On Q Professional Investigations

(1) After half a decade of speculation, a British official has publicly admitted that English spooks were spying in Moscow with the help of a fake “spy rock.” The hollowed out rock, filled with electronic equipment, allowed the British spies to covertly transmit files to and from the rock by simply walking by it. (Ren-TV/Pressphotos/Getty Images)

(2) It must have just looked like a normal umbrella to Georgi Markov, a Cold War-era Bulgarian pro-Western dissident, as he waited for a bus in London in 1978. But one mysterious move and presumably a sharp pain later and Markov was condemned to death. The umbrella, it turned out, had been tipped with a needle that injected him with a deadly protein-based toxin. (Michael Fresco / Rex USA)

(3) Aptly named “The Kiss of Death,” Russia’s infamous former security service, the KGB, used this sleek and sexy device to take out targets from extremely close range, according to the International Spy Museum in Washington, D.C. The lipstick container also held a single 4.5 mm shot – small caliber but still potentially deadly. (Newscom)

(4) Not to be outdone by its Russian counterparts, the CIA dove just as deep into the extreme gadget game. Pictured here in a photo provided by the Agency is the Dragonfly, an unmanned aerial vehicle, developed in the 1970s. The tiny surveillance craft was the first “micro UAV” the size of an insect to take flight, the CIA said. (CIA/AP Photo)

(5) The British ploy with the fake rock is hardly a new idea. Back in the early 1970s, the U.S. tried a similar trick in Moscow with a tree stump. In this case, the equipment hidden in the fake stump was designed to intercept Russian communications coming from a nearby Russian air base. But like the British “spy rock,” the “spy stump” was uncovered by the ever-vigilant Russian security service. (International Spy Museum)

(6) The debonair tuxedoed man may just be reaching for a smoke, or, thanks to a specially designed cigarette case, he could be snapping off pictures as part of a sophisticated surveillance operation. Also on display at the International Spy Museum, this Cold War-era cigarette case has a miniature camera hidden in the side. (Michael Fresco / Rex USA)

(7) While the famous “shoe phone” from the classic spy comedy “Get Smart” may have seemed ludicrous, it really wasn’t that far from reality. On display at the International Spy Museum is the “spy shoe,” a device created by the KGB that hid a radio transmitter and microphone in the heal of a normal brown shoe, allowing the wearer to eavesdrop on and transmit secret conversations just by walking by. (International Spy Museum)

(8) Secret gadgets have a history further back than their heyday in the Cold War. During the Second World War, U.S. Army intelligence officers developed a way to turn a regular water canteen into booby-trapped explosives, according to the International Spy Museum. (International Spy Museum)

(9) Mark Stout, a historian at the International Spy Museum, said each of the world’s best intelligence services are thinking all the time about the most creative ways to hide secrets in plain sight. The “dog doo transmitter” is certainly an example. Reportedly used in Vietnam, this fake excrement was actually meant to resemble Tiger feces and was used as a homing beacon to direct aircraft. (International Spy Museum)

A Colorado judge this week ordered a woman to decrypt her laptop so that law enforcement officials could use the information against her in a pending fraud case.

“I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer,” Judge Robert Blackburn wrote in his decision.

Ramona Camelia Fricosu and her husband, Scott Anthony Whatcott, were indicted last year for preying on people in the Colorado Springs area who were about to lose their homes to foreclosure.

In the course of the investigation, the FBI executed search warrants on Fricosu’s home and seized her Toshiba Satellite M305 laptop, among other devices. Upon inspection, however, they discovered that the device was encrypted, barring the agents access to its contents.

Fricosu has refused to provide the password to her computer, asserting her privilege against self-incrimination under the Fifth Amendment.

In reaching his decision, Judge Blackburn referenced the case of Sebastien Boucher, who was arrested in December 2006 when he and his father tried to cross the Canadian border into Vermont. Border officials found child porn on his computer and confiscated the device, but when they tried to access it later, it was password-protected. By December 2007, a Vermont federal judge ruled that Boucher could not be forced to reveal his computer password and incriminate himself.

On appeal, however, a grand jury required Boucher to produce a decrypted version of his hard drive, not the password. With this workaround, constitutional rights are not violated, the jury found, because the contents of the device “are a foregone conclusion.”

Similarly, investigators in the Fricosu case know that the Toshiba laptop in question contains incriminating evidence, thanks to a taped phone call between Fricosu and her husband, who was incarcerated at the time.

“The uncontroverted evidence demonstrates that Ms. Fricosu acknowledged to Whatcott during their recorded phone conversation that she owned or had such a laptop computer, the contents of which were only accessible by entry of a password,” the judge said.

The government will hand over Fricosu’s laptop to her attorneys by Feb. 6 and she has until Feb. 21 to produce an unencrypted copy of the hard drive.

Read more

Armada Global, Inc., a Central Pennsylvania-based high-tech surveillance and security firm, has developed a tool that is changing the way companies conduct their investigations. Owned and operated by former operations officers for CIA’s National Clandestine Service, Armada Global insisted on a more covert approach to their surveillance, breaking the mold of using the stereotypical dark tinted SUV or van.

“We know that most people associate surveillance with this type of vehicle, and I was determined to find a way to develop a system that allowed our investigators to blend more seamlessly with their environment,” explained Zach Grove, company president.

After months of testing and re-tooling, Zach developed the Unmanned Video Surveillance Platform. The system consists of a pan/tilt/zoom camera that is covertly concealed on the interior of a car without any tinted windows or other stereotypical “surveillance” fittings. The camera is covertly connected to an interior digital video recorder (DVR), which saves all recorded material for later retrieval and editing. The vehicle is parked in a location within eye-shot of the surveillance location and left alone, seemingly empty. The investigators then position themselves in a second vehicle nearby to conduct trailing surveillance if or when it is necessary and view all the activity on a laptop via a secure internet connection.

“The beauty of this system is that my investigators can see what is going on in real-time and can control the camera’s movements with the click of a mouse. We have eliminated the need to place an investigator in a sometimes compromising position without sacrificing any visibility. It is more covert and much more effective,” stated Grove.

The Unmanned Video Surveillance Platform is utilized in nearly all of Armada Global’s investigations and is only inhibited by lack of vehicle parking or low/no wireless signal since the system operates via wireless technologies. It has now been used and proven successful in thousands of hours of real surveillance cases.

There are, of course, obvious benefits to using this system like more covert surveillance and increased officer safety since personnel don’t need to be physically present to view and record activity.

Unmanned Video Surveillance Platform“Safety is sometimes a huge concern to us, especially when we’re operating in urban areas known to have a high crime rate. I feel better knowing that I’m not putting my people out where it would not be safe for them,” said Grove. “We drop the Unmanned Video Surveillance Platform in place and then move to a location, possibly a public establishment on a busy street, where safety would not be as much of a concern.”

Another advantage to using the Unmanned Video Surveillance Platform is the potential to decrease budgetary requirements. On cases where trailing surveillance is not needed or required, the system can be placed in position and then monitored and controlled from the home office. This allows for fewer personnel to be out on the streets and has the potential to cut payroll significantly. Increased investigator comfort is also another significant benefit, especially when dealing with temperature extremes.

“Anyone who has ever sat in the back of a vehicle to conduct surveillance knows that there is nothing worse than a hot, summer day,” explained Grove. “Opening the vehicle’s windows or, worse yet, turning the vehicle on to run the AC, largely decreases the covertness of the operation. The Unmanned Video Surveillance Platform can run effectively in very hot and cold temperatures, which allows the investigator to sit comfortably in air conditioning throughout the day.”

Armada Global’s management team has come to realize during the two-years that they have been utilizing the Unmanned Video Surveillance Platform that it would have a tremendous benefit to law enforcement, especially for narcotics investigations or pre-raid planning. As such, they are now scheduling demonstrations and making the system available for purchase by law enforcement or licensed private investigators. The Unmanned Video Surveillance Platform can be customized for specific needs or uses and comes with two pan/tilt/zoom cameras, DVR, battery power, connecting cables, a laptop, and all required software in a rugged Pelican Case for easy storage and deployment. An Armada Global representative will also provide up to 20-hours of system set-up and training.

Read more

Most people refer to a vehicle collision as an accident. However, since there is liability associated with an accident, the term seems to be a misnomer. It is so common to refer to it as an accident that investigators in this field are often referred to as accident reconstructionists. If it is an accident, this means there is no fault at all. It may as well mean for some unexplained reason, forces of the universe have met at a certain point in time and place and a result occurred that defies explanation. It means that it has likely never happened before and will probably never occur again in the future. In fact, the term accident is defined in the Merriam dictionary as an unforeseen event or circumstance. This hardly explains a vehicle collision. It is also why reconstructionists should be referred to as collision reconstructionists.

Collision investigators reconstruct collisions for several reasons. The most important , in my mind, and yet more subtle reasons for looking into significant collisions is to identify any environmental factors that may have been a primary contributor to the collision. This may prevent additional collisions at a certain location from causing further injuries or fatalities. They are often the most easily and quickly remedied. Another benefit for examining these collisions is to identify any safety concerns in vehicles for equipment or structural failures. Although this prevents further unwarranted injuries or fatalities, these are less common and more difficult to see through to the end. Lastly, there is the investigation to determine fault or liability.

Often in vehicle collisions, the events can be foreseen, although not always observed. They can certainly be explained and liability assigned. This happens daily in every city. In order to explain how events occur and why and then to assign liability reconstructionists must seek causation. In doing so, contributing factors need to be considered in determining causation. These factors may include driver behaviors, environmental factors, and vehicular factors.

Once a roadway hazard is perceived by a driver, the driver reacts to the hazard, and physics takes over. There is one of two outcomes as a result. There is a collision or a collision avoidance. In the case of a collision, there is a multitude of factors that affect the outcome of the impact. The investigator must consider acceleration, braking, speed, friction, and direction, energy and momentum, all of which has to be carefully analyzed. An affective reconstructionist has the unique ability and fortitude to compute many of these factors based on roadway evidence, scaled measurements, and sometimes recorded data.

Collision Reconstructionists are uniquely trained to take the investigation further into causation factors. Our investigators consider many factors prior to and after the collision, as well as, being trained to meticulously explain the details of a collision itself, where more events occur in 1/10th of a second than most can imagine.

For example, in a scenario where two vehicles collide at an intersection, a reconstructionist is interested in the pre-collision events. Where were the driver’s traveling from? Where was their intended destination? What was their frame of mind at time of departure? What do the cell phone records reveal prior to the collision? In addition and all too often, were the driver’s intoxicated?

Once these questions can be answered, the next issue at hand is the scene of the collision. Hopefully, this is where the responding police department has protected the scene for preservation of evidence and, subsequently, conducted a thorough investigation by obtaining all possible witness statements, marked any and all roadway evidence, and successfully measured the scene using a total station or other scene mapping equipment. These and others are all vital requirements for a successful private practice reconstructionist to review the case and identify any factors that may be important to a civil or criminal case. One rule to keep in mind is there is very seldom evidence not tampered with from bystanders or other emergency personnel whose primary job is not to preserve evidence but save lives.

While reviewing the results of the investigation or revisiting a scene, a reconstructionist must look for environmental factors such as was the sun at a position to blind a driver’s view, are there trees or other objects blocking a view of traffic, was the traffic regulating equipment working properly. We can then begin to look at the roadway makeup and condition at the time of the collision. Another factor to consider is contributing vehicle factors by the units involved. Are there any vehicle recalls and have the repairs been completed by an approved mechanic? Have there been any recent collisions that may have caused prior damage to a vehicle that made this specific wreck worse than it should have been? Was the vehicles equipment operating properly at the time of the collision?

In addition to these telling details is the vehicle damage. There is a very accurate story told by the damage that often cannot be altered. The principle direction of force or PDOF will fold a vehicles exterior in the direction the collision occurred. Reconstructionists can also tell which lights were on during a collision, even if they are off once the collision occurs (an affect called “hot shock”). In the case of law enforcement investigations, often a driver who wishes to avoid the fact that he was driving can be identified by a foot print left on a brake or accelerator pedal. A private reconstructionist must look at how law enforcement identified a person as the driver so appropriate liability can be assigned.

As you can see, a solid collision investigation can fill a large file of detailed reporting by someone who has received the proper training and has obtained the right experience for the needs of a client. Our investigators have responded on scene to thousands of collisions, many fatal, and have had the unique opportunity to observe the evidence minutes after the collision has occurred. This is unique our investigators who have law enforcement backgrounds, experienced in civil depositions and testimony, as well as, successful criminal cases.

A physicist or an engineer can calculate your data or explain the damage to vehicles based on principles and graphs, but our investigators have had the first hand experience that gives our clients the edge in a successful case. Our training has come from nationally prominent authorities in our field and our experience has come through being at the scene of every type of incident our clients may incur from single vehicle to a passenger car vs commercial vehicle. If there is a need for commercial vehicle inspections, we are also able to provide them when needed for an investigation at varying levels. In addition, we have the equipment, training, and ability to image event data recorders to obtain collision information such as seat-belt use, braking indicators, speed, airbag deployment, and much more.

Read more

Sub Rosa is a term we use so often in the Workers’ Compensation community that it is surprising how many do not know the original meaning. Sub Rosa is a Latin term meaning “under the rose”.

The rose, a beautiful flower used to express love, is also the symbol of secrecy. In fact, in ancient Rome roses were hung from the ceiling of the great council chamber to pledge the assembly to secrecy. We also see the rose in early Christian symbolism. The image of a rose was often carved on confessionals, indicating that the act of confession between the priest and confessed would remain a secret.

Fast forward to today and the word Sub Rosa is used to describe surveillance or the secret act of watching a person or group. The use of Sub Rosa is one of the most powerful tools a claims professional has to document evidence. What is more damaging than someone caught on film cutting and stacking wood when hours earlier he was barely able to hobble into a doctor’s office? Film that catches a subject in unguarded moments will document the claimant’s true physical limitations and the confirmation of a fraud.

It is the claims professional’s responsibility, after much evaluation, to initiate the Sub Rosa investigation. However, some adjusters are very hesitant to request a surveillance especially if they have not had success in the past with obtaining film. But if you have strong evidence that fraud is likely, then you should commit the resources to establish a defense. Be sure to have a clear understanding of what you want to achieve as well as what is possible within the law.

Keep in mind a Sub Rosa investigation involves many moving parts and unless you work with someone who is well trained, knowledgeable, experienced and a trusted professional you could end up with unusable video and a blown opportunity.

I’ve outlined a few tips to help get your Sub Rosa investigation going in the right direction. Preparation and knowledge is the key. Of course, not every situation is covered here, but if you employ these five steps, you are more likely to have a successful outcome.

Document your suspicion of fraud

Once you have identified a possible fraud, document it in your file. Recording your suspicions will help you to identify the fraud and work out a course of action. Using surveillance arbitrarily is unlawful. Only employ Sub Rosa when you have a reasonable suspicion of fraud.

Move on it quickly

A great way to botch an investigation is to wait too long to act. Once a reasonable suspicion has been established, talk to your investigator as soon as possible and plan a course of action together.

When you hire any vendor on your file you are hiring their expertise. You would not hesitate to question your attorney on a legal point or a doctor on a diagnosis, so don’t hesitate to ask the investigator what they think and make your decision based on their advice.

Provide up to date information

Our firm was asked to do surveillance on a man who was arriving at a downtown bus station. We reviewed the physical description and injury information with the client; they even provided a picture. We established the surveillance but the man was not on the bus. At least, the man in the picture did not arrive.

Actually, the man was on the bus but he didn’t fit the description and picture. We found out later that the information was five years old. The subject’s hair color was different and longer, he gained weight and had grown a beard. We did eventually re-establish the surveillance and obtained some good film, but valuable time and money were wasted.

Give your investigator accurate information. Take the extra step to verify descriptions and ask your insured for up to date photos or films of the claimant. The more information you provide, the better our chances to identify and film the right person.

Communicate with your investigator

Set aside time at the beginning of the assignment to talk with the investigator and go over the case information. Set up some ground rules about the amount of time authorized and how a request for additional time is handled. Coming to an understanding now will eliminate problems down the road.

Keep in contact with the investigator and update them with any new information when you receive it. Try to be available when they call or return calls quickly.

Authorize enough film to defend your case

Bottom line is that an investigator is aware of the amount of time you have authorized and they will try to allocate the time wisely, but there are periods when a subject will become active when the allocated time is almost out.

The investigator will usually call to request more time, but if you are not available they might continue or drop filming because there is no time left. Don’t let an opportunity slip by and damage your investigation. Allow some wiggle room for your investigator. Trust them to know what is needed to establish your case.

Let them know at the beginning of the investigation that they can go over the time requested (within reason and within certain situations) but they must continue to try to contact you. Most of the time, investigators will continue to film because it is in the best interest of the case.

Don’t beat them up when they have gone over the time, especially if they have good film.

Authorizing or not authoring additional film can also be a trust issue, but if you don’t trust the investigator to give you an accurate assessment, then you have another problem which needs to be addressed directly.

Be aware that an investigator will request at least two more days of filming if he/she has clear evidence of fraud. Allow the investigator to continue shooting for at least the next two days.

Bear in mind that one active day is not enough to prove fraud to a judge. You must show that the activity was not an unusual “one time event.” Another two days of activity will give you enough evidence to establish fraud.

Lastly, the length of the film should be enough to establish a true account of the claimant’s activities. Filming twenty minutes of a three hour baseball game is not enough time to represent a true account.

Read more

Megaupload, the file-sharing website shut down Thursday by the U.S. federal government, is a Web hosting tool that now finds itself accused of being an online haven for digital pirates.

Many people probably never have heard of the site. But to millions, the 6-year-old site, based in Hong Kong, was a fast, easy way to store massive files in a “locker” online and then share them with friends or colleagues.

At various points in its history, Megaupload has been among the most popular websites in the world.

And it once had the support of some celebrities. A (really bizarre) YouTube video shows Kanye West, Kim Kardashian, P. Diddy and several other celebrities vouching for the site in an apparent music video-style advertisement.

But the site has long suffered accusations of allowing less-than-legal files to pass through its computer servers.

“Megaupload was always going to get taken down — far too flagrant publication of copyrighted material,” Jonathan Riggall, a website editor living in Barcelona, Spain, wrote on TorrentFreak, a blog devoted to file-sharing issues.

“I think sharing on the Web is great, and I don’t care if it’s copyrighted material — but Megaupload and some similar sites are making loads of money out of making it possible for people to view pirated stuff. Of course they will be targeted as they are blatantly breaking laws.”

The U.S. attorney for Megaupload.com denies the government’s allegations.

‘We believe that the allegations are without merit and Megaupload is going to vigorously defend against the case,” attorney Ira Rothken said.

Created in 2005, Megaupload was the 72nd-most-visited site on the Web during the past three months and has peaked as high as No. 13, according to Internet traffic analytics firm Alexa.

The site offered what’s called “one-click hosting,” letting users upload anything on their hard drive or in cloud storage to the Web.

The service gives users a URL that can then be shared with others — often on discreet online message boards or social networks — letting them access the file as well.

MegaVideo was the site’s video service, letting even nonmembers view more than an hour of video at a time on the site, and MegaPix was a photo storage and sharing site in the mold of Flickr or Photobucket.

People who paid for a premium account on the site were able to upload and download larger files.

It was, by all accounts, a successful business model.

The U.S. government said that it seized $50 million in assets and that much of the $175 million the site has earned since 2005 was due to copyright infringement. As Ars Technica notes, even the site’s graphic designer reportedly earned $1 million last year, and between them, the seven indicted people (including the creatively named Kim Dotcom) owned 15 Mercedes-Benzes, a Maserati, a Rolls-Royce and a Lamborghini. The blog TechCrunch has posted photos of seized assets, including the cars and a large house in New Zealand, in case you’re interested.

Publicly, at least, the site frowned on illegal uploads. It featured a tool to report “abuse,” gave copyright holders the ability to hunt for illegal content and registered with the U.S. government under the Digital Millennium Copyright Act, a law aimed at fighting piracy.

The site’s owners have denied any wrongdoing in regard to copyright violation, and their attorney has said the site was wrongly shut down before its owners were allowed to address the charges against them.

But the Justice Department says the anti-theft efforts were a facade — that Megaupload’s employees knew they were enabling piracy and made the site difficult for outsiders to search for illegal material.

In an unofficial sampling of CNN Tech readers on Twitter, many quickly acknowledged using the site to watch TV shows or movies. But others cited more legitimate uses, with some saying they’ve lost legitimate content, not to mention money, after the government crackdown.

Seng Ung of Boston said he recently paid roughly $260 for a lifetime membership so he could store old files from childhood and college. He didn’t lose them, but now he’s gotten nothing in return for his payment, he said.

Developers of open-source Linux and Homebrew software said they used it to upload projects they were working on together. Musicians, as well, said they stored songs for collaborative projects there. One user said she used it for sharing large zip files of photographs that were too unwieldy to send via e-mail.

“Megaupload was closed by the FBI … was I the only ones who had it for work files?” Twitter user Nina Andrade wrote. “Just get me my files back!!!”

The charges come at a time when online piracy is a hot topic. New legislation before the U.S. Congress — which would have cracked down on piracy but, according to critics, would also have endangered free speech online — has stalled at least temporarily after a massive online protest this week. (Full disclosure: CNN’s parent company, Time Warner, supports that anti-piracy legislation.)

Some people online say the Megaupload takedown, which came a day after Wikipedia and other sites went black in protest of the pending legislation, was largely symbolic — singling out one site while bigger ones still thrive.

With a couple of quick clicks on a pair of well-known file-sharing sites on Friday, CNN was able to see that Metallica’s entire discography, every “Doctor Who” episode for the past six seasons and Steven Spielberg’s epic “War Horse,” which is currently playing in theaters, were offered up for download by anyone seeking out those files.

U.S. authorities overreacted in shutting down the online file-sharing site Megaupload and seeking criminal charges against its executives, the company’s American lawyer said Friday.

“We believe that the allegations are without merit and Megaupload is going to vigorously defend against the case,” attorney Ira Rothken said.

Federal authorities shut the site down Thursday, the same day they announced indictments against seven people connected to the site, accusing them of operating an “international organized criminal enterprise responsible for massive worldwide online piracy of copyrighted works.” Four of those charged were arrested Friday in New Zealand at the request of U.S. authorities.

The site, which traffic-tracking service Alexa ranked as the world’s 72nd most visited website before it was taken down, allowed users to share and download files, many of which were copyrighted works made available for download without permission, according to authorities.

Rothken said the case demonstrates a “copyright extremist mentality” on the part of U.S. authorities and raises significant due process and consumer protection issues.

He said it was inappropriate for U.S. authorities to seize the company’s servers and domain names, not to mention $50 million in assets, without a court hearing.

He also said the seizure means consumers who had stored legitimately acquired materials on sites owned by Megaupload can no longer access them.

The seizure “has essentially created a chilling effect on consumers using Internet cloud storage going forward,” Rothken said.

Federal prosecutors allege Megaupload’s founders “conducted their illegal operation using a business model expressly designed to promote uploading of the most popular copyrighted works.”

The site’s popular MegaVideo subsidiary was widely known in tech circles for its copious selection of pirated content, including recent movies and episodes of hit TV shows.

“The conspirators allegedly paid users whom they specifically knew uploaded infringing content and publicized their links to users throughout the world,” prosecutors said in a statement. They also took steps to mask the presence of illegal content on the site, prosecutors said.

The company also discouraged users from using the site for legitimate personal storage by automatically deleting files that weren’t regularly downloaded, prosecutors said.

Authorities said the operation had generated more than $175 million in illegal profits through advertising revenue and the sale of premium memberships.

Those indicted are citizens of New Zealand, Germany, Slovakia and the Netherlands. No U.S. citizens were named. However, Megaupload has servers in Ashburn, Virginia, and Washington, which prompted the Virginia-based investigation.

The investigation involved 20 search warrants in eight countries, authorities said. Officials seized 18 domain names from the company and its servers based in the United States, the Netherlands and Canada.

Megaupload’s sudden shutdown Thursday got the attention of hackers, who quickly assembled a widespread operation to take down the Justice Department and FBI websites, as well as those for the Motion Picture Association of America, the Recording Industry Association of America and several other sites.

The Internet activism and hacking collective Anonymous took credit for the denial-of-service attacks, which don’t damage computer systems but keep sites from operating properly by overloading them with spurious requests. That can slow a site down or keep its servers from responding to legitimate requests.

“It’s a violation of freedom of speech,” one Anonymous member told CNN of the Megaupload shutdown. “It’s part of a bigger picture that’s taking place … which is a very big slide toward Internet censorship on a gigantic scale.”

Most of the sites were back up by Friday morning, but the website for New Zealand police, which Anonymous also targeted, appeared to be down early Saturday.

The Justice Department and FBI sites targeted Thursday were operating normally on Friday, a law enforcement official told CNN. Investigators are “looking at forensics to see where (the attack) came from,” the official said.

No data breaches occurred on U.S. government sites, the law enforcement official told CNN.

The four Megaupload officials arrested in New Zealand — Kim Dotcom, Finn Batato, Mathias Ortmann and Bram van der Kolk — appeared Friday at an initial court hearing.

Dotcom, the Megaupload founder and owner, spoke briefly, interrupting an attorney who sought to stop reporters from photographing the men, according to the New Zealand Herald newspaper.

“We don’t mind … if people want to take photographs of us or cover this event because we’ve got nothing to hide,” the newspaper quoted him as saying.

It was unclear when extradition proceedings would begin.

The four were arrested after a complicated raid that involved 76 police officers who arrived at a New Zealand mansion by helicopter and had to repeatedly defeat electronic locks in pursuing Dotcom, New Zealand’s TV One reported, citing Detective Inspector Grant Wormald.

Officers had to cut their way into a safe room, where they found Dotcom near a sawed-off shotgun, the broadcaster reported.

“It was definitely not as simple as knocking at the front door,” TV One quoted Wormald as saying.

The raid, seizure and shutdown comes in the same week as a widespread Internet protest over controversial anti-piracy bills in the U.S. House and Senate that would make it easier for U.S. authorities to target foreign piracy sites, of which prosecutors allege Megaupload was one.

The bills are known as the Stop Online Piracy Act, or SOPA, and the Protect Internet Property Act, or PIPA.

The bills are aimed at cracking down on copyright infringement by restricting access to sites that host or facilitate the trading of pirated content. But the legislation has created a divide between tech giants, who say the language is too broad, and large media companies, who say they are losing millions each year to rampant online piracy.

Time Warner, the parent company of CNN, is among the industry supporters of the legislation.

On Friday, after numerous legislators pulled their support for the legislation in the wake of the protests, House and Senate leaders announced they would delay action on the legislation to address concerns raised by activists.

Rothken said the shutdown calls into question whether legislation like SOPA or PIPA is truly needed.

“This demonstrates the government is certainly able to act without any additional legislation,” he said.

Read more

Malware attempts to steal money by duping the user into divulging an e-cash voucher

A new version of the Carberp Trojan attempts to steal money from Facebook users by duping them into divulging an e-cash voucher, researchers say.

“Carberp replaces any Facebook page the user navigates to with a fake page notifying the victim that his/her Facebook account is ‘temporarily locked,’” says Trusteer CTO Amit Klein in his blog. “The page asks the user for their first name, last name, email, date of birth, password and a Ukash 20 euro [approximately $25 US] voucher number to ‘confirm verification’ of their identity and unlock the account.

“The page claims the cash voucher will be ‘added to the user’s main Facebook account balance,’ which is obviously not the case,” Klein states. “Instead, the voucher number is transferred to the Carberp bot master, who presumably uses it as a cash equivalent, thus effectively defrauding the user of $25.”

The emerging man-in-the-browser (MitB) attack exploits the trust users have in Facebook and the anonymity of Ukash e-cash vouchers, Klein writes. “Unlike attacks against online banking applications that require transferring money to another account — which creates an auditable trail — this new Carberp attack allows fraudsters to use or sell the e-cash vouchers immediately, anywhere they are accepted on the Internet.”

This type of attack is likely to grow as e-cash becomes more frequently used, Klein warns. “Like card-not-present fraud, where cybercriminals use stolen debit and credit card information to make illegal online purchases without the risk of being caught, e-cash fraud is a low risk form of crime,” he says. “With e-cash, however, it is the account holder not the financial institution who assumes the liability for fraudulent transactions.”

Carberp, like its predecessors Zeus and Spyeye, infects machines through malicious files — such as PDFs and Excel documents — or drive-by downloads, according to a blog about the Carberp Trojan published by security firm Context Information Security. “In most cases, Carberp will persist undetected by antivirus software on the infected machine using advanced stealth, anti-debugging, and rootkit techniques, and is controlled from a central administrator control panel that allows the attacker to mine the stolen data,” the Context blog states. “Carberp is also part of a botnet that can take full control over infected hosts, while its complicated infection mechanisms and extensive functionality make it a prime candidate for more targeted attacks.” The malware uses multiple layers of obfuscation and encryption to remain hidden from malware analysis tools, the Context blog says. “Once embedded and decrypted, the real infection begins with malicious file dropping and process injection steps that provide a backdoor to the host under attack.”

Read more

US: Hedge fund boss among those charged in record $61M single-stock insider trading case

The nearly $62 million earned illegally through inside trading by two hedge fund executives, four financial analysts and a Dell Inc. employee represents “a stunning portrait of organized corruption on a broad scale” and was notable for exploiting the secrets of a single technology giant, a prosecutor said Wednesday in announcing charges in the case.

U.S. Attorney Preet Bharara said at a news conference that the prosecution was part of a government assault on insider trading that so far has resulted in 63 arrests and 56 convictions.

“Each wave of charges and arrests seems to produce leads to lead us to the next phase,” said FBI Assistant Director-in-Charge Janice K. Fedarcyk.

She said the arrests were not the last in a 4-year-old probe dubbed “Operation Perfect Hedge.”

“If you are engaged in insider trading, what distinguishes you from the dozens who have been charged is not that you haven’t been caught; it’s that you haven’t been caught yet,” she said.

Bharara called the seven men arrested in the latest crackdown part of “a criminal club whose purpose was profit and whose members regularly bartered lucrative inside information.

“It was a club where everyone scratched everyone else’s back,” he said. “The criminal complaint and three felony informations unsealed today paint a stunning portrait of organized corruption on a broad scale.”

The criminal complaint in U.S. District Court in Manhattan charged four of the men with conspiracy to commit securities fraud and securities fraud, among other charges. Three analysts charged in the other documents have already pleaded guilty and are cooperating with the government.

The insider trading plot was noteworthy for its size. Last month, hedge fund founder Raj Rajaratnam began serving an 11-year prison term — the longest ever given in an insider trading case — for a scheme that prosecutors said produced as much as $75 million in profits on dozens of trades over a multi-year period. That prosecution resulted in more than two dozen convictions and led to a spinoff probe that produced even more arrests.

Bharara said the case he announced Wednesday was comparable to the one brought against Rajaratnam. He highlighted its size, saying the co-conspirators netted more than $61.8 million in illegal profits based on trades of a single stock from 2008 through 2009. The Securities and Exchange Commission said the profits, combined with $15.7 million earned on trades involving Nvidia Corp., reached nearly $78 million.

SEC Enforcement Director Robert Khuzami said it was disturbing that the case involved high level executives at “some of the largest and most sophisticated hedge funds in the country.”

He said there was nothing wrong with fast-trading hedge funds but they are already characterized by a lack of transparency and can pose a “grave threat to the integrity of the markets and the level playing field that is the foundation of those markets” when they use their considerable market power to influence those who possess inside information.

The SEC said the case involved closely associated hedge fund traders at Stamford, Connecticut-based Diamondback Capital Management LLC and Greenwich, Connecticut-based Level Global Investors LP.

Anthony Chiasson, a co-founder at former hedge fund group Level Global Investors, was among four men arrested Wednesday. He surrendered to the FBI in New York, where he lives.

In court papers, he was credited with a starring role in the securities fraud. Authorities said a hedge fund analyst fed Chiasson inside information about an upcoming announcement of Dell’s earnings for the first and second quarters of 2008, allowing Chiasson and others at his hedge fund to make approximately $57 million in illegal profits through trades. Inside information about Dell earnings resulted in $3.8 million in illegal profits at another hedge fund and $1 million in illegal profits at a third hedge fund, the complaint said. The Dell inside information also allowed an investment firm to avoid losses of approximately $78,000, authorities said.

Jon Horvath, an analyst at Sigma Capital Management, an affiliate of hedge fund SAC Capital Advisors in Manhattan, was arrested at his New York City home while Todd Newman, a hedge fund portfolio manager, was arrested in Needham, Massachusetts. Analyst Danny Kuo of San Marino, California, also was arrested.

Among those who have pleaded guilty to charges of conspiracy and securities fraud and are cooperating in the case was Sandeep Goyal, of Princeton, New Jersey, who worked from the summer of 2006 through May 2007 for Dell at its corporate headquarters in Round Rock, Texas, and obtained inside information from employees of Dell after he began working as an associate analyst for a global asset management firm in Manhattan, court papers said.

According to court papers, Goyal benefited from his relationship with a co-conspirator who worked in Dell’s investor relations department from March 2007 through March 2009 and in its corporate development office from March 2009 through April 2010. Authorities said a hedge fund with $4 billion in assets in 2009 paid Goyal about $175,000 for providing insider information about Dell.

Another cooperator was identified as Jesse Tortora, of Pembroke Pines, Florida. The SEC said Goyal tipped Tortora who then tipped several others, leading to insider trades on behalf of the Diamondback and Level Global hedge funds.

The third cooperator was identified as Spyridon (Sam) Adondakis, a Level Global analyst. The SEC said he tipped Chiasson, his manager. Adondakis also lived in New York City.

“These are not low-level employees succumbing to temptation by seizing a chance opportunity,” Khuzami said. “These are sophisticated players who built a corrupt network to systematically and methodically obtain and exploit illegal inside information again and again at the expense of law-abiding investors and the integrity of the markets.”

FBI Agent David Makol said in court papers that the government built its case through information provided by the three cooperators, consensually recorded conversations, court-authorized wiretaps, telephone records, trading records, electronic communications, documents provided by a cooperator and other documents obtained from two hedge funds. The hedge funds were not identified in court papers.

Read more

It’s not the kind of cheating most victims had in mind.

As millions of lonely hearts and lusty pants head online to find mates and dates, those who specialize in finding skeletons in the closet are warning online daters to be careful.

This comes a few days after a Toronto human resources firm called for all dating sites to make users supply a criminal background check as part of the registration process.

Ottawa private investigator Robert Gater said that’s “part of a good first step.”

Over the past few years he’s been hired more than a dozen times to find any available dirt on potential boyfriends or girlfriends found online.

A criminal background check will tell someone what their lover has done in the past, but not necessarily what they’re up to now.

That information comes from people like Gater, who do surveillance on top of research.

There are several cases of killers using dating sites to find victims. Investigators in Long Island, N.Y., are currently hunting the so-called Craigslist Ripper, wanted for 10 murders.

The cases in Ottawa appear to be more financially motivated.

“One guy hired me who was in Florida but met a woman online here who said she was in the middle of a divorce, was well-off but her income was in escrow. He lent her money. Sure enough, she’s happily married and was currently doing this to two or three other guys,” he said.

Gater said sometimes he’s asked to get involved before potential victims find out what the motive is — online.

“She sent him back some stunningly attractive photos,” said Gater. “They weren’t of her. She looked nothing like that.”

The woman was also married and was simply taking the photos off a stranger’s public Facebook profile.

“The guy was quite devastated. They had conversations for hours, stringing him along for the better part of the year. He thought she was smokin’ hot.”

Gater figures about 35% of all men on dating sites are married. He said the liars out there are about 50/50 men and women, but they’re after different things.

“Men are looking to cheat or have a criminal record they’re lying about,” said Gater. “Women are doing it for the fantasy or financial fraud.”

Gater said he was hired to check out the “ripped young Greek dude” who turned out to be a short Asian man. When confronted, he claimed he used to be a ripped, young Greek man until he had reconstructive surgery following a motorcycle crash.

“That somehow changed his race and shortened him a good four inches,” said Gater. “Be careful out there.”

Read more