Smantellato Cryptomixer, il servizio di mixing che aiutava i criminali a riciclare Bitcoin

Le forze dell’ordine in Svizzera e Germania hanno segnalato lo smantellamento di Cryptomixer, un importante servizio di mixing attivo dal 2016 che aiutava i criminali a riciclare fondi ottenuti illecitamente. Secondo l’Europol, negli ultimi anni il servizio ha elaborato oltre 1,3 miliardi di euro in Bitcoin (circa 1,5 miliardi di dollari).

L’Operazione Olympia ha avuto luogo a Zurigo a fine novembre. Durante i raid, durati dal 24 al 28 novembre, le forze dell’ordine, con il supporto di Europol ed Eurojust, hanno sequestrato tre server contenenti oltre 12 terabyte di dati, bloccato domini sulla rete Internet tradizionale e sulla rete Tor e confiscato Bitcoin per un valore di 24 milioni di euro (circa 29 milioni di dollari). Nessun arresto è stato segnalato nei comunicati stampa ufficiali.

“Cryptomixer era un servizio di mixing ibrido che operava simultaneamente su internet e sul darknet. Facilitava l’occultamento di proventi illeciti per gruppi estorsivi, forum ombra e mercati darknet. Il suo software bloccava il tracciamento dei fondi sulla blockchain, rendendo la piattaforma una delle preferite dai criminali informatici che cercavano di riciclare proventi illeciti provenienti da varie attività criminali (tra cui traffico di droga, traffico di armi, attacchi ransomware e frodi con carte di pagamento)”, riferiscono i rappresentanti dell’Europol.

Le autorità sottolineano che tali servizi garantiscono ai criminali l’anonimato in una fase critica, ovvero quando devono convertire i beni rubati in moneta fiat o altre criptovalute. Sebbene tali piattaforme possano teoricamente avere applicazioni legali, nella pratica i loro principali utenti rimangono gruppi criminali che cercano di eludere l’identificazione e l’arresto.

Vale la pena notare che questa non è la prima grande operazione delle forze dell’ordine contro i mixer di criptovalute.

Ad esempio, a del marzo 2023, l’Europol ha coordinato un’operazione simile contro ChipMixer, uno dei più grandi servizi di mixing di criptovalute sul darknet. La polizia tedesca e l’FBI sequestrarono quattro server, 7 TB di dati e 46,5 milioni di dollari in Bitcoin.

Ricordiamo inoltre che alla fine di novembre i fondatori del mixer di criptovalute Samourai sono stati condannati al carcere negli Stati Uniti, colpevoli di riciclaggio di oltre 237 milioni di dollari.

La chiusura di Cryptomixer rappresenta un altro duro colpo per l’ecosistema criminale delle criptovalute e dimostra che la comunità internazionale delle forze dell’ordine sta combattendo sempre più contro gli strumenti che consentono ai criminali di nascondere le loro attività illegali nello spazio digitale.

L'articolo Smantellato Cryptomixer, il servizio di mixing che aiutava i criminali a riciclare Bitcoin proviene da Red Hot Cyber.

The EFF Nails It: What’s Wrong With UK Digital ID

It sometimes seems as though we are in a constant tussle over privacy between governments and the governed, with each year bringing fresh attempts to extend surveillance, and consequent battles. For Brits the big news at the moment comes in a new digital ID scheme, something that will be required for anyone wishing to work in the country, as well as for certain government services. It’s something that has attracted a lot of opposition, and now the EFF have produced an analysis of why they think it won’t work.

From the perspective of a British writer it would be easy to write screeds about the flaws in the scheme, the way it over-reaches, and about the historical distrust of Brits for their government’s bureaucracy. With the parliamentary petition opposing it approaching three million signatures, there’s no shortage of people who don’t support it. Perhaps the most obvious thing for most of us is how unnecessary it is for its stated aim of preventing illegal immigrants from seeking employment, it neglects that we already have to show proof of right to work before being hired, and that if crooked employers ignore that they will surely also ignore the digital ID.

If you’re reading this elsewhere in the world from where this is being written then it’s still of relevance, because governments like to point to other countries to justify these measures. Follow the EFF on this matter, and take note.

Art: British Passport SVG by Swapnil1101, Public Domain

hackaday.com/2025/12/09/the-ef…

Digital House Arrest – How the EU Wants to Disempower Families

Of all people, it is center-right parties in Brussels that are supporting plans for the mass screening of private messages. The proposal cuts deep into civil liberties. The consequences for chats between teenagers and their own parents are particularly drastic.

The battle over “chat control” and the confidentiality of our communications has long since become the defining question regarding the relationship between the state and the citizen in the digital age. On December 4th, EU Commissioner for Home Affairs Magnus Brunner (EPP) defended plans before the European Parliament that cut deeply into civil liberties. What is particularly bitter for conservative voters is that it is precisely the center-right-led governments in Berlin and Vienna that have helped secure a majority for this assault on privacy in Brussels. While the leader of the German CDU/CSU parliamentary group, Jens Spahn, assured the public in October that suspicionless scanning of chats was akin to “preemptively opening every letter to see if it contains something illegal”—and that neither he nor his party would support it—reality now looks quite different.

The EU governments have agreed on a rotten compromise. While “voluntary” chat control is technically supposed to be at the discretion of the providers, the result is the same: American tech giants like Meta or Google will be allowed to screen our private messages en masse and without any initial suspicion. The state is effectively outsourcing its monopoly on law enforcement and deputizing US corporations as sheriffs. Instead of independent judges, error-prone secret algorithms from Silicon Valley will decide whether our chats are suspicious.

Mr. Spahn still owes us an answer to a crucial question: How is this mass screening any different from suspicionless chat control? Would the indiscriminate opening of our letters be acceptable just because Deutsche Post decided to do it voluntarily? The privacy of correspondence is “inviolable” under our Basic Law (Grundgesetz). Privatized chat control remains a violation of fundamental principles in a constitutional state.

ID Cards for the Internet

Yet, hidden within the draft law on chat control is a perhaps even more perfidious attack on freedom—a clause with the potential to destroy the internet as we know it: The opening of an email or messenger account is to require mandatory age verification. What sounds like a technicality is actually political dynamite. It spells the end of the right to anonymous digital communication. Anyone wishing to use WhatsApp, Signal, or even a simple email inbox in the future will have to show their ID card or their face.

A whistleblower wishing to remain anonymous for fear of investigation will hardly dare to tip off a journalist about government corruption if they have to upload their ID to a database to do so. They are effectively being silenced. Investigative journalism, anonymous pastoral care, and confidential counseling in crisis situations will become impossible. Furthermore, it is only a matter of time before these internet ID databases are hacked, opening the floodgates for criminals to commit identity theft. Our security is not being protected here; it is being endangered. Moreover, a new bureaucratic monster is being created. While the economy groans under the weight of regulations, European tech start-ups and companies are being forced to implement complex new verification systems.

The State as Super-Nanny

The height of hubris, however, is the planned treatment of adolescents. According to the will of the EU governments, app stores should blanketly refuse the installation of apps to anyone under 17 if those apps could theoretically be misused for “cyber grooming.” The aim is to protect minors from being approached with sexual intent. However, since the State Media Authority of North Rhine-Westphalia notes that this occurs on almost all platforms—from WhatsApp and Instagram to online games—this regulation amounts to a digital ban on communication.

You have to let that sink in: A 16-year-old would no longer be allowed to chat with their class teacher, their coach, or—even more absurdly—with their own parents. The state presumes to know what is good for our children better than families do. The parental right to raise children, protected by the constitution, is being trampled underfoot. How well parents know their own children’s maturity no longer counts.

This is not child protection; it is digital house arrest. Instead of hunting the perpetrators, the victims are being locked up. This is the logic of an overreaching nanny state that mistrusts its citizens. True security comes from strong families, not from state paternalism that drives teenagers into digital isolation. It won’t work anyway: our children will simply ask us to register their phones as adult devices.

Ineffective Symbolic Politics

Overall, these measures miss their mark completely. The Association of German Criminal Investigators is already warning of an overload due to the flood of automated chat reports. Almost half of the reported chats are perfectly legal—such as holiday photos from the beach. There will be no time left for genuine cases because investigators will be busy screening harmless citizens.

The European Parliament has recognized this madness. Across party lines, it is demanding that chat surveillance be limited to actual suspects and is rejecting mandatory age checks and app bans. It is banking on civil principles: proportionality and targeted prosecution instead of mass surveillance and the paternalism of millions of innocent people.

However, without support from Berlin, this sensible position will not prevail in the upcoming negotiations on the final wording of the law. The center-right-led federal government must decide: Does it want the “transparent citizen” and the disempowerment of parents? Or will it return to the values of the Constitution? When the state begins to have our mail opened and forbids our children contact with the outside world, a red line has been crossed. We do not need a nanny from Brussels—and certainly not one from Berlin.

This guest commentary first appeared in Die Welt.

patrick-breyer.de/en/digital-h…

RE: zhub.link/@mojandroid/11568837…

Ха-ха-ха-ха!

Европейская комиссия оштрафовала твиттер на 120 миллионов, а твиттер заблокировал рекламный аккаунт комиссии :)

Reading #Russia military channels commenting on their leadership news about “continued progress in the offensive” is a bit like watching the “Chernobyl” series - you know it’s going to blow, and everyone knows, but nobody won’t do anything:

The current situation near Kupiansk differs from the optimistic reports of our honourable sources. Despite statements about control, there is no real progress in the city; the front line is static. The main problems are critically complex logistics (supplies are mainly delivered by air, as everywhere else, so you are constantly asked to chip in for these Maviks). It seems that the decision to continue the offensive is dictated by the need to report success, rather than the actual operational situation. Take off your rose-coloured glasses, the political officers are already misleading everyone.

And another, more detailed one (especially the last paragraphs):

Current information on Kupyansk* against the backdrop of news (tass.ru/armiya-i-opk/25795333) that “in a few days, Kupyansk-Uzloy will be completely liberated.” What we have now. There is no progress in the city. At most, new barricades and mine traps are being set up in preparation for counterattacks by the Armed Forces of Ukraine. And this despite the fact that the liberation of the city was reported (t.me/gvZapad/17175) on November 20. And now, as expected, the boys are being pushed forward, under fire and drones, just so as not to lose face in front of the high command.

Despite the “flag-wavers” (t.me/gvZapad/17176) from 1855 bata, we still haven’t managed to take the Yubileiny microdistrict in the southwestern part of the city, which would secure our bridgehead on the right bank of the river and allow us to start working on crossing to the left bank and storming Kupyansk-Uzlovoy. Now the main fighting has moved to the northern part of the city, where the assault troops cannot even see the enemy and are fighting against the Ukrainian Armed Forces’ UAVs. Why is this happening?

It’s simple — getting into the city is now practically impossible. In addition, the transfer of ammunition and provisions to the city was already difficult: for a long time, they could only be delivered mainly by air. With the deterioration of weather conditions, this has become an almost impossible task. An additional complication is the shooting down of delivery aircraft by their own side due to poor coordination.

The forces of 121, 122 MSP, as well as 1855 bata are forced to travel a long way through the pipes, and then, under drone attacks, walk to the city from various settlements north of Kupyansk (t.me/gvZapad/17229). An alternative route is attempts at [hopefully, so far] unsuccessful breakthroughs from the settlement of Liman Pervy. This is a hot spot, and it is undeservedly little talked about — after all, reports say that the city has already been liberated. At the same time, the commander of the 121st Motorized Rifle Brigade, Lavrik, has ceased to be highlighted in the media, which was the case (t.me/gvZapad/17155) throughout almost the entire month of November, when he spent nearly a month liberating the western part of the city.

In accordance with geopolitical motives (the so-called “peace” that everyone believes in so much), we continue to report on the liberation of city after city, village after village “on credit.” The example of Kupyansk shows us why this is a bad initiative. And what are we reading now?

The situation has become so critical that about a week ago, the 121st and 122nd assault brigades began transferring several engineering and sapper groups from the 3rd OISB and 30th ISB 68th MSD at once. In other words, all the training, money, and time invested in specialists are being squandered to pay for the “credit.” That is, from a material point of view. And ignoring the fact that this is trivial — the lives and health of the fighters. Now our forces are gradually being depleted even in the absence of combat operations and attempts to build on our success in the city itself.

And what is the result? The result is that the President hears endless reports from Kuzovlev about the successes of our army in Kupyansk, which leads to new demands from above for further advances.

What can I say… It’s better to just keep quiet and breathe out so as not to write anything unnecessary. Breathe in, breathe out. Breathe in, breathe out…

Originals: t.me/dontstopwar/23723 (in Russian)

Goodbye, dark Telegram: Blocks are pushing the underground out

Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability (and perhaps, cool stickers), cybercriminals evaluate platforms through a different lens.

When it comes to anonymity, privacy and application independence – essential criteria for a shadow messaging app – Telegram is not as strong as its direct competitors.

• It lacks default end-to-end (E2E) encryption for chats.
• It has a centralized infrastructure: users cannot set up their own servers for communication.
• Its server-side code is closed: users cannot verify what it does.

This architecture requires a high degree of trust in the platform, but experienced cybercriminals prefer not to rely on third parties when it comes to protecting their operations and, more importantly, their personal safety.

That said, Telegram today is widely viewed and used not only as a communication tool (messaging service), but also as a full-fledged dark-market business platform – thanks to several features that underground communities actively exploit.

Is this research, we examine Telegram through the eyes of cybercriminals, evaluate its technical capabilities for running underground operations, and analyze the lifecycle of a Telegram channel from creation to digital death. For this purpose, we analyzed more than 800 blocked Telegram channels, which existed between 2021 and 2024.

Key findings

• The median lifespan of a shadow Telegram channel increased from five months in 2021–2022 to nine months in 2023–2024.
• The frequency of blocking cybercrime channels has been growing since October 2024.
• Cybercriminals have been migrating to other messaging services due to frequent blocks by Telegram.

You can find the full report on the Kaspersky Digital Footprint Intelligence website.

securelist.com/goodbye-dark-te…

Notizie manipolate e guerre dell’informazione: come difendersi ed il ruolo del giornalista tra etica e diritto

Corso di Formazione per giornalisti in Sapienza

Programma
Il corso formativo concernerà il fenomeno dell’information disorder e delle fakenews, con particolare attenzione al quadro giuridico nazionale, europeo e internazionale e ai possibili rimedi.

Il corso si propone di approfondire i profili giuridici legati alla libertà di espressione, alla regolamentazione dell’informazione e alle responsabilità degli attori digitali.

Verranno esaminati strumenti normativi e casi concreti, nazionali e internazionali, per aiutare i giornalisti a orientarsi in un panorama sempre più complesso e sfidante. L’argomento è di rilevante importanza giornalistica per l’impatto che ha sulla credibilità dell’informazione e sul ruolo democratico della stampa.

Verrà analizzato l’articolo 21 della Costituzione italiana, che tutela della libertà di espressione e di stampa, in cui ognuno ha il diritto di manifestare liberamente il proprio pensiero con qualsiasi mezzo di diffusione, ponendo le basi per una tutela ampia della libertà di espressione e informazione.

Si osserverà come si può facilmente influenzare sentimenti, pensieri e azioni di un pubblico specifico, al fine di ottenere vantaggi strategici in ambito politico, militare o sociale. Verranno illustrati diversi esempi di diffusione di fake news, alterazione di contenuti, uso strategico dei social per destabilizzare o polarizzare l’opinione pubblica.

Si prenderà in esame l’articolo 19 del nuovo Codice Deontologico delle Giornaliste e dei Giornalisti che introduce una regola specifica sull’uso dell’intelligenza artificiale.

Relatori:
Alberto Marinelli, prorettore alle tecnologie innovative per la comunicazione, Sapienza, Università di Roma;
guido d’ubaldo, presidente dell’Ordine dei Giornalisti del Lazio; ⁠
Arturo Di Corinto, IA cybersecurity Advisor nell’Agenzia per la cybersicurezza nazionale (ACN);
Federica Fabrizzi, professoressa ordinaria di Diritto dell’informazione presso il Dipartimento di Scienze Politiche dell’Università La Sapienza di Roma;
Laura Camilloni, caporedattrice dell’Agenparl;
Massimiliano Pierro, direttore generale di Intent Group;
Mirko Lapi, professore aggregato in Open Source Intelligence, Dipartimento di Giurisprudenza dell’Università di Foggia;
marco giampaolo, direttore commerciale e operativo Negg group;
Luigi Camilloni, direttore responsabile dell’Agenparl.

WHAT: Corso gratuito formazione giornalisti, in Presenza
WHEN: 18 dicembre 2025 09:30-13:30
WHERE: Università La Sapienza Facoltà di Scienze Politica – Dipartimento di Comunicazione e Ricerca Sociale (CoRiS), Via Salaria,113 – 00198, Roma
WHO: Organizzato da: Ordine dei Giornalisti del Lazio ODG Lazio
WHY: 6 Crediti Deontologici

Chiusura iscrizioni
16/12/2025

dicorinto.it/associazionismo/n…

RP2350 Done Framework Style

Ever want a microcontroller addon for your laptops? You could do worse than match one of the new and powerful microcontrollers on the block to one of the most addon-friendly laptops, in the way the Framework RP2350 laptop card does it. Plug it in, and you get a heap of USB-connected IO coming out of the side of your laptop – what’s not to love?

The card utilizes the Framework module board space to the fullest extent possible, leaving IO expansion on SMD pads you could marry to a male or female header, your choice. With about seventeen GPIOs, power, and ground, there’s really no limit on what you could add to the side connector – maybe it’d be a logic analyzer buffer, or a breadboard cable, or a flash chip reader, maybe, even an addon to turn it into a pirate version of a Bus Pirate? There’s a fair few RP2350 peripherals available on the side header GPIOs, so sky’s the limit.

Naturally, the card is fully open-source, and even has two versions with two different USB-C plug connectors, we guess, depending on which one is better liked by your PCBA process. Want one? Just send off the files! Last time we saw an addon adding GPIOs to your laptop, it was a Pi Zero put into the optical bay of a Thinkpad, also with an expansion header available on the side – pairing yet another legendary board with a legendary laptop.

hackaday.com/2025/12/08/rp2350…

La CISA avverte: evitate VPN personali per la sicurezza del vostro smartphone

In nuovi avvisi sulle comunicazioni mobili, la Cybersecurity and Infrastructure Security Agency (CISA) statunitense ha lanciato un severo avvertimento ai possessori di smartphone: evitare di utilizzare servizi VPN personali. Il documento, per gli utenti iPhone e Android, afferma che tali servizi spesso non attenuano i rischi, ma semplicemente modificano il punto in cui si concentrano le minacce.

Secondo la CISA, le VPN personali trasferiscono i rischi residui dal fornitore di servizi Internet al fornitore VPN, aumentando spesso la superficie di attacco. L’utente trasferisce di fatto la fiducia al servizio VPN e molti di questi fornitori, secondo l’agenzia, hanno politiche di sicurezza e privacy discutibili.

L’avviso fa parte di una campagna più ampia contro gli spyware commerciali e gli strumenti di tracciamento degli smartphone. Le agenzie di intelligence stanno registrando un numero crescente di casi in cui gli aggressori si mascherano da legittimi client VPN e li utilizzano come un comodo canale trojan per accedere ai dispositivi. Questi programmi sono in grado di intercettare la corrispondenza, la cronologia di navigazione e le credenziali per servizi bancari e altri servizi sensibili.

Si sottolinea che questi rischi sono aggravati dall’aumento della popolarità delle VPN. Gli utenti installano sempre più spesso queste app per aggirare i blocchi geografici, le restrizioni sui contenuti o in risposta a iniziative legislative come le leggi sulla verifica dell’età sui siti web per adulti. In preda alla mancanza di fiducia e al desiderio di “risolvere rapidamente il problema” della privacy, molti scaricano il primo software che incontrano, il che può rivelarsi inefficace o addirittura dannoso.

La formulazione della CISA sembra un divieto assoluto sulle VPN personali, ma il documento stesso prende di mira specificamente i provider con una reputazione dubbia. L’agenzia avverte efficacemente che il problema sorge in assenza di una struttura proprietaria trasparente, di impegni pubblici in materia di protezione dei dati e di chiare restrizioni sulla raccolta e l’archiviazione delle informazioni degli utenti. In questo caso, una VPN non diventa uno strumento di sicurezza, ma un ulteriore potenziale punto di sorveglianza.

Le raccomandazioni originali delineano anche i criteri che dovrebbero essere presi in considerazione da chi sta valutando l’utilizzo di una VPN. I requisiti chiave includono una politica di no-log rigorosa e verificata, l’utilizzo di protocolli crittografici moderni come OpenVPN e WireGuard, la protezione dalle perdite DNS e un meccanismo “kill switch” che interrompe la connessione di rete in caso di interruzione del tunnel VPN.

Vengono inoltre menzionate misure aggiuntive, come il routing del traffico multi-hop e frequenti modifiche delle chiavi di crittografia, per ridurre al minimo l’impatto di una potenziale compromissione.

L'articolo La CISA avverte: evitate VPN personali per la sicurezza del vostro smartphone proviene da Red Hot Cyber.

LED Hourglass is a Great Learning Project

An hourglass tells you what it is in the name — a glass that you use to measure an hour of time passing by. [EDISON SCIENCE CORNER] has built a digital project that mimics such a thing, with little beads of light emulating falling sand in the timekeepers of old.

The build is designed around the Arduino platform, and can be constructed with an Arduino Uno, Nano, or Pro Mini if so desired. The microcontroller board is hooked up with an ADXL335 three-axis accelerometer, which is used for tracking the orientation and movement of the digital hourglass. These movements are used to influence the movement of emulated grains of sand, displayed on a pair of 8×8 LED matrixes driven by a MAX7219 driver IC. Power is courtesy of a 3.7 V lithium-ion cell, with a charge/boost module included for good measure. Everything is wrapped up in a vaguely hourglass-shaped 3D printed enclosure.

The operation is simple. When the hourglass is turned, the simulated grains of sand move as if responding to gravity. The movement is a little janky — no surprise given the limited resolution of the 8×8 displays. You also probably wouldn’t use such a device as a timer when more elegant solutions exist. However, that’s not to say builds like this don’t have a purpose. They’re actually a great way to get to grips with a microcontroller platform, as well as to learn about interfacing external hardware and working with LED matrixes. You can pick up a great deal of basic skills building something like this.

Would you believe this isn’t the first digital hourglass we’ve featured on the site?

youtube.com/embed/23EBLhm-rG8?…

hackaday.com/2025/12/09/led-ho…