Author: Eternity Lab

Retail, insurance, legal and funeral care cooperative Co-op has confirmed it has shut off an unspecified number of back-office and communications systems to rebuff a series of ongoing attempts to hack into its IT systems.

In the wake of the still-developing incident affecting Marks and Spencer (M&S), which has been identified – although not confirmed – as the work of cyber crime collective Scattered Spider, Co-op now becomes the second UK retailer to face down a cyber attack in the space of a fortnight.

At this stage, no link between the two attacks has been established, and nor should one be implied.

A Co-op spokesperson told Computer Weekly: “We have recently experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back-office and call centre services.

“All our stores – including quick commerce operations – and funeral homes are trading as usual.  We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.

“We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary,” they said.

A good first step

Shutting off potentially affected systems can be a critical early step in incident management because by isolating compromised systems, attackers will find it significantly harder to move laterally through the target network in search of more critical infrastructure where they can cause more damage, such as data theft or encryption.

We have experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe Co-op spokesperson

It also gives the victim’s security teams and third-party responders – if involved – some wiggle room to analyse the impact, identify the cause of the incident, and start work on fixes without risking the attack spreading further.

Indeed, Co-op’s decision to pre-emptively disable access to affected systems has already won it praise from the cyber community.

“[This] swift action … reflects a mature, proactive incident response posture,” said Dray Agha, senior manager of security operations at Huntress. “Shutting down virtual desktops and limiting back-end functions, while disruptive, is often a necessary measure to contain threats before they escalate.”

Agha observed that the incident at Co-op, about which little else is currently known, aligned with a broader trend where attackers increasingly target retailers with initial access attempts before escalating to data theft or ransomware. This pattern appears to be at play in the M&S incident as well.

With two supermarkets now facing substantial disruption from cyber incidents, other exposed organisations, especially retailers, should be taking steps to plan and prepare for incidents, said Nick Dyer, cyber security expert at Arctic Wolf.

“Other retailers need to take stock and learn from both this and the M&S incident to apply them to their own cyber security incident response plans. Even as retailers like Co-op quickly recover from these kinds of attacks, cyber criminals are known to switch tactics, turning to data exfiltration and double extortion to increase leverage,” he said.

“What’s more, retail continues to face some of the highest initial ransomware demands out of any other industry. Preparing for these scenarios can allow retailers to better respond if they are targeted in the future, and mitigate the impact on their wider business.”

Source

Trump’s tariffs have rocked the US and global economies, and it’s still unclear if there’s anything to be gained from them. Tariffs are affecting the world economy and will likely continue to do so until the US strikes new deals with China and other markets hit by the tariffs.

The immediate result is higher prices for US consumers, whether it’s goods sold on Amazon, imports from Temu and Shein, or accessories for the upcoming Nintendo Switch 2. The Xbox is also getting more expensive, and Sony has announced PS5 price hikes in certain international markets.

I already expressed concern that the iPhone 17 series could see price increases, including the iPhone 17 Air. I said I might rethink my purchase plans if that happens.

Apple addressed tariffs during its earnings report for the March quarter. We learned that Apple expects to pay around $900 million in tariffs during the June quarter, a significant amount. While the company reported $95 billion in revenue for the March 2025 quarter, nearly $1 billion in extra taxes comes directly out of profits, which is clearly not ideal for Apple.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

Apple also assured investors and consumers that the iPhones imported into the US will come from India instead of China, implying prices shouldn’t change immediately.

Still, considering recent developments and the ongoing uncertainty around tariffs, I’m left wondering if Apple will raise iPhone prices to offset lost profits. I asked ChatGPT o3, one of OpenAI’s top models, to estimate how much Apple would need to raise iPhone prices to recover that $900 million in quarterly tariff costs.

iPhones and other Apple products currently aren’t subject to tariffs, according to CEO Tim Cook during the earnings call:

Also, for transparency and clarity, the vast majority of our products including iPhone, Mac, iPad, Apple Watch, and Vision Pro are currently not subject to the global reciprocal tariffs that were announced in April, as the Commerce Department has initiated a Section 232 investigation into imports of semiconductors, semiconductor manufacturing equipment, and downstream products that contain semiconductors.

So, the $900 million Apple referenced applies to other products. Cook also said this estimate assumes “the current global tariff rates, policies, and applications don’t change for the balance of the quarter.”

ChatGPT o3 uses reasoning to find out how many iPhones Apple sells each quarter. Image source: Chris Smith, BGR

So why even consider a price hike for the iPhone? For starters, the iPhone accounts for nearly half of Apple’s revenue. It’s Apple’s best-selling product and the one many smartphone buyers want most. Plus, most consumers go for the pricier Pro and Pro Max models. Some may not mind paying a bit more.

ChatGPT o3 reasoning iPhone 16 price hikes based on tariffs. Image source: Chris Smith, BGR

I also wanted to see how ChatGPT o3 would tackle the question, and how it would reason through it (see screenshots above).

The AI needed to estimate how many iPhones Apple sells each quarter and how many are sold in the US. Then, it had to figure out how much to raise the price to make up for the $900 million loss.

I gave the model two scenarios. First, I asked what a US-only price hike would look like. Many companies pass all or part of the tariff costs on to consumers, and Apple could do the same.

The iPhone price hike problem ChatGPT o3 had to solve. Image source: Chris Smith, BGR

Then I asked what would happen if Apple raised iPhone prices globally to recover the $900 million. That scenario would spread the cost more widely, resulting in a smaller increase per unit.

ChatGPT o3 got to work, spending over four minutes gathering data. It estimated that Apple sells about 55 million iPhones per quarter, with roughly 18 million going to US buyers. From there, it calculated how much Apple would need to raise prices.

The iPhone 16 price hike scenario for the US market. Image source: Chris Smith, BGR

ChatGPT came up with a $50 price hike for all iPhone models. I told it to use the iPhone 16 series for reference, since those are the current models of interest. Of course, Apple’s quarterly iPhone sales also include older devices, which would likely see the same price increase.

In that case, the $599 iPhone 16e would jump to $649.

If Apple spread the $900 million cost across all 55 million iPhones it sells worldwide, the price increase would drop to $16.36 per unit.

That would make the $599 iPhone 16e cost $615.36.

The iPhone 16 price hike scenario for the global market. Image source: Chris Smith, BGR

I realize my question doesn’t cover every variable. iPhone sales fluctuate from quarter to quarter, and exchange rates also influence prices in some regions. As for the $900 million figure, it could change. This latest phase of the US-China trade war is still evolving.

Apple could also spread the cost across all its products, not just the iPhone. That would reduce the iPhone-specific increase.

Finally, if Apple plans to raise prices, it might wait until new products launch. It makes more sense to introduce higher prices with the iPhone 17 than to increase iPhone 16 prices now.

For now, the good news is that the iPhone 17 lineup isn’t expected to see a price hike. Apple appears willing to absorb that $900 million tariff bill rather than pass it along to consumers. We’ll have a clearer picture as we approach the iPhone 17’s expected launch in mid-September.

Source

The widely accepted software-as-a-service (SaaS) delivery model contains significant flaws and is “quietly enabling cyber attackers”, introducing widespread vulnerabilities that could undermine the global economic system, according to a leading financial services chief information security officer (CISO).

In an open letter to third-party suppliers, JPMorgan Chase CISO Patrick Opet this week criticised software companies for making SaaS the default, and often the only, format in which software can now be delivered, trapping customers into relying on service providers and concentrating risk into these organisations.

He said that while this model can be efficient and innovative, it is now clear that it “magnifies the impact of any weakness … creating single points of failure with potentially catastrophic system-wide consequences”.

“At JPMorganChase, we’ve seen the warning signs first-hand. Over the past three years, our third-party providers experienced a number of incidents within their environments. These incidents across our supply chain required us to act swiftly and decisively, including isolating certain compromised providers and dedicating substantial resources to threat mitigation,” wrote Opet.

Although he did not point the finger at the suppliers involved in any of the many widespread supply chain incidents that have occurred in the past few years, Opet lamented that the problem seemed to be getting worse rather than better, with software suppliers failing on multiple other issues “intrinsic” to SaaS, such as not securing vulnerable authentication tokens, giving themselves privileged access to customer systems without appropriate consent or transparency, and inviting downstream fourth-party suppliers into their systems.

Automation and artificial intelligence (AI) are further compounding these problems, he added, and all of these weaknesses are well-known to adversaries, borne out by changes in tactics among Chinese threat actors, who increasingly favour targeting organisations with deep access into their customer bases.

Three-step plan

In his missive, Opet set out three core steps SaaS providers should be taking to address these issues before they become insurmountable.

He called on the industry to prioritise cyber during the design phase, building in or enabling security features by default; modernise security architectures to optimise SaaS integration in such a way that mitigates risk; and collaborate better to halt threat actor abuse of connected systems.

Mark Townsend, co-founder and chief technology officer at AcceleTrex, a startup specialising in tech marketing and referrals, said Opet’s letter spoke to wider frustrations among customers that IT suppliers are not doing enough to ensure the security of their products and services.

“The rush to stay ahead of the competition has led to several issues over the years. A balance needs to be made and demonstrated to the market,” said Townsend.

“When buying SaaS, you’re buying a system deployed by a vendor that you are trusting your data to. Many will provide an annual pen test report and demonstrate alignment with SOC2 and other standards, but as the author points out, a lot happens within these apps, and the infrastructure that enables them, over the course of a year.

“The security of these systems is fairly opaque and requires a bit more transparency between the vendor and the consumer as to how the data is secured.”

Townsend added: “You can’t be too prescriptive without giving the vendors an easy out. It inspires constructive conversations that I think are necessary and important to have.”

Reversec’s Donato Capitella and Nick Jones, principal consultant and head of research respectively, said Opet rightly highlighted critical challenges faced by the industry in regard to the adoption of SaaS, notably the concentration of risk in a few big providers and reduced visibility making proactive incident detection and response much harder for customers.

“At a practical level, there are two very common areas where SaaS applications fail to provide adequate security. The first is gating single sign-on functionality behind additional cost or the “enterprise” price plans, forcing users to make a trade-off between adequate identity security and cost,” they told Computer Weekly in emailed comments.

“The second is comprehensive, high-fidelity audit logging, which is often also gated behind expensive plans or add-ons, if available at all. These limitations hinder an organisation’s ability to prevent, detect and respond to attacks against their SaaS estate.”

Capitella and Jones added: “We hope that SaaS vendors see this open letter as a call to arms and work towards providing a hardened, secure-by-default experience to their consumers.”

Source

With so many leaks and reports about the iPhone 17, it almost feels like it’s time to move on to iPhone 18 leaks. Over the weekend, The Information shared several details about upcoming iPhone models, including the future iPhone 18 Pro.

It’s been known for a while that Apple plans to add under-display Face ID to the iPhone 18 Pro. While the company had to postpone this technology from the iPhone 17 Pro, it now seems everything is on track for a 2026 release.

Apple’s rumored approach is raising a few eyebrows. According to the report, the company plans to introduce under-display Face ID with the iPhone 18 Pro and iPhone 18 Pro Max but will still leave a small hole in the top-left corner of the screen for the front-facing camera, similar to Samsung’s Galaxy S10 lineup, just mirrored on the opposite side.

This could be a big shift in design, but it seems odd that Apple would move the front-facing camera to the top-left corner for one simple reason: the Dynamic Island functionality.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

In almost 20 years of iPhones, the only major feature Apple has removed from one generation to the next was 3D Touch (long gone, but never forgotten in our hearts). That said, after introducing Dynamic Island with the iPhone 14 Pro, it would be surprising for the company to eliminate it. It doesn’t seem likely that Apple would move Dynamic Island features to the top-left corner of the display.

Sure, the technology can change and the software can evolve. But after putting so much effort into adding Live Activities to the Dynamic Island and with developers embracing it, it doesn’t feel like the company is ready to abandon it.

In fact, I’d bet Apple would get rid of Camera Control before even thinking about ditching the Dynamic Island.

There are rumors that Apple plans to add a narrower Dynamic Island (and I’m all for it), but if the company is still including some kind of screen interference, whether it’s a hole-punch or something like the old notch, it should serve a purpose. In this case, Dynamic Island is a solid feature.

Wrap up

The Information‘s Wayne Ma is usually on point with his reports, and under-display Face ID is likely coming to the iPhone 18 Pro. Still, this might just be one of Apple’s prototypes for future iPhones. Even if the company doesn’t release a model like the one described, it doesn’t mean it hasn’t been tested.

With the iPhone 13, there was a rumor that Cupertino was still testing Touch ID. So, who knows?

Source

Connectivity now has an intrinsic place in the automobile industry, and while there is growing consumer willingness to pay for in-car digital subscriptions to take advantage of services such as predictive maintenance, safety features and autonomous driving, there are also increased consumer concerns regarding industry practices around data.

These sentiments were among the standout findings of research commissioned by software-defined vehicle (SDV) services firm Cubic3. The survey, Consumer and OEM attitudes to the software-defined vehicle, took the opinion of 8,000 participants in the US, UK, Germany and Japan, and 60 global original equipment manufacturer (OEM) executives. Two surveys were conducted concurrently to understand and compare automotive executive and consumer attitudes towards SDVs. OEM studies were conducted by Sapio Research between October and December 2024, and customer studies were conducted between September and October 2024.

The survey grouped digital services into three categories to reveal consumer willingness to pay for each, and the data is said to have shown a nuanced yet optimistic future for OEMs navigating a rapidly changing automotive landscape.

The study found a fundamental challenge for manufacturers was how to persuade and prove to drivers the benefits of paying for digital services, which constitute an integral part of SDVs, thereby turning this forecast into reality. The willingness to pay for digital services was seen to be increasing, particularly given the new generation of drivers that are digital natives and accustomed to connectivity.  

Overall, the study forecasts the SDV market will create over $650bn value potential by 2030. Automakers estimate drivers are willing to pay £8 a month for digital services, while drivers say it’s £5.82 – a 27% difference. However, in countries where car usage is higher, such as the US, the willingness to pay increases. UK respondents report they are willing to pay the least, at £4.89 a month. 

Nearly half (global: 51%; UK: 48%) of consumers are willing to pay for “vehicle-based services”, such as autonomous driving. Globally, 40% (UK: 42%) of consumers are willing to pay for “connected services”, such as video and music streaming; and 39% (UK 40%) are willing to pay for data services such as predictive maintenance. Over a quarter of global consumers and a fifth in the UK have paid for digital services for their vehicles, almost doubling (44%) for those in the global 18-24 age range. Only one in five consumers globally said they wouldn’t be willing to pay anything in monthly subscriptions.

OEMs were found to be closely monitoring potential targets by hackers, such as interfaces and application programming interfaces, digital sims, infotainment systems and telematics. All consumers showed concerns about industry practices around data, with half (global: 48%; UK: 46%) reporting they worry their car could be hacked.

Fortunately, OEMs hold automotive cyber security in high regard. Some 86% highlighted that cyber security of their digital services as important, and the same amount said connectivity was important for protecting vehicles throughout the vehicle’s whole lifecycle.

Going forward, the report suggested that automotive OEMs need to both monetise digital services and turn them into recurring revenue streams. Automakers saw predictive maintenance, enhanced safety features and autonomous driving as most likely to contribute the most to recurring revenue, and an industry opportunity is appearing for over-the-air updates to revolutionise consumer satisfaction, safety and convenience.

“Until recently, most consumers viewed buying a car as a ‘one-and-done’ affair,” said Cubic3 chief corporate officer David Kelly. “Although the concept of paying for in-car digital services is relatively new, we are already seeing significant adoption from consumers. It will take time for OEMs to persuade the public of the value of digital services, but it is encouraging to see younger drivers – so-called digital natives – happy to pay for these services.”

Source

According to a recent finding by a panel of five tribunal judges, the Investigatory Powers Tribunal (IPT) has no statutory powers to impose financial sanctions against government agencies. In practice, this means that the IPT, which primarily hears complaints about surveillance by law enforcement agencies and intelligence services, cannot impose sanctions against them should they not comply with IPT orders to disclose relevant evidence. 

This remarkable ruling follows an IPT finding that two police forces had unlawfully spied on two investigative journalists, Barry McCaffrey and Trevor Birney, who had investigated police corruption.

In particular, the tribunal found that the Police Service of Northern Ireland (PSNI) targeted McCaffrey and Birney, the producers of a 2017 film documentary No Stone Unturned, which exposed police collusion (by the Royal Ulster Constabulary – RUC) following the murder of six Catholics as they were watching the Republic of Ireland play in the 1994 World Cup on a pub television in the village of Loughinisland, County Down. In 2016, an Ombudsman report concluded that the RUC had protected informers by destroying evidence and failing to carry out a proper investigation.

As an independent public body that exercises judicial functions, the IPT was established in 2000. It occupies a unique role which is deemed to be vital in holding public authorities to account, particularly the security services, in their exercise of covert investigatory powers under the Regulation of Investigatory Powers Act 2000. Unlike most other courts and tribunals, the IPT has a UK-wide jurisdiction. It adopts a quasi-inquisitorial (rather than adversarial) process that includes the routine use of closed hearings. 

The IPT is part of the Home Office, although according to the gov.uk website, it operates entirely independently of ministers and Parliament. This recent judges’ ruling, concerning the tribunal’s inability to award costs against government bodies that fail to disclose evidence, raises significant questions about its ability to make decisions that are entirely independent from government.   

In recognising this deficiency, the tribunal have called for the Home Secretary to intervene in order to address the issue – either by introducing new appropriate rules or through the passing of primary legislation. Addressing the issue, the tribunal stated, “we do not regard the outcome as entirely satisfactory… the facts of the present case illustrate why it would be helpful at least in principle for this tribunal to have the power to award costs.”

It is therefore clear that the ITP has no capacity to penalise government agencies for their approach to disclosure by awarding costs – even if they have deliberately disobeyed the orders of the court. In the PSNI case, the tribunal confirmed that there were repeated failures to disclose crucial evidence, but simultaneously ruled that it had no power to award costs. This is a remarkable, almost farcical position: without the ability to impose financial sanctions, the IPT is effectively toothless.

So, what should happen next?

To prevent any further abuse of surveillance powers and the disclosure process, intervention by the Home Secretary is clearly necessary. Without any mechanism at their disposal to impose sanctions, it is imperative that new legislation or further powers are introduced quickly to ensure that the abuse of surveillance powers with impunity does not continue. 

More widely, the PSNI case has also raised significant and serious concerns about the integrity of our legal system. If the police and government agencies with powers to spy on individuals are effectively given free rein to deliberately withhold evidence, safe in the knowledge that they can walk away from court without sanction, then public confidence in the legal systems in place to regulate such powers will erode – very rapidly.

Source

Canadian businessman Thomas Herdman is awaiting trial in France for his alleged role in the distribution of modified smartphones installed with the Sky ECC app. 

The 63-year-old was arrested in June 2021, despite cooperating with US investigators over his involvement with the encrypted communications firm Sky ECC. He has spent 45 months in pre-trial detention since.

Computer Weekly spoke to Herdman’s daughter, Julie Kawai Herdman, 24, who says her father is innocent, citing inaccuracies in the evidence and flawed legal processes. 

“It’s been a tough four years in limbo, waiting endlessly to see what happens. I was really disappointed that his bail application failed,” she said. 

Herdman was the Sky ECC account manager for Vancouver-based startup LevUp Tech when Belgian and Dutch police infiltrated Sky ECC, then the world’s largest encrypted communications network with around 70,000 users. Authorities accessed over a billion messages exchanged between June 2019 and March 2021, Europol estimates.

The operation led to mass arrests of suspected criminals, drugs gangs and money laundering operations across France, Belgium and the Netherlands, and the conviction of corrupt government officials, judiciary and police in Montenegro. 

French prosecutors have indicted more than 30 individuals who owned or worked for four companies that distributed Sky ECC software. Sky Global’s founder and CEO, Jean-François Eap, is also named in the indictment. Herdman is the only individual in French custody.

The Sky ECC infiltration came during years of increasing tension between global law enforcement and providers of encrypted communication services, with companies such as Encrochat, Phantom Secure and Exclu being shut down by police.

Fascinated by blockchain

Before his involvement with Sky ECC, Herdman maintained a portfolio career, working for an oil field equipment manufacturer – run by Iranian-Canadian brothers – selling specialist engineering tools to Iran, alongside a handful of part-time tech roles.

According to Kawai Herdman, her father became fascinated with blockchain technology after reading about the work of Satoshi Nakamoto, who claims to have invented bitcoin.

“My father read Satoshi’s whitepaper in 2012, and saw financial freedom and privacy as a solution to the corruption underlying the 2008 financial crisis,” she said.

Herdman went on to study blockchain with the radical, artist-run group DCTRL Vancouver, whose members include technologists and developers in the city’s most prominent companies. He joined a firm named TGA Associates, developing chain analysis software for a Chinese veterinary project that used chips to detect farm animals’ vital statistics.

It was his role at TGA Associates that led him to cross paths with Sky Global’s Eap around February 2017.

“TGA was owned by former options trader Grant Persall, whose wife was the high school best friend of Jean’s fiancée,” explained Kawai Herdman.

In June 2017, Persall – who is also named on the French indictment – asked Herdman to launch his startup, LevUp Tech, to distribute Sky ECC software to resellers who would install it on smartphones.

Sky Global had 50 employees, including a communications team, an accounting department and a legal department. “It was hardly the appearance of a criminal organisation,” said Kawai Herdman.

By October of that year, the US had withdrawn from its nuclear agreement with Iran, ending cooperation between the two countries. Herdman’s business interests in selling completion equipment in the region came to an abrupt halt.

“My father figured he had nothing to lose by selling Sky’s software full-time,” said Kawai Herdman. “For my dad, like many tech guys, encryption was cool and exciting. But, sadly, he had no clue that danger was waiting, as global police were planning to spy on all the clients of these services.”

“For my dad, like many tech guys, encryption was cool and exciting. But, sadly, he had no clue that danger was waiting, as global police were planning to spy on all the clients of these services”

Julie Kawai Herdman

French prosecutors allege that Herdman oversaw 9,050 Sky ECC activations between June 2017 and September 2020, equivalent to 1.5% of the distribution.

Herdman worked long hours dealing with enquiries and tech support requests. He looked for business development opportunities among his international contacts, though – ironically – he had no resellers or users in France, where Sky ECC messages were routed through three servers and where he is now being prosecuted.

It seemed like a typical workplace call when, in June 2019, a “prospective client” contacted Sky Global, expressing interest in using Sky ECC. He was from the US, where the company had no distributors or resellers, so the enquiry was forwarded to Herdman, who emailed across a technical brochure.

“This guy, Oleg, requested a meeting in LA,” said Kawai Herdman. “It was strange, as everything was outlined in the brochure. But Grant was adamant that the US market was important, so my dad set up a meeting for October 2019.”

When Herdman met Oleg and his colleague, it became clear that they weren’t looking to become resellers. They simply wanted a few devices.

“My dad wasn’t keen on selling direct to users without a reseller for tech support, as the app often crashed, requiring specialist support,” said Kawai Herdman.

No business was done that day.

Oleg phoned Herdman in December 2019 to request three Sky ECC devices. At the time, Herdman was in Lisbon pitching an on-premise privacy solution to the Serbian Embassy, which was already testing 10 Sky ECC devices supplied by another distributor.

This distributor, also from Vancouver, joined Herdman at the meeting with the Serbian official in Lisbon.
 
“My father tried to talk Oleg out of the order. It was too much hassle to get three devices, load them and ship them to LA. But Oleg kept begging him.”

In the end, Persall sourced and paid for three iPhones, set them up and mailed them to California. Oleg paid in bitcoin.

Criminal investigation

Dutch and Belgian authorities infiltrated the Sky ECC network from 15 February 2021 to 9 March 2021, raiding 200 properties, arresting 48 people and seizing €1.2m in cash and 17 tonnes of cocaine.

On 12 March 2021, Herdman and Jean-François Eap were indicted – in the Southern District of California – under the RICO Act, which targets the “professional enablers” of organised crime. In the indictment, prosecutors argued that Herdman was a top Sky ECC executive and that he sold software to criminals.

“When he saw the indictment, my father guessed that the LA businessmen were undercover cops. He still didn’t think he did anything illegal though,” said Kawai Herdman. 

While my dad can only view the evidence against him in a secure part of the prison, after being strip-searched, 4,000 documents from his case were leaked to the media Julie Kawai Herdman

She said Herdman’s links to the Southern District of California, where he was indicted, were at best tenuous. “The only tie to Southern California was this meeting. He only made one sale in the US, and it was to those guys.”

Herdman cooperated with the US Department of Justice and San Diego prosecutors. He attended a three-day meeting in Madrid with defence lawyers – at a cost of over $100,000 to himself – and representatives from the US Marshals Office and Drug Enforcement Administration (DEA). 

US officials interrogated him about his involvement with Sky ECC. They confirmed his suspicions about the LA meeting. His sales pitch, where he claimed he was Eap’s “right-hand man”, had been audio-recorded and used as evidence.

“A vague conversation about my dad’s colleagues at well-known crypto exchanges was seen as an offer to help launder the proceeds of crime. US marshall John Shindledecker commented that every BTC [bitcoin] exchange is money laundering,” said Kawai Herdman.

In April 2021, Herdman was collaborating with US officials investigating Sky ECC. US prosecutor Meghan Heesch requested that Herdman relocate to Madrid to work with the DEA. They signed a proffer agreement stating that Herdman would provide information about Sky ECC, but it wouldn’t be used against him legally.

Herdman moved to the city. Yet in June 2021, Spanish police, acting on a French-European warrant, arrested him. He spent 14 days in Prisión de Estremera in Madrid, before being extradited to France and remanded in Maison d’arrêt de Fleury-Mérogis in Paris.

It wasn’t until 20 March 2025 that Herdman received an English copy of the evidence against him. “But the recording of this LA meeting – the main evidence against him – hasn’t been disclosed. Instead, the French cited a US letter stating that it exists,” said Kawai Herdman.

“While my dad can only view the evidence against him in a secure part of the prison, after being strip-searched, 4,000 documents from his case were leaked to the media.”

Serbian links

Organised Crime and Corruption Reporting Project (OCCRP) journalists revealed that Herdman was accused of using Miodrag Kostić, son of a late Serbian politician, as a reseller. Kostić was on the run in Spain, with partner Sanja Petkovic, after a 2010 bank robbery in Niš, Serbia. He was extradited to Serbia in 2020 and sentenced to five years in prison.

In January 2023, Serbian police, at the request of French prosecutors, searched the pair’s house in Niš and questioned Petkovic, asking her to give evidence against Herdman. She denied selling Sky ECC devices and refused to testify, while Kostić denied involvement when questioned three months later.

The couple remain uncharged.

Knowledge of criminality

In August 2017, WhatsApp messages between Herdman and Persall hinted that they knew that Sky ECC phones were used by criminals. Herdman complained about a competitor linked to “HA” – believed to be Hells Angels. He also mentioned “African mafia” clients and raised concerns that Serbian “gangs” could be tracked via IMEI.

“The mafia comment was a joke to describe some rude family friends,” said Kawai Herdman. “And it’s a bit of a stretch to say the Hells Angels are criminals. They’re a biker club. Harley-Davidson even did a brand partnership with them in the 1990s.”

She added: “Though OCCRP reported on the alleged conversation about Serbian gangs, prosecutors were unable to verify whether the messages were sent by my father, so they aren’t being used in the case against him.”

But for now, with the trial of Herdman and his co-defendants still pending, the case remains a contentious point in the global crackdown on encrypted communications.

Source

We’ve been able to translate foreign languages with relative ease long before generative AI products like ChatGPT did it for us. But genAI products like ChatGPT have helped companies enhance translation services across the board. It’s not just ChatGPT that can handle translation with ease. Competing models do it too. For example, Samsung made Live Translate a key feature of its Galaxy AI suite.

Google brought translation support to Circle to Search. More recently, Google’s NotebookLM model added support for dozens of new languages, allowing more users to access its podcast-style AI reports.

Translation services will keep improving. iOS 19 is rumored to bring live translation to AirPods, which would be a great new use for the wearables. But you don’t have to wait until later this year to try this kind of feature. BabelEar is a new iPhone app that already offers live in-ear translation in real time.

The app relies on ChatGPT to power translations, and it doesn’t collect any user data. That’s an important factor to consider when choosing AI-driven translation tools.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

BabelEar offers “instant In-Ear AI-powered translation,” letting you “hear near-zero latency, high-accuracy speech translation in over 100 languages and dialects.”

As shown in the screenshots, the app has a simple interface that lets you listen to people speaking in another language while the AI translates it live. The app also provides transcriptions, which can make following along easier.

BabelEar AI translation app. Image source: App Store

The App Privacy section notes that the app doesn’t collect any user data, which is rare for an AI app. Just compare that to how much data Meta AI tries to collect.

The developer has a more detailed privacy policy at this link, which outlines its data collection practices.

“At present, KapTable AI does not collect any usage data through this application,” the developer writes. “We will notify you of any changes to our data collection practices through app updates. Future versions may include optional analytics to improve the app’s functionality.”

The privacy policy also explains that “audio data is processed through OpenAI’s WebRTC service for real-time translation.”

So, can you get advanced AI-powered translation for free on your iPhone or Android via BabelEar? Not quite. There is no such thing as free when it comes to online services, especially AI. You will need access to OpenAI’s ChatGPT. Specifically, you need OpenAI API keys, which power the live in-ear translations.

As shown in the screenshots above, you must enter your API keys and then pay based on usage.

You only pay for the translations you perform with BabelEar through the ChatGPT API. For example, the default ChatGPT model, GPT-4o, costs $5 per 1 million tokens (input) and $20 per 1 million tokens (output) for text.

GPT-4o audio is more expensive, at $40 per 1 million input tokens and $80 per 1 million output tokens. You will likely use GPT-4o for translations, though the developer doesn’t specify the model.

These rates make translation relatively affordable. For instance, translating 10,000 words would cost under $2, according to a ChatGPT estimate. Again, you only pay for what you use.

Of course, you might not always need to use the BabelEar app. You may turn to other apps for translating written text or text in images, or use your regular AI subscription (if you have one) for audio translation. It doesn’t have to be ChatGPT. Most major AI tools can handle translation tasks.

When setting up your ChatGPT APIs, make sure to review your ChatGPT privacy settings to ensure your data is not used for training. By default, ChatGPT API data is not used to train OpenAI models.

You can download BabelEar at this link, with the app’s privacy policy available here. You will find your ChatGPT API keys on OpenAI’s website.

Source

Even though very few businesses around the world are resisting the allure of artificial intelligence (AI), research commissioned by Expereo has revealed a number of major roadblocks to UK AI plans, such as poor infrastructure, resistance from employees and unreasonable demands, while two-fifths of UK chief information officers have warned of unrealistic board expectations of AI.

The Enterprise horizons 2025 study was carried out for the managed network-as-a-service provider by IDC, taking the views of 650 global enterprise technology leaders across Europe, the US and APAC.

Despite some of the worrying findings revealed, the research is said to have painted a positive picture for the promise of AI, but only if businesses can overcome existing challenges. Amid the volatile economic backdrop, most organisations are placing their bets on AI to drive growth. The research showed that 88% of UK business leaders regarded AI as becoming important to fulfilling business priorities in the next 12 months.

It also revealed that AI has largely met or exceeded expectations to date, with only 14% of UK businesses saying AI has fallen short of expectations. Moreover, a clear majority of UK tech leaders agreed that AI will positively impact business, particularly customer-facing activities (64%) and costs (65%).

In addition, half of the leaders feel their network performance is limiting their ability to support large AI projects. Some 47% of UK organisations noted that their network or connectivity infrastructure was not ready to support new technology initiatives, such as AI, while 49% of UK organisations reported that their network performance was preventing or limiting their ability to support large data or AI projects.

Nearly two in five UK technology leaders believe their board has unrealistic expectations or demands on how new technologies like AI will impact business performance.

Furthermore, unrealistic board expectations were seen as potentially throwing organisations’ AI plans into chaos, as 26% of UK technology executives said expectations in their organisation of what AI can do are growing faster than their ability to meet them. Despite these challenges, 76% of UK technology leaders believe the focus on AI has raised their profile at the board level, up from 60% in 2024.

Just over two-fifths (41%) of UK businesses also highlighted that concerns over AI governance or ethics remained a significant obstacle to implementing AI initiatives in their organisation, followed by resistance from employees regarding their jobs (30%) and keeping up with the pace of change (32%). Meanwhile, 29% of UK businesses stressed that current external technology partners not having the right capabilities remains a significant obstacle to implementing AI initiatives in their organisation.

Assessing the key trends revealed in the study, Expereo CEO Ben Elms said as global businesses embrace AI to transform employee and customer experience, setting realistic goals and aligning expectations will be critical to ensuring that AI delivers long-term value, rather than being viewed as a quick fix.

“While the potential of AI is immense, its successful integration requires careful planning,” he said. “Technology leaders must recognise the need for robust networks and connectivity infrastructure to support AI at scale, while also ensuring consistent performance across these networks. We are at a pivotal moment where strategic investments in technology and IT infrastructure are necessary to meet both current and future demands.”

Source

See the dude in the top left corner of the top of the painting above (Raphael’s famous Madonna della Rosa)? That’s St. Joseph lurking over the Madonna, the Child, and St. John. And yes, he does seem to be painted differently than the others, something scholars have always attributed to someone else actually painting St. Joseph in the Madonna of the Rose painting.

But since you can talk to the Renaissance master about his painting, and since there could be several reasons why Raphael himself might have opted for this particular display of St. Joseph, it’s really up to the person in front of the painting to make up their own mind about what they’re looking at.

But fast forward to the 21st century and the dawn of increasingly intelligent AI models, and we seem to have a definitive answer. It wasn’t Raphael who painted the face in the background. For reasons unknown, someone else got to do that.

While AI can look at the painting differently and determine that not all four faces were drawn by the hands of the same person, it can’t necessarily tell us who painted St. Joseph.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

As ScienceAlert reports, researchers from the UK and the US came up with a custom analysis algorithm in recent years, producing a research paper in 2023 on the work that has gone into proving that speculations about the Madonna della Rosa piece were right.

“Using deep feature analysis, we used pictures of authenticated Raphael paintings to train the computer to recognize his style to a very detailed degree, from the brushstrokes, the color palette, the shading and every aspect of the work,” Professor Hassan Ugail explained a couple of years ago when the research was first published.

“The computer sees far more deeply than the human eye, to microscopic level.”

They repurposed a Microsoft pre-trained architecture called ResNet50 and combined it with a Support Vector Machine ML technique to identify Raphael’s paintings. The tech has been used before, showing 98% accuracy in identifying the artist’s works. Those experiments had the AI look at entire paintings.

This time, the researchers retrained the model to look at faces in paintings rather than the whole thing. They then told the AI to look at Madonna della Rosa as a whole and then at the faces.

The AI’s analysis of the entire painting was inconclusive. However, when it examined the individual parts of the painting, it determined that Raphael did not paint St. Joseph’s face.

Science Alert points out that Giulio Romano may have painted the fourth face, but that’s not certain. Maybe the same type of algorithm could be used to find the author of the fourth face, assuming you have enough works to train the AI on. The model would have to see enough paintings from the same artists to be able to recognize their partial work in other masterpieces.

Madonna della Rosa was painted on canvas between 1518 and 1520. That would have given Raphael ample time to finish the work and to entrust some of his apprentices with that particular corner of the painting, likely knowing that nobody would question his work.

On the other hand, Raphael died in 1520, which is an exceptional reason for one of his closest collaborators to finish the painting and deliver it to whoever commissioned it. All of this is speculation, of course.

It wasn’t until the mid-1800s that art experts started wondering whether someone else may have helped finish the painting. Also, as the Wikipedia page for Madonna della Rosa explains, Raphael’s attribution was uncertain. The AI can at least prove that three of the faces in the painting were painted by the famed Renaissance artist.

While the study of this particular work of art dropped some two years ago, it’s more relevant than ever, considering the massive advancements in AI-generated imagery we’ve witnessed since then.

This year alone, ChatGPT stunned the world, going viral for its ability to generate and edit images. Google’s Gemini has similar powers, including advanced editing support. These advancements would not have been possible without AI models being fed lots of imagery from different sources.

Raphael and Romano may have spent two years on this painting, but I only needed a few minutes for a text prompt and a photo of Madonna della Rosa to try to redo St. Joseph’s face in the style of the other three faces.

I asked ChatGPT to give St. Joseph the same style as the rest of the faces in Madonna della Rosa. Image source: Chris Smith, BGR

Much to my surprise, GPT-4o has new rules concerning image generation based on copyrighted content, and it would not complete the work. But it would have gotten it done, as you can see in the screenshot above, had ChatGPT not stopped generating.

Like Raphael with the real deal, I might need help getting St. Joseph’s face done from a different AI. Alas, you can find the AI research proving that Madonna della Rosa is a collaboration between Raphael and a trusted apprentice rather than a fully original work at this link.

Source