On Q Professional Investigations

Five airline employees were charged Thursday in a sting operation with using their security clearances to secretly smuggle more than $400,000 in cash through Boston’s Logan Airport.

Four ground operations crew members of JetBlue Airways and one Delta Air Lines customer service ramp agent were arrested on charges of conspiracy to commit money laundering and conspiracy to defraud the Transportation Security Administration.

Federal prosecutors said they used their security clearance to circumvent TSA checkpoints and smuggle cash to secure areas such as passenger departure gates. In return, each allegedly received a payment from a cooperating witness who posed as a member of a drug-trafficking organization while working with law enforcement.

“Security at our nation’s airports is paramount and the conduct alleged today is alarming,” said U.S. Attorney Carmen Ortiz. “Thanks to the hard work and commitment of the federal and state investigators and airline security personnel, a potentially dangerous breach in security was identified.”

Prosecutors identified the JetBlue employees as: Rupert Crossley, 25, of Lynn; Alvin Leacock, 27, of Hollywood, Florida; Eric Vick, 24, of Boston; and Anthony Trotman, 24, of Boston. The Delta employee was identified as Dino Dunkley, 31, of Boston. Vick and Dunkley are accused of taking the smuggled cash aboard airline flights from Boston to Florida.

Trotman’s attorney, Keith Halpern, said his client will plead not guilty.

“This is a case where the government created a crime, where they sent someone who was working for the government out with huge amounts of cash to see if they could entice people to do illegal activities,” Halpern said.

Vick’s attorney Ed Hayden said his client also is pleading not guilty. “We intend to investigate the government’s role in instigating the offenses,” Hayden said.

Attorneys for the other men did not immediately return messages seeking comment.

They made their initial court appearance Thursday and were ordered held until a detention hearing next week. If convicted, each faces up to 20 years in prison.

Read More

Organized retail crime may have decreased very slightly last year, according to a new National Retail Federation study, but it remains a massive problem and the nation’s largest cities are especially prone to organized activities.

NRF’s ninth annual Organized Retail Crime (ORC) Survey found that 93.5% of retailers said they had been a victimized by organized retail crime during the past year, down slightly from 96% the prior year. For the past three years, more than 90% of the retailers surveyed said they were victims of ORC. Eight in 10 of those surveyed believe that ORC activity in general in the United States has increased over the past three years.

“We are extremely concerned by the organized patterns that are taking place in the retail industry right now as these crime gangs continue to find ways to maneuver the system,” said NRF vp of loss prevention Rich Mellor. “Though retailers continue to make great strides in their fight against organized retail crime, savvy, unconscionable criminals are selling stolen merchandise for a profit that doesn’t belong to them.”

According to the study, which included participation from 77 loss prevention executives representing all retail channels, the 10 cities with the worst organized retail crime are, in alphabetical order:

Atlanta
Baltimore
Chicago
Dallas
Houston
Los Angeles
Miami
New York
Northern New Jersey
San Francisco/Oakland

The list basically mirrors the nation’s 10 largest urban areas which is not surprising considering high concentrations of people and convenient store locations equal increased opportunity for thieves and more outlets for stolen goods.

Read More

(CNN) – A large number of people, mostly located in Australia, are reporting they have come under an unexplained attack that holds their iPhones and iPads hostage and demands they pay a $100 ransom.

The attack appears to work by compromising iCloud accounts associated with the disabled devices, according to an Apple support forum discussion that started Sunday morning and quickly accumulated several hundred posts.

Commandeered devices typically emit a loud tone that’s associated with a feature that helps users locate lost or stolen devices. iPhones and iPads also display the message: “Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:lock404@hotmail.com for unlock.”

In some cases—specifically, when a user hasn’t assigned a strong passcode to a locked device—it can only be unlocked by performing a factory reset, which completely wipes all previously stored data and apps.

The mass compromise is a variation on so-called ransomware scams, which initially targeted Windows PC users and earlier this month were found targeting smartphone users running Google’s Android OS.

The forum accounts provide strong evidence that victims’ Apple IDs and passwords have been compromised so that attackers can remotely lock connected devices using Apple’s Find My iPhone service.

But so far it remains unclear exactly how the attackers are compromising the iCloud accounts.

While it’s possible the hijackers used phishing attacks or hacked password databases to obtain the credentials, those explanations are undermined by the observation that the vast majority of victims were located in Australia and reported using a variety of e-mail providers. Typically, phishing campaigns and database compromises involving multiple providers affect users from more geographic regions.

Read More

Today’s world is becoming more and more mobile every day. In fact, 91% of all people own a mobile device and 56% own some type of smart device. It is no surprise that today there are more mobile devices on the earth than there are people! Equally impressive is that the amount of data we consume is becoming increasingly focused on mobile devices. In fact, according to Pew Research, 55% of all internet traffic in the United States is from a mobile device, which is a first for overall internet traffic.

Mobile data is not just a part of the Big Data world; it is one of the largest contributors. Mobile device data, particularly smart devices, will contribute to approximately 8 zettabytes of data by 2015. To put a zettabyte in perspective, think of 250 billion DVDs containing around 36 million years of HD video. The total data would equal approximately 1 zettabyte.

With these statistics in mind, it would make sense that every digital investigation scenario will contain data from mobile devices. With that being said, collecting and analyzing mobile data is not only vital, but paramount to solving today’s crimes. Mobile device data, combined with data from other big data repositories, like hard drives, network shares, and offline servers paints a much better picture than relying on a single source.

So, what types of mobile device data are most important to investigations? The answer to that is quite simple, everything! From the standard SMS, MMS, Contacts, and Call Logs to the meaty data involving the posting, sharing, commenting, chatting, bashing, liking, favoriting, tweeting, and browsing in social media to the locating, logging and storing files in applications. Factor in that all this data is stored on the device, and not on a network server, with your mobile provider, or your company. Now, multiply the fact that most of today’s communication occurs outside of the normal SMS/MMS via messaging applications, and you realize a mobile forensic solution that can effectively uncover this important data is now a necessity.

A perfect example of this happened recently when I spoke to a group of over 200 forensic examiners. I simply asked them to raise their hands if they had examined a mobile device for an investigation. Immediately hands shot up from over 80% of the attendees. I asked them to continue to leave their hands up if during the last examination of a mobile device they looked at any application data from third party applications on the smart device. Only 5 hands remained up. That is less than 3% of the attendees, which is typical, if not a little high, for the normal educational seminar I conducted. Mobile device hardware, operating systems and applications are advancing at a pace never seen before. Should not our investigative tools and priorities advance as well?

The ability to search and recover mobile data from applications on smart devices is difficult and often limited when using current mobile solutions. Research shows that only 5 to 10% of the entire user data area is examined by typical mobile forensics tools. This leaves 95% of application data unanalyzed, and a lot of times uncollected. The net result shows that most examiners have minimal insight into the mobile application data because of the lack of support of their current tool, the lack of time and the lack of training.

Read More

A new Idaho state law takes effect July 1 and applies to people with an enhanced license to carry concealed weapons, along with retired law enforcement officers.

Public colleges and universities in Idaho are getting ready to comply with a new state law they strongly opposed: allowing concealed weapons to be carried on campus.

The law takes effect July 1 and applies to people with an enhanced license to carry concealed weapons, along with retired law-enforcement officers. College leaders universally opposed the law, but pro-gun-rights lawmakers pushed it through the Legislature this year.

Now college administrators and campus-security departments are preparing for the new reality: guns in lecture halls, labs, offices, cafeterias — everywhere but dormitories and entertainment venues with seating for more than 1,000, like stadiums and auditoriums.

“We intend to follow the law. Really, we don’t discuss the merits of the law. That was done, the law passed. We’re talking about implementation,” said Matt Dorschel, executive director of public safety and security at the University of Idaho in Moscow.

Higher-education leaders are revising campus-weapons policies to comply with the new law, although bans on openly carrying guns are expected to remain in effect.

Some colleges also plan to beef up their security. North Idaho College (NIC) in Coeur d’Alene will provide its security officers with bulletproof vests plus training related to concealed-weapon laws, and it may expand its seven-person security force by one full-time and one part-time position.

NIC also is mulling whether to arm its security workers for the first time, said Alex Harris, director of student development.

“I don’t know if we’ll go that direction, but it’s definitely out there and we’re considering it,” Harris said.

Another option, he said, is to work with the Coeur d’Alene Police Department to station a school resource officer on campus, similar to the officers present in middle and high schools.

All of these measures are unforeseen expenses at a time of budget cuts due to falling enrollment, Harris said. NIC’s enrollment this year dropped 11 percent from the previous school year — a trend that corresponds to the improving economy.

The vests will cost about $8,000, and arming and training security officers would cost $10,000 a year. The new security officers, or a school resource officer, would cost about $60,000 a year.

The 12,000-student University of Idaho anticipates no significant changes for its security force. The Moscow Police Department can respond quickly to emergencies on campus, and a university task force implementing the new law is not likely to recommend arming campus security, Dorschel said.

“We don’t think that anything about the law would impact our need to have other armed responders on campus,” he said.

Read More

Using a simple camera or camera phone, it is now possible to snap a photo of almost any key ring and use the image to make a physical copy of a key.

The I-Team did just that, using a web site called keysduplicated.com.

With a smartphone camera, the I-Team took a photo of a key ring lying unarranged on a desk. After the image was run though photo-editing software, and one house key was isolated, the image was uploaded to the web site. Within a week, the company sent the I-Team a copy of the key,which opened the front door of a home.

In crowded Bryant Park one recent day, Devon White’s key ring was one of several the I-Team found sitting in plain sight, vulnerable to a camera phone snapshot.

“It’s always cool when new technology moves in a new direction, but it is a bit worrying,” said White, of Queens, after learning about this new vulnerability. “You wonder … anybody could just take a picture of anybody else’s key.”

Police in Nassau County said they first became aware of the new key-cutting technology in recent months. They said they have not linked any crimes to it yet, but they are urging people to use caution in how they handle their keys.

“All it takes to cut a key is you just have to have the outline of the key,” said Detective Sgt. Richard Harasym, who heads Nassau’s Crimes Against Property Unit. “It’s unlocking the keys to your castle, so to speak, and if you leave them out there, then you run the risk that something bad could happen.”

The I-Team contacted Ali Rahimi, the founder of the web site. Rahimi admitted News 4′s demonstration reveals a security risk, and said he will look for ways to close it. Still, but he said he’s unaware of any customer who’s ever used one of his keys illegally.

“It’s worth incorporating the lessons we’ve learned from your experiment. It’ll take some thought,” said Rahimi.

Rahimi said one possibility might be to use software that detects when photos have been doctored. The web site does require a credit card for payment. Until better security checks can be implemented, he said his employees will screen for any suspicious-looking pictures, and ask for additional photos of the key in the customer’s hands.

“That’ll ensure they have physical access to the key,” he said.

View Source

The leader of a large-scale fraud ring who profited by helping people establish fake identities—enabling them to charge millions of dollars on credit cards they had no intention of paying off—was recently sentenced to 12 years in prison after pleading guilty to the charges against him.

The fraud carried out by New Jersey resident Sang-Hyun “Jimmy” Park was sophisticated and also brazen. He actively recruited scores of participants by placing ads that promised easy credit and easy money in Korean-language newspapers.

The scam hinged on Social Security cards that had 586 in the prefix. These were legitimate documents issued in the 1990s mostly to Chinese nationals hired to work in American territories such as Guam and American Samoa. When the workers returned to China, criminals there bought the so-called 586 cards, knowing they might illegally profit from them.

The criminals gathered more than 20,000 of the second-hand cards and then found buyers for them throughout the United States. In the New Jersey area, Jimmy Park was buying all the 586 cards he could get.

“He realized he had a clean slate with perfectly valid Social Security numbers,” said Special Agent Barbara Woodruff, one of a team of investigators who worked the case out of our Newark Division. “Park understood the potential for financial gain and took it to the next level.”

Here’s how the scam worked:

Park and his conspirators sold 586 cards for a fee, promising to help customers use the cards to get other forms of identification, including driver’s licenses.

With new identities in place, Park helped customers establish credit through a lengthy process. One of the methods was temporarily adding a new identity to an existing credit card account whose owner had excellent credit. The owners of the legitimate accounts were paid a fee for this service.

After building the credit scores associated with the new identities—and detaching them from the legitimate accounts—Park helped customers obtain credit cards and open bank accounts.

“With valid credentials and high credit scores, the 586 card owners could open credit accounts everywhere—banks, retail stores, car dealerships,” said Special Agent Theresa Fanelli, another member of the investigative team. “The sky was the limit.”

The scammers then proceeded to “bust out” their credit cards, charging as much as $30,000 per month. “With an impeccable credit history,” Woodruff explained, “none of the financial institutions batted an eye. Why would they?”

When it came time to pay monthly bills, the scammers made online or telephone payments using accounts that had no money behind them—knowing that the banks and retail outlets could take several days to figure out that the payments were bogus. During that period, they charged even more items.

“They were able to steal millions of dollars in a short amount of time,” Fanelli said.

Park and his conspirators also paid merchants to charge sums on the fraudulent credit cards when no actual transactions took place. After receiving money from the fake sales in their accounts, the merchants gave the proceeds to Park, minus their cut.

Our investigation began at the end of 2008 after clues about the fraud were discovered during a homicide investigation (see sidebar). Arrests were made in September 2010. In all, 54 individuals were charged with various felony frauds, and most have pled guilty. Park admitted to defrauding numerous companies out of millions and was sentenced in February. After his prison term, he will be deported to South Korea.

View Source

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

Criminals now have possession of eBay (EBAY, Fortune 500) customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted and are virtually impossible to be deciphered. Still, as a precaution, eBay is asking everyone to reset their passwords late Wednesday.

The company isn’t saying how many of its 148 million active accounts were affected — or even how many customers had information stored in that database.

But an eBay spokeswoman said the hack impacted “a large number of accounts.”

EBay’s subsidiary, PayPal, said it was untouched by the data breach. PayPal data, which is sensitive because it includes payment information, is kept on a separate network.

To hack into the eBay database, the cyber attackers managed to get their hands on “a small number” of eBay employee log-in credentials, the company said. They then used that to worm their way into eBay’s corporate network. The hackers grabbed the customer database between late February and early March.

It wasn’t until two weeks ago that eBay discovered employee credentials had been stolen, the company said. The company then conducted a forensic investigation of its computers and found the extent of the theft.

The company said it hasn’t spotted any increase in fraudulent activity on eBay yet.

The good news for eBay customers is that the passwords were encrypted with a technique known as hashing, which turns text into irreversible jumbled code. And they were “salted” with an added random digit or two. Also, eBay’s password requirements are ranked slightly better than average by password manager Dashlane. That’ll make them even harder to decrypt.

But that’s not the point. The real danger here is in the fallout of such a major data breach. Hackers now know where you live. They can call you. Expect to receive fake deals and offers. Beware of getting duped into revealing even more sensitive information, like your bank details or Social Security number.

View Source

Computer hacker forums lit up last week as Federal Bureau of Investigation agents and police in 17 countries began knocking on doors, seizing computers and making arrests.

On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.

The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.

The FBI and prosecutors in the Manhattan U.S. attorney’s office announced the results of that probe on Monday: More than 90 arrests worldwide.

The malware sells for as little as $40. It can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords — without victims ever knowing it.

Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.

Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.

Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.

The sweep, capping a two-year operation, is one of the largest global cybercrime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.

“The charges unsealed today should put cyber criminals around the world on notice,” said Leo Taddeo, chief of the FBI’s cybercrime investigations in New York. “If you think you can hide behind your computer screen — think again. ”

700,000 victims around the world: Inside the FBI special operations center, six large computer monitors displayed key parts of the probe. Agents kept an eye on one screen showing a popular website where Blackshades was sold. The site was taken down by the FBI.

Another monitor showed a heatmap of the world displaying the locations of the 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. Splotches of green on the map indicated concentrations of infected computers in highly populated parts of the U.S., Europe, Asia and Australia.

The FBI said that in just a few years Blackshades has become one of the world’s most popular remote-administration tools, or RATs, used for cybercrime.

Taddeo said the unprecedented coordination with so many police agencies came about because of concern about the fast growth of cybercrime businesses.

“These cyber criminals have paid employees, they have feedback from customers — other cyber criminals — to continually update and improve their product,” Taddeo said recently. While he spoke, agents took calls from counterparts working the case in more than 40 U.S. cities.

Blackshades had grown rapidly because it was marketed as off-the-shelf, easy to use software, much like legitimate consumer tax-preparation software.

“It’s very sophisticated software in that it is not very easy to detect,” Taddeo said. “It can be installed by somebody with very little skills.”

‘I felt completely violated’: For victims whose personal computers were turned into weapons against them, the arrests bring reassurance.

Cassidy Wolf, the reigning Miss Teen USA, received an ominous email message in March 2013.

The email, from an unidentified sender, included nude photos of herself, obviously taken in her bedroom from her laptop. “Either you do one of the things listed below or I upload these pics and a lot more … on all your accounts for everybody to see and your dream of being a model will be transformed into a porn star,” the email said.

And so began what Wolf describes as three months of torture.

The email sender demanded better quality photos and video, and a five-minute sex show via Skype, according to FBI documents filed in court. He told her she must respond to his emails immediately — software he had installed told him when she opened his messages.

“I felt completely violated,” Wolf said in an interview. “I felt scared because I didn’t know if this person was a physical threat. My whole sense of security and trust was gone.”

A former classmate she knew, Jared Abrahams, had installed Blackshades malware on Wolf’s laptop. In March, the 20-year-old computer science student was sentenced to 18 months in prison after pleading guilty to extortion and unauthorized access of a computer.

Abrahams had been watching her from her laptop camera for a year, Wolf later learned. The laptop always sat open in her bedroom, as she played music or communicated with her friends.

Abrahams had used Blackshades to target victims from California to Maryland, and from Russia to Ireland. He used the handle “cutefuzzypuppy” to get tips on how to use malware, according to FBI documents. In all, he told the FBI, he had controlled as many as 150 computers.

Read More

A U.S. grand jury has indicted five Chinese individuals with cyber espionage charges for allegedly targeting six American companies and stealing trade secrets, the U.S. Justice Department said, publicly accusing China of cyber spying for the first time.

The hackers targeted U.S. companies in the nuclear power, metals and solar products industries to steal information useful to competitors in China, the department said on Monday.

The companies targeted include Alcoa Inc., United States Steel Corp., Allegheny Technologies Inc., Westinghouse Electric Co. and U.S. subsidiaries of SolarWorld AG, U.S. officials said.

The hackers also targeted United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied-Industrial and Service Workers International Union (USW), officials said.

The hackers targeted U.S. companies in the nuclear power, metals and solar products industries to steal information useful to competitors in China, the department said.

More details were expected at a news conference later Monday with Attorney General Eric Holder and other U.S. officials.

The move “indicates that DOJ has ‘smoking keyboards’ and (is) willing to bring the evidence to a court of law and be more transparent,” said Frank Cilluffo, head of the Homeland Security Policy Institute at the George Washington University.

American officials have long been concerned about hacking from abroad, especially China. Secret U.S. State Department cables obtained by WikiLeaks traced major systems breaches to China, Reuters reported in 2011. One 2009 cable pinpointed attacks to a specific unit of China’s People’s Liberation Army.

Such charges, however, are symbolic but the move would prevent the individuals indicted from traveling to the United States or other countries that have an extradition agreement with the United States.

Several cyber security experts said Monday’s action showed the United States was serious about tackling the hacking concerns.

Read More