Archive for October, 2014

Cops Can Compel You To Unlock Phone

Cops can’t make you give them your smartphone password — but they can compel you to slap your finger onto your Apple Touch ID device to unlock it, a Virginia court ruled Thursday.

It’s an odd sort of loophole: The Fifth Amendment protects you from offering knowledge that could incriminate yourself, meaning you don’t have to tell a cop your phone’s password if he or she asks you for it. But you can be required to turn over physical evidence or DNA information. In the Virginia case, the judge ruled that a fingerprint is considered a physical object — and police are allowed to force you to give it to them.

Apple’s Touch ID lets you unlock your iPhone or iPad with your fingerprint, saving you the trouble of typing in a password. The feature made its debut last year and is available on the iPhone 5S, iPhone 6 and 6 Plus, iPad Air 2, and iPad Mini 3.

The ruling by Virginia Beach Circuit Court Judge Steven Frucci is linked to the case of David Baust, an emergency medical services captain who was charged in February with attempting to strangle his girlfriend. Prosecutors wanted to access video on Baust’s locked phone, the Virginian-Pilot reported.

The Touch ID case is not as binding as a Supreme Court ruling, but it sets a precedent that other cases can draw on, Mashable noted. According to the Virginian-Pilot, it’s unclear how the ruling will impact Baust’s case. If his phone is protected by Touch ID, prosecutors could access it using Frucci’s ruling. If the phone is protected by a passcode or both a passcode and Touch ID, they can’t.

Read More

Secrets of an Identity Thief

Driving around Seattle with “Alice,” a convicted ID thief who didn’t want her own identity revealed, was an education.

“She knew where all the places where to go … the easiest cars to break into,” Shadel said.

Driving around a parking lot, Alice pointed out the cars she would likely target.

“Out-of-state plate, so we are probably going to hit that car because it’s parked over in the corner,” she said. “It’s easy to get into without somebody seeing.”

The out-of-state license plate signaled to Alice that the driver had probably traveled with lots of personal information.

She also pointed out seemingly unlikely targets, like work vans. “They usually had like full on credit cards to bill companies,” she said.

And cars with backpacks that are sitting out in the open. “It’s just full of goodies. It always is.”

In just a few months Alice and her colleagues stole $900,000, Shadel said, noting that “she had a little group.”

“One guy who could make IDs. Another who knew how to swipe all the laptops and put them up in the cloud. It was quite a little posse of identity thieves,” Shadel said.

Identity theft affects more than 16 million Americans each year to the tune of $24.7 billion, according to the Bureau of Justice Statistics. It is the single largest type of property crime.

Read More

(Reuters) – New York prosecutors have secured more than $18 million in a series of fraud cases using warrants to access hundreds of Facebook accounts, a move the social medial firm says was unconstitutional and is still fighting.

The information obtained from Facebook Inc also helped lead to 130 indictments of civil servants, including police officers and firefighters, for Social Security fraud, according to a court document filed by the Manhattan District Attorney’s office in a state appeals court on Wednesday.

More than 90 defendants have pleaded guilty and agreed to pay more than $18 million in restitution, the brief said.

The prosecutors said the numbers undermine Facebook’s claim that the warrants, which applied to 381 users’ photos, private messages and other account information, were too broad and violated the constitutional ban on unreasonable searches.

Facebook has drawn support in its challenge to the warrants from other technology and civil liberties groups, including Google Inc, Microsoft Corp, Twitter Inc, and the American Civil Liberties Union.

A five-judge panel will hear the case in December. Facebook complied with the warrants last year after a state judge approved them.

A victory for Facebook would not directly impact the pending fraud cases, but could lead to judges throwing out evidence taken from the site in some cases.

The district attorney in Wednesday’s filing said Facebook does not have the legal standing to assert its users’ constitutional rights on their behalf.

Prosecutors also urged the court to reject Facebook’s claim that all its customers have an expectation of privacy when using the site.

“Some customers treat their accounts as ‘digital homes,’ and maintain some degree of privacy,” the brief said. “Others treat their accounts more as digital billboards, broadcasting material to dozens or even hundreds of others, thus abandoning any claim of privacy.”

Read More

There’s a lot of talk these days of surveillance, but not so much about sousveillance. “Sousveillance means watching from below, whereas surveillance denotes seeing from above,” says Kim Yong Hun, a member of the Seoul-based artist group that created this security camera-bedecked blazer. Just like surveillance cameras protect goods in stores from above, this jacket protects its wearer with watchful eyes from below.

To make the jacket, Kim Yong Hun and Shin Seung Back, who together make up Shinseungback Kimyonghun, stitched over a dozen cameras into a standard business blazer. Four of them work; the rest are decoys. If the wearer is in danger, or even just in a sketchy situation, a push of a discrete button in the sleeve switches those four cameras on to capture a panoramic video of the user’s surroundings. The video transmits over Wi-Fi to a public website, holding anyone and everyone nearby accountable. In some ways, the jacket enables a more streamlined version of something we’re already doing, which is constantly recording the world around us with our smartphones. The button simply deletes a step in the process.

The Aposematic Jacket moniker comes from aposematism, the group of organisms, like poisonous frogs, that flamboyantly advertise the harm they could inflict on a predator should they dare to attack. Whereas frogs are venomous, the wearer of jacket can ruin an assailant with information. “The ones who ignore the warning will taste toxicity of the recorded images,” Kim says. In concept, the jacket isn’t just relying on surveillance for safety; it’s relying on the threat of surveillance.

In their art, Kim and Shin explore how technology shapes human behavior, and vice versa. (One of their recent projects is a collection of pictures of clouds that facial-recognition software tags as people.) In the case of the Aposematic Jacket, they’re looking at how people might treat others when there are handful of camera lenses staring them dead in the face. “Cameras make people act ‘properly,’ ” Kim says. “Once someone’s behavior is recorded, it will exist beyond time and space so that will have the possibility of being ‘judged’ by others anytime and anywhere.” This helps explain the jacket’s, erm, inconspicuous look. It doesn’t subtly incorporate the cameras into its design, because broadcasting the possibility of being recorded is the whole point.

Read More

When Tom Cruise had to break into police headquarters in Minority Report, the futuristic crime thriller, he got past the iris scanners with ease: He just swapped out his eyeballs.

CIA agents may find that just a little beyond the call of duty. But meanwhile, they’ve got to come up with something else: The increasing deployment of iris scanners and biometric passports at worldwide airports, hotels and business headquarters, designed to catch terrorists and criminals, are playing havoc with operations that require CIA spies to travel under false identities.

Busy spy crossroads such as Dubai, Jordan, India and many E.U. points of entry are employing iris scanners to link eyeballs irrevocably to a particular name. Likewise, the increasing use of biometric passports, which are embedded with microchips containing a person’s face, sex, fingerprints, date and place of birth, and other personal data, are increasingly replacing the old paper ones. For a clandestine field operative, flying under a false name could be a one-way ticket to a headquarters desk, since they’re irrevocably chained to whatever name and passport they used.

“If you go to one of those countries under an alias, you can’t go again under another name,” explains a career spook, who spoke on condition of anonymity because he remains an agency consultant. “So it’s a one-time thing — one and done. The biometric data on your passport, and maybe your iris, too, has been linked forever to whatever name was on your passport the first time. You can’t show up again under a different name with the same data.”

The issue is exceedingly sensitive to agency operatives and intelligence officials, past and present. “I think you have finally found a topic I can’t talk about,” said Charles Faddis, a CIA operations officer who retired in 2008.

“I can’t help you with this,” added a former intelligence agency chief. “I do think this is a significant issue with great implications for the safety and security of our people, so I recommend you not publish anything on this. You can do a lot of harm and no good.”

Read More

KANSAS CITY, MO—Tammy Dickinson, United States Attorney for the Western District of Missouri, announced today that a Kansas City, Mo., woman pleaded guilty in federal court today to a nearly $3 million fraud scheme that forced her employer out of business.

Irene Marie Brooner, 52, of Kansas City, pleaded guilty before U.S. District Judge Beth Phillips to bank fraud.

Brooner, a certified public accountant, worked at Galvmet, Inc., a sheet metal fabrication facility and steel service center located in Kansas City, from 2001 until her termination in February 2014. At its peak in 2008, the company had 26 employees and $14 million in annual sales. Galvmet filed for bankruptcy and ceased operations in 2014. At the time of closing, the company had 18 to 20 employees and $10 million in annual sales.

Brooner’s duties as controller included managing payroll, accounts receivable and payable, and maintaining the ledger at Galvmet.

Brooner admitted that, over a period of more than 10 years (January 2004 until February 2014), she created a total of 389 unauthorized Automated Clearing House (ACH) transactions from Galvmet’s bank account to her personal bank accounts. (An ACH is a batch-oriented funds transfer system that includes direct deposits of payroll from companies.) Those unauthorized ACH transactions included 148 payments to her checking account and 133 payments to her savings account. Brooner also defrauded Galvmet by inflating her salary. From March 2004 to December 2011, Brooner manipulated the payroll account to increase her net pay on approximately 108 payroll checks.

Brooner’s fraud scheme resulted in a loss of at least $1,863,914 to Galvmet. As a result, Galvmet ceased operations. While reviewing bank records during the filing of Galvmet’s Chapter 13 bankruptcy in February 2014, the company’s president noticed unauthorized transfers from Galvmet’s payroll account to Brooner’s personal account. He reported the apparent embezzlement to the FBI.

To keep the scheme going, Brooner also falsified documents to support Galvmet’s operating loan with Missouri Bank & Trust, causing an additional loss to the bank of $1.1 million. The total loss from Brooner’s fraud scheme was at least $2,963,914.

Brooner spent the embezzled funds on personal items. According to today’s plea agreement, Brooner spent some of the proceeds to remodel, stock, furnish and decorate the ornately-finished bar in the basement of her new home. The bar, which she called “the Dirty Duck,” includes seating for approximately 15, a granite bar top, four or five tap lines, a refrigeration system, three flat-screen televisions, a smoke machine at the entrance, two couches and stained wainscoting around the room approximately eight feet tall. Mannequins, positioned throughout the bar, are outfitted with authentic U.S. and German uniforms and weaponry from the World War II era, including a Thompson sub-machine gun and multiple M-1 Garands with attached bayonets. Brooner told FBI agents that her husband, a carpenter, remodeled the bar in 2003 and 2004. From 2004 to 2014, Brooner spent $18,383 on alcohol.

Brooner’s spending included paying off her mortgage for $289,290, buying $81,686 in jewelry, and spending at least $400,392 on clothing and other retail, $97,180 on restaurants, $78,439 on vehicles, $169,389 on furniture and home decor, $62,003 on travel, $38,317 on electronics, $21,346 in ATM withdrawals, $59,571 on spa visits and beauty items, $68,745 on tuition for her children, $18,383 on alcohol, $104,060 to her children, $216,377 in assorted checks under $500, $64,557 in donations, $254,168 in other credit cards, and by purchasing other items.

Read More

It’s as if a robber were to break into a bank today and stay there until Christmas before someone noticed.

That’s how long hackers had access to JPMorgan Chase’s computer system, The New York Times reported this week. If two months seems like an eternity for cyberthieves to wander through the computers of the country’s largest bank, consider that hackers have had free rein for even longer at several major retailers this past year.

Hackers resided on the computers of Neiman Marcus for five months, Home Depot for five months, arts and crafts store Michaels for eight months and Goodwill, the thrift store, for a year and a half.

That hackers were able to roam through JPMorgan’s computer network for two months is another sign that companies are struggling not only with keeping cybercriminals out, but with spotting them once they get in.

A spokesman for JPMorgan did not respond to a request for comment. The bank said earlier this month that hackers had compromised the data of 76 million households, but that no money or Social Security numbers were stolen and the bank hadn’t seen any unusual customer fraud.

The length of time that hackers reside on a computer system doesn’t always correlate to the number of people affected. The size of the company’s customer base also makes a difference. Target, for example, said 40 million customers had their payment card data compromised during an attack last fall that lasted just two weeks, while Michaels said that a much smaller number — 3 million people — were affected during its eight-month attack.

Still, the length of time of a data breach matters. Unlike real-life bank robbers who escape in minutes, digital bank robbers can take weeks or months before they gain access to the data they’re after.

“A lot of people think hacking happens overnight and the the bad guys break into the network and they’re done,” said Aleksandr Yampolskiy, chief executive officer of SecurityScorecard, a cybersecurity firm. “The reality is it takes a long time.”

Hackers are able to go undetected for so long because they use numerous techniques to disguise their activities. For one, they often attack computers using malicious software that doesn’t set off alarms with anti-virus programs. And once inside, they route the data they steal through a series of intermediary computers, for example at a church or a public school, according to Yampolskiy. Such computers seem innocent to security teams and avoid raising red flags by communicating directly with computers in Russia, where many hackers are based, he said.

Read More

In response to the shooting at Sandy Hook Elementary School in Newtown, Connecticut, in 2012 that left 20 children and six staff members dead, some school districts in Missouri have started training teachers to carry concealed weapons in classrooms.

For a $17,500 fee, districts that opt in to the 40-hour program receive training for two staffers from current law enforcement officers through the Shield Solutions training school. Teachers are required to spend five hours in a classroom and 35 hours on the range with the required firearm, a Glock 19 semi-automatic pistol. Ten districts have undergone the training thus far, with three more having signed contracts and even more in negotiations, according to The Kansas City Star.

After completing the program, qualified teachers then technically become Shield Solutions employees and receive a “nominal stipend,” Don Crowley, training supervisor for Shield Solutions, told The Huffington Post on Monday.

“They become an employee of Shield Solutions in that if they are called upon to dispatch a threat, then that is when they hold a duty to Shield Solutions to do so,” Crowley explained.

Moreover, only school district administrators, fellow program members and local law enforcement will be privy to the identities of the teachers trained to carry concealed weapons.

In an effort to avoid harming the wrong students, teachers will also be armed with a special type of bullet designed to lodge inside the first body it makes contact with.

Young school children will also be prohibited from hugging their teachers if they are carrying concealed weapons in order to avoid detection of the firearm.

“Kids in elementary age like to hug their teachers, but students cannot put their hands on you,” Crowley added. “They can knuckle bump, they can shake hands, but hugs are no longer appropriate.”

Since Sandy Hook, at least 74 school shootings have occurred, averaging more than one each week that school was in session.

In response, the Missouri Legislature passed a bill last month permitting trained teachers or administrators to carry concealed weapons in the classroom. The bill, which awaits Gov. Jay Nixon’s (D) signature, would also lower the age requirement for a concealed carry permit from 21 to 19.

Crowley viewed the legislation as unnecessary, however, calling the bill a “reiteration of a law that already exists under [Missouri Revised Statutes] Chapter 571, which says concealed weapons are unlawful unless the school board or the governing body of that school district okays it.”

Several states have approved similar legislation, despite opposition from many school administrators.

Read More

Investigator Turns Eyewitness

In today’s world of social media, investigators are taking on a new role; they are becoming a form of eyewitness. As the eyewitness, an investigator observes evidence that might not be visible to any other available investigator. The investigator is wise to create a record of what he or she sees at any particular point in time, including print outs of screenshots.

Screenshots, combined with written eyewitness reports, are commonly used today to record what an investigator observes in social media. However, the process of making screenshots and written reports is less than perfect. Pulling together 25 pages of screenshots off a Facebook wall, creating a report, and detailing each screenshot is time consuming. Ultimately a court or legal authority like a jury will look to you as the eyewitness, to determine what happened and whether they believe you or not.

As with any eyewitness testimony, two corroborating witnesses are much better than one. Therefore if you can get a second person involved you can improve the credibility of the evidence being collected for presentation in the courtroom.

View Source

U.S. President Barack Obama signed an executive order on Friday to beef up security measures for federal credit cards, and urged banks and retailers to follow suit in an effort to combat the growing threat of identity fraud.

The order, which Obama signed before a lively, packed crowd of regulators at the Consumer Financial Protection Bureau, will add microchips and PIN numbers to government credit cards and debit cards starting in January.

The president also announced that several major companies will take steps to make their own systems more secure and offer more customer protections.

“The idea that somebody halfway around the world could run up thousands of dollars in charges in your name just because they stole your number, or because you swiped your card at the wrong place in the wrong time, that’s infuriating,” he said.

Obama’s executive order comes after many large companies including Target , JPMorgan and Home Depot have suffered high-profile cyber security breaches.

The White House said that Home Depot, Target, Walgreen and Wal-Mart Stores will roll out secure chip and PIN-compatible card terminals in all their stores, most by January.

In addition, American Express plans to launch a $10 million program to help small businesses upgrade sale terminals. Visa will invest in education programs about microchips, Mastercard is offering free online identity theft monitoring and Citi Cards will partner with FICO to make free credit scores available.

Bank and retail industry groups have been at odds for years over how to improve the security of electronic payments. The recent data breaches have made the dispute more prominent.

Read More