"Twitter DMs should have end to end encryption like Signal," Elon Musk tweeted Wednesday to his 89 million followers, "so no one can spy on or hack your messages."

And on Monday, Musk also announced hopes to "authenticate all humans."

But now Security Week is wondering if Musk's acquisition of Twitter will ultimately mean not just better security at Twitter but also innovation for the entire cybersecurity industry: Twitter has struggled with consistent security leadership, hiring and firing multiple CISOs even as nation-state adversaries target Twitter's massive user base with computer-generated disinformation campaigns...."Even if you don't like the guy, you have to root for Twitter to beat the bots," said one prominent CISO interviewed by SecurityWeek on Tuesday. "I think we will all benefit from any security features they [Twitter] can create."

Jamie Moles, a senior technical manager at ExtraHop, said the bot-elimination mission could have spinoff benefits for the entire industry. "While this seems like a Sisyphean task, if he's successful, the methods used by Twitter to eliminate bots from the platform may generate new techniques that improve the detection and identification of spam emails, spam posts, and other malicious intrusion attempts," Moles said. If Musk and his team can train AI to be more effective in combating this, it may well be a boon to security practitioners everywhere," Moles added.

"Identity is one area I expect to see movement. In addition to just detecting bots and spam better, I think we will see Twitter do a better job around verifying humans. There are a lot of things to fix there," said one CISO who requested anonymity because his company does security-related business with Twitter. Industry watchers also expect to see the company improve the multi-factor authentication (MFA) adoption numbers among its massive user base....

If Twitter can build a reliably secure platform with a new approach to distinguishing between human and bot traffic and fresh flavors of MFA and encryption, this could be a big win for the entire industry and users around the world.
Thanks to Slashdot reader wiredmikey for sharing the story

Twitter today announced that it has entered into a definitive agreement to be acquired by an entity wholly owned by Elon Musk, for $54.20 per share in cash in a transaction valued at approximately $44 billion. Upon completion of the transaction, Twitter will become a privately held company. Press release: Under the terms of the agreement, Twitter stockholders will receive $54.20 in cash for each share of Twitter common stock that they own upon closing of the proposed transaction. The purchase price represents a 38% premium to Twitter's closing stock price on April 1, 2022, which was the last trading day before Mr. Musk disclosed his approximately 9% stake in Twitter.

"Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated," said Mr. Musk. "I also want to make Twitter better than ever by enhancing the product with new features, making the algorithms open source to increase trust, defeating the spam bots, and authenticating all humans. Twitter has tremendous potential -- I look forward to working with the company and the community of users to unlock it." Earlier on Monday, Musk tweeted: "I hope that even my worst critics remain on Twitter, because that is what free speech means."

FaceTime users are getting bombarded with group calls from numbers they've never seen before, often as many as 20 times in short succession during late hours of the night. From a report: Griefers behind the pranks call as many as 31 numbers at a time. When a person receiving one of the calls hangs up, a different number will immediately call back. FaceTime doesn't have the ability to accept only FaceTime calls coming from people in the user's address book. It also requires that all numbers in a group call must be manually blocked for the call to be stopped. "I got my first facetime spam starting 4 days ago," one user reported to an Apple support forum earlier this month. "It has been non-stop, over 300 numbers blocked so far. My 3 year old daughter has been accidentally answering them and going on video without a t-shirt on." The high volume of callbacks appears to be the result of other people receiving the call dialing everyone back when the initial call fails shortly after answering. As more and more people receive follow-on calls, they too begin making callbacks. Apple provides surprisingly few ways for users to stop the nuisance calls. As noted earlier, users can block numbers, but this requires manually blocking each individual person on the group call. That's not an effective solution for people receiving dozens of group calls, often to a different group of people in a short period of time, often in the wee hours.

An anonymous reader quotes a report from Axios: The average American received roughly 42 spam texts just in the month of March, according to new data from RoboKiller, an app that blocks spam calls and texts. Spammers like using text messages because of their high open rates -- and are now even mimicking targets' own phone numbers to get them to click malicious links, the New York Times reported. "Just like with robocalls, it's extremely easy to deploy [spam texts] in enormous volume and hide your identity," Will Maxson, assistant director of the FTC's division of marketing practices, told Axios. "There's a large number of actors all over the world trying to squeeze spam into the network from almost an infinite number of entry points all the time."

It's not just texts. Every form of spam is on the rise. There were more spam calls last month than in any of the previous six months, per YouMail's Robocall Index. Spam emails rose by 30% from 2020 to 2021, according to a January report from the Washington Post. There was an unprecedented increase in social media scams last year, according to data from the Federal Trade Commission. Many scams were related to bogus cryptocurrency investments.

Experts attribute the sharp increase in spam to the pandemic. People's increased reliance on digital communications turned them into ready targets. The Federal Communications Commission saw a nearly 146% increase in the number of complaints about unwanted text messages in 2020. Americans reported losing $131 million to fraud schemes initiated by text in 2021, a jump over 50% from the year before, according to data from the FTC.

An anonymous reader shares a report: Early in March, a bunch of Facebook users got a mysterious, spam-like email titled "Your account requires advanced security from Facebook Protect" and telling them that they were required to turn on the Facebook Protect feature (which they could do by hitting a link in the email) by a certain date, or they would be locked out of their account. The program, according to Facebook, is a "security program for groups of people that are more likely to be targeted by malicious hackers, such as human rights defenders, journalists, and government officials." It's meant to do things like ensure those accounts are monitored for hacking threats and that they are protected by two-factor authentication (2FA).

Unfortunately, the email that Facebook sent from the address security@facebookmail.com resembled a rather common form of spam, and so it's probable that many people ignored it. It actually wasn't spam. In fact, it was real. The first deadline to hit for many people was Thursday, March 17th. And now, they are locked out of their Facebook accounts -- and are having trouble with the process that Facebook has provided to get them back in. Those who did not activate Facebook Protect before their deadline are apparently getting a message explaining why they can't get into their accounts and offering to help them turn it on. However, it's not always working.

Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload. The case affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress. BleepingComputer reports: The discovery comes from Wordfence, whose team first observed the malicious activity on March 11, 2022, with 298 websites infected by the backdoor within 24 hours, 281 of which were hosted on GoDaddy. The backdoor infecting all sites is a 2015 Google search SEO-poisoning tool implanted on the wp-config.php to fetch spam link templates from the C2 that are used to inject malicious pages into search results. The campaign uses predominately pharmaceutical spam templates, served to visitors of the compromised websites instead of the actual content.

The goal of these templates is likely to entice the victims to make purchases of fake products, losing money and payment details to the threat actors. Additionally, the actors can harm a website's reputation by altering its content and making the breach evident, but this doesn't seem to be the actors' aim at this time. The intrusion vector hasn't been determined, so while this looks suspiciously close to a supply chain attack, it hasn't been confirmed. [...] In any case, if your website is hosted on GoDaddy's Managed WordPress platform, make sure to scan your wp-config.php file to locate potential backdoor injections. Wordfence also reminds admins that while removing the backdoor should be the first step, removing spam search engine results should also be a priority.

"With so many coming together on the side of Ukraine (even those who traditionally stay neutral in international affairs), asking ICANN to take action against Russia seems like it could be a reasonable proposition under the circumstances," writes new Slashdot submitter unimind. "As a bonus, the likely decrease in spam would be a welcome reprieve..." The Register reports: In response to the Russian invasion of Ukraine last week, Mykhailo Fedorov, First Vice Prime Minister of Ukraine, on Monday asked the head of DNS overlord ICANN to disable country code top-level domains associated with Russia. In an email [PDF], Fedorov asked Goran Marby, CEO of ICANN, to impose sanctions on Russia, arguing that the Putin regime has used internet infrastructure to propagandize its war effort. Specifically, he has asked for the revocation of domains ".ru", ".", ".su", and others used by the Russian Federation, shutting down DNS root servers serving the Russian Federation, and contributing to the revocation of associated TLS/SSL certificates for those domains.

"All of these measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation," Fedorov's email says. "Leaders, governments and organizations all over the world are in favor of introducing sanctions towards the Russian Federation since they aim at putting the aggression towards Ukraine and other countries to an end. I ask you kindly to seriously consider such measures and implement them as quickly as possible. Help to save the lives of people in our country." Doing so would block about five million domains from the global internet, and would significantly affect Russia's ability to communicate online. In response to Prykhodko, Erich Schweighofer, a professor at the University of Vienna and ICANN community participant, wrote: "We know and we are aware of the very difficult and dangerous situation. [The] EU will support you. However, removing Russia from the internet does not help supporting the civil society in this country for a democratic change. ICANN is a neutral platform, not taking a position in this conflict but allowing States to act accordingly, e.g. blocking all traffic from a particular state."

Antony Van Couvering, CEO of Top Level Domain Holdings, expressed support for the idea: "Neutrality as a response to murder is not neutral. What is the use of 'civil society' organizations if they won't even speak up in support [to] protect civil society, much less do anything about it? Even politicians have woken up. Even the German government has woken up. Even the Swiss government has woken up! Meanwhile some people at ICANN are content to repeat empty phrases about not getting involved because it doesn't help civil society in their country. So much for 'one world, one internet.'"

The report adds that domain registrar Namecheap has "advised customers in Russia to take their business elsewhere, citing war crimes." However, Namecheap's CEO, Richard Kirkendall, later clarified that they haven't blocked the domains. Instead, they're just "asking people to move."

An anonymous reader quotes a report from TorrentFreak: In 2021, Reddit's users created nearly 5.8 billion posts, comments, private messages and chats across the platform, with 297,161,752 later being removed by moderators (around 175.8k), removed by site admins (108.6K), and the authors themselves (12.6K). Content can be removed for a variety of reasons. 'Content manipulation' is the largest category and encompasses spam, community interference (so-call 'brigading'), vote manipulation, and similar issues. For the purpose of this report, however, we'll home in on the copyright issues faced by Reddit during the last year and how the site responded to them.

In common with the vast majority of large companies based in the US, Reddit has to follow the requirements of the DMCA which means that when it receives a valid copyright notice, it must comply by taking the identified content down. On the other hand, when submitters send notices that are incomplete or invalid in some other way, Reddit does not. "In 2021, Reddit received 177,450 copyright notices reporting 920,672 pieces of content. This represents an increase of 104% from 2020. We removed 665,898 pieces of content in response to these takedown notices," the company reveals in the latest edition of its transparency report.

Under the DMCA, Reddit is also required to take "appropriate action" against so-called "repeat infringers", which in the company's case can involve the termination of not only user accounts but also entire subreddit communities, especially ones where "excessive amounts" of infringing content keep getting posted. "In 2021, Reddit permanently suspended 2,813 users and banned 2,625 subreddits for excessive copyright infringement," the company writes. These figures represent a substantial increase over those published for 2020. In that year, Reddit banned just 303 users and terminated 514 subreddits. Although overall copyright complaints are up 104% on the previous year, the site's termination policy doesn't appear to have changed significantly. "With around 297 million pieces of content removed by Reddit in 2021, the 665,898 pieces removed on copyright grounds represent a small fraction of the overall problem," concludes the report. "However, with user accounts and entire communities on the line, consequences can be great when errant users repeatedly and intentionally overstep the line."

A new claim that Microsoft and Google are gaming the online advertising market to the detriment of smaller rivals threatens to set up a new antitrust clash in Europe, according to previously unseen data. Politico: The two U.S. giants appear to be flooding smaller search engine partners with spam ads and keeping some of the most valuable ads for themselves, according to data reviewed by POLITICO, in a move that draws parallels with the infamous $2.7 billion Google Shopping case. While EU competition chief Margrethe Vestager's 2015 offensive against Google's abuses in the search market got the backing of the EU General Court in November, there are some who say that blind spots in the case have allowed for certain violations to continue -- illustrated by Swedish price-comparison site PriceRunner's decision earlier this month to sue Google for $2.4 billion in damages. And now, according to the same data, both Google and its closest rival in the search engine space, Microsoft, are siphoning off so-called spam ads to smaller search engines that use their search results, as well as limiting the quantity of higher-value ads that appear on these partner search engines.

Reuters reports that a popular NFT trading platform "has halted most transactions because people were selling tokens of content that did not belong to them, its founder said, calling this a 'fundamental problem' in the fast-growing digital assets market...." The U.S.-based Cent executed one of the first known million-dollar NFT sales when it sold the former Twitter CEO's [first] tweet as an NFT last March. But as of February 6, it has stopped allowing buying and selling, CEO and co-founder Cameron Hejazi told Reuters.... Hejazi highlighted three main problems: people selling unauthorised copies of other NFTs, people making NFTs of content which does not belong to them, and people selling sets of NFTs which resemble a security.

He said these issues were "rampant", with users "minting and minting and minting counterfeit digital assets".

"It kept happening. We would ban offending accounts but it was like we're playing a game of whack-a-mole... Every time we would ban one, another one would come up, or three more would come up...." Hejazi said his company was keen on protecting content-creators, and may introduce centralised controls as a short-term measure in order to re-open the marketplace, before exploring decentralised solutions.
Engadget reports that Cent "continues to operate its Valuables marketplace, the place where people can purchase non-fungible tokens of tweets, but that's about it."

See also: More Than 80% of NFTs Created For Free On OpenSea Are Fraud Or Spam, Company Says.

An anonymous reader quotes a report from Motherboard: OpenSea has revealed just how much of the NFT activity on its platform is defined by fakery and theft, and it's a lot. In fact, according to the company, nearly all of the NFTs created for free on its platform are either spam or plagiarized. The revelation began with some drama. On Thursday, popular NFT marketplace OpenSea announced that it would limit how many times a user could create (or "mint") an NFT for free on the platform using its tools to 50. So-called "lazy minting" on the site lets users skip paying a blockchain gas fee when they create an NFT on OpenSea (with the buyer eventually paying the fee at the time of sale), so it's a popular option especially for people who don't have deep pockets to jumpstart their digital art empire.

This decision set off a firestorm, with some projects complaining that this was an out-of-the-blue roadblock for them as they still needed to mint NFTs but suddenly couldn't. Shortly after, OpenSea reversed course and announced that it would remove the limit, as well as provided some reasoning for the limit in the first place: The free minting tool is being used almost exclusively for the purposes of fraud or spam. "Every decision we make, we make with our creators in mind. We originally built our shared storefront contract to make it easy for creators to onboard into the space," OpenSea said in a tweet thread. "However, we've recently seen misuse of this feature increase exponentially. Over 80% of the items created with this tool were plagiarized works, fake collections, and spam."

An anonymous reader quotes a report from Ars Technica: Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on "quite a few" sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean. "Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites," Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware. He wrote, "[...] it seems that the malware that we've found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites." The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company's offerings should carefully inspect their systems to ensure they're not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

Kalper (Slashdot reader #57,281) shares news from Bleeping Computer: Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a "Year 2022" bug in the FIP-FS anti-malware scanning engine.

Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email. According to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight on January 1st, 2022.

Security researcher and Exchange admin Joseph Roosen said that this is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. However, dates in 2022 have a minimum value of 2,201,010,001 or larger, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. When this bug is triggered, an 1106 error will appear in the Exchange Server's Event Log stating, "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long." Microsoft will need to release an Exchange Server update that uses a larger variable to hold the date to officially fix this bug.

However, for on-premise Exchange Servers currently affected, admins have found that you can disable the FIP-FS scanning engine to allow email to start delivering again... Unfortunately, with this unofficial fix, delivered mail will no longer be scanned by Microsoft's scanning engine, leading to more malicious emails and spam getting through to users.

British telco Virgin Media is facing a 50,000 pound financial penalty after spamming more than 400,000 opted-out customers urging them to sign back up to receive marketing bumf. The Register reports: Just one customer complained to the Information Commissioner's Office (ICO) about receiving the spam -- but that was enough to spur the regulator into investigating. In a message disguised as a routine communication about tariff prices, Virgin told the unfortunate 451,217 recipients it knew full well they'd opted out of marketing emails but wanted them to opt back in. A dischuffed customer wrote to the ICO urging action, describing the spam as "basically a service message dressed up as an attempt to get me to opt back in to marketing communications." When the ICO asked Virgin why it did this thing, the telco said the 451,000 recipients had opted out of being spammed more than a year ago, and therefore "might have changed their marketing preferences."

Even though 6,500 customers decided to opt back into receiving marketing emails as a result of the mailshot, the ICO said this wasn't enough to ignore regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. This is the bit of the law that says email marketers must have your consent before filling your mailbox with enticing new ways to part you from your hard-earned cash. "The fact that Virgin Media had the potential for financial gain from its breach of the regulation (by signing up more clients to direct marketing) is an aggravating factor, not a defense," sniffed the unamused watchdog.

An anonymous reader quotes a report from Ars Technica: Almost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 of its highest-profile customers, including nine US federal agencies. Nobelium -- the name Microsoft gave to the intruders -- was eventually expelled, but the group never gave up and arguably has only become more brazen and adept at hacking large numbers of targets in a single stroke. The latest reminder of the group's proficiency comes from security firm Mandiant, which on Monday published research detailing Nobelium's numerous feats -- and a few mistakes -- as it continued to breach the networks of some of its highest-value targets.

Mandiant's report shows that Nobelium's ingenuity hasn't wavered. Since last year, company researchers say the two hacking groups linked to the SolarWinds hack -- one called UNC3004 and the other UNC2652 -- have continued to devise new ways to compromise large numbers of targets in an efficient manner. Instead of poisoning the supply chain of SolarWinds, the groups compromised the networks of cloud solution providers and managed service providers, or CSPs, which are outsourced third-party companies that many large companies rely on for a wide range of IT services. The hackers then found clever ways to use those compromised providers to intrude upon their customers. The advanced tradecraft didn't stop there. According to Mandiant, other advanced tactics and ingenuities included:

• Use of credentials stolen by financially motivated hackers using malware such as Cryptbot (PDF), an information stealer that harvests system and web browser credentials and cryptocurrency wallets. The assistance from these hackers allowed the UNC3004 and UNC2652 to compromise targets even when they didn't use a hacked service provider.
• Once the hacker groups were inside a network, they compromised enterprise spam filters or other software with "application impersonation privileges," which have the ability to access email or other types of data from any other account in the compromised network. Hacking this single account saved the hassle of having to break into each account individually.
• The abuse of legitimate residential proxy services or geo-located cloud providers such as Azure to connect to end targets. When admins of the hacked companies reviewed access logs, they saw connections coming from local ISPs with good reputations or cloud providers that were in the same geography as the companies. This helped disguise the intrusions, since nation-sponsored hackers frequently use dedicated IP addresses that arouse suspicions.
• Clever ways to bypass security restrictions, such as extracting virtual machines to determine internal routing configurations of the networks they wanted to hack.
• Gaining access to an active directory stored in a target's Azure account and using this all-powerful administration tool to steal cryptographic keys that would generate tokens that could bypass two-factor authentication protections. This technique gave the intruders what's known as a Golden SAML, which is akin to a skeleton key that unlocks every service that uses the Security Assertion Markup Language, which is the protocol that makes single sign-on, 2FA, and other security mechanisms work.
• Use of a custom downloader dubbed Ceeloader.

Mozilla launched Firefox Relay as a free product that gives you five email aliases you can use every time you need to sign up for a random account online. From a report: Now, the organization has introduced a paid Premium tier for the service that will give you access to even more aliases. You'll get your own subdomain (yourdomain.mozmail.com) when you subscribe, and you'll be able to create an unlimited number of emails. The tier will also give you access to a summary dashboard with the emails you make, the option to use your aliases when you reply to messages and a 150 kb attachment allowance. After you sign up for Relay, you'll have to install its Firefox extension to be able to take advantage of its features. Every time you visit a website that asks for an email address, the Relay icon will appear on your browser, and you can click it to generate a random address.The service will forward messages you get using your aliases to your primary email account, and you can block all messages from coming in or even delete the alias when it starts getting spam. Mozilla didn't say how much a Premium subscription will cost in the future, but it's offering the tier at an introductory price of $1/EUR1 per month for a limited time.

An anonymous reader quotes a report from The Record: The Emotet malware botnet is back up and running once again almost ten months after an international law enforcement operation took down its command and control servers earlier this year in January. The comeback is surprising because after taking over Emotet's server infrastructure, law enforcement officials also orchestrated a mass-uninstall of the malware from all infected computers on April 25, effectively wiping out the entire botnet across the internet.

[O]ver the weekend, security researcher Luca Ebach said he spotted that another malware botnet named TrickBot was helping the Emotet gang get back on its feet by installing the Emotet malware on systems that had been previously infected with TrickBot. "We used to call this Operation ReachAround back when Emotet was dropped by Trickbot in the past," a spokesperson for Cryptolaemus, a group of security researchers who tracked Emotet in the past, told The Record today. [...]

Cryptolaemus said that right now, the Emotet gang is not sending out any new email spam but relying on the TrickBot gang to help them create an initial footprint of their new botnet incarnation before ramping up spam operations again. But if Emotet's comeback will succeed remains to be seen. It would be very hard for Emotet to reach its previous size any time in the coming months; however, the malware strain itself remains a very sophisticated and capable threat that shouldn't be ignored.

Long-time Slashdot reader davidwr brings news of "an exploit in the FBI's Law Enforcement Enterprise Portal web site that would let anyone send an email to any arbitrary recipient..."

Security researcher Brian Krebs reports: Late in the evening of November 12 ET, tens of thousands of emails began flooding out from the FBI address eims@ic.fbi.gov, warning about fake cyberattacks.

Around that time, KrebsOnSecurity received an email from the same email address. "Hi its pompompurin," read the message. "Check headers of this email it's actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks." A review of the email's message headers indicated it had indeed been sent by the FBI, and from the agency's own Internet address. The domain in the "from:" portion of the email I received — eims@ic.fbi.gov — corresponds to the FBI's Criminal Justice Information Services division (CJIS).

According to the Department of Justice... "CJIS systems are available to the criminal justice community, including law enforcement, jails, prosecutors, courts, as well as probation and pretrial services..."

In an interview with KrebsOnSecurity, Pompompurin said the hack was done to point out a glaring vulnerability in the FBI's system. "I could've 1000% used this to send more legit looking emails, trick companies into handing over data etc.," Pompompurin said.
Instead Pompompurin apparently sent emails with the subject line, "Urgent: Threat actor in systems," with the body (apparently from eims@ic.fbi.gov) warning that "Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack...." The email then blames the real-world founder of two dark web intelligence companies (apparently the subject of a long standing feud with Pompompurin's community), and ultimately closes with the words "Stay safe, U.S. Department of Homeland Security — Cyber Threat Detection and Analysis — Network Analysis Group."

The FBI issued a statement in response to the incident — saying "The impacted hardware was taken offline quickly upon discovery of the issue."

YouTube today announced its decision to make the "dislike" count on videos private across its platform. The decision is likely to be controversial given the extent that it impacts the public's visibility into a video's reception. From a report: But YouTube believes the change will better protect its creators from harassment and reduce the threat of what it calls "dislike attacks" -- essentially, when a group teams up to drive up the number of dislikes a video receives. The company says that while dislike counts won't be visible to the public, it's not removing the dislike button itself. Users can still click the thumbs down button on videos to signal their dislike to creators privately. Meanwhile, creators will be able to track their dislikes in YouTube Studio alongside other analytics about their video's performance, if they choose. The change follows an experiment YouTube ran earlier this year whose goal was to determine if these sorts of changes would reduce dislike attacks and creator harassment. At the time, YouTube explained that public dislike counts can affect creators' well-being and may motivate targeted campaigns to add dislikes to videos. While that's true, dislikes can also serve as a signal to others when videos are clickbait, spam, or misleading, which can be useful.

"Every hour, YouTube deletes nearly 2,000 channels," reports the New York Times. "The deletions are meant to keep out spam, misinformation, financial scams, nudity, hate speech and other material that it says violates its policies.

"But the rules are opaque and sometimes arbitrarily enforced," they write — and sometimes, YouTube does end up making mistakes. (Alternate URL here...) The gatekeeper role leads to criticism from multiple directions. Many on the right of the political spectrum in the United States and Europe claim that YouTube unfairly blocks them. Some civil society groups say YouTube should do more to stop the spread of illicit content and misinformation... Roughly 500 hours of video are uploaded to YouTube every minute globally in different languages. "It's impossible to get our minds around what it means to try and govern that kind of volume of content," said Evelyn Douek, senior research fellow at the Knight First Amendment Institute at Columbia University. "YouTube is a juggernaut, by some metrics as big or bigger than Facebook."

In its email on Tuesday morning, YouTube said Novara Media [a left-leaning London news group] was guilty of "repeated violations" of YouTube's community guidelines, without elaborating. Novara's staff was left guessing what had caused the problem. YouTube typically has a three-strikes policy before deleting a channel. It had penalized Novara only once before... Novara's last show released before the deletion was about sewage policy, which hardly seemed worthy of YouTube's attention. One of the organization's few previous interactions with YouTube was when the video service sent Novara a silver plaque for reaching 100,000 subscribers...

Staff members worried it had been a coordinated campaign by critics of their coverage to file complaints with YouTube, triggering its software to block their channel, a tactic sometimes used by right-wing groups to go after opponents.... An editor, Gary McQuiggin, filled out YouTube's online appeal form. He then tried using YouTube's online chat bot, speaking with a woman named "Rose," who said, "I know this is important," before the conversation crashed. Angry and frustrated, Novara posted a statement on Twitter and other social media services about the deletion. "We call on YouTube to immediately reinstate our account," it said. The post drew attention in the British press and from members of Parliament.

Within a few hours, Novara's channel had been restored. Later, YouTube said Novara had been mistakenly flagged as spam, without providing further detail.
"We work quickly to review all flagged content," YouTube said in a statement, "but with millions of hours of video uploaded on YouTube every day, on occasion we make the wrong call "

But Ed Procter, chief executive of the Independent Monitor for the Press, told the Times that it was at least the fifth time that a news outlet had material deleted by YouTube, Facebook or Twitter without warning.