On Q Professional Investigations

WASHINGTON – Legislation that would require states to recognize concealed-carry firearm permits issued by other states got a boost on Wednesday, passing the House by a vote of 272-154 after contentious debate.

Supporters — including the National Rifle Association and 43 House Democrats — said the legislation, the Right-to-Carry Reciprocity Act, would simplify rules for permit-holders when they carry weapons across state lines.

But opponents called it a “race to the bottom,” saying it would force states to recognize looser permitting requirements of other states. States could be forced to issue permits to criminals convicted of dealing drugs to minors and domestic violence, Democratic opponents argued.

“This bill will undermine public safety,” said Rep. Robert Scott, D-Va. “We should let the states decide whether or not, or under what conditions, to allow people who are in their state to carry concealed handguns.”

On the other side, Rep. Trent Franks, R-Ariz., said the policy would be similar to allowing drivers to use their licenses in other states.

But law enforcement organizations, which widely oppose the bill, have said they aren’t capable of accessing other states’ concealed-carry permit databases for verification purposes.

The House passed an amendment authorizing a study of the ability of state and local law enforcement to verify out-of-state permits. Rep. John Conyers, D-Mich., said that study should have occurred before the House approved the proposal.

The measure, introduced by Rep. Cliff Stearns, R-Fla., has 245 co-sponsors in the House but is likely to meet stiff resistance in the Democratic-controlled Senate.

The legislation would still require permit-holders carrying concealed guns in another state to follow that state’s laws, particularly restrictions on where guns can be carried — universities, for instance, or bars or government buildings. But the bill wouldn’t require them to meet all of that state’s application qualifications, such as a minimum age requirement or a totally clear criminal background.

A total of 49 states — all except for Illinois — have some sort of law allowing the carrying of concealed guns, and would be required under this legislation to recognize the less-strict permits of other states. Under the current system, states must negotiate direct agreements to recognize one another’s permits.

Read more

The Department of Homeland Security has a “Cat’s Paw” program “in which actions are taken against whistleblowers, but are never traceable directly to the hands of the supervisor who influences the retaliations,” a former Customs officer says in a federal class action.

In a pro se complaint on behalf of DHS employees since 2007, Kenneth D. Humphrey seeks damages for conspiracy to obstruct justice, whistleblower violations, and damages under the False Claims Act.

“What’s called ‘Cat’s Paw’ is a common practice by supervision in CBP [Customs and Border Protection] and other federal agencies in which actions are taken against whistleblowers, but are never traceable directly to the hands of the supervisor who influences the retaliations,” the complaint states.

Humphrey claims he “witness[ed] repeatedly DHS/CBP’s leadership in acts of pushing fluffed meaningless statistics, retaliations, sexual favors advancements, derelict of duties, favoritism placements and assignments, abuse of personnel, misappropriate usage of government items, etc. Plaintiffs have no trust in whistle blowing because contrary to stated congressional activity, like the Whistleblower Protection Enhancement Act, plaintiffs believe corruption runs all the way to the top of grievances review offices/agencies/attorney examiners. When the ‘Cat’s Paw’ practices are appeal – The Federal Circuit Court of Appeals has ruled in favor of only three whistleblowers out of hundreds of cases.”

Humphrey claims that in employee surveys “only just over four out of every 10 respondents of CBP stated that senior leaders promote honest, open, and trusted two-way sharing of communication and knowledge.”

He claims, “Only a little over three out of every 10 CBP responding officers think that promotions, awards or other recognitions are based on merit, or meaningful work settings functioning.”

Humphrey seeks an injunction and damages. Read more

Read more

The holiday season is approaching and so are the scammers. Already they rub their hands with glee, ready to traumatize consumers and businesses. McAfee, one of the world’s largest dedicated security technology companies, has released its “12 scams of Christmas” list to forewarn and forearm against the dozen most dangerous online scams this holiday season.

Topping the list is mobile malware, McAfee notes that a recent National Retail Federation survey discovered that 52.6 percent of U.S. consumers who own a smartphone will be using their device for holiday-shopping. “Malware targeted at mobile devices is on the rise, and Android smartphones are most at risk. McAfee cites a 76 percent increase in malware targeted at Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform,” the company reports. “New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals on Black Friday and Cyber Monday, or just to learn about products they want to buy.”

At number two is malicious mobile applications– mobile apps that steal information from smartphones, or send out expensive text messages without a user’s consent. “Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. For example, last year, 4.6 million Android smartphone users downloaded a suspicious wallpaper app that collected and transmitted user data to a site in China,” McAfee says.

Rounding out the top three are phony Facebook promotions and contests. “Who doesn’t want to win some free prizes or get a great deal around the holidays? Unfortunately, cyberscammers know that these are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information. A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information,” the company states.

Here are rest of the top ten, as reported by McAfee in its press release.

Scareware, or fake antivirus software. Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk–or already infected–so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, with an estimated one million victims falling for this scam each day. In October 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, and it has been resurgent in recent months.

Holiday screensavers. Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be malicious too.

Mac malware. Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple products, for both business and personal use, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs(TM), as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent month on month.

Holiday phishing scams. Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony email or social media posts. Cyberscammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.

11/10/2011 – A common holiday phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer. Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money–and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.

Smishing. SMS phishing remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated–and collects the user’s personal information including Social Security number, address, and account details.

Online Coupon Scams. An estimated 63 percent of shoppers search for online coupons or deals when they purchase something on the Internet, and recent NRF data (October 19, 2011) shows that consumers are also using their smartphones (17.3 percent) and tablets (21.5 percent) to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information. One popular scam is to lure consumers with the hope of winning a “free” iPad. Consumers click on a “phishing” site, which can result in email spam and possibly dealing with identify theft. In another, consumers are offered an online coupon code and once they agree, are asked to provide personal information, including credit-card details, passwords and other financial data.

Mystery shoppers. Mystery shoppers are people who are hired to shop in a store and report back on the customer service. Sadly, scammers are now using this fun job to try to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be a mystery shopper, and instructing them to call a number if they are interested. Once the victim calls, they are asked for their personal information, including credit card and bank account numbers.

Hotel “wrong transaction” malware e-mails. Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams in the hopes of getting us to click on dangerous emails. In one recent example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

“It” Gift Scams. Every year there are hot holiday gifts, such as toys and gadgets, that sell out early in the season. When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.

“I’m away from home” scams. Posting information about a vacation on social networking sites could actually be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide that it may be a good time to rob them. Furthermore, a quick online search can easily turn up their home address.

Read more

An international jewelry seller was surrounded by masked robbers at a North Hollywood intersection

A diamond seller from Israel had over $2 million worth of diamonds taken from him in a smash-and-grab heist in North Hollywood.

At 10:10 p.m., Thursday, the victim was visiting a friend in North Hollywood. The jeweler left the friend’s house in his car and was stopped at a red light near the corner of Belaire and Burbank Boulevard.

He was then hit from behind by another vehicle while a second car boxed him in. That’s when five to six masked suspects jumped out of the vehicle, smashed the back window and made off with a backpack with over $2 million worth of diamonds inside.

“He couldn’t go anywhere because of the vehicles, and they proceeded to strike him with their fists,” said Sgt. Mike Kammert. Kammert said there were no weapons involved.

The victim then tried to chase down the suspects, but lost them in the pursuit.

The intersection at which the heist occurred was not heavily traveled at the time. There were no witnesses.

“One would be led to believe they obviously knew who they were targeting,” said Kammert.

North Hollywood police did not have a description of the men, but said one of the cars involved in the robbery was a grey or silver SUV that might have been involved in a crash later that night. The vehicle matched the description of the vehicle involved in the diamond heist — a silver or gold SUV.

“A radio call was put out regarding a vehicle left at a scene where it had struck a fire hydrant,” said Kammert.

The victim wasn’t hurt in the robbery and police said he did not have insurance. Anyone with information is urged to call North Hollywood police.

There is a critical piece of law every protection agent should understand. Understanding it will help keep you from being sued for rights violations, arrested for assault, or even worse…disgraced on YouTube.

It is this…

When you are performing a public duty or a private security function in any public space, you have absolutely no expectation of privacy. Specifically, anyone may photograph or videotape you or your client without any restrictions.

Although there are a few contradictory rulings and a few cases on both sides working their way through the courts, overwhelmingly, citizens and working photojournalists have a well established right to photograph and videotape in public spaces. There is no “officer safety” claim, no “privacy” claim or any other claim that will be recognized in court when it comes to images. You will lose.

In a publication on the subject, Attorney Bert Karages states,”The general rule in the United States is that anyone may take photographs of whatever they want when they are in a public place or places where they have permission to take photographs.”

Karages also advises,”Members of the public have a very limited scope of privacy rights when they are in public places. Basically, anyone can be photographed without their consent except when they have secluded themselves in places where they have a reasonable expectation of privacy such as dressing rooms, restrooms, medical facilities, and inside their homes.”

He adds,”Sometimes agents acting for entities such as owners of industrial plants and shopping malls may ask you to hand over your film. Absent a court order, private parties have no right to confiscate your film. Taking your film directly or indirectly by threatening to use force or call a law enforcement agency can constitute criminal offenses such as theft and coercion. It can likewise constitute a civil tort such as conversion.”

You can read his full report entitled The Photographers Rights here.

Generally, the only grey area in case law surrounding this issue relates to the audio taping of third party conversations without the permission of the party. But, again, unless you are an attorney or a credentialed audio visual technologist, you are probably not qualified to determine if the taping is legal and/or if a device is actively recording sound.

The bottom line is if you are in a public space or generally “in public” the odds are about 99 to 1 that people have a right to capture images of you and your client. You should have no expectation of privacy. So, if you are someplace public and you don’t want your picture, image or voice recorded, you need to leave the public space.

Photojournalists’ cameras may easily run into the thousands of dollars. If you touch a camera, you have opened yourself up to immense liability if the photographer claims you broke their camera and violated their rights.

Generally, photographer’s cameras are located adjacent to their eyes and body. So, if you push or shove a camera and it injures the photographer or citizen, you have opened yourself up to assault charges or a physical injury claim.

Naturally the rules change the second you step onto private property. You have all the rights in the world when you or your client own the property or have leased the property for a private event.

So, be smart, remain calm, know the law and support America’s freedoms. Don’t let some Congressman, CEO or other protection client talk you into absorbing the nightmare of an assault arrest or the stress of a civil lawsuit, because, they misunderstand the law and your role as a protection agent.

As a professional, you must understand, accept and incorporate the public’s and photojournalists’ rights into your operational strategy and execute your security mission smartly, while avoiding any act that will unnecessarily land you in court, or even worse, get you posted on YouTube!

An Eastern European pack of cyber thieves known as the Rove group hijacked at least four million computers in over 100 countries, including at least half a million computers in the U.S., to make off with $14 million in “illegitimate income” before they were caught, federal officials announced today.

The malware allegedly used in the “massive and sophisticated scheme” also managed to infect computers in U.S. government agencies including NASA and targeted the websites for major institutions like iTunes, Netflix and the IRS — forcing users attempting to get to those sites to different websites entirely, according to a federal indictment unsealed in New York today.

The accused hackers, six Estonian nationals and a Russian national, rerouted the internet traffic illegally on the infected computers for the last four years in order to reap profits from internet advertisement deals, the indictment said. The FBI busted up the alleged international cyber ring after a two-year investigation called Operation Ghost Click.

“The global reach of these cyber thieves demonstrates that the criminal world is… flat,” said Janice Fedarcyk, the FBI Assistant Director in charge of the New York field office. “The Internet is pervasive because it is such a useful tool, but it is a tool that can be exploited by those with bad intentions and a little know-how.”

Though they operated out of their home countries, the alleged hackers used entities in the U.S. and all over the world — including Estonia-based software company Rove Digital from which the group apparently gets its name — to carry out the plot.

According to the indictment, the suspects entered into deals with various internet advertisers in which they would be paid for generating traffic to certain websites or advertisements. But instead of earning the money legitimately, the FBI said the defendants used malware to force infected computers to unwillingly visit the target sites or advertisements — pumping up click results and, therefore, ill-gotten profits to the tune of $14 million.

The malware was also designed to prevent users from installing anti-virus software that may have been able to free the infected computers.

The six Estonian nationals have been arrested on cyber crime charges while the Russian national remains at large.

“Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise,” Fedarcyk said. “Thanks to the collective effort across the U.S. and in Estonia, six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled.”

How the Fraud Worked, According to the FBI

The indictment describes several examples of alleged cyber fraud including two principle strategies: traffic redirection and ad replacement.

In the first case, if a user searched for the websites of major institutions like iTunes, Netflix or the IRS, the search results would return normally. However, if the user tried to click on the link to the websites, the malware on the computer would force a redirect to a different website where the criminals would profit in their advertisement deal.

In the second, when an infected computer visited a major website — like Amazon.com — the malware would be able to simply replace regular advertisements on that page with advertisements of their own making.

Read more

Facebook is facing legal action in Germany over its controversial facial-recognition feature.

The state data protection authority in Hamburg is preparing to sue the social-networking giant over the feature, which automatically recognizes and tags photos in Facebook users’ networks, according to a report in Deutsche Welle.

“This requires storing a comprehensive database of the biometric features of all users,” the organization reportedly wrote in a German-language statement published on its Web site. “Facebook has introduced this feature in Europe, without informing the user and without obtaining the required consent. Unequivocal consent of the parties is required by both European and national data protection law.”

The organization said it has had conversations with Facebook in which the company promised it would inform users of the feature, adding that “further negotiations are pointless.”

Facebook responded by saying a lawsuit was “completely unnecessary.”

“The Tag Suggestions feature on Facebook is fully compliant with EU data protection laws,” Facebook representative Andrew Noyes said in a statement. “On top of that, we have given comprehensive notice and education to our users about Tag Suggestions and we provide very simple tools for people to opt out if they do not want to use this feature. We have considered carefully different options for making people even more aware of our privacy policies and are disappointed that the Hamburg DPA has not accepted these.”

The feature was quietly rolled out in June and immediately attracted the regulatory attention of the European Union, which announced it would study the feature for possible rule violations. Authorities in the U.K. and Ireland have also said they are reviewing the photo-tagging feature.

U.S. lawmakers criticized the company for making the requiring users to opt out of the feature rather than opt in. “Requiring users to disable this feature after they’ve already been included by Facebook is no substitute for an opt-in process,” Rep. Edward J. Markey (D-Mass.), co-chairman of the Congressional Privacy Caucus, said in a statement in June.

Even though Facebook allows users who don’t want to be identified by the feature to disable it, the company conceded at the time that it could have done a better job explaining how the feature works.

“We should have been more clear with people during the roll-out process when this became available to them,” the company said in a statement in June.

Read more

How much does it cost for thieves to discover the data that unlocks identity for creditors, such as your Social Security number, birthday, or mother’s maiden name? Would it surprise you to learn that crooks are selling this data to any and all comers for pennies on the dollar?

At least, that’s the going price at superget.info. This fraudster-friendly site has been operating since July 2010, and markets the ability to look up SSNs, birthdays and other sensitive information on millions of Americans. Registration is free, and accounts are funded via WebMoney and Liberty Reserve, virtual currencies that are popular in the cybercriminal underground.

Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

“Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Customers who aren’t choosy about the identities they’re stealing can get a real bargain. Among the most trafficked commodities in the hacker underground are packages called “fullz infos,” which include the full identity information on dozens or hundreds of individuals.

Read more

MANHATTAN (CN) – A hidden sexual relationship with a confidential informant to whom he gave confidential FBI reports has an FBI agent facing years in federal prison. A federal jury on Tuesday convicted Adrian Busby of four counts of making false statements in the tangled affair. Busby, 37, faces up to 5 years in prison for each count.

The U.S. Attorney’s Office said Busby’s troubles began in early 2008, when he signed up as a confidential source a woman who was being prosecuted for identity theft. Busby, who worked in the FBI’s New York office, told the agency that she was not the subject of any investigation, but “in truth, mere days before making this representation on the form, Busby had called both the lead NYPD detective and the Queens Assistant D.A. investigating the identity theft case to try to convince them to halt their investigation of the Confidential Source,” prosecutors said in a statement.

The woman was indicted on felony charges anyway, and Busby began a sexual affair with her, prosecutors said. Their statement continues: “As she began preparing for her trial, Busby assisted with her defense, in violation of FBI rules. For example, Busby supplied the Confidential Source and her defense attorney with copies of confidential FBI and Internal Revenue Service reports of interviews he and other agents had conducted as part of a separate federal mortgage fraud investigation. He also supplied the Confidential Source and her attorney with secret information gathered pursuant to federal grand jury subpoenas. In addition, he unsuccessfully lobbied his supervisor and an Assistant U.S. Attorney in another office for permission to testify on the Confidential Source’s behalf at her trial. He also repeatedly asked the Assistant U.S. Attorney to ask the Queens Assistant D.A. to dismiss the case against her. After the Confidential Source was convicted at trial, Busby called up the main witness who had testified against her, and insisted that the witness submit to an interview with him at his FBI offices.”

Busby later denied doing all this, and also denied his sexual relationship with the woman, but as the Justice Department investigated, he “claimed that he had not known the Confidential Source was under investigation when he signed her up, and that he did not begin any sexual relationship with her until after she was no longer an FBI source,” according to the U.S. Attorney’s Office.

He was convicted of lying to the FBI on the form opening the confidential source; lying to the FBI about whether he had intentionally given FBI reports to the confidential source’s attorney; lying to Department of Justice’s Office of Inspector General about whether he knew the confidential source was under investigation when he signed her up as a source; and lying to DOJ-OIG about whether he had intentionally given the FBI reports to her attorney.

If you have ever wondered about the government’s ability to control the civilian airwaves, you will have your answer on November 9th.

On that day, federal authorities are going to shut off all television and radio communications simultaneously at 2:00PM EST to complete the first ever test of the national Emergency Alert System (EAS).

This isn’t a wild conspiracy theory. The upcoming test is posted on the Public Safety and Homeland Security Bureau website.

Only the President has the authority to activate EAS at the national level, and he has delegated that authority to the Director of FEMA. The test will be conducted jointly by the Department of Homeland Security (DHS) through FEMA, the Federal Communications Commission (FCC), and the National Oceanic and Atmospheric Administration’s (NOAA) National Weather Service (NWS).

In essence, the authority to seize control of all television and civilian communication has been asserted by the executive branch and handed to a government agency.

The EAS has been around since 1994. Its precursor, the Emergency Broadcast System (EBS), started back in 1963. Television and radio broadcasters, satellite radio and satellite television providers, cable television and wireline video providers are all involved in the system.

So this begs the question: is the first ever national EAS test really a big deal?

Probably not. At least, not yet.

But there are some troubling factors all coming together right now that could conceivably trigger a real usage of the EAS system in the not too distant future. A European financial collapse could bring down U.S. markets. What is now the “Occupy” movement could lead to widespread civil unrest. And there are ominous signs that radical groups such as Anonymous will attempt something major on November 5th- Guy Fawke’s day.

Now we know in the event of a major crisis, the American people will be told with one voice, at the same time, about an emergency.

All thats left to determine is who will have control of the EAS when that day comes, and what their message will be.

Read more