SECURITY
FBI Charges Google Engineer Who Used Internal Data to Win Polymarket Bets
Here is a number worth sitting with: $1.2 million in profit, made not by building a product or picking stocks, but by logging into an internal Google tool and then betting on the exact outcomes that tool revealed. According to federal prosecutors, that is precisely what Michele Spagnuolo did — and the prediction market platform Polymarket had no idea it was on the wrong side of the trade.
Spagnuolo, a Google software engineer and Italian citizen living in Switzerland, was arrested this week and appeared before a federal judge in New York. The Justice Department charged him with commodities fraud, wire fraud, and money laundering. The core allegation is almost elegant in its audacity: he used his employee access to Google's internal Year in Search data — the rankings of which public figures people searched most — to place bets on Polymarket before Google made those results public.
Operating under the account name AlphaRaccoon, Spagnuolo risked roughly $2.75 million across about 25 separate bets between October and early December 2025, the period when Google's annual search rankings were still confidential. His positions were almost entirely on the "No" side of various questions — would Bianca Censori, Donald Trump, or Pope Leo XIV top the most-searched list? He apparently knew the answers before anyone else did.
The details of specific bets read like a celebrity trivia game with very high stakes. Nearly $940,000 went against Censori topping the list. Over $600,000 went against Pope Leo XIV. More than $500,000 was wagered that Trump would not claim the number one spot. The bets sprawled across a cast that included Kendrick Lamar, Taylor Swift, Luigi Mangione, Elon Musk, and Squid Game, among others.
Googled responded carefully. The company confirmed it suspended Spagnuolo and is cooperating with law enforcement, while noting that the tool he accessed was technically available to all employees. That last detail matters: this was not a sophisticated hack or a breach of a locked-down system. It was an employee using internal data he was allowed to see for entirely different purposes. That distinction will likely matter a great deal in court.
For Polymarket, this is an uncomfortable moment. The platform has positioned itself as a legitimate, data-driven alternative to traditional polling and forecasting. Its odds are frequently cited by journalists and analysts as meaningful signals. But those odds only work if participants are operating on roughly equal information. AlphaRaccoon was not.
The broader implication here cuts beyond one rogue engineer. Prediction markets are now large enough, and liquid enough, that access to non-public information creates real financial incentive to exploit them. The line between insider trading and information arbitrage has always been contested. In this case, federal prosecutors drew that line very clearly — and named it commodities fraud.
Spagnuolo's alleged scheme also raises questions about how platforms like Polymarket monitor for suspicious patterns. Multiple people who follow prediction markets apparently noticed AlphaRaccoon's unusual winning streak. The FBI noticed too.
Source: Ars Technica
SECURITY
Pentagon Ignored Cheap Phone Tracking Fixes and Now Troops Are Being Targeted
For as little as 12 cents per record, you can buy the name, home address, health condition, and financial details of an active-duty American soldier. No hacking required. No government clearance needed. Just a credit card and a data broker willing to sell. Researchers proved this in 2023. The Pentagon had been warned about it since at least 2016. And now US Central Command has confirmed that adversaries are using exactly this kind of commercially available location data to track and target American troops in the Middle East.
The confirmation came through a letter obtained by Reuters, in which Centcom acknowledged receiving multiple threat reports about adversary exploitation of commercial location data against US personnel in theater. It is the first official government admission that the data-broker economy — the same one that helps advertisers target you with sneaker ads — is being used as a weapon against American forces.
The timeline of inaction is striking. In 2016, a government technologist briefed senior officers at a Joint Special Operations Command facility and demonstrated, live, how commercially purchased phone location data could trace devices from US military home stations in North Carolina and Florida all the way through Turkey and into a covert forward operating base in northern Syria. The data was not stolen. It was bought. It was available to any advertiser, researcher, or foreign intelligence agency willing to pay for it.
The Pentagon's response over the following years managed to be both alarmed and self-contradictory. The Defense Intelligence Agency disclosed to Congress in 2021 that it purchases commercial phone location data on Americans without a warrant, arguing no warrant is required. Parts of the military were simultaneously warning about the threat of this data and actively buying it themselves.
The 2023 Duke University study, funded through a US Military Academy grant, put the most concrete numbers on the problem. Researchers posing as a Singapore-based buyer purchased names, addresses, health data, and financial records on thousands of active-duty service members from data brokers with almost no identity verification. Datasets were advertised with names like "Military Families Mailing List." The barrier to entry was essentially nonexistent.
Congress heard versions of this alarm repeatedly. Privacy legislation that could have regulated the data broker industry stalled each time. The one targeted fix that did pass — a rule preventing data shared with military contractors from being resold — left the broader commercial market completely untouched. The industry continued operating as before.
What makes this particularly frustrating is that the technical fixes were never especially complicated or expensive. Restricting which apps can run on devices carried onto military installations, issuing guidance on phone hygiene in sensitive areas, and regulating the sale of location data to foreign-linked buyers are not moon-shot proposals. They have been on the table for years.
Instead, the warning window closed, and the threat became operational. The 12-cent record is no longer a hypothetical. It is, apparently, a targeting tool.
Source: WIRED