Barbican, London
From Cuba to Mexico, from Hong Kong to Iraq, the Belgian artist has made 40 mesmerising films of kids at play, including three with guns up to no good in a war zone

Cries and laughter, clapping and calls and screams of delight fill the gallery. There are children everywhere on the multiple screens that fill the lower floor. Kids in Cuba careen round the streets of Havana on precarious trolleys fashioned from bits of wood and discarded junk. They rattle and slew on cobbles and jink round corners, under the amused and indulgent eyes of adults as they come hurtling past. The game is both exhilarating and frightening to watch, the young pilots and passengers inches away from hideous injury. Talk about health and safety.

Little girls on a London housing estate swipe at each other’s conkers in a game that’s been largely banished from British school playgrounds. Of course, there’s a lot more to the culture of conkers than whacking horse chestnuts on a bit of string. How careful you have to be – preparing the conker, drilling it and threading it on to a string. All games, like art, have their rules and conditions.

Continue reading...

💾

© Photograph: Francis Alÿs

💾

© Photograph: Francis Alÿs

Painting of 98-year-old broadcaster, commissioned by Royal Society, goes on public display 2 July

Jonathan Yeo hopes he has communicated the sitter’s “wisdom and thoughtfulness” in his latest portrait, but also the “sort of childlike, infectious enthusiasm” that audiences know so well.

Yeo is talking about his new, strikingly green, portrait of Sir David Attenborough, a figure who has gone beyond being a national treasure to someone known globally, and someone people might listen to when it comes to the catastrophes facing the world.

Continue reading...

💾

© Photograph: Richard Valencia Photography/Jonathan Yeo

💾

© Photograph: Richard Valencia Photography/Jonathan Yeo

A new book pulls together glamorous portraits of film stars from the 1920s to the 60s who could draw an audience with their name alone

Continue reading...

💾

© Photograph: John Kobal Foundation/Getty Images

💾

© Photograph: John Kobal Foundation/Getty Images

Schotter – As a way of dipping my toe into generative art, I've been trying to recreate one of the most iconic images in computer-generated art: Schotter ("Gravel", aka "Cubic Disarray") by Georg Nees. Part 2.

Members of LPAA presented their proposal to the city’s arts and culture committee last week. Read More

According to most ancient philosophers a virtuous heart will yield positive actions, while most modern philosophers would say it depends on the outcomes.

According to ancient philosophers, a virtuous heart—characterized by wisdom, compassion, and virtue—positively impacts the world. Aristotle's concept of eudaimonia emphasizes flourishing through virtue. Seneca highlights character's role in resilience and compassion. According to Seneca, a virtuous heart contributes positively to the world by embodying wisdom, resilience, and compassion. Consequentialism suggests that good intentions matter, but actions' impact is crucial. "The true strength of virtue is serenity of mind, combined with a deliberate and steadfast determination to execute its laws." -Immanuel Kant In this street interview video a philosopher runs a thought experiment by everyday New Yorkers that encapsulates the divergence between action-based moral theories and virtue-based moral theories. In the ongoing discourse between action-based moral theories, which emphasize following rules and fulfilling duties, and virtue-based moral theories, which prioritize cultivating virtuous character, the question of whether a good heart truly makes the world a better place remains a thought-provoking paradox.

Before World War II, a group of wealthy artists wanted to build a world largely independent of men and American racism. Their story is sumptuously illustrated by the National Portrait Gallery's sweeping exhibition "Brilliant Exiles: American Women in Paris, 1900-1939." Review by Mark Jenkins

This volume thus builds upon growing art historical, anthropological, and historical literature that argues that "art" is far from a natural category of human endeavor, but instead represents a historically specific idea and practice emerging in Europe from the Enlightenment and its aftermath [:] the radical and unprecedented bifrucation of the artist, as the genius who produces things of beauty, from the skilled artisan or crafts[person] who produces useful objects. [what's the use of art?]

"The ways in which decoration and ornament are defined and used vary in different cultures and periods. The Renaissance in Western Europe elevated to supreme status the 'fine arts', demoting handicraft and ornament, and beginning a process whereby these latter were relegated to the status of 'applied arts'... Centuries later in Britain, William Morris (1834-96) criticized the separation of art and craft from daily life and helped to promote a limited revival of medieval handicraft. More recently, a re-evaluation of ornament in art history has begun. In The Meditation of Ornament, [gbooks] the historian of Islamic art Oleg Grabar discusses ornament in the art of Islam within a broad world-view, ranging from Chinese calligraphy to contemporary art. Grabar proposes that ornament functions as an intermediary, enabling a direct encounter between the object it adorns and the viewer. He provides examples from different cultures, and suggests how terminology expresses the concept in different languages. For example, he notes that there is a Sanskrit word bhusati, which means 'to adorn'. It implies the successful completion of an act, object or state of mind. Grabar comes to the conclusion that 'in several highly literate and articulate societies, [there is agreement] on the existence of an action that completes something, that makes it perfect. That action is to decorate and the medium of its effectiveness is ornament.'" [Kazari: Internet Archive] previously: Egypt, repatriation, repair, I love how worked-over the first page of Nineteen Eighty-Four is, secret, ways of seeing, lists, equally an observer and an experimentalist, the only enslaved artist working in colonial America whose paintings are known to have survived, a Soviet nonconformist artist, exotic birds — including parrots, a recurring symbol in historical painting — and gigantic butterflies, tap, Very weird framing on this, it's a mix of science [laminar flow, Bernoulli] and woo [humidity, cloud-cover], the evolution of word balloons, care bears forever, suggesting that video games should incorporate more poetry, Art making is just one way of many through which we can transmute the unimaginable weight of loss into other forms, transformer architecture, wrappers delight, thousands of pieces of delicate glass created by a First Nations artist, Yhonnie Scarce, to tell significant stories, "poorly" animated juggling, esoteric phenomena, works "in the style of", Folly Cove, sketchbook hoboes, the child in the foreground is shown at work, erasure in portraiture, obsessions, art colonies, Tolkien, Botticelli, celebrities, serious work attempting to convey a sentiment, Charlemagne, skull trumpet, game as argument, videogames might be art but can they be literature, a testament to the power of vision, determination, and the belief that African stories could shine on the global stage, to combine colors as in a painting, juxtapositions when you put his pieces side-by-side can be as strange as the items he's composing together in the individual pieces, rainbow rice seedlings depicting sleeping cats, whiteness (which he describes as the way we organize and are organized), twined cattail leaves, web vibrations to interpret worldly signals, no viewer should be aware that any art project was happening, Software Piracy Birthed an Underground Art Scene, one foot in reality and the other in fantasy, micro-details of things, sand drawings of Vanuatu follow principles from a branch of math, leaf art, an impresario of the experimental in a city, Art + Climate, chef, vaporous worlds, this lost copywriting art, MAiZE, "influencer artist", the radical story of Palestinian embroidery, artists add invisible changes to the pixels in their art before they upload it online so that if it's scraped into an AI training set, it can cause the resulting model to break in chaotic and unpredictable ways, it's possible to believe in a happily ever after for us, most stylish older people don't follow rules, recipes knit our past with our present, hold on, a canvas for the art of living simply, craftivism, ornithological art, a time when children are living in peace, documentary, the most successful flop of all time, The "fuss" is that all of this AI art is built on the backs of people who remain uncompensated., somewhat gothic art direction, painting transmits rhythm, Ady Fidelin, the oldest known depiction of the bee in art is The man (or woman) of bicorp an (at least) 8000 year old cave painting in the Coves de l'Aranya, cozy game, stained glass sundials, Queer independent wrestling is where it is at, dematerializing, imaginary worlds and fantastical creatures, accessibility, Soteriology—that is the branch of theology that concerns itself with salvation—, lunar codex, retired playground animals, wombat — that "most beautiful of God's creatures", Clone-a Lisa, Ismail al-Jazari, the "father of robotics", done with comics but never art or the revolution, MLB players develop their autographs, say gay, not doing their art was costing them time", a world-class destination for art, but now we're so much more, an incredibly ambitious title to pursue when many video games do not try to engage with having cultures or identities outside of the white/western represented, a sound collage, Uplifting neurodivergent joy and caregiving are important acts of resistance , Chief Hacking Officer, art exists everywhere, the new searchable (and playable!) web frontend, all sorts of angles on how games and fashion converge, one player will make it to The Center, art helps, strategic use of nonviolent disruptive tactics, "moments of being," "vigorous compression", enjoying music, an archivist's dream... a while until the end of the blues (400+ pages to go) yet i feel comfortable saying: art means many things to many people

This volume thus builds upon growing art historical, anthropological, and historical literature that argues that "art" is far from a natural category of human endeavor, but instead represents a historically specific idea and practice emerging in Europe from the Enlightenment and its aftermath [:] the radical and unprecedented bifrucation of the artist, as the genius who produces things of beauty, from the skilled artisan or crafts[person] who produces useful objects [what's the use of art?]

The 387 Paper Model Houses of Peter Fritz

Edward Hopper - Haskell's House - 1924. The house IRL. Haskell's House at Hopperhead. Haskell's House for the Hopper fan. Hopper previously.

There are two elements in all this that seem to be at odds with each other. On the one hand, things like a proverb, a symbol, or—as in Borges' story—a novel have some sort of universality. They transcend the ages and remain applicable in different contexts. On the other hand, they acquire a unique flavor every time, dependent on the specifics of the people and times involved. This is not a paradox, though, but a typical result of chaotic processes. from Borges on Chaos Theory [Aether Mug]

Read 9 remaining paragraphs | Comments

"wall drawings were already selling for thousands of dollars, so he wanted to have some artwork that everybody could buy" [Radius: not to be sold for more than $100]

"minimal art went nowhere" [artstory, the] previously

The Japanese biochemist found in the 1970s that cholesterol-lowering drugs lowered the level of LDL, or “bad” cholesterol, in the blood.

© Jiji Press, via Agence France-Presse — Getty Images

The Banksy Museum does not own or display any actual Banksys but rather 167 decent-enough reproductions of them, life-size murals and paintings on panels treated to look like exterior walls that stretch through an exhibition space, designed to resemble the street. Max Lakin for the New York Times

Isabella Gomez Sarmiento for Morning edition:Museum founder Hazis Vardar says, "Banksy changed the rules. If you want to organize something about Banksy, you have to change the rules also," he said on a recent walk through the exhibit. Natasha Gural at Forbes supplies a more in-depth review: 4 Ways To See Beyond Graffiti At The Banksy Museum In New York Banksy Museum website

"Lissyelle is a photographer and art director based in Brooklyn, New York and Los Angeles, California. She grew up in rural Ontario where her interest in photography began at the age of 12, spurred by an obsessive fear she would one day forget her entire life were she not to document it. Her body of work is often still inspired by this compulsion to photograph, as well as by the vivid colors of early childhood, reoccurring dreams, the blurry way we see things when we are either too happy or too sad, and the soft hands of the high renaissance." [NSFW]

Read 9 remaining paragraphs | Comments

The first survey of Auriea Harvey, an influential Net artist turned game developer, traces the evolution of digital art from the 1990s to today.

The organ, from a genetically modified animal, failed because of a lack of blood flow, surgeons said, but did not appear to have been rejected by the body.

© Shelby Lum/Associated Press

There is an increasing overlap between art and artificial intelligence. Some celebrate it, while others worry.

© Dan Kitwood/Getty Images

Its disclosure came after RansomHub claimed responsibility for the cyberattack and threatened to release client data on the dark web.

© Li Qiang for The New York Times

Once called the “poet laureate” of deep-sea creatures, he melded science with art in paintings, books and a notable life-size installation in New York.

© Tony Cenicola/The New York Times

Declining sales and a cyberattack ignite new worries at spring art auctions.

The auctioneer’s website was taken offline on Thursday evening and remained down on Friday, days before its spring auctions were set to begin.

© Dia Dipasupil/Getty Images

All vaccines have at least occasional side effects. But people who say they were injured by Covid vaccines believe their cases have been ignored.

© Hannah Yoon for The New York Times

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.

The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law.

The FCC said it found the carriers each sold access to its customers’ location information to ‘aggregators,’ who then resold access to the information to third-party location-based service providers.

“In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained,” an FCC statement on the action reads. “This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.”

The FCC’s findings against AT&T, for example, show that AT&T sold customer location data directly or indirectly to at least 88 third-party entities. The FCC found Verizon sold access to customer location data (indirectly or directly) to 67 third-party entities. Location data for Sprint customers found its way to 86 third-party entities, and to 75 third-parties in the case of T-Mobile customers.

The commission said it took action after Sen. Ron Wyden (D-Ore.) sent a letter to the FCC detailing how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials.

That same month, KrebsOnSecurity broke the news that LocationSmart — a data aggregation firm working with the major wireless carriers — had a free, unsecured demo of its service online that anyone could abuse to find the near-exact location of virtually any mobile phone in North America.

The carriers promised to “wind down” location data sharing agreements with third-party companies. But in 2019, reporting at Vice.com showed that little had changed, detailing how reporters were able to locate a test phone after paying $300 to a bounty hunter who simply bought the data through a little-known third-party service.

Sen. Wyden said no one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card.

“I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers’ lives and privacy at risk,” Wyden said in a statement today.

The FCC fined Sprint and T-Mobile $12 million and $80 million respectively. AT&T was fined more than $57 million, while Verizon received a $47 million penalty. Still, these fines represent a tiny fraction of each carrier’s annual revenues. For example, $47 million is less than one percent of Verizon’s total wireless service revenue in 2023, which was nearly $77 billion.

The fine amounts vary because they were calculated based in part on the number of days that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements). The FCC notes that AT&T and Verizon each took more than 320 days from the publication of the Times story to wind down their data sharing agreements; T-Mobile took 275 days; Sprint kept sharing customer location data for 386 days.

Update, 6:25 p.m. ET: Clarified that the FCC launched its investigation at the request of Sen. Wyden.

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Responding to a reader inquiry concerning the trustworthiness of a site called TruePeopleSearch[.]net, KrebsOnSecurity began poking around. The site offers to sell reports containing photos, police records, background checks, civil judgments, contact information “and much more!” According to LinkedIn and numerous profiles on websites that accept paid article submissions, the founder of TruePeopleSearch is Marilyn Gaskell from Phoenix, Ariz.

Ms. Gaskell has been quoted in multiple “articles” about random subjects, such as this article at HRDailyAdvisor about the pros and cons of joining a company-led fantasy football team.

“Marilyn Gaskell, founder of TruePeopleSearch, agrees that not everyone in the office is likely to be a football fan and might feel intimidated by joining a company league or left out if they don’t join; however, her company looked for ways to make the activity more inclusive,” this paid story notes.

Also quoted in this article is Sally Stevens, who is cited as HR Manager at FastPeopleSearch[.]io.

“Fantasy football provides one way for employees to set aside work matters for some time and have fun,” Stevens contributed. “Employees can set a special league for themselves and regularly check and compare their scores against one another.”

Imagine that: Two different people-search companies mentioned in the same story about fantasy football. What are the odds?

Both TruePeopleSearch and FastPeopleSearch allow users to search for reports by first and last name, but proceeding to order a report prompts the visitor to purchase the file from one of several established people-finder services, including BeenVerified, Intelius, and Spokeo.

DomainTools.com shows that both TruePeopleSearch and FastPeopleSearch appeared around 2020 and were registered through Alibaba Cloud, in Beijing, China. No other information is available about these domains in their registration records, although both domains appear to use email servers based in China.

Sally Stevens’ LinkedIn profile photo is identical to a stock image titled “beautiful girl” from Adobe.com. Ms. Stevens is also quoted in a paid blog post at ecogreenequipment.com, as is Alina Clark, co-founder and marketing director of CocoDoc, an online service for editing and managing PDF documents.

Scouring multiple image search sites reveals Ms. Clark’s profile photo on LinkedIn is another stock image that is currently on more than 100 different websites, including Adobe.com. Cocodoc[.]com was registered in June 2020 via Alibaba Cloud Beijing in China.

The same Alina Clark and photo materialized in a paid article at the website Ceoblognation, which in 2021 included her at #11 in a piece called “30 Entrepreneurs Describe The Big Hairy Audacious Goals (BHAGs) for Their Business.” It’s also worth noting that Ms. Clark is currently listed as a “former Forbes Council member” at the media outlet Forbes.com.

Entrepreneur #6 is Stephen Curry, who is quoted as CEO of CocoSign[.]com, a website that claims to offer an “easier, quicker, safer eSignature solution for small and medium-sized businesses.” Incidentally, the same photo for Stephen Curry #6 is also used in this “article” for #22 Jake Smith, who is named as the owner of a different company.

Mr. Curry’s LinkedIn profile shows a young man seated at a table in front of a laptop, but an online image search shows this is another stock photo. Cocosign[.]com was registered in June 2020 via Alibaba Cloud Beijing. No ownership details are available in the domain registration records.

Listed at #13 in that 30 Entrepreneurs article is Eden Cheng, who is cited as co-founder of PeopleFinderFree[.]com. KrebsOnSecurity could not find a LinkedIn profile for Ms. Cheng, but a search on her profile image from that Entrepreneurs article shows the same photo for sale at Shutterstock and other stock photo sites.

DomainTools says PeopleFinderFree was registered through Alibaba Cloud, Beijing. Attempts to purchase reports through PeopleFinderFree produce a notice saying the full report is only available via Spokeo.com.

Lynda Fairly is Entrepreneur #24, and she is quoted as co-founder of Numlooker[.]com, a domain registered in April 2021 through Alibaba in China. Searches for people on Numlooker forward visitors to Spokeo.

The photo next to Ms. Fairly’s quote in Entrepreneurs matches that of a LinkedIn profile for Lynda Fairly. But a search on that photo shows this same portrait has been used by many other identities and names, including a woman from the United Kingdom who’s a cancer survivor and mother of five; a licensed marriage and family therapist in Canada; a software security engineer at Quora; a journalist on Twitter/X; and a marketing expert in Canada.

Cocofinder[.]com is a people-search service that launched in Sept. 2019, through Alibaba in China. Cocofinder lists its market officer as Harriet Chan, but Ms. Chan’s LinkedIn profile is just as sparse on work history as the other people-search owners mentioned already. An image search online shows that outside of LinkedIn, the profile photo for Ms. Chan has only ever appeared in articles at pay-to-play media sites, like this one from outbackteambuilding.com.

Perhaps because Cocodoc and Cocosign both sell software services, they are actually tied to a physical presence in the real world — in Singapore (15 Scotts Rd. #03-12 15, Singapore). But it’s difficult to discern much from this address alone.

Who’s behind all this people-search chicanery? A January 2024 review of various people-search services at the website techjury.com states that Cocofinder is a wholly-owned subsidiary of a Chinese company called Shenzhen Duiyun Technology Co.

“Though it only finds results from the United States, users can choose between four main search methods,” Techjury explains. Those include people search, phone, address and email lookup. This claim is supported by a Reddit post from three years ago, wherein the Reddit user “ProtectionAdvanced” named the same Chinese company.

Is Shenzhen Duiyun Technology Co. responsible for all these phony profiles? How many more fake companies and profiles are connected to this scheme? KrebsOnSecurity found other examples that didn’t appear directly tied to other fake executives listed here, but which nevertheless are registered through Alibaba and seek to drive traffic to Spokeo and other data brokers. For example, there’s the winsome Daniela Sawyer, founder of FindPeopleFast[.]net, whose profile is flogged in paid stories at entrepreneur.org.

Google currently turns up nothing else for in a search for Shenzhen Duiyun Technology Co. Please feel free to sound off in the comments if you have any more information about this entity, such as how to contact it. Or reach out directly at krebsonsecurity @ gmail.com.

ANALYSIS

It appears the purpose of this network is to conceal the location of people in China who are seeking to generate affiliate commissions when someone visits one of their sites and purchases a people-search report at Spokeo, for example. And it is clear that Spokeo and others have created incentives wherein anyone can effectively white-label their reports, and thereby make money brokering access to peoples’ personal information.

Spokeo’s Wikipedia page says the company was founded in 2006 by four graduates from Stanford University. Spokeo co-founder and current CEO Harrison Tang has not yet responded to requests for comment.

Intelius is owned by San Diego based PeopleConnect Inc., which also owns Classmates.com, USSearch, TruthFinder and Instant Checkmate. PeopleConnect Inc. in turn is owned by H.I.G. Capital, a $60 billion private equity firm. Requests for comment were sent to H.I.G. Capital. This story will be updated if they respond.

BeenVerified is owned by a New York City based holding company called The Lifetime Value Co., a marketing and advertising firm whose brands include PeopleLooker, NeighborWho, Ownerly, PeopleSmart, NumberGuru, and Bumper, a car history site.

Ross Cohen, chief operating officer at The Lifetime Value Co., said it’s likely the network of suspicious people-finder sites was set up by an affiliate. Cohen said Lifetime Value would investigate to determine if this particular affiliate was driving them any sign-ups.

All of the above people-search services operate similarly. When you find the person you’re looking for, you are put through a lengthy (often 10-20 minute) series of splash screens that require you to agree that these reports won’t be used for employment screening or in evaluating new tenant applications. Still more prompts ask if you are okay with seeing “potentially shocking” details about the subject of the report, including arrest histories and photos.

Only at the end of this process does the site disclose that viewing the report in question requires signing up for a monthly subscription, which is typically priced around $35. Exactly how and from where these major people-search websites are getting their consumer data — and customers — will be the subject of further reporting here.

The main reason these various people-search sites require you to affirm that you won’t use their reports for hiring or vetting potential tenants is that selling reports for those purposes would classify these firms as consumer reporting agencies (CRAs) and expose them to regulations under the Fair Credit Reporting Act (FCRA).

These data brokers do not want to be treated as CRAs, and for this reason their people search reports typically don’t include detailed credit histories, financial information, or full Social Security Numbers (Radaris reports include the first six digits of one’s SSN).

But in September 2023, the U.S. Federal Trade Commission found that TruthFinder and Instant Checkmate were trying to have it both ways. The FTC levied a $5.8 million penalty against the companies for allegedly acting as CRAs because they assembled and compiled information on consumers into background reports that were marketed and sold for employment and tenant screening purposes.

The FTC also found TruthFinder and Instant Checkmate deceived users about background report accuracy. The FTC alleges these companies made millions from their monthly subscriptions using push notifications and marketing emails that claimed that the subject of a background report had a criminal or arrest record, when the record was merely a traffic ticket.

The FTC said both companies deceived customers by providing “Remove” and “Flag as Inaccurate” buttons that did not work as advertised. Rather, the “Remove” button removed the disputed information only from the report as displayed to that customer; however, the same item of information remained visible to other customers who searched for the same person.

The FTC also said that when a customer flagged an item in the background report as inaccurate, the companies never took any steps to investigate those claims, to modify the reports, or to flag to other customers that the information had been disputed.

There are a growing number of online reputation management companies that offer to help customers remove their personal information from people-search sites and data broker databases. There are, no doubt, plenty of honest and well-meaning companies operating in this space, but it has been my experience that a great many people involved in that industry have a background in marketing or advertising — not privacy.

Also, some so-called data privacy companies may be wolves in sheep’s clothing. On March 14, KrebsOnSecurity published an abundance of evidence indicating that the CEO and founder of the data privacy company OneRep.com was responsible for launching dozens of people-search services over the years.

Finally, some of the more popular people-search websites are notorious for ignoring requests from consumers seeking to remove their information, regardless of which reputation or removal service you use. Some force you to create an account and provide more information before you can remove your data. Even then, the information you worked hard to remove may simply reappear a few months later.

This aptly describes countless complaints lodged against the data broker and people search giant Radaris. On March 8, KrebsOnSecurity profiled the co-founders of Radaris, two Russian brothers in Massachusetts who also operate multiple Russian-language dating services and affiliate programs.

The truth is that these people-search companies will continue to thrive unless and until Congress begins to realize it’s time for some consumer privacy and data protection laws that are relevant to life in the 21st century. Duke University adjunct professor Justin Sherman says virtually all state privacy laws exempt records that might be considered “public” or “government” documents, including voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, bankruptcy filings, and more.

“Consumer privacy laws in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia all contain highly similar or completely identical carve-outs for ‘publicly available information’ or government records,” Sherman said.

Last week on Malwarebytes Labs:

• Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix
• Update now! JetBrains TeamCity vulnerability abused at scale
• PetSmart warns customers of credential stuffing attack
• Predator spyware vendor banned in US
• ALPHV ransomware gang fakes own death, fools no one
• Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS
• Check your DNS! Abandoned domains used to bypass spam checks
• American Express warns customers about third party data breach
• No “Apple magic” as 11% of macOS detections last year came from malware
• Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users

Stay safe!

---

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack.

Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to the credentials from Site A try them on Site B, often via automation, and gain access to the user’s account.

If the user had different passwords on Site A and Site B, the attacker would have been stopped before they got in to Site B. This is why we are continuously telling people to not reuse their passwords. If all your logins are hard to remember (and they should be), you can use a password manager to help you.

We’d like to like to praise PetSmart for the way in which it handled the attack, setting a good example by warning customers.

“Dear Pet Parent,

We want to assure you that there is no indication that petsmart.com or any of our systems have been compromised. Instead, our security tools saw an increase in password guessing attacks on petsmart.com and during this time your account was logged into. While the log in may have been valid, we wanted you to know.

In an abundance of caution to protect you and your account, we have inactivated your password on petsmart.com. The next time you visit petsmart.com, simply click the “Forgot password” link to rest your password. You can also reset your password by visiting www.petsmart.com/account/.

Across the internet, fraudsters are constantly trying to obtain user names and passwords and they often try and test the credentials they find on various websites, like ours. To help keep your accounts secure, remember to use strong passwords for each of your important accounts.

Thank you for your understanding. If you have any questions about this, or any other issue, please feel free to contact us at customercare@petsmart.com or 888-839-9638.

Sincerely,

The PetSmart Data Security Team”

While we don’t agree with everything in the email—a strong password would not have made a difference here—it is informative, to the point, and helpful.

Digital Footprint scan

If you were one of those customers and the login was not you, that means the attacker knew your email and password. Maybe they found them in the proceeds of a previous data breach.

Malwarebytes has a tool that can help you find out how much of your own data is currently exposed online. Our free Digital Footprint scan scours the internet to find your exposed passwords and much more. Fill in your email address (it’s best to submit the one you most frequently use) and we’ll send you a report.

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card.

Timothy Barker, 56, was until recently a Band Manager at Duncan’s First Nation, a First Nation in northwestern Alberta, Canada. A Band Manager is responsible for overseeing the delivery of all Band programs, including community health services, education, housing, social assistance, and administration.

Barker told KrebsOnSecurity that during the week of March 31, 2023 he and the director of the Band’s daycare program discussed the need to purchase items for the community before the program’s budget expired for the year.

“There was a rush to purchase items on the Fiscal Year 2023 timeline as the year ended on March 31,” Barker recalled.

Barker said he bought seven “Step2 All Around Playtime Patio with Canopy” sets from a seller on Amazon.ca, using his payment card on file to pay nearly $2,000 for the items.

On the morning of April 7, Barker’s Facebook account received several nasty messages from an Ontario woman he’d never met. She demanded to know why he’d hacked her Walmart account and used it to buy things that were being shipped to his residence. Barker shared a follow-up message from the woman, who later apologized for losing her temper.

“If this is not the person who did this to me, I’m sorry, I’m pissed,” the lady from Ontario said. “This order is being delivered April 14th to the address above. If not you, then someone who has the same name. Now I feel foolish.”

On April 12, 2023, before the Amazon purchases had even arrived at his home, Barker received a call from an investigator with the Royal Canadian Mounted Police (RCMP), who said Barker urgently needed to come down to the local RCMP office for an interview related to “an investigation.” Barker said the officer wouldn’t elaborate at the time on the nature of the investigation, and that he told the officer he was in Halifax for several days but could meet after his return home.

According to Barker, the investigator visited his home anyway the following day and began questioning his wife, asking about his whereabouts, his work, and when he might return home.

On April 14, six boxes arrived to partially fulfill his Amazon order; another box was delayed, and the Amazon.ca seller he’d purchased from said the remaining box was expected to ship the following week. Barker said he was confused because all six boxes came from Walmart instead of Amazon, and the shipping labels had his name and address on them but carried a contact phone number in Mexico.

Three days later, the investigator called again, demanding he submit to an interview.

“He then asked where my wife was and what her name is,” Barker said. “He wanted to know her itinerary for the day. I am now alarmed and frightened — this doesn’t feel right.”

Barker said he inquired with a local attorney about a consultation, but that the RCMP investigator showed up at his house before he could speak to the lawyer. The investigator began taking pictures of the boxes from his Amazon order.

“The [investigator] derisively asked why would anyone order so many play sets?” Barker said. “I started to give the very logical answer that we are helping families improve their children’s home life and learning for toddlers when he cut me off and gave the little speech about giving a statement after my arrest. He finally told me that he believes that I used someone’s credit card in Ontario to purchase the Walmart products.”

Eager to clear his name, Barker said he shared with the police copies of his credit card bills and purchase history at Amazon. But on April 21, the investigator called again to say he was coming to arrest Barker for theft.

“He said that if I was home at five o’clock then he would serve the papers at the house and it would go easy and I wouldn’t have to go to the station,” Barker recalled. “If I wasn’t home, then he would send a search team to locate me and drag me to the station. He said he would kick the door down if I didn’t answer my phone. He said he had every right to break our door down.”

Barker said he briefly conferred with an attorney about how to handle the arrest. Later that evening, the RCMP arrived with five squad cars and six officers.

“I asked if handcuffs were necessary – there is no danger of violence,” Barker said. “I was going to cooperate. His response was to turn me around and cuff me. He walked me outside and stood me beside the car for a full 4 or 5 minutes in full view of all the neighbors.”

Barker believes he and the Ontario woman are both victims of triangulation fraud, and that someone likely hacked the Ontario woman’s Walmart account and added his name and address as a recipient.

But he says he has since lost his job as a result of the arrest, and now he can’t find new employment because he has a criminal record. Barker’s former employer — Duncan’s First Nation — did not respond to requests for comment.

“In Canada, a criminal record is not a record of conviction, it’s a record of charges and that’s why I can’t work now,” Barker said. “Potential employers never find out what the nature of it is, they just find out that I have a criminal arrest record.”

Barker said that right after his arrest, the RCMP called the Ontario woman and told her they’d solved the crime and arrested the perpetrator.

“They even told her my employer had put me on administrative leave,” he said. “Surely, they’re not allowed to do that.”

Contacted by KrebsOnSecurity, the woman whose Walmart account was used to fraudulently purchase the child play sets said she’s not convinced this was a case of triangulation fraud. She declined to elaborate on why she believed this, other than to say the police told her Barker was a bad guy.

“I don’t think triangulation fraud was used in this case,” she said. “My actual Walmart.ca account was hacked and an order was placed on my account, using my credit card. The only thing Mr. Barker did was to order the item to be delivered to his address in Alberta.”

Barker shared with this author all of the documentation he gave to the RCMP, including screenshots of his Amazon.ca account showing that the items in dispute were sold by a seller named “Adavio,” and that the merchant behind this name was based in Turkey.

That Adavio account belongs to a young computer engineering student and “SEO expert” based in Adana, Turkey who did not respond to requests for comment.

Amazon.ca said it conducted an investigation and found that Mr. Barker never filed a complaint about the seller or transaction in question. The company noted that Adavio currently has a feedback rating of 4.5 stars out of 5.

“Amazon works hard to provide customers with a great experience and it’s our commitment to go above and beyond to make things right for customers,” Amazon.ca said in a written statement. “If a customer has an issue with an order, they may flag to Amazon through our Customer Service page.”

Barker said when he went to file a complaint with Amazon last year he could no longer find the Adavio account on the website, and that the site didn’t have a category for the type of complaint he wanted to file.

When he first approached KrebsOnSecurity about his plight last summer, Barker said he didn’t want any media attention to derail the chances of having his day in court, and confronting the RCMP investigator with evidence proving that he was being wrongfully prosecuted and maligned.

But a week before his court date arrived at the end of November 2023, prosecutors announced the charges against him would be stayed, meaning they had no immediate plans to prosecute the case further but that the investigation could still be reopened at some point in the future.

The RCMP declined to comment for this story, other than to confirm they had issued a stay of proceedings in the case.

Barker says the stay has left him in legal limbo — denying him the ability to clear his name, while giving the RCMP a free pass for a botched investigation. He says he has considered suing the investigating officer for defamation, but has been told by his attorney that the bar for success in such cases against the government is extremely high.

“I’m a 56-year-old law-abiding citizen, and I haven’t broken any laws,” Barker said, wondering aloud who would be stupid enough to use someone else’s credit card and have the stolen items shipped directly to their home.

“Their putting a stay on the proceedings without giving any evidence or explanation allows them to cover up bad police work,” he said. “It’s all so stupid.”

Triangulation fraud is hardly a new thing. KrebsOnSecurity first wrote about it from an e-commerce vendor’s perspective in 2015, but the scam predates that story by many years and is now a well-understood problem. The Canadian authorities should either let Mr. Barker have his day in court, or drop the charges altogether.