Cyber Attacks, Threats, and Vulnerabilities
Who hacked the website of North Macedonia’s state election commission on election day? (bne IntelliNews) Even though voting took place in a free and democratic manner the DDoS attack left a big stain on the election — the first since the country changed its name to North Macedonia and become a Nato member.
An update on our security incident (Twitter) An update on our security incident and what we know so far.
His account might hold the secret to the massive Twitter hack. He died two years ago. (Mashable) @6 can tell us a lot we didn't know.
Hackers Tell the Story of the Twitter Attack From the Inside (New York Times) Several people involved in the events that took down Twitter this week spoke with The Times, giving the first account of what happened as a pursuit of Bitcoin spun out of control.
New York Times says Krebs wrongly implicated Briton in Twitter hack (iTWire) For the second time in as many days, former Washington Post employee Brian Krebs has been caught out for making false accusations against an individual over last week's Twitter scams, with The New York Times pointing out that he had wrongly identified an individual known as PlugWalkJoe as b...
Here's who was behind the recent Twitter hack, the worst cyber attack in the history of social media (Indian Express) The Times learnt that the hack is not from Russian, Chinese or North Korean hackers but was done by a group of young people, "one of whom says he lives at home with his mother"
Here’s how Twitter got hacked (Information Age) Slack channel contained the keys to the kingdom.
Twitter Says Hackers Downloaded Some Users’ Personal Data in Recent Attack (Wall Street Journal) Twitter said the hackers behind this week’s attack on its systems and high-profile users walked away with some personal information, indicating that the perpetrators carried out more than a cryptocurrency-related scam.
Exclusive: Twitter Hackers Could Have Stolen A Whole Lot More Bitcoin (Forbes) The attackers managed to defraud people of more than $100,000 worth of bitcoin but data from the world's biggest bitcoin exchanges shows they could have got a lot more—with at least $300,000 worth of bitcoin held back by exchanges...
Twitter Hack Revives Concerns Over Its Data Security (Wall Street Journal) The hack that exposed Twitter’s longstanding security issues last week started with a process familiar to almost every internet user: the password reset.
Google Search drops tweet carousels after Twitter hack (Search Engine Land) Twitter had a serious and concerning security event Wednesday. Google has since removed tweets from its search results.
Mysterious Twitter Cyberattack Shows Risks Of Insider Access (Law360) A cyberattack that relied on information divulged by Twitter's own employees to compromise accounts of some of the world's most high-profile users illustrates how companies' greatest security risks can sometimes be their own workers.
Industry Reactions to Twitter Hack: Feedback Friday (SecurityWeek) Several high-profile Twitter accounts were targeted recently in an attack that involved the hackers accessing internal Twitter systems and tools.
Kaspersky Statement on Twitter Scam (Manila Standard) Hacking into popular accounts to publish scam messages isnt a new practice, neither is the doubling the donation scam. What is curious in this case is the scale of the attack and the fact that the actor completely took over the verified accounts - their emails have been changed, so the owners arent able to get access back quickly enough, commented Dmitry Galov, security researcher at Kaspersky.
Why Hackers Use Bitcoin and Why It Is So Difficult to Trace (Wall Street Journal) Here’s what you need to know about bitcoin.
Twitter breach ignites fears of cyberattacks ahead of US presidential election (France 24) The FBI's San Francisco division is leading an inquiry into the Twitter hacking, it said in a statement, as more Washington lawmakers called for an accounting of how it happened.
We all lose if trusted accounts can be hijacked (Which-50) The list of US figures whose Twitter accounts were hijacked by scammers on Wednesday US time reads like a Who’s Who of the tech and celebrity worlds:
Things to keep in mind to protect your Twitter account after massive hacking incident (Interaksyon) A top cybersecurity and anti-virus provider offered suggestions on how Twitter users can recognize scams on social media following the massive hacking of the microblogging platform this week. Last Wednesday, July 15, Twitter experienced a major cybersecurity problem after high-profile verified accounts of celebrities and politicians, including US President Donald Trump and socialite Kim Kardashian, …
Russian ambassador rejects vaccine hacking claims (BBC News) Russia's representative in the UK also dismisses suggestions of interference in British politics.
Analysis | The Cybersecurity 202: Russia and China's vaccine hacks don't violate rules of road for cyberspace, experts say (Washington Post) But the CIA's loosened reins are causing concern.
The Return Of Cozy Bear: Russian Hackers In The Crosshairs Of Western Intelligence Agencies -- Again (RadioFreeEurope/RadioLiberty) "Cozy Bear" was implicated in hackng during the 2016 U.S. presidential election. Now it's been accused of trying to steal COVID-19 vaccine research.
Russia's Fancy Bear and Cozy Bear hacking groups are under the spotlight (CNBC) Two hacking groups linked to Russia are under the spotlight and one of them has been accused of trying to steal coronavirus vaccine secrets.
Cozy Bear: Everything we know about the hackers reportedly targeting COVID-19 vaccine research- Technology News, Firstpost (Tech2) The UK security agency says it is over 80 percent certain the attacks were to collect information on COVID-19 vaccine research or the COVID-19 virus itself.
Cyber attack warning: Countries are gearing up to steal COVID-19 research, says expert (Express.co.uk) CYBER ATTACKS across the world could become more prevalent as countries race to create a vaccine for COVID-19, according to a cybersecurity expert.
BitSight Data Highlights Vaccine Developer Vulnerabilities (BitSight) As the biomedical community rushes to develop vaccines to combat COVID-19, malicious actors are seeking to steal the intellectual property.
Data breach of free VPN providers exposes details of millions of users (The Sydney Morning Herald) The personal details of millions of users of free VPN providers, which aim to protect the privacy of internet users, have potentially been exposed.
Seven VPN apps accused of exposing more than a terabyte of private data (Digital Trends) A group of free VPN apps reportedly exposed a treasure trove of private data of millions of users. Discovered by vpnMentor, a total of seven VPN providers, all of which explicitly claimed they didn’t record their users’ activities, left more than a terabyte of browsing logs out in the open for anyone to access.
In our opinion: Russian hack of US vaccine efforts exposes cybercrime’s danger (Deseret News) Cybercrime, and particularly cyberwarfare between nations, may be the most serious threat to the nation’s economy and security today, the current pandemic notwithstanding.
That’s true whether it...
The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (Wired) By tearing down bootleg network switches, researchers found ample opportunity for malice—but no signs of a backdoor this time.
FBI warns cyber criminals are spoofing airport websites and Wi-Fi (KTSM 9 News) The FBI is warning the community to beware of cyber actors who are creating fake website domains to spoof U.S.-based airport websites.
Cyber-attack on Israel's water system, again (The Union Journal) Cyber- attacks were performed just recently versus Israeli water facilities, nevertheless no considerable damages were triggered, the Israeli Water Authority has actually stated.According to authoriti
New phishing campaign abuses a trio of enterprise cloud services (BleepingComputer) A new phishing campaign uses a trio of enterprise cloud services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud, as part of an attempt to steal your login credentials.
A flaw in Zoom’s Vanity URL feature could have been exploited in phishing attacks (Security Affairs) A vulnerability affecting the Zoom feature dubbed Vanity URL could have been exploited by hackers for phishing attacks. A vulnerability affecting the Zoom feature dubbed Vanity URLs could have been exploited by hackers for phishing attacks. The popularity of the Zoom video conferencing service exploded during the COVID-19 outbreak when it was chosen by organizations, schools, […]
Emotet botnet returns with new Microsoft Office phishing campaign (SiliconANGLE) The infamous botnet Emotet is back after a five-month break with a new Microsoft Office phishing campaign.
Beware of Abandoned Domain Names in this Turbulent Time and as the Global Economy Changes (CircleID) The outbreak of COVID-19 has caused worldwide disruption -- for whole nations and their economies. Unfortunately, there will be some side effects for businesses. A number of brands will disappear from the streets and shelves, as businesses that fail to weather the storm will have to fold. Companies that do survive will likely focus more on their core markets, pulling brands out of higher risk, less profitable markets...
The Troll: a fake flag burning at Gettysburg was only his latest hoax (Washington Post) A Bernie Sanders supporter has provoked the far right for years using online aliases, sometimes with dangerous results.
New Intelligence Reveals that Alina Point-of-Sale Malware is Still Lurking in DNS (New Kerala) Point-of-Sale (POS) malware is nothing new, and the Alina malware - which cyber criminals use to scrape credit card numbers from POS systems - has been around for many years.
IRS Reveals 2020 ‘Dirty Dozen’ Tax Scams (401k Specialists) A good time to warn plan sponsors and participants
Tedrade banking malware families target users worldwide (Security Affairs) The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide. Cybersecurity researchers from Kaspersky Lab have detailed four different families of Brazilian banking trojans, tracked as Tetrade, that have targeted financial institutions in Brazil, Latin America, and Europe. The four malware families are named Guildma, Javali, […]
Cloudflare outage briefly brings down public cloud workloads (CRN Australia) Causing issues for AWS, Azure and Google Cloud.
$7.5M in Monero Demanded in Alleged Cyber Attack on Argentinian Telecom Giant (Finance Magnates) Rumors of a ransomware attack on Telecom SA appear to have originated on Twitter.
Europe’s Largest Mobile Operator Orange Hit by Ransomware Attack - Expert Commentary (Information Security Buzz) Orange, a French telecommunications company and the fourth-largest mobile operator in Europe, has confirmed it suffered a ransomware attack on July 4-5. The attack exposed the data of 20 of their enterprise customers, and it has since been leaked online via Nefilm Ransomware’s site. Specific details around how this attack occurred have not been released, …
LibreHealth medical records app exposes sensitive patient data (The Daily Swig) Project maintainers are still working on a fix
Data Leaks in Online Education: Almost 1 Million Records Exposed (WizCase) WizCase discovered multiple data leaks affecting numerous e-learning websites around the world. The leaks exposed personal information, such as emails, passwords, and full names, of almost 1 million users, many of which were underage. As the data was stored in misconfigured and unencrypted Amazon S3 buckets and other types of servers, anyone could access ...
UK universities can be hacked in 'under an hour' (The Telegraph) Testing carried out last year found that every single university probed could have been hacked in under two hours
Security Patches, Mitigations, and Software Updates
Magento adds 2FA to protect against card skimming attacks (BleepingComputer) Adobe has added two-factor authentication (2FA) throughout the Magento platform in response to the widespread number of attacks where skimmer scripts are deployed on hacked e-commerce sites to steal customers' credit cards.
Apple adds EvilQuest detection to Xprotect (Macworld UK) Apple quickly updated its built-in anti-malware protection tool to combat latest threat
Apple iOS 13.6: 29 Security-Oriented Bug Fixes and CarKey (TechNadu) Apple has released iOS 13.6, and it comes with bug fixes for 29 critical and medium security flaws. The "CarKey" has also landed through this update.
Cyber Trends
Kaspersky: ‘Beware entertainment malware’ (Advanced Television) According to cybersecurity specialist Kaspersky, 2019 was officially the year the Streaming Wars kicked off, as nearly all major networks hurried to profit from consumers’ new, preferred method of consuming content: streaming platforms.
Marketplace
The secretive UK fund behind the government’s $500m investment in OneWeb (The Telegraph) The NSSIF had a key role in the recent OneWeb deal
Inside Big Tech’s Years-Long Manipulation Of American Op-Ed Pages (Big Technology) Why you should probably read opinion pieces supporting the tech giants with skepticism.
Experts analyze recent blow to China's telecom giant Huawei (CGTN) Huawei is the largest telecommunication equipment manufacturer in the world, and the second-largest cellphone maker, after Samsung. But it has been experiencing a few setbacks of late.
How Shein deployed an army of TikTok influencers to lure British teens (The Telegraph) Shein has become a massive hit among TikTok-loving Gen Z, but its secretive business operations have left customers suspicious
GlobalSCAPE and HelpSystems Sign Merger Agreement (PR Newswire) GlobalSCAPE, Inc. (NYSE American: GSB), and HelpSystems, LLC today jointly announced they have signed a definitive merger agreement under which...
Tesserent eyes acquisition with $10M funding (ARN) Cyber security provider Tesserent has secured $10 million in funding in order to further its ambitious acquisition strategy in 2020.
VAR Arrow makes first acquisition from £50m war chest (CRN) Acquisitive VAR snaps up cybersecurity specialist Altinet
IT security specialist bought by PE-backed business (Insider Media Ltd) A Leeds-headquartered provider of IT security and storage service has been snapped up by a private equity-backed business telecoms specialist based in Surrey.
Now, that's rich! Turnbull becomes partner in CIA-backed firm, calls out Xenophon for Huawei advisory role (iTWire) In a clear case of the pot calling the kettle black, former prime minister Malcolm Turnbull, who is investing in a security company known as Kasada which has taken money from In-Q-Tel, the investment arm of the CIA, is calling for former Independent senator Nick Xenophon to enter his name on Austral...
CRN® Recognizes XM Cyber on the 2020 Emerging Vendors List (PR Newswire) XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS) advanced cyber risk analytics and cloud security posture...
Vectra targeting fresh customer base with partners (MicroscopeUK) Security player has ambitions to make a mark in the mid market and is looking to its channel to play a part
Malwarebytes unveils record fiscal year and new VP hire (PCR) Endpoint protection provider Malwarebytes has announced record results from its 2020 fiscal year, de
Claroty Appoints Veteran Industrial Solution Leader Yaniv Vardi as Chief Executive Officer (PR Newswire) Claroty, the global leader in operational technology (OT) security, today announced Yaniv Vardi has been appointed the company's Chief...
Products, Services, and Solutions
Ordr Brings its Leading Device Visibility and Security Platform to Check Point Software Technologies' Customers through the IoT Protect Discovery Program (PR Newswire) Ordr, the leader in security for unmanaged devices and enterprise Internet of Things (IoT), today announced an expanded partnership with Check...
Kaspersky Anti-Ransomware review: A free tool that actually works (Android Central) Ransomware can destroy the files on your hard drive and ruin your day if given the chance. If you don't have a proper security solution already installed on your PC or simply want an additional layer of security, Kaspersky Anti-Ransomware Tool is a free and reliable tool that gets the job done.
Check Point® Software Announces IoT Protect To Secure IoT Devices And Networks Against Cyber-Attacks (Security Informed) Check Point® Software Technologies Ltd., a provider of cybersecurity solutions globally, has introduced its Internet of Things (IoT) Protect solution to secure both IoT devices and networks in...
Mastercard Expands Crypto Card Partner Program (PYMNTS.com) Mastercard, responding to the burgeoning cryptocurrency space, has updated its Accelerate program to help partners bring payment cards to the market.
Technologies, Techniques, and Standards
ClassNK releases Guidelines for Designing Cyber Security Onboard Ships (Sea News Global Maritime News) ClassNK has released its “Guidelines for Designing Cyber Security Onboard Ships” (Second Edition) for newbuilding designs targeting shipyards and ship-building owners In the second edition of the “Guidelines for Designing Cyber Security Onboard Ships”, the control measures and the framework to implement such measures were updated to incorporate the international cyber security standards for industrial …
Academic Project Used Marketing Data to Monitor Russian Military Sites (Wall Street Journal) Cellphone location data purchased from marketers enabled researchers at Mississippi State to track the movements of Russian generals. The data have major implications for national-security and law-enforcement agencies, too.
US Army-funded ‘research project’ quietly tracked mobile phone movements at Russian military sites & govt buildings – media (RT International) Mobile devices used by personnel at Russian military sites, government premises and foreign embassies in Moscow were reportedly shadowed by researchers who used commercially available software as part of a Pentagon-funded study.
How CEOs think (Errata Security) Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following...
Insights From INTERPOL on Using Threat Intelligence (BankInfo Security) Craig Jones, who leads the global cybercrime program for INTERPOL, which facilitates police cooperation among 194 member nations, describes how organizations can
US Army to test more rapid patching of combat system software (C4ISRNET) Say goodbye to software patches coming on disks in the mail.
With a new setup, the Air Force hopes to improve information warfare operations (C4ISRNET) The Air Force is merging intelligence personnel with cyber operators.
Design and Innovation
Can Winners of 5G Race Be Trusted to Secure its Infrastructure? (The Sociable) The race to 5G supremacy is almost always pitted as a competition between the US and China with each nation telling its allies why they shouldn't trust the other.
Data61 touts new way to automatically spot phishing attempts (iTnews) Using file compression.
Please, I'm Ben Todd and there's only one of me: The case for a unified identity (Computing) We need a single digital identity to authenticate us at work, prove who we are to our energy company, and let us log in seamlessly to our favourite news site
An Ethics Guide for Tech Gets Rewritten With Workers in Mind (Wired) The Ethical Explorer Pack is designed to help Silicon Valley's rank and file—not just CEOs—steer products away from harmful directions.
Research and Development
DARPA Taps Galois to Create Software Dev't Tools for Physical Security (ExecutiveBiz) Galois has secured a $7.5M contract to build data security application development tools as part of a Defense Advanced Research Projects Agency's Guaranteed Architecture for Physical Security initiative.
Academia
Baxter Appointed Chair of Air, Space, and Cyberspace Studies at Clarkson University (Clarkson University) Lt. Col. Michelle L. Baxter has been appointed chair and professor of air, space, and cyberspace studies at Clarkson University.
CTC offers new cybersecurity and other programs (The Killeen Daily Herald) Central Texas College will introduce several new degree and certificate programs in the fall 2020 semester. The new additions include Associate of Applied Science degree programs in robotics technology and
Legislation, Policy, and Regulation
Hacked: Why Cyber Attribution Remains an Unsolved Problem for U.S. National Security (The National Interest) It’s been almost four years since the DNC network was breached. What has actually changed?
A look at Chinese cos having investments in India with PLA links, as Centre probes 59 apps - Republic World (Republic World) India is also scrutinising several Chinese companies involved and invested in the Indian market on financing, data security, funds, parent company, harvesting
Biden Begins Receiving Intel Briefs, Warns of Russian Meddling (Bloomberg) He also accuses China of plotting to sap election confidence. Biden hits Trump over reports that he doesn’t read briefings.
On Huawei, the Trudeau government has dithered its way through (Toronto Star) ‘As time marches on, a decision against Huawei seems inevitable. When it becomes official it will be an anti-climax — and that may be just the result ...
China ambassador launches scathing attack on UK for Huawei ban - ‘Rejecting the future!' (Express.co.uk) CHINA'S ambassador to the UK Liu Xiaoming has blasted the government's choice to remove Huawei's technology from its 5G network.
UK asks Japan for help with 5G as alternative to Huawei (Nikkei Asian Review) NEC and Fujitsu to benefit but face competitors Ericsson and Nokia
Pressure from Trump led to 5G ban, Britain tells Huawei (the Guardian) ‘Geopolitical’ factors were behind the move, the company was told, with hints that the decision could be reversed in future
US takes next steps in Huawei, ZTE clampdown (Mobile World Live) The US government moved to tighten sanctions on Chinese telecoms vendors, with the Federal Communications ...
FCC Begins Implementation of Huawei, ZTE USF Bans (LawStreetMedia) The Federal Communications Commission (FCC) announced Thursday that it will implement segments of the Secure and Trusted Communications Networks Act (Secure Networks Act) which was enacted in March, into its current supply chain rulemaking. This is an additional step taken by the FCC to protect the United States’ communications networks from security risks.
Could Trump Win the War on Huawei—and Is TikTok Next? (Wired) In a plot twist, the administration’s assault on the Chinese telecom giant is gaining traction. At heart, the US has an interest in its own electronic surveillance capabilities.
Florida Congressmen Call on Trump Administration to Crack Down on TikTok (Florida Daily) Last week, five Republicans in the Florida delegation–U.S. Reps. Neal Dunn, Matt Gaetz, Ross Spano, Greg Steube and Ted Yoho–joined 20 other members of Congress in calling on the Trump administration to crack down on TikTok and other social media apps connected to the Chinese regime.
TikTok may be a political-culture war victim, when the larger issue is data use (TheHill) It’s unclear as to whether the concern is in response to TikTok’s massive popularity.
Does TikTok Really Pose a Risk to US National Security? (Wired) Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure.
Threat Of TikTok Ban Suddenly Gets Serious: Here’s What That Means For You (Forbes) It is now becoming clear how a U.S. ban on TikTok might work—and the Trump administration says it may come "within weeks." For tens of millions of American users, this will come as a serious shock.
Forget TikTok. There are better ways to protect Americans' data from China. (NBC News) Analysis: Focusing on the video app's security issues overlooks the common-sense changes that could keep all Americans safe.
Twitter Hack Highlights Need for White House Cyber Director, Hearing Told (Consumer Electronics Daily) Twitter’s human-enabled hack is another example of why the White House needs a national cyber director and the Cyberspace Solarium Commission’s (CSC) recommendations should be implemented (see 2007150065), said House Cybersecurity Subcommittee members during a hearing Friday.
Establishing a National Cyber Director Would Be a Mistake (Lawfare) A recent proposal from the Cyberspace Solarium Commission would solve few problems and create many.
16th Air Force Gets Full Operational Capability Authorization; Timothy Haugh Quoted - Executive Gov (Executive Gov) The U.S. Air Force’s new cyber and information warfare-focused command unit has achieved full operat
Vanguard “America’s pioneers in cyberspace” changes command (DVIDS) Col. Matthew J. Lennox, commander, 780th Military Intelligence Brigade (Cyber), hosted a virtual change of command ceremony in which Lt. Col. Nadine K. Nally relinquished her command of the 781st MI Battalion (Cyber) “Vanguard” to Lt. Col. Michael L. Arner on July 16.
German Watchdog Raises Red Flags On Smart TV Privacy (Law360) Germany's antitrust and consumer protection watchdog raised concerns Friday that the rise of smart TVs has opened the door to numerous threats to privacy and fair competition and has revealed holes in German laws meant to prevent consumer harm.
Litigation, Investigation, and Law Enforcement
FTC Considering Deposing Top Facebook Executives in Antitrust Probe (Wall Street Journal) The Federal Trade Commission is considering taking sworn testimony from Facebook Chief Executive Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg as part of its yearlong probe of whether the company has engaged in unlawful monopolistic practices.
Europe’s Highest Court Invalidates the EU-US Privacy Shield, Casts Doubt on Viability of Model Clauses for Data Transfers to the US (Cooley) On July 16, 2020, the Court of Justice of the European Union issued a decision that uprooted long-standing legal frameworks on which thousands of US and EU companies have relied to transfer persona…
Twitter hack triggers investigations and lawmaker concerns (Washington Post) The FBI is launching an investigation, while lawmakers from both sides of the aisle called for more information.
FBI probe into Bitcoin-related Twitter hack begins (Yahoo) The Federal Bureau of Investigation (FBI) has launched an investigation into the recent Twitter hack that resulted in a number of influential accounts being compromised. The likes of Elon Musk, Jeff Bezos and Bill Gates were among a long list of names who fell victim to the hack, with tweets being sent
FBI Investigates Twitter Hack Amid Broader Concerns About Platform’s Security (Wall Street Journal) The Federal Bureau of Investigation is examining the attack on the social-media platform, amid concerns that the vulnerability of Twitter’s systems could pose broader risks to international security.
Government's test-and-trace programme is illegal under GDPR (Computing) The government skipped essential data privacy impact assessments in its rush to get the system up and running
Judge Blocks Further Inquiries in FOIA Case Questioning Hillary Clinton's Email Practices (New York Law Journal) I find it hard from a practical perspective to believe that somehow [State Department officials] have not done their duty in trying to find records that relate to Secretary Clinton, U.S. District Judge Reggie Walton said at a recent hearing in the public records case.
'Stop phone hacking for China' (Taiwan News) Pro-democracy leader starts petition to stop Israel’s Cellebrite cracking Hong Kong protesters' phones
World's Most Wanted Man Jan Marsalek Located in Belarus; Data Points to Russian Intel Links (bellingcat) It can safely be assumed that Jan Marsalek is currently one of the most hunted-for persons on earth. The company he oversaw operationally, Germany’s Wirecard, collapsed overnight last month after auditors brought attention to a nearly 2 billion Euro gaping hole in its balance sheet. The hole was the result of the recognition that cash …
2nd Circuit Upholds 4-Year Sentence for Man Convicted of Cyberstalking His Ex-Girlfriend | New York Law Journal (New York Law Journal) A three-judge panel of the Manhattan-based appeals court said Thomas Traficante's prison term, followed by three years of supervised release, was well-rooted in the offense, which a federal judge at sentencing called about as serious as they get.