According to the BBC, details claiming to reveal how little U.S. billionaires pay in income tax have been leaked to investigative website ProPublica. From the report: ProPublica says it has seen the tax returns of some of the world's richest people, including Jeff Bezos, Elon Musk and Warren Buffett. The website alleges Amazon's Mr Bezos paid no tax in 2007 and 2011, while Tesla's Mr Musk's paid nothing in 2018. The FBI and tax authorities are looking into the source of the leak. ProPublica said it was analyzing what it called a "vast trove of Internal Revenue Service data" on the taxes of the billionaires, and would release further details over coming weeks.

ProPublica said the richest 25 Americans pay less in tax -- an average of 15.8% of adjusted gross income -- than most mainstream US workers. The website said: "Using perfectly legal tax strategies, many of the uber-rich are able to shrink their federal tax bills to nothing or close to it." The wealthy, as with many ordinary citizens, are able to reduce their income tax bills via such things as charitable donations and drawing money from investment income rather wage income.

An anonymous reader quotes a report from The Hill: Ohio Attorney General Dave Yost (R) on Tuesday filed a lawsuit asking the court to declare Google a public utility, which would subject the Silicon Valley giant to government regulation. Yost's complaint, filed in Delaware County Court, alleges Google has used its dominance as a search engine to prioritize its own products over "organic search results" in a way that "intentionally disadvantages competitors." "Google uses its dominance of internet search to steer Ohioans to Google's own products -- that's discriminatory and anti-competitive," Yost said in a statement. "When you own the railroad or the electric company or the cellphone tower, you have to treat everyone the same and give everybody access." The complaint alleges that as a result of Google's "self-preferencing Results-page architecture," nearly two-thirds of Google searches in 2020 were completed without users leaving Google-owned platforms, meaning users either never left the search page, or clicked to another Google platform such as YouTube, Google Flights, Google Maps, Google News, Google Shopping or Google Travel. A Google spokesperson said Yost's lawsuit would "make Google Search results worse and make it harder for small businesses to connect directly with customers." They added: "Ohioans simply don't want the government to run Google like a gas or electric company. This lawsuit has no basis in fact or law and we'll defend ourselves against it in court."

A company that provides a user engagement platform for US politicians has suffered a ransomware attack, leaving many lawmakers unable to email their constituents for days. From a report: The attack, which hit DC-based iConstituent, has affected the offices of nearly 60 House lawmakers across both parties, Punchbowl News reported earlier today, citing House officials, lawmakers, and office aides. Catherine Szpindor, the Chief Administrative Officer of the House, said she was informed of the attack, which appears to have been limited to iConstituent's e-newsletter service and did not impact the company's GovText text messaging system. Szpindor, which is in charge of House cybersecurity, was also quick to distance the US government's network from the attack. "At this time, the CAO is not aware of any impact to House data," Szpindor told Punchbowl News. "The CAO is coordinating with the impacted offices supported by iConstituent and has taken measures to ensure that the attack does not affect the House network and offices' data."

Russia's government was quick to use social media when it tried to steer the course of U.S. elections, American officials say. It isn't quite as eager to see its own opponents at home try the same thing. From a report: Ahead of a parliamentary vote later this year, the Kremlin has been fine-tuning its strategy to pressure platforms such as Twitter, YouTube and TikTok to remove antigovernment content, classifying a growing number of posts as illegal and issuing a flurry of takedown requests. So far it appears to be working. The Western-dominated tech giants have in many instances complied. YouTube temporarily removed links to content laying out the opposition's voting strategy. Russian officials say Twitter is working to comply with requests to remove content that Moscow deems illegal. TikTok, owned by China's ByteDance, also removed or altered a handful of videos that criticized the government and promoted opposition street protests. TikTok, Twitter and Google, the Alphabet subsidiary that owns YouTube, say they decide whether to delete content based on local laws where they operate and on their own internal guidelines. None of the companies commented on specific cases mentioned in this article.

An anonymous reader quotes a report from TechCrunch: Twitter disclosed on Monday that it blocked four accounts in India to comply with a new legal request from the Indian government. The American social network disclosed on Lumen Database, a Harvard University project, that it took action on four accounts -- including those of hip-hop artist L-Fresh the Lion and singer and song-writer Jazzy B -- to comply with a legal request from the Indian government it received over the weekend. The accounts are geo-restricted within India but accessible from outside of the South Asian nation. (As part of their transparency efforts, some companies including Twitter and Google make requests and orders they receive from governments and other entities public on Lumen Database.)

All four accounts, like several others that the Indian government ordered to be blocked in the country earlier this year, had protested New Delhi's agriculture reforms and some had posted other tweets that criticized Prime Minister Narendra Modi's seven years of governance in India, an analysis by TechCrunch found. The new legal request, which hasn't been previously reported, comes at a time when Twitter is making efforts to comply with the Indian government's new IT rules, new guidelines that several of its peers including Facebook and Google have already complied with. On Saturday, India's Ministry of Electronics and Information Technology had given a "final notice" to Twitter to comply with its new rules, which it unveiled in February this year. The new rules require significant social media firms to appoint and share contact details of representatives tasked with compliance, nodal point of reference and grievance redressals to address on-ground concerns. Last month, police in Delhi visited Twitter offices to "serve a notice" to Twitter's India head. Twitter responded by calling the visit a form of intimidation, and requested the government respect citizens' rights to free speech.

Lisa Hone, a longtime Federal Communications Commission attorney with deep expertise in broadband policy, has joined the National Economic Council team to steer the Biden administration's broadband expansion efforts. From a report: Expanding broadband internet service to all Americans is a top priority for the Biden White House. Hone's primary focus is ensuring that money Congress allocated through the American Rescue Plan Act is spent appropriately. The administration is trying to include broadband in infrastructure legislation, as the pandemic underscored the importance of reliable and affordable broadband connections to Americans' ability to participate in remote school, work, tele-health and e-commerce. Hone, who officially started her job as as senior adviser for broadband and technology policy last week, is now the White House's point person on broadband deployment efforts happening across the government.

Three Ukrainian cybersecurity agencies have warned last week of a "massive" spear-phishing operation carried out by Russian threat actors against the Ukrainian government and private sector. From a report: The Ukrainian Secret Service, one of the three agencies, has attributed the attack to the "special services of the Russian Federation," marking the third cyberattack the agency has publicly attributed to Russian hackers this year. The spear-phishing operation took place in early June last week, according to alerts published by the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine. The attackers sent emails posing as representatives for the Kyiv Patrol Police Department, warning recipients of their failure to pay local taxes.

Slashdot reader Charlotte Web summarizes a Department of Justice press release: The U.S. Department of Justice says "millions" of computers around the world were infected with the Trickbot malware, which was used "to harvest banking credentials and deliver ransomware."

In February they arrested a 55-year-old woman in Miami, Florida, saying she and her associates "are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems," according to Special Agent in Charge Eric B. Smith of the FBI's Cleveland Field Office. In October ZDNet was calling Trickbot "one of today's largest malware botnets and cybercrime operations."

Yesterday that woman — Alla Witte, aka "Max" — was arraigned in federal court in Cleveland, Ohio. According to the indictment, Witte worked as a malware developer for the Trickbot Group and wrote code related to the control, deployment, and payments of ransomware.

From the Department of Justice announcement:

The ransomware informed victims that their computer was encrypted, and that they would need to purchase special software through a Bitcoin address controlled by the Trickbot Group to decrypt their files. In addition, Witte allegedly provided code to the Trickbot Group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials... Witte and her co-conspirators allegedly worked together to infect victim computers with the Trickbot malware designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers and addresses. Witte and others also allegedly captured login credentials and other stolen personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts...

If convicted, Witte faces a maximum penalty of 30 years in prison for conspiracy to commit wire and bank fraud; 30 years in prison for each substantive bank fraud count; a two-year mandatory sentence for each aggravated identity theft count, which must be served consecutively to any other sentence; and 20 years in prison for conspiracy to commit money laundering.

The indictment alleges that "beginning in November 2015, Witte and others stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia through the use of the Trickbot malware." The AP reports the group is now accused of targeting high-reward victims which included hospitals, schools, public utilities, and governments, as well as real estate and law firms and country clubs.

Interestingly, this case is part of the U.S. Department of Justice's "Ransomware and Digital Extortion Task Force," with its Criminal Division working with the U.S. Attorneys' Offices and prioritizing the disruption, investigation, and prosecution of ransomware "by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes," according to the department's statement. "The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat."

"These charges serve as a warning to would-be cybercriminals," said Deputy Attorney General Lisa O. Monaco, "that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem."

UPDATE: America's Federal Bureau of Investigation has now "withdrawn a subpoena demanding records from USA TODAY that would identify readers of a February story about a southern Florida shootout that killed two agents and wounded three others," the newspaper reported today.

Friday USA Today had reported that it's "fighting a subpoena from the FBI demanding records that would identify readers of a February story" about a Southern Florida shooting that killed two of the investigative agency's agents and wounded three others.

Long-time Slashdot reader schwit1 shared their original report on Friday: In a motion filed in federal district court in Washington, D.C. asking a judge to quash the subpoena, Gannett, USA TODAY's parent company, said the effort is not only unconstitutional but also violates the Justice Department's own rules... The subpoena, issued in April, demands the production of records containing IP addresses and other identifying information "for computers and other electronic devices" that accessed the story during a 35-minute time frame starting at 8:03 p.m. on the day of the shooting.

"Being forced to tell the government who reads what on our websites is a clear violation of the First Amendment," Maribel Perez Wadsworth, USA TODAY's publisher, said in a statement. "The FBI's subpoena asks for private information about readers of our journalism...."

The subpoena, signed by an FBI agent in Maryland, said the records relate to a criminal investigation. But it's unclear how USA TODAY's readership records are related to the investigation of the Florida shooting, or why the FBI is focusing on the time frame. Wadsworth said Gannett's attorneys tried to contact the FBI before and after the company fought the subpoena in court, but she said the FBI has yet to provide any meaningful explanation of the basis for the subpoena.

The FBI and the Justice Department declined to comment.

CNBC reports that El Salvador "is looking to introduce legislation that will make it the world's first sovereign nation to adopt bitcoin as legal tender, alongside the U.S. dollar." In a video broadcast to Bitcoin 2021, a multiday conference in Miami being billed as the biggest bitcoin event in history, President Nayib Bukele announced El Salvador's partnership with digital wallet company, Strike, to build the country's modern financial infrastructure using bitcoin technology.

Strike founder and CEO Jack Mallers said this will go down as the "shot heard 'round the world for bitcoin...."

Speaking from the mainstage, Mallers said the move will help unleash the power and potential of bitcoin for everyday use cases on an open network that benefits individuals, businesses, and public sector services... While details are still forthcoming about how the rollout will work, CNBC is told that El Salvador has assembled a team of bitcoin leaders to help build a new financial ecosystem with bitcoin as the base layer. "It was an inevitability, but here already: the first country on track to make bitcoin legal tender," said Adam Back, CEO of Blockstream.

Slashdot reader DevNull127 writes: Documents filed by Florida's health department now "confirm two of the core aspects" of a whistleblower complaint filed by fired data manager Rebekah Jones, the Miami Herald reported Friday. "Sworn affidavits from Department of Health leaders acknowledge Jones' often-denied claim that she was told to remove data from public access after questions from the Miami Herald."

And they also report a position statement from the department (filed August 17th) acknowledging something even morning damning. While a team of epidemiologists at the Department of Health had developed data for the state's plan to re-open — their findings were never actually incorporated into that plan.

Reached for comment, a spokesperson for governor Ron DeSantis still insisted to the Herald that "every action taken by Governor DeSantis was data-driven and deliberate."
From the article: But when the Herald requested the data, data analysis, or data model related to reopening under Florida's open records law, the governor's office responded that there were no responsive records... Secrecy was a policy. Staffers were told not to put anything about the pandemic response into writing, according to four Department of Health employees who spoke on the condition of anonymity... Emails and texts reviewed by the Herald show the governor's office worked in coordination with Department of Health "executive leadership" to micromanage everything about the department's public response to the pandemic, from information requests from the press to specific wording and color choice on the Department of Health website and data dashboard. They slow-walked responses to questions on important data points and public records, initially withholding information and data on deaths and infections at nursing homes, state prisons and schools, forcing media organizations to file or threaten lawsuits. Important information that had previously been made public was redacted from medical examiner accounts of COVID-19 fatalities.

At one point the state mischaracterized the extent of Florida's testing backlog by over 50 percent — skewing the information about how many people were getting sick each day — by excluding data from private labs, a fact that was only disclosed in response to questions from the press. Emails show that amid questions about early community spread, data on Florida's earliest potential cases — which dated back to late December 2019 — were hidden from the public by changing "date range of data that was available on the dashboard."

Department of Health staffers interviewed by the Herald described a "hyper-politicized" communications department that often seemed to be trying to match the narrative coming from Washington.
The Herald's article also "delved into the details of the department's operation," writes DevNull127 : For example, the whistleblower complaint of Rebekah Jones quotes the state's deputy health secretary as telling her pointedly that "I once had a data person who said to me, 'you tell me what you want the numbers to be, and I'll make it happen.'"

Or, as Jones later described that interaction to her mother, "They want me to put misleading data up to support that dumb f***'s plan to reopen. And more people are gonna die because [of] this and that's not what I agreed to."

Last Friday the health department's Office of the Inspector General announced they'd found "reasonable cause" to open an investigation into decisions and actions by Department of Health leadership that could "represent an immediate injury to public health."
Meanwhile, Florida officials confirmed Friday night that their health department "will no longer update its Covid-19 dashboard and will suspend daily case and vaccine reports," according to the New York Times. "Officials will instead post weekly updates, becoming the first U.S. state to move to such an infrequent publishing schedule."

Jones had been using that data to continue running her own online dashboard, and posted Friday in lieu of data that the dashboard's operation would now be interrupted "as I work to reformat the website to adjust for these changes...." But she promised to keep trying to help the people of Florida "in whatever capacity I can with the limitations the Department of Health is now putting on public access to this vital health information."

After temporarily grounding its fleet of more than 500 DJI drones in January 2020 over cybersecurity concerns, the Pentagon has finally cleared two of DJI's drones of any security risks. An analysis of the two DJI drones built for government use found "no malicious code or intent" and are "recommended for use by government entities and forces working with US services," a report summary said. Pocketnow reports: Specifically, the Pentagon has cleared only two drone models so far -- the DJI Mavic Pro and Matrice 600 Pro. However, it will still come as a relief for the brand after being under the scanner for over security threats, especially after giants like HUAWEI have had to face terrible consequences after being blacklisted for similar reasons. DJI, on the other hand, has maintained that the company is not involved in any secretive data-sharing practices with the Chinese government and that its drones are safe to use.

"This U.S. government report is the strongest confirmation to date of what we, and independent security validations, have been saying for years -- DJI drones are safe and secure for government and enterprise operations," a DJI spokesperson was quoted as saying. While two of DJI's drone models can now be again used by the Interior Department, there is no relief for the company regarding its inclusion on the Commerce Department's Entity List. Even though the sale of its product has not been banned, sourcing technology from US-based firms would still require approval, and then there are risks of supply chain disruption as well as reputation loss.

The three major carriers in the U.S. have now agreed to start providing vertical location data for 911 calls, which will help first responders quickly locate 911 callers in multi-story buildings. XDA Developers reports: The FCC wrote in its announcement, "FCC Acting Chairwoman Jessica Rosenworcel today announced breakthrough agreements with America's three largest mobile phone providers to start delivering vertical location information in connection with 911 calls nationwide in the coming days. This information will help first responders quickly locate 911 callers in multi-story buildings, which will reduce response times and ultimately save lives."

The FCC first announced in 2015 that carriers would be required to start sharing vertical location data. The original deadline was June 2nd, 2021, but AT&T, T-Mobile, and Verizon wanted an 18-month extension (allegedly due to issues testing the functionality during the COVID-19 pandemic). With the deadline rapidly approaching, the FCC began an investigation in April to find out what was taking carriers so long. All three major carriers have now agreed to start providing vertical location data to 911 call centers within the next seven days, and each company will pay a $100,000 settlement. The agreement also increases the scope of the vertical location data; instead of the data only being provided in select areas, vertical location information will be provided by carriers across the entire United States. However, it will likely take longer than a week for the vertical data to be used in most 9-1-1 call centers, as the change will require updated software and (possibly) additional training for emergency dispatchers.

Amazon's massive cloud-computing unit is aggressively recruiting U.S. government officials as it pushes to make itself essential to branches such as the military and the intelligence community, POLITICO reported Friday. From the report: Since 2018, Amazon Web Services has hired at least 66 former government officials with acquisition, procurement or technology adoption experience, most hired directly away from government posts and more than half of them from the Defense Department. That's a small portion of AWS' tens of thousands of employees, but a particularly key group to its federal business. Other AWS hires have come from departments including Homeland Security, Justice, Treasury and Veterans Affairs.

That's on top of more than 600 hires of government officials across all of Amazon during the same time -- itself a mark of the company's expanding footprint in the D.C. region. Amazon employs more than 1 million people overall, after adding 500,000 new jobs last year alone. The hiring spree highlights how tech companies are becoming more entrenched in the operations of the government itself -- and indispensable to Cabinet agencies and national security operations -- even as politicians shout about the danger of letting them get too powerful.

The Nigerian government suspended all Twitter operations in the country on Friday. From a report: Alhaji Lai Mohammed, the Nigerian minister of information and culture, said the decision stemmed from citizens using the platform for activities "capable of undermining Nigeria's corporate existence," according to a press release. The move follows Twitter's decision to remove a post by Nigeria's president Muhammadu Buhari that threatened to punish those responsible for recent attacks on electoral offices and police stations, and referenced the country's 1960s civil war that killed 1 million people, Reuters reported. "Those of us in the fields for 30 months, who went through the war, will treat them in the language they understand," Buhari said in a tweet before Twitter removed the post for violating its "abusive behavior" policy.

President Joe Biden signed an executive order on Thursday that bans U.S. entities from investing in dozens of Chinese companies with alleged ties to defense or surveillance technology sectors. From a report: The move, which his administration says expands the scope of a legally flawed Trump-era order, drew anger from Beijing. The Treasury Department will enforce and update on a "rolling basis" the new list of about 59 companies, which bars buying or selling publicly traded securities in target companies, and replaces an earlier list from the Department of Defense, senior administration officials told reporters. The order prevents U.S. investment from supporting the Chinese military-industrial complex, as well as military, intelligence, and security research and development programs, Biden said in the order. "In addition, I find that the use of Chinese surveillance technology outside the PRC and the development or use of Chinese surveillance technology to facilitate repression or serious human rights abuse constitute unusual and extraordinary threats," Biden said, using the acronym for the People's Republic of China.

An anonymous reader quotes a report from The New York Times: The perpetrators of a ransomware attack that shut down some operations at the world's largest meat processor this week was a Russian-based cybercriminal group known for its attacks on prominent American companies, the F.B.I. said Wednesday. The group, known as REvil, is one of the most prolific of the roughly 40 ransomware organizations that cybersecurity experts track and has been identified as responsible for a coordinated strike against operations in almost two dozen Texas cities in 2019. The group is among dozens of ransomware groups that enjoy safe harbor in Russia, where they are rarely arrested or extradited for their crimes.

REvil, which stands for Ransomware Evil, is known as a "ransomware as a service" organization, meaning it leases its ransomware to other criminals, even the technically inept. One of its previous affiliates was a group called DarkSide, which was responsible for the ransomware attack last month on Colonial Pipeline, a conduit for nearly half the gas and jet fuel to the East Coast. DarkSide is believed to have split off from REvil last year. REvil is considered one of the most sophisticated ransomware groups and has demanded as much as $50 million to recover data belonging to companies as prominent as Apple. Its attack on JBS, a Brazilian company that accounts for roughly a fifth of cattle and hog slaughter in the United States, temporarily shut down some operations at a time when prices were already surging for beef, poultry and pork. Jen Psaki, the White House press secretary, declined to say whether the U.S. government was planning to retaliate. "We're not taking any options off the table in terms of how we may respond, but of course there is an internal policy review process to consider that," she said. The administration is planning to bring up the issue with President Vladimir Putin of Russia when they meet in two weeks.

"Responsible states do not harbor ransomware criminals," she added.

Two years into its ban from the US Government and, in turn, access to the Play Store on its Android-powered devices, Huawei is unveiling HarmonyOS. The platform is an alternative to Android that powers TVs, smartphones, tablets, and smartwatches. 9to5Google reports: Announced at an event today, Huawei is positioning HarmonyOS as an operating system that can handle just about everything, from the smartphone in your pocket to IoT devices such as "power sockets and lamps." The company says the goal of the platform is to have one set of code that can be used across virtually any device, saying that it is not aware of "any other operating system in the world" that can cover such a wide range of devices. Leaning into this ability, Huawei developed a "Control Panel," which gives users the ability to connect multiple devices together, with the example of using the "music widget" to throw audio playback to nearby speakers or TVs. A "Super Device" widget shows icons for other nearby devices and enables a quick and easy pairing mode.

On smartphones, the HarmonyOS homescreen can use a swipe-up gesture on apps developed for the platform to see a widget pulling information from that app. Those widgets, apparently, can also be used across devices because of the shared codebase Huawei says HarmonyOS offers. The homescreen can also intelligently add apps to a folder based on the category. Interestingly, Huawei says HarmonyOS devices will also be able to move running apps from one device to another, which is really neat and unique. Moving apps between devices apparently also works between watches and TVs, with a workout app being used on both simultaneously given as an example. A video calling app was also shown moving between devices. Huawei says that performance of HarmonyOS is "superior" to Android with EMUI, specifically calling out long-term use.

While there are certainly new elements in HarmonyOS, it appears to be a "fork" of Android. The Verge spent time with the HarmonyOS-powered MatePad Pro and described the act of installing Android APKs as "though I was using an Android device." Visually, there are also a tremendous number of similarities between HarmonyOS and Android, though there are some distinct elements of Apple's iPad OS in the platform's tablet-optimized homescreen, seen below as Evan Blass posted to Twitter. Android Authority further described HarmonyOS as "ultimately a spin on Android 10" with a "slight rebrand." TechRadar said the software was "clearly" based on Android. These findings from the media appear to back up a previous report from ArsTechnica, which showed the developer preview as basically a clone of EMUI-skinned Android.

wiredmikey shares a report from SecurityWeek: The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks. According to a new report, the latest wave of attacks being attributed to APT29/Nobelium threat actor includes a custom downloader that is part of a "poisoned update installer" for electronic keys used by the Ukrainian government. SentinelOne principal threat researcher Juan Andres Guerrero-Saade documented the latest finding in a blog post that advances previous investigations from Microsoft and Volexity. "At this time, the means of distribution [for the poisoned update installer] are unknown. It's possible that these update archives are being used as part of a regionally-specific supply chain attack," Guerrero-Saade said.

The European Union (EU) is set to unveil plans for a bloc-wide digital wallet on Wednesday, following requests from member states to find a safe way for citizens to access public and private services online, the Financial Times reported. Reuters reports: The app will allow citizens across the EU to securely access a range of private and public services with a single online ID, according to the FT report on Tuesday. The digital wallet will securely store payment details and passwords and allow citizens from all 27 countries to log onto local government websites or pay utility bills using a single recognized identity, the newspaper said, citing people with direct knowledge of the plans.

The EU-wide app can be accessed via fingerprint or retina scanning among other methods, and will also serve as a vault where users can store official documents like the driver's license, the newspaper reported. EU officials will enforce a structural separation to prevent companies that access user data from using the wallet for any other commercial activity such as marketing new products.