An anonymous reader quotes a report from Ars Technica: A massive leak of apparent Nintendo source code is giving gamers a rare, unauthorized look at Nintendo's development process dating back to the Super NES era. The massive trove of files, first posted to 4chan Friday and quickly dubbed the "Gigaleak" by the community, includes compilable code and assets for Super NES, Game Boy, and N64 games in the Mario, Mario Kart, Zelda, F-Zero, and Pokemon series. Hidden among that code is a bevy of pre-release art and sound files that have never seen the light of day, as well as fully playable prototype versions of some games. Modders and homebrew developers have been digging through the trove of data over the weekend and taking to Twitter and YouTube with their discoveries. Among the most interesting findings:

- A version of Super Mario 64 including data for a 3D model of Luigi (likely for the scrapped two-player mode). Players have inserted that model into the ROM to create video of Luigi running around. The leak also includes few unused test rooms for the game.
- A Yoshi's Island prototype featuring differences in the map screen, interface, music (and including the prefix "Super Mario Bros. 5" in Japanese). The prototype also features two apparently unused mini-games (No. 1, No. 2) and some unused test levels.
- Pokemon prototypes featuring early and unused sprite designs for many monsters.
- An original prototype named "Super Donkey" featuring a Rayman-style character in a Yoshi's Island-styled world [Update: A previous version of this post mischaracterized the music in this video. Ars regrets the error].
- Sprite data for Luigi giving an apparent middle finger and Bowser outside of his clown-copter in Super Mario World. The code also contains multiple early designs for Yoshi (some of which match art previously revealed in interviews with Nintendo developers) and a completely new map screen design (which also matches previously revealed screenshots).
- A version of Star Fox 2 with previously unseen characters.
- High-quality voice samples from Star Fox 64, F-Zero X and Super Mario 64 before they were compressed to fit on relatively small N64 cartridges.
- Graphics for a Pilotwings prototype called Dragonfly, previously seen only in grainy magazine screenshots.

Facebook has taken the EU to court for invading the privacy of its employees, Financial Times reported [Editor's note: the link may be paywalled; alternative source] Monday citing two people with direct knowledge of the matter. From the report: The social media company claims EU regulators have asked broad questions beyond the scope of two ongoing antitrust probes, and it has requested that the General Court in Luxembourg intervene. The EU is investigating both how Facebook collects and makes money from data and whether its Marketplace business has an unfair advantage over rivals in classified advertising. Since March, Facebook has provided the European Commission, the executive body of the EU, with 1.7m pages of documents, including internal emails, in response to multiple requests for information. The EU has made further requests for all documents containing key words and phrases such as "big question," "for free," "not good for us" and "shutdown," according to people with direct knowledge of the situation.

Australia's competition regulator on Monday accused Alphabet's Google of misleading consumers to get permission for use of their personal data for targeted advertising, seeking a fine "in the millions" and aiming to establish a precedent. From a report: The move comes as scrutiny grows worldwide over data privacy, with U.S. and European lawmakers recently focusing on how tech companies treat user data. In court documents, the Australian Competition and Consumer Commission (ACCC) accused Google of not explicitly getting consent or properly informing consumers of a 2016 move to combine personal information in Google accounts with browsing activities on non-Google websites. "This change ... was worth a lot of money to Google," said commission chairman Rod Sims. "We allege they've achieved it through misleading behaviour." The change allowed Google to link the browsing behaviour of millions of consumers with their names and identities, providing it with extreme market power, the regulator added. "We consider Google misled Australian consumers about what it planned to do with large amounts of their personal information, including internet activity on websites not connected to Google," Sims said.

"Digital banking app and tech unicorn Dave.com confirmed today a security breach," reports ZDNet, "after a hacker published the details of 7,516,625 users on a public forum." In an email to ZDNet today, Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams... The company said it has already plugged the hacker's point of entry and is in the process of notifying customers of the incident. Dave app passwords are also being reset after being exposed.

"As soon as Dave became aware of this incident, the company immediately initiated an investigation, which is ongoing, and is coordinating with law enforcement, including with the FBI around claims by a malicious party that it has 'cracked' some of these passwords and is attempting to sell Dave customer data," Dave said. The company also brought in cyber-security firm CrowdStrike to assist the investigation...

The data includes a wealth of information, such as real names, phone numbers, emails, birth dates, and home addresses.

"Apple is being sued for allegedly refusing to help those who have fallen victim to a iTunes gift card scam," reports 9to5Mac, in an article shared by Slashdot reader AmiMoJo: An 11-count class action lawsuit has been filed against the company. Apple is accused of lying when it says that there is no way to trace or refund the value of the cards...

iTunes gift card scams usually work in a slightly different way, typically being used to buy paid apps owned by the scammers, so they receive 70% of the money when paid by Apple. The lawsuit says that Apple tells scam victims there is nothing that can be done once the money has been spent, but argues that this isn't true. In fact, Apple holds 100% of the funds for a period of 4-6 weeks, between the apps being purchased and Apple paying the developer. During this time, the company is in a position to refund 100% of the card value. Additionally, Apple takes a 30% commission, so would always be in a position to refund this much, even after the scammer has been paid.
ZDNet quotes the court documents as arguing that Apple "is incentivized to allow the scam to continue because it reaps a 30% commission on all scammed proceeds... knowingly or recklessly, Apple plays a vital role in the scheme by failing to prevent payouts to the scammers."

Eight weeks ago Arizona's attorney general sued Google for allegedly deceiving users about when location data would be collected from their phones, tracking them without their clear consent. .

Now an Arizona congressman and more than two dozen researchers from institutions including Yale, MIT, and Cornell are urging a judge to publicly release the documents collected during that investigation: The documents at issue relate directly to debates going on in Washington, Republican U.S. Rep. Andy Biggs told a Maricopa County Superior Court judge... "All branches of our government exist to protect the fundamental liberties of our citizens — especially their privacy,'' Biggs said. "The public has a strong interest in transparency and learning the full extent to which Google and other tech companies may be spying and surreptitiously collecting information from Arizonans, including constituents whom I represent..."

[T]he judge will have to consider arguments filed Friday by Assistant Attorney General Beau Roysden asking Thomason to ignore a bid by Google to keep the documents secret or, at the very least, delay a decision while the company tries to have the entire lawsuit thrown out. "Google's requested delay would unconstitutionally impair the right of public access that is guaranteed by both the First Amendment and the Arizona Constitution,'' Roysden told the judge... He pointed out that the records at issue the records that Google provided to the Attorney General's Office under what's called a "civil investigatory demand'' are part of the complaint filed with the court...

So far, Roysden said, the company has presented no good reason for keeping most of these sealed. More to the point, he argues that it's really too late for Google to do anything about it as it is now part of the court record.

Two decades after Japan rolled out an ambitious plan to go digital, the COVID-19 crisis has exposed the government's deeply rooted technological shortcomings as ministries remain stuck in a paper-driven culture that experts say is hurting productivity. Reuters reports: While Tokyo has made "digital transformation" its main policy plank this year, the switch may not prove so easy as bureaucrats from different ministries still aren't able to hold teleconferences together and little of their administrative work can be done online. Analysts say the lack of government digitalization could reduce the incentive for the private sector to go digital in a blow to Japan's efforts to boost productivity.

Much of the problem stems from Japan's preference for paper documents and seal for approval at government offices. "Paper documents and seal are still prevalent. Politicians whom I deal with also prefer face-to-face meetings," a government official told Reuters on condition of anonymity. Adding to its digital woes is Japan's vertically structured bureaucracy: each ministry as well as local governments, for instance, have developed their own computer systems that aren't compatible with each other. Currently, each ministry has developed its own LAN network with various vendors, making it difficult to hold teleconference with each other because of differences in their on-line security policy, a Cabinet Office official in charge of IT strategy told Reuters. Currently, each ministry has developed its own LAN network with various vendors, making it difficult to hold teleconference with each other because of differences in their on-line security policy, a Cabinet Office official in charge of IT strategy, who declined to be named, told Reuters. Overall, it could cost the government 323 million working hours per year if it doesn't go digital, translating into personnel costs of nearly $8 billion, a government regulatory reform panel estimated in a report released in July last year.

An anonymous reader quotes a report from Axios: U.S. Immigration and Customs Enforcement issued a release on Friday barring new international students from entering the U.S. for their fall terms if their courses are entirely online. "In accordance with March 2020 guidance, nonimmigrant students in new or initial status after March 9 will not be able to enter the U.S. to enroll in a U.S. school as a nonimmigrant student for the fall term to pursue a full course of study that is 100 percent online," ICE said Friday. "Additionally, designated school officials should not issue a Form I-20 to a nonimmigrant student in new or initial status who is outside of the U.S. and plans to take classes at an [Student and Exchange Visitor Program]-certified educational institution fully online."

Several U.S. colleges and universities have announced plans to hold most or all classes online because of the coronavirus pandemic. Many universities rely on tuition from international students, and the directive could dissuade some foreign students from enrolling this coming semester. The rule won't affect international students already enrolled at American colleges and universities.

An anonymous reader quotes a report from Ars Technica: President Trump's re-election campaign has accused Verizon, AT&T, and T-Mobile of "suppression of political speech" over the carriers' blocking of spam texts sent by the campaign. The fight was described Wednesday in an in-depth article by Business Insider and other reports. "The Trump campaign has been battling this month with the biggest US cellphone carriers over an effort to blast millions of cell users with texts meant to coax them to vote or donate," Business Insider wrote. "President Donald Trump's adviser and son-in-law, Jared Kushner, didn't appreciate it when AT&T, Verizon, and T-Mobile blocked mass campaign texts to voters. He called the companies to complain, setting off the legal wrangling."

When contacted by Ars, a Trump campaign spokesperson said that "any effort by the carriers to restrict the campaign from contacting its supporters is suppression of political speech. Plain and simple." The Trump campaign statement also said it "stands by the compliance of its texting programs" with the US Telephone Consumer Protection Act (TCPA) and Federal Communications Commission guidelines. Business Insider wrote that "the showdown got serious at the start of July when Trump's team sent a blast of texts to people who hadn't signed up for them," and "a third-party firm hired to screen such messages for the major cellphone companies blocked the texts." The article said that campaign lawyers and the carriers "are still fighting over what kinds of messages the campaign is allowed to send and what the companies have the power to stop." Politico wrote about the dispute on Monday. "People familiar with the chain of events said Verizon, T-Mobile and AT&T flagged potential regulatory problems with the peer-to-peer messaging operation, which differs from robo-texting in that texts are sent individually, as opposed to a mass blast," Politico wrote. "But within Trump's orbit, the episode has further fueled suspicions that big tech companies are looking to influence the election." The Trump campaign has not explained why the texts are legal and shouldn't have been blocked. They also didn't say how many people they tried to send the texts to, or whether the texts were unsolicited or sent to people who had signed up for campaign communications.

Carriers "viewed the texts as a possible violation of federal anti-robocall laws and Federal Communications Commission rules that come with hefty fines," Business Insider reported, citing information provided by "two Republicans familiar with the effort." Trump "campaign operatives" contend that its texting "exists in a legal gray area that allows campaigns to blast cellphone users if the messages are sent manually," Business Insider also wrote.

An anonymous reader writes: The US Federal Bureau of Investigation has sent an alert on Thursday warning US companies about backdoor malware that is silently being installed on the networks of foreign companies operating in China via government-mandated tax software. The backdoors allow threat actors to execute unauthorized code, infiltrate networks, and steal proprietary data from branches operating in China. Making matters worse, the FBI says that all foreign companies are required by local Chinese laws to install this particular piece of software in order to handle value-added tax (VAT) payments to the Chinese tax authority. FBI officials said the backdoor malware was spotted in the VAT software of two Chinese tech companies -- namely Baiwang and Aisino. Unfortunately, these are the only government-authorized tax software service providers allowed to operate VAT software in China, officials said, suggesting that any foreign company operating in China was most likely affected by this issue.

More than a thousand Twitter employees and contractors as of earlier this year had access to internal tools that could change user account settings and hand control to others, Reuters is reporting citing two former employees said, making it hard to defend against the hacking that occurred last week. From the report: Twitter and the FBI are investigating the breach that allowed hackers to repeatedly tweet from verified accounts of the likes of Democratic presidential candidate Joe Biden, billionaire philanthropist Bill Gates, Tesla Chief Executive Elon Musk and former New York Mayor Mike Bloomberg. Twitter said on Saturday that the perpetrators "manipulated a small number of employees and used their credentials" to log into tools and turn over access to 45 accounts. here On Wednesday, it said that the hackers could have read direct messages to and from 36 accounts but did not identify the affected users.

The EU has demanded that Google make major concessions relating to its $2.1 billion acquisition of fitness-tracking company Fitbit if the deal is to be allowed to proceed imminently, according to people with direct knowledge of the discussions. Ars Technica reports: EU regulators now want the company to pledge that it will not use that information to "further enhance its search advantage" and that it will grant third parties equal access to it, these people said. Brussels insiders said that a refusal by Google to comply with the new demands would probably result in a protracted investigation, adding that such a scenario could ultimately leave the EU at a disadvantage. "It is like a poker game," said a person following the case closely. "In a lengthy probe, the commission risks having fewer or no pledges and still having to clear the deal." They added that the discussions over the acquisition were "intense," and there was no guarantee that any agreement between Brussels and Google would be reached.

Google had previously promised it would not use Fitbit's health data to improve its own advertising, but according to Brussels insiders, the commitment was not sufficient to assuage the EU's concerns nor those of US regulators also examining the deal. Google declined to comment on the specifics of its latest discussions with the European Commission but pointed to an earlier statement saying, "Throughout this process we have been clear about our commitment not to use Fitbit health and wellness data for Google ads and our responsibility to provide people with choice and control with their data. "Similar to our other products, with wearables, we will be transparent about the data we collect and why. And we do not sell personal information to anyone."

According to a new lawsuit first reported by Bloomberg, Tesla alleges that four of its former workers took highly sensitive proprietary information as they left to work for the rival EV startup Rivian. The Verge reports: Tesla even claims Rivian is "knowingly encouraging" this behavior, and it is seeking unspecified punitive damages for what it alleges is "despicable, wanton, oppressive, willful, malicious, [and] duplicitous" conduct. Rivian calls the allegations "baseless." The lawsuit, filed late last week, names four former Tesla employees and Rivian as defendants, though Tesla says it has identified additional people who may have also stolen and brought confidential company information to the EV startup. Tesla says two of the named defendants admitted to taking confidential information. One is Tami Pascale, who was a senior manager in Tesla's staffing department. Tesla says that one day after Pascale signed Rivian's offer letter, she "took at least ten confidential and proprietary documents from Tesla's network," including candidate lists, information about where the automaker finds potential hires, and a "detailed internal write-up of an executive level candidate." Tesla says Pascale initially denied this when confronted by the company's investigative team in early July, but that she ultimately "confessed to taking the confidential and proprietary documents." Pascale allegedly did not agree to delete the files, though, and the company claims she still has her work laptop. Tesla says she shared the screen of her phone with one of the company's investigators, and that when she was asked to search for the company's name, "numerous files" were visible, but Pascale "abruptly ended the session."

Jessica Siron, who was a manager in Tesla's environmental, health, and safety department, allegedly sent documents to her personal Gmail account three days after signing an offer letter from Rivian. Tesla claims Siron initially denied doing this when confronted by its investigative team, but that she admitted to sending one document when pressed. Tesla's complaint is light on details about Rivian's knowledge or encouragement of any wrongdoing, save for the case of Kim Wong, who was a staff recruiter at Tesla up until just a few weeks ago. Tesla claims Wong was contacted by a Rivian hiring manager who told her "Rivian did not have the recruiting templates, structures, formulas, or documents that would be needed" to grow the startup's recruiting efforts, according to the complaint. The same day as that conversation, Tesla says Wong sent "at least sixteen highly confidential recruiting documents from Tesla's network to her Gmail account," including confidential Powerpoint presentations that contained details about the automaker's recruiting and hiring process, as well as salary information.

Rivian's associate general counsel, according to Tesla, took a "cavalier attitude" toward the accusations and "claimed that taking confidential information was common in the industry." Rivian tells The Verge it disagrees with this framing. "In good faith, we discussed with Tesla the seriousness with which we take any allegation. This document misrepresents a conversation between counsel," the spokesperson said. Tesla says in the lawsuit that it was able to figure all this out because its investigative team "recently acquired sophisticated electronic security monitoring tools." If this sounds familiar, it's because a similar fight broke out in 2017 between Alphabet's Waymo and Uber, where Waymo accused Anthony Levandowski of stealing troves of data about self-driving cars and conspiring with then-CEO Travis Kalanick to shepherd that data to Uber. It was eventually settled in early 2018.

An anonymous reader quotes a report from ZDNet: Smartwatch and wearables maker Garmin has shut down several of its services today to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, and even some production lines in Asia. In messages shared on its website and Twitter, Garmin said the same outage also impacted its call centers, leaving the company in the situation of being unable to answer calls, emails, and online chats sent by users. The incident didn't go unnoticed today and has caused lots of headaches for the company's customers, most of which rely on the Garmin Connect service to sync data about runs and bike rides to Garmin's servers, all of which have been down today. Some Garmin employees are attributing the incident to a new strain of ransomware that appeared earlier this year, called WastedLocker, though this has not yet been verified.

Apple co-founder Steve Wozniak says YouTube has for months allowed scammers to use his name and likeness as part of a phony bitcoin giveaway similar to the one that was quickly extinguished by Twitter last week. Scammers used images and video of Wozniak, who left Apple in 1985, to convince YouTube users that he was hosting a live giveaway and anyone who sent him bitcoins will get double the number back, according to a lawsuit filed Tuesday in state court in San Mateo County, California. "But when users transfer their cryptocurrency, in an irreversible transaction, they receive nothing back," Wozniak said. From a report: The scam also uses the names and images of other tech celebrities, including Microsoft co-founder Bill Gates and Tesla Chief Executive Officer Elon Musk, according to the suit. YouTube has been "unresponsive" to Wozniak's repeated requests to take down the fraudulent videos, he said. By contrast, Twitter reacted "that same day" after the accounts of Barack Obama, Joe Biden and high-profile users were hacked last week as part of a similar phony bitcoin giveaway, he said. "YouTube has been unapologetically hosting, promoting, and directly profiting from similar scams." Wozniak sued along with 17 other alleged victims of the scam. They are asking the court to order YouTube and its parent company Alphabet to immediately remove the videos and to warn users about the scam giveaways. They are also seeking compensatory and punitive damages.

Facebook has agreed to pay a total of $650 million in a landmark class action lawsuit over the company's unauthorized use of facial recognition, a new court filing shows. From a report: The filing represents a revised settlement that increases the total payout by $100 million and comes after a federal judge balked at the original proposal on the grounds it did not adequately punish Facebook. The settlement covers any Facebook user in Illinois whose picture appeared on the site after 2011. According to the new document, those users can each expect to receive between $200 and $400 depending on how many people file a claim.

The case represents one of the biggest payouts for privacy violations to date, and contrasts sharply with other settlements such as that for the notorious data breach at Equifax -- for which victims are expected to received almost nothing. The Facebook lawsuit came about as a result of a unique state law in Illinois, which obliges companies to get permission before using facial recognition technology on their customers.

transporter_ii shares a report from Politico: A federal appeals court has blocked a bid by one of President Donald Trump's appointees to take over a government-funded nonprofit organization that fosters technology aimed at undermining internet censorship around the globe. The U.S. Court of Appeals for the D.C. Circuit issued an order Tuesday morning preventing U.S. Agency for Global Media CEO Michael Pack from installing a hand-picked board to replace the previously existing leadership of the Open Technology Fund. Weeks after his Senate confirmation last month, Pack purged leadership at a series of taxpayer-funded media outlets, including the storied Radio Free Europe and Radio Free Asia networks, as well as the lesser-known OTF.

Trump has taken the global broadcasters to task for being too critical of the administration and its policies, including its response to the coronavirus. Pack's drive to oust the leaders of the media outlets was seen as an effort to draw friendlier coverage. Veterans of the organizations have said the massive leadership change undermined their traditional independence. Earlier this month, U.S. District Judge Beryl Howell turned down a request by the existing members of the OTF board to block Pack's move against them. However, in the new appeals court order, the judges from the D.C. Circuit said Pack appeared to lack the same authority over the internet-focused nonprofit that he enjoys over the other federally funded international media organizations. "The government's actions have jeopardized OTF's relationships with its partner organizations, leading its partner organizations to fear for their safety," the D.C. Circuit order said. "Further, absent an injunction during the appellate process, OTF faces an increasing risk that its decision-making will be taken over by the government, that it will suffer reputational harm, and that it will lose the ability to effectively operate in light of the two dueling boards that presently exist." The appeals court order is temporary and does not amount to a final ruling on Pack's authority.

The New York legislature today passed a moratorium banning the use of facial recognition and other forms of biometric identification in schools until 2022. VentureBeat reports: The bill, which has yet to be signed by Governor Andrew Cuomo, appears to be the first in the nation to explicitly regulate the use of the technologies in schools and comes in response to the planned launch of facial recognition by the Lockport City School District. In January, Lockport Schools became one of the only U.S. school districts to adopt facial recognition in all of its K-12 buildings, which serve about 5,000 students. Proponents argued the $1.4 million system could keep students safe by enforcing watchlists and sending alerts when it detected someone dangerous (or otherwise unwanted). But critics said it could be used to surveil students and build a database of sensitive information about people's faces, which the school district then might struggle to keep secure.

While Lockport Schools' privacy policy states the watchlist wouldn't include students and the database would only cover non-students deemed a threat, including sex offenders or those banned by court order, the district's superintendent ultimately oversaw which individuals were added to the system. And it was reported earlier this month that the school board's president, John Linderman, couldn't guarantee that student photos would never be included in the system for disciplinary reasons. "This is especially important as schools across the state begin to acknowledge the experiences of Black and Brown students being policed in schools and funneled into the school-to-prison pipeline," said Stefanie Coyle, Deputy Director of the Education Policy Center at the New York Civil Liberties Union. "Facial recognition is notoriously inaccurate especially when it comes to identifying women and people of color. For children, whose appearances change rapidly as they grow, biometric technologies' accuracy is even more questionable. False positives, where the wrong student is identified, can result in traumatic interactions with law enforcement, loss of class time, disciplinary action, and potentially a criminal record."

An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search. The news has undermined efforts by Verogen, the forensic genetics company that purchased GEDmatch last December, to convince users that it would protect their privacy while pursuing a business based on using genetic genealogy to help solve violent crimes.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site -- apparently targeting email addresses obtained in the attack on GEDmatch just two days before. In a statement emailed to BuzzFeed News and posted on Facebook, Verogen explained that the sudden unmasking of GEDmatch profiles that were supposed to be hidden from law enforcement was "orchestrated through a sophisticated attack on one of our servers via an existing user account." "As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours," the statement said. "During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users." It's unclear whether any unauthorized profiles were searched by law enforcement.

An anonymous reader quotes a report from Motherboard: The fugitive executive of the embattled payment startup Wirecard was mentioned in a brazen and bizarre attempt to purchase hacking tools and surveillance technology from an Italian company in 2013, an investigation by Motherboard and the German weekly Der Spiegel found. Jan Marsalek, a 40-year-old Austrian who until recently was the chief operating officer of the rising fintech company Wirecard, seems to have taken a meeting with the infamous Italian surveillance technology provider Hacking Team in 2013. At the time, Marsalek is described as an official representative of the government of Grenada, a small Caribbean island of around 100,000 people, in a letter that bears the letterhead of the Grenada government. The documents were included in a cache published after Hacking Team was hacked in 2015. In recent days, Marsalek has been described as the 'world's most wanted man.'

It is unclear from the documents alone whether Marsalek played any role in the attempt to procure hacking tools, or whether his name was simply used. However, months before Marsalek appears to have contacted with Hacking Team, several websites with official sounding names such as StateOfGrenada.org were registered under the name of Jan Marsalek, as Der Spiegel reported last week. Some of the sites were registered with Marsalek's phone number and his Munich address at the time, and the servers were apparently operated from Germany. Wirecard provided digital payment services and was considered one of the most important companies in the financial tech industry. Wirecard offered a mobile payment app called Boon, which was essentially a virtual MasterCard card, it also offered a prepaid debit card called mycard2go, and worked with companies such as KLM, Rakuten, and Qatar Airways to manage their online transactions. The company suddenly collapsed in June after German regulators raided its headquarters as part of an investigation into fraudulent stock price manipulation and 1.9 billion euros that are missing from the company's books. Marsalek is now a fugitive and a key suspect in the German investigation. He reportedly fled to Belarus, and is now hiding in Russia under the protection of the FSB, according to German news reports. In the past, he was involved in other strange dealings: he bragged about an attempt to recruit 15,000 Libyan militiamen, and about a trip to Syria along with Russian military, according to the Financial Times.