries social costs," write researchers Jessica A. Reif, Richard P. Larrick, and Jack B. Soll of Duke's Fuqua School of Business. The Duke team conducted four experiments with over 4,400 participants to examine both anticipated and actual evaluations of AI tool users. Their findings, presented in a paper titled "Evidence of a social evaluation penalty for using AI," reveal a consistent pattern of bias against those who receive help from AI. What made this penalty particularly concerning for the researchers was its consistency across demographics. They found that the social stigma against AI use wasn't limited to specific groups. "Testing a broad range of stimuli enabled us to examine whether the target's age, gender, or occupation qualifies the effect of receiving help from Al on these evaluations," the authors wrote in the paper. "We found that none of these target demographic attributes influences the effect of receiving Al help on perceptions of laziness, diligence, competence, independence, or self-assuredness. This suggests that the social stigmatization of AI use is not limited to its use among particular demographic groups. The result appears to be a general one."

Elizabeth Holmes has lost her bid to have the appeal of her 2022 fraud conviction reheard by the 9th Circuit Court of Appeals, leaving the U.S. Supreme Court as her final option. She and former Theranos executive Sunny Balwani remain liable for $452 million in restitution, while Holmes continues serving her 11-year sentence. CNBC reports: The 9th Circuit U.S. Court of Appeals denied Holmes' request for a rehearing before the original three-judge panel that upheld her conviction. At the same time, the court said no judge on the circuit court had asked for a vote on whether to have the full court rehear the appeal. Holmes, 41, was sentenced in January 2023 to 11 years and 3 months in prison after being found guilty of four counts of wire fraud in January 2022. She was found guilty of deceiving investors about the capabilities of Theranos, the blood-testing company she founded in 2003. The company crumbled after a Wall Street Journal story outlined the firm's struggles and shut down in 2018.

Huawei has launched its first laptop running HarmonyOS instead of Windows, complete with AI features and support for over 2,000 mostly China-focused apps. The product is largely a result of U.S. sanctions that prevented U.S.-based companies like Google and Microsoft from doing business with Huawei, forcing the company to develop its own in-house solution. Liliputing reports: Early version of HarmonyOS were basically skinned version of Android, but over time Huawei has moved the two operating systems further apart and it now includes Huawei's own kernel, user interface, and other features. The version designed for laptops features a desktop-style operating system with a taskbar and dock on the bottom of the screen and support for multitasking by running multiple applications in movable, resizable windows. Since this is 2025, of course Huawei's demos also heavily emphasize AI features: the company showed how Celia, its AI assistant, can summarize documents, help prepare presentation slides, and more. While the operating system won't support the millions of Windows applications that could run on older Huawei laptops, the company says that at launch it will support more than 2,000 applications including WPS Office (an alternative to Microsoft Office that's developed in China), and a range of Chinese social media applications.