Reading view

Robot Police Officers

We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect:

In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. “After not responding to negotiators, a drone was deployed inside the residence,” the post says. “Drone pilots located the suspect hiding in a corner of a garage” and then used a high-powered magnet attached to the drone to grab the knife out of the suspect’s hand. In the video ­ which is soundtracked by the “Mission: Impossible” theme song—the intercepted knife can be seen spinning around in the air as the drone carries it back to the deputies.

Slashdot thread.

  •  

Stolen iPhones could soon be worth a lot less to thieves

The UK’s Metropolitan Police has reached an agreement with Apple designed to make stolen iPhones harder to resell and less attractive to thieves. The approach combines stronger technical protections with direct data sharing between Apple and law enforcement.

In 2023, about 1.4 million mobile phones were stolen in the US alone. London is reportedly one of the worst cities for phone theft, with around 200 devices stolen every day. 

As part of this effort, Apple has strengthened its Stolen Device Protection feature in iOS 26.4, making it harder for thieves to change security settings, factory‑reset a stolen iPhone, or set it up as new.

Previously, thieves with your passcode (or who snatched your iPhone while it was still unlocked) could factory reset it, wiping your account and making the device look new for resale. Stolen Device Protection blocks this, requiring biometric authentication, not just a passcode, to make critical changes.

The Met has started sharing identifiers for reported stolen devices with Apple. In return, Apple can provide data on whether those devices later attempt to reconnect to a network or attempt to be reactivated.

Police say this gives them a better picture of what happens to stolen devices: Are they being switched back on locally? Shipped abroad? Broken down for parts?

Met Police Commissioner Sir Mark Rowley said Apple believes it has “cracked” the engineering problem. Phone thefts in London have since fallen 18% year-on-year, with Westminster (the capital’s worst-affected borough) down 45.8%.

Given the early signs of success, the Met is pressing for broader changes.

The Commissioner has written to the Home Secretary asking for laws that would require all phone manufacturers and mobile operators to share information about stolen devices and implement measures that make stolen handsets unusable. 

As part of that effort, the Met has explicitly said that Samsung and Google are also improving device security to address phone theft, suggesting this will become an industry‑wide expectation rather than an Apple‑only initiative.

Possible pitfalls

From a privacy perspective, it’s important to keep an eye on what data is shared, and who can see it.

Reports so far suggest that Apple and the Met are exchanging device identifiers and high‑level information about whether a stolen phone has attempted to reconnect or be reactivated. In theory, that sounds narrow and purpose‑bound: device X was reported stolen, later tried to come online in country Y, at time Z. There is no public indication that content, contacts, or location histories are being handed over wholesale.

There’s also a risk of someone reporting your phone as stolen. If a device is incorrectly marked as stolen, the protections designed to stop thieves could lock an innocent user out, turning a valuable asset into a brick. Without transparent appeal mechanisms, this is a notable concern.

The measures could also create challenges for recycling initiatives, legitimate repair shops, and refurbishers. They may face additional hurdles when diagnosing, restoring, or reselling devices if anti-theft protections become more restrictive.

Stay safe

Make sure your phone is protected with a strong passcode and biometric security, such as Face ID or a fingerprint.

Enable Apple’s Find My feature, or the Android equivalent, and make sure it is linked to a strong account password.

Keep lock screen notifications to a minimum so thieves cannot quickly access your sensitive information if they get hold of your device.

When buying a used phone, use a reputable seller and make sure the device has been reset by its owner. Complete the initial setup process with the seller present to confirm the phone isn’t locked to someone else’s account or reported stolen.


Scammers know more about you than you think. 

Malwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. 

Download for iOS → Download for Android → 

  •  

Stolen iPhones could soon be worth a lot less to thieves

The UK’s Metropolitan Police has reached an agreement with Apple designed to make stolen iPhones harder to resell and less attractive to thieves. The approach combines stronger technical protections with direct data sharing between Apple and law enforcement.

In 2023, about 1.4 million mobile phones were stolen in the US alone. London is reportedly one of the worst cities for phone theft, with around 200 devices stolen every day. 

As part of this effort, Apple has strengthened its Stolen Device Protection feature in iOS 26.4, making it harder for thieves to change security settings, factory‑reset a stolen iPhone, or set it up as new.

Previously, thieves with your passcode (or who snatched your iPhone while it was still unlocked) could factory reset it, wiping your account and making the device look new for resale. Stolen Device Protection blocks this, requiring biometric authentication, not just a passcode, to make critical changes.

The Met has started sharing identifiers for reported stolen devices with Apple. In return, Apple can provide data on whether those devices later attempt to reconnect to a network or attempt to be reactivated.

Police say this gives them a better picture of what happens to stolen devices: Are they being switched back on locally? Shipped abroad? Broken down for parts?

Met Police Commissioner Sir Mark Rowley said Apple believes it has “cracked” the engineering problem. Phone thefts in London have since fallen 18% year-on-year, with Westminster (the capital’s worst-affected borough) down 45.8%.

Given the early signs of success, the Met is pressing for broader changes.

The Commissioner has written to the Home Secretary asking for laws that would require all phone manufacturers and mobile operators to share information about stolen devices and implement measures that make stolen handsets unusable. 

As part of that effort, the Met has explicitly said that Samsung and Google are also improving device security to address phone theft, suggesting this will become an industry‑wide expectation rather than an Apple‑only initiative.

Possible pitfalls

From a privacy perspective, it’s important to keep an eye on what data is shared, and who can see it.

Reports so far suggest that Apple and the Met are exchanging device identifiers and high‑level information about whether a stolen phone has attempted to reconnect or be reactivated. In theory, that sounds narrow and purpose‑bound: device X was reported stolen, later tried to come online in country Y, at time Z. There is no public indication that content, contacts, or location histories are being handed over wholesale.

There’s also a risk of someone reporting your phone as stolen. If a device is incorrectly marked as stolen, the protections designed to stop thieves could lock an innocent user out, turning a valuable asset into a brick. Without transparent appeal mechanisms, this is a notable concern.

The measures could also create challenges for recycling initiatives, legitimate repair shops, and refurbishers. They may face additional hurdles when diagnosing, restoring, or reselling devices if anti-theft protections become more restrictive.

Stay safe

Make sure your phone is protected with a strong passcode and biometric security, such as Face ID or a fingerprint.

Enable Apple’s Find My feature, or the Android equivalent, and make sure it is linked to a strong account password.

Keep lock screen notifications to a minimum so thieves cannot quickly access your sensitive information if they get hold of your device.

When buying a used phone, use a reputable seller and make sure the device has been reset by its owner. Complete the initial setup process with the seller present to confirm the phone isn’t locked to someone else’s account or reported stolen.


Scammers know more about you than you think. 

Malwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. 

Download for iOS → Download for Android → 

  •  

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.

A criminal complaint unsealed today in an Alaska district court charges Jacob Butler, a.k.a. “Dort,” of Ottawa, Canada with operating the Kimwolf DDoS botnet. A statement from the Department of Justice says the complaint against Butler was unsealed following the defendant’s arrest in Canada by the Ontario Provincial Police pursuant to a U.S. extradition warrant. Butler is currently in Canadian custody awaiting an initial court hearing scheduled for early next week.

The government said Kimwolf targeted infected devices which were traditionally “firewalled” from the rest of the internet, such as digital photo frames and web cameras. The infected systems were then rented to other cybercriminals, or forced to participate in record-smashing DDoS attacks, as well as assaults that affected Internet address ranges for the Department of Defense. Consequently, the DoD’s Defense Criminal Investigative Service is investigating the case, with assistance from the FBI field office in Anchorage.

“KimWolf was tied to DDoS attacks which were measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume,” the Justice Department statement reads. “These attacks resulted in financial losses which, for some victims, exceeded one million dollars. The KimWolf botnet is alleged to have issued over 25,000 attack commands.”

On March 19, U.S. authorities joined international law enforcement partners in seizing the technical infrastructure for Kimwolf and three other large DDoS botnets — named Aisuru, JackSkid and Mossad — that were all competing for the same pool of vulnerable devices.

On February 28, KrebsOnSecurity identified Butler as the Kimwolf botmaster after digging through his various email addresses, registrations on the cybercrime forums, and posts to public Telegram and Discord servers. However, Dort continued to threaten and harass researchers who helped track down his real-life identity and dramatically slow the spread of his botnet.

Dort claimed responsibility for at least two swatting attacks targeting the founder of Synthient, a security startup that helped to secure a widespread critical security weakness that Kimwolf was using to spread faster and more effectively than any other IoT botnet out there. Synthient was among many technology companies thanked by the Justice Department today, and Synthient’s founder Ben Brundage told KrebsOnSecurity he’s relieved Butler is in custody.

“Hopefully this will end the harassment,” Brundage said.

An excerpt from the criminal complaint against Butler, detailing how he ordered a swatting attack against Ben Brundage, the founder of the security firm Synthient.

The government says investigators connected Butler to the administration of the KimWolf botnet through IP address, online account information, transaction records, and online messaging application records obtained through the issuance of legal process. The criminal complaint against Butler (PDF) shows he did little to separate his real-life and cybercriminal identities (something we demonstrated in our February unmasking of Dort).

In April, the Justice Department joined authorities across Europe in seizing domain names tied to nearly four-dozen DDoS-for-hire services, although because of a bureaucratic mix-up the list of seized domains has remain sealed until today. The DOJ said at least one of those services collaborated with Butler’s Kimwolf botnet.

A statement from the Ontario Provincial Police said a search warrant was executed on March 19 at Butler’s address in Ottawa, where they seized multiple devices. As a result of that investigation, Butler was arrested and charged this week with unauthorized user of computer; possession of device to obtain unauthorized use of computer system or to commit mischief; and mischief in relation to computer data. He is scheduled to remain in custody until a hearing on May 26.

In the United States, Butler is facing one count of aiding and abetting computer intrusion. If extradited, tried and convicted in a U.S. court, Butler could face up to 10 years in prison, although that maximum sentence would likely be heavily tempered by considerations in the U.S. Sentencing Guidelines, which make allowances for mitigating factors such as youth, lack of criminal history and level of cooperation with investigators.

  •  

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.

Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German Federal Criminal Police (the “Bundeskriminalamt” or BKA for short). The BKA said Shchukin and another Russian — 43-year-old Anatoly Sergeevitsch Kravchuk — extorted nearly $2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damage.

Daniil Maksimovich SHCHUKIN, a.k.a. UNKN, and Anatoly Sergeevitsch Karvchuk, alleged leaders of the GandCrab and REvil ransomware groups.

Germany’s BKA said Shchukin acted as the head of one of the largest worldwide operating ransomware groups GandCrab and REvil, which pioneered the practice of double extortion — charging victims once for a key needed to unlock hacked systems, and a separate payment in exchange for a promise not to publish stolen data.

Shchukin’s name appeared in a Feb. 2023 filing (PDF) from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang’s activities. The government said the digital wallet tied to Shchukin contained more than $317,000 in ill-gotten cryptocurrency.

The GandCrab ransomware affiliate program first surfaced in January 2018, and paid enterprising hackers huge shares of the profits just for hacking into user accounts at major corporations. The GandCrab team would then try to expand that access, often siphoning vast amounts of sensitive and internal documents in the process. The malware’s curators shipped five major revisions to the GandCrab code, each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malware.

On May 31, 2019, the GandCrab team announced the group was shutting down after extorting more than $2 billion from victims. “We are a living proof that you can do evil and get off scot-free,” GandCrab’s farewell address famously quipped. “We have proved that one can make a lifetime of money in one year. We have proved that you can become number one by general admission, not in your own conceit.”

The REvil ransomware affiliate program materialized around the same as GandCrab’s demise, fronted by a user named UNKNOWN who announced on a Russian cybercrime forum that he’d deposited $1 million in the forum’s escrow to show he meant business. By this time, many cybersecurity experts had concluded REvil was little more than a reorganization of GandCrab.

UNKNOWN also gave an interview to Dmitry Smilyanets, a former malicious hacker hired by Recorded Future, wherein UNKNOWN described a rags-to-riches tale unencumbered by ethics and morals.

“As a child, I scrounged through the trash heaps and smoked cigarette butts,” UNKNOWN told Recorded Future. “I walked 10 km one way to the school. I wore the same clothes for six months. In my youth, in a communal apartment, I didn’t eat for two or even three days. Now I am a millionaire.”

As described in The Ransomware Hunting Team by Renee Dudley and Daniel Golden, UNKNOWN and REvil reinvested significant earnings into improving their success and mirroring practices of legitimate businesses. The authors wrote:

“Just as a real-world manufacturer might hire other companies to handle logistics or web design, ransomware developers increasingly outsourced tasks beyond their purview, focusing instead on improving the quality of their ransomware. The higher quality ransomware—which, in many cases, the Hunting Team could not break—resulted in more and higher pay-outs from victims. The monumental payments enabled gangs to reinvest in their enterprises. They hired more specialists, and their success accelerated.”

“Criminals raced to join the booming ransomware economy. Underworld ancillary service providers sprouted or pivoted from other criminal work to meet developers’ demand for customized support. Partnering with gangs like GandCrab, ‘cryptor’ providers ensured ransomware could not be detected by standard anti-malware scanners. ‘Initial access brokerages’ specialized in stealing credentials and finding vulnerabilities in target networks, selling that access to ransomware operators and affiliates. Bitcoin “tumblers” offered discounts to gangs that used them as a preferred vendor for laundering ransom payments. Some contractors were open to working with any gang, while others entered exclusive partnerships.”

REvil would evolve into a feared “big-game-hunting” machine capable of extracting hefty extortion payments from victims, largely going after organizations with more than $100 million in annual revenues and fat new cyber insurance policies that were known to pay out.

Over the July 4, 2021 weekend in the United States, REvil hacked into and extorted Kaseya, a company that handled IT operations for more than 1,500 businesses, nonprofits and government agencies. The FBI would later announce they’d infiltrated the ransomware group’s servers prior to the Kaseya hack but couldn’t tip their hand at the time. REvil never recovered from that core compromise, or from the FBI’s release of a free decryption key for REvil victims who couldn’t or didn’t pay.

Shchukin is from Krasnodar, Russia and is thought to reside there, the BKA said.

“Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia,” the BKA advised. “Travel behaviour cannot be ruled out.”

There is little that connects Shchukin to UNKNOWN’s various accounts on the Russian crime forums. But a review of the Russian crime forums indexed by the cyber intelligence firm Intel 471 shows there is plenty connecting Shchukin to a hacker identity called “Ger0in” who operated large botnets and sold “installs” — allowing other cybercriminals to rapidly deploy malware of their choice to thousands of PCs in one go. However, Ger0in was only active between 2010 and 2011, well before UNKNOWN’s appearance as the REvil front man.

A review of the mugshots released by the BKA at the image comparison site Pimeyes found a match on this birthday celebration from 2023, which features a young man named Daniel wearing the same fancy watch as in the BKA photos.

Images from Daniil Shchukin’s birthday party celebration in Krasnodar in 2023.

Update, April 6, 12:06 p.m. ET: A reader forwarded this English-dubbed audio recording from a ccc.de (37C3) conference talk in Germany from 2023 that previously outed Shchukin as the REvil leader (Shchuckin is mentioned at around 24:25).

  •  
❌