Yazılar

North Korean Hackers Using Fake Job Offers to Steal Cryptocurrency, Research Shows

/in /tarafından

North Korean hackers are increasingly impersonating recruiters to steal cryptocurrency, saturating the industry with convincing fake job offers, according to new research and interviews conducted by Reuters. The cyber campaign, dubbed “Contagious Interview” by cybersecurity firms, has grown so pervasive that many applicants now screen recruiters to ensure they are not acting on behalf of Pyongyang.

Experts say North Korea stole at least $1.34 billion in cryptocurrency last year, funding its sanctioned weapons program. The FBI has previously warned that Pyongyang was “aggressively” targeting the crypto industry with elaborate social engineering schemes.

The scams typically begin on LinkedIn or Telegram, with a recruiter offering a role at a major blockchain or crypto firm. Applicants are then directed to obscure websites to complete a skills test or record a video—sometimes requiring them to download malicious code. In one case, a U.S. product manager lost $1,000 in ether and Solana after sending a video to a fake recruiter impersonating Ripple Labs. Others, like consultant Ben Humbert, cut off conversations after being asked to complete “virtual interviews” through suspicious links.

Companies such as Robinhood and Kraken have acknowledged being impersonated. Robinhood said it acted to disable fake web domains linked to the scam. LinkedIn and Telegram confirmed that the fraudulent accounts identified by Reuters had been removed. Still, security experts say the impersonations are difficult to police, as “anybody out there can say they’re a recruiter,” noted Nick Percoco, Kraken’s chief security officer.

Research by SentinelOne and Validin found exposed hacker log files containing details of more than 230 targeted individuals—ranging from coders and consultants to executives—between January and March. Analysts linked the activity to North Korea based on IP addresses and emails tied to previous state-backed hacks.

Although only a fraction of North Korea’s overall crypto theft efforts, experts warn the campaign is highly organized and rapidly evolving. “It’s scary how far they’ve come,” said Carlos Yanez of Global Ledger, one of the recent targets.

North Korea’s mission to the United Nations did not respond to Reuters’ request for comment, though Pyongyang routinely denies involvement in cryptocurrency theft.

Italy Targets Meta, X, and LinkedIn in Landmark Tax Case

/in /tarafından

Italy has initiated a landmark tax case, issuing VAT claims against Meta, X, and LinkedIn. The case, which could have widespread implications for the tech industry in Europe, challenges how social networks provide services and treat user data as taxable transactions.

Tax Claims Against Tech Giants

Italy’s tax authorities are claiming substantial amounts from the three U.S. tech giants: Meta (887.6 million euros), X (12.5 million euros), and LinkedIn (140 million euros). These claims span from 2015 to 2022, although the immediate focus is on the years 2015 and 2016, for which claims are set to expire soon.

The Controversial Issue: VAT on Free Services

The central issue in the case revolves around the way these companies provide access to their platforms. Italian authorities argue that the act of users registering on Meta, X, and LinkedIn should be considered a taxable transaction since it involves the exchange of personal data for access to membership accounts.

Meta has strongly opposed this view, asserting that providing access to online platforms should not be subject to VAT. LinkedIn and X have remained silent or unavailable for comment on the matter.

Potential Impact Across the European Union

The case could have wider ramifications across the EU, as VAT is a harmonized tax across member states. Experts suggest that the ruling may force tech companies to reconsider their business models, particularly those offering “free” services that require users to accept profiling cookies. This development could potentially extend to other industries, including airlines and publishers, which rely on similar business practices.

The Path Forward: Court or Settlement?

This is the first time that Italy has issued formal tax assessment notices without reaching a settlement agreement. The companies now have 60 days to appeal the claims, after which they may go to court—a process that could take up to 10 years in Italy. Alternatively, the tax authorities could drop the claims for technical or political reasons, or the companies could agree to pay some of the contested amounts while seeking further assessment from the European Commission.

LinkedIn Lawsuit Over Customer Data Use for AI Models Dismissed

/in /tarafından

A class action lawsuit against Microsoft’s LinkedIn, which accused the platform of using customers’ private messages to train artificial intelligence models, has been dismissed. The case was dropped by plaintiff Alessandro De La Torre on Thursday in the U.S. federal court in San Jose, California, just days after the suit was filed. LinkedIn had argued that the allegations were unfounded.

De La Torre’s lawsuit claimed that LinkedIn violated the privacy of its Premium users by disclosing their private messages to third parties involved in developing AI. He accused the platform of breaching its promise to use customer data only to enhance its services, not for external uses like AI training.

The issue came to light when LinkedIn updated its privacy policy in September, revealing that a new account setting would not affect data used in previous AI training. This disclosure sparked concerns among users about how their data was being handled.

However, LinkedIn clarified that it had not shared private messages with third parties for AI training. In a LinkedIn post, Sarah Wight, the company’s vice president and legal counsel, confirmed, “We never did that.” De La Torre’s legal team acknowledged the clarification, stating that users could take comfort in knowing their private messages had not been used for AI purposes.