Archive for July, 2018

On the evening of October 23, 2014, Douglas and Deborah London of York County, South Carolina—just across the border from North Carolina—were watching television in their home when the doorbell rang. When they opened the door, she was immediately shot in the head by a man standing outside, and her husband was shot multiple times. Their adult son, who was also present, made a frantic call to 911, but the couple died next to each other on the floor of their home.

As the York County Sheriff’s Office began to investigate the double homicide, they asked the FBI’s Charlotte Field Office for help.

In the coming months, the investigative team of FBI special agents and task force officers from the Charlotte-Mecklenburg Police Department uncovered a web of violence that stretched across state lines and beyond local prison cells.

Turned out that the Londons had been specifically targeted—they were the owners of a mattress store in Pineville, North Carolina that had been robbed at gunpoint by three men five months earlier. Jamell Cureton, the leader of the Valentine Bloods—a hood, or set, of the national and exceedingly violent United Blood Nation (UBN) gang—had gone into the store and pulled his gun on Douglas London, who had his own gun. The two exchanged gunfire, and Cureton was hit. Also at the scene that day were Nana Adoma, the lookout who was just inside the door; and David Fudge, the getaway driver in the car outside.

The three escaped and drove Cureton to a hospital, but all three were taken into custody shortly afterward by local police and faced state charges.

Realizing that Douglas London was the only eyewitness who could identify him in the mattress store robbery, Cureton—who was in state custody at the time—discussed the “elimination” of London with other gang members through a series of phone calls, letters, and in-person visits.

Valentine Bloods member Malcolm Hartley was to be the triggerman. He was driven to the Londons’ home by fellow gang member Briana Johnson, rang the couple’s doorbell, and murdered them both in cold blood. “And then,” said FBI Special Agent Chad Pupillo, “Johnson drove him back to Charlotte, where they met with other gang members, disposed of the evidence—including burying the murder weapon—and celebrated the victims’ murders.”

Read More

At least two Calgary malls are using facial recognition technology to track shoppers’ ages and genders without first notifying them or obtaining their explicit consent.

A visitor to Chinook Centre in south Calgary spotted a browser window that had seemingly accidentally been left open on one of the mall’s directories, exposing facial-recognition software that was running in the background of the digital map. They took a photo and posted it to the social networking site Reddit on Tuesday.

The mall’s parent company, Cadillac Fairview, said the software, which they began using in June, counts people who use the directory and predicts their approximate age and gender, but does not record or store any photos or video from the directory cameras.

Cadillac Fairview said the software is also used at Market Mall in northwest Calgary, and other malls nationwide.

“We don’t require consent, because we’re not capturing or retaining images,” a Cadillac Fairview spokesperson said.

The software could, for example, say approximately how many men in their 60s used the directory, but not store images of those men’s faces or collect any other biometric data, the spokesperson said.

Instead, they said the data is used in aggregate to understand directory usage patterns to “create a better shopper experience.”

The use of facial recognition software in retail spaces is becoming commonplace to analyze shopper behaviour, sell targeted space to advertisers, or for security reasons like identifying shoplifters.

Read More

A new study by Maanak Gupta, doctoral candidate at The University of Texas at San Antonio, and Ravi Sandhu, Lutcher Brown Endowed Professor of computer science and founding executive director of the UTSA Institute for Cyber Security (ICS), examines the cybersecurity risks for new generations of smart vehicles, which includes both autonomous and internet-connected cars.

“Driverless and connected cars are increasingly becoming a part of our world, where cybersecurity threats are already a reality,” Sandhu said. “It’s imperative that we support research that addresses these concerns and presents a strong, innovative solution.”

Cars with internet connectivity, also known as “connected cars,” offer potential for many conveniences and innovations. They could allow for real-time and location-sensitive communication between drivers or even pedestrians, which could help make the roads safer for both. The connectivity could also allow the cars to capture safety and environmental conditions around the vehicle, including road obstructions, accidents, which also enables real-time vehicle-to-vehicle interaction on road.

“Connected cars have almost infinite possibilities for creative technological applications,” Gupta said. “Companies could even take advantage of the connectivity to implement location-based marketing tactics, providing drivers with nearby sales and offers.”

However, the researchers caution that as soon as cars are exposed to internet supported functionality, they are also open to the same cybersecurity threats that loom over other electronic devices, such as computers and cell phones. For this reason, Gupta and Sandhu created an authorization framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.

“There are vulnerabilities in every machine,” said Gupta. “We’re working to make sure someone doesn’t take advantage of those vulnerabilities and turn them into threats. The questions of ‘who do I trust?’ and ‘how do I trust?’ are still to be answered in smart cars.”

Read More

With stiff sentences for 21 conspirators last week in the United States and a round of indictments in India, the Justice Department says it has broken up what appeared to be the nation’s first large-scale, multinational telephone fraud operation.

Over four years, more than 15,000 victims in the United States lost “hundreds of millions” of dollars to the sophisticated scam, and more than 50,000 individuals had their personal information misused, the department said Friday. The money was routed through call centers in India back to the ringleaders in eight states.

The fraudulent calls came suddenly and frequently while the scam was active from 2012 to 2016, according to court documents. A person posing as an Internal Revenue Service or immigration official was on the phone, threatening arrest, deportation or other penalties if the victims did not immediately pay their debts with prepaid cards or wire transfers.

The calls targeted the most vulnerable Americans, including immigrants and older people.

An 85-year old woman in San Diego paid $12,300 to people claiming to be I.R.S. employees who threatened her with arrest for tax violations.

A Chicago man paid $5,070 after being threatened with arrest and deportation by supposed state police and immigration authorities, the indictment said.

The words “U.S. Government” showed up as the caller I.D. on a number from which a New Hampshire woman was told to pay the I.R.S. $3,980 in payment cards, the court papers said.

In the announcement on Friday, the department said 21 people living in eight states — Illinois, Arizona, Florida, California, Alabama, Indiana, New Jersey and Texas — were sentenced last week in Houston to prison for up to 20 years for their role in the scheme.

Two other conspirators in Illinois were sentenced in February to between two years to just over four years for conspiracy, and a third person in Arizona was given probation in a plea agreement, it said.

Read More

Stealing from the Vulnerable

Those struggling to make ends meet sometimes rely on short-term, unsecured payday loans when they need quick cash.

Richard Moseley, Sr.—through his group of payday lending businesses known as the Hydra Lenders—preyed on these consumers’ financial vulnerability. His businesses scammed more than 600,000 Americans by charging them illegally high interest rates and even stealing their identities.

“A lot of these victims had to rebuild their financial lives. They had to shut down their bank accounts and open new ones. This was one of the only ways for victims to stop being defrauded,” said FBI New York Supervisory Special Agent Matthew Taylor, who oversaw the investigation. “Some of the individuals victimized were financially struggling at the time—including grandmothers, grandfathers, and former military members who served our country. In most cases, victims did not get the money back that was illegally taken from them.”

The FBI first learned about the Hydra Lenders when another government agency brought a consumer lawsuit against the group to the Bureau’s attention. Through traditional investigative techniques such as reviewing financial records, interviewing employees and victims, and collaborating with partner agencies, the FBI learned that Moseley’s enterprise routinely broke the law in issuing and collecting on loans.

From 2004 to 2014, the Hydra Lenders offered payday loans online to consumers across the country, even in states where payday lending was effectively outlawed. Some of the group’s illegal tactics included:

Charging illegally high interest rates of more than 700 percent

Using deceptive and misleading loan documentation

Taking additional, undisclosed fees from customers’ bank accounts

Withdrawing only the interest payment from the borrowers’ accounts and not applying any funds toward the principal, deepening their debt burden

Setting up payday loans for customers who had not agreed to them but had simply inquired about loan eligibility

As borrowers began to complain to state governments and consumer protection organizations, Moseley dodged regulators by insisting that his businesses were located overseas in Nevis and New Zealand and could not be regulated. In reality, the FBI’s investigation showed the enterprise operated entirely out of offices in Kansas City, Missouri, with all of its employees, bank accounts, and other aspects of the businesses located there. Moseley simply used fake letterhead and a mail forwarding service to give the appearance of an overseas location.

Read More

Australia is a bloody long way from the rest of the world. Fly from Los Angeles to Sydney and you’ll be in the air for 13 hours. Tack on five more if you’re starting in New York. And if you’re coming from London, your feet won’t touch the ground for about a day.

The point being, by the time you land in Australia, you’ll be sick of traveling. You’ll want to get out of the airport and to the country’s excellent beaches as quickly as possible.

That’s why Australia’s Department of Home Affairs is at the forefront of smart border control technology. In 2007, the border agency introduced SmartGates, which read your passport, scan your face and verify who you are at the country’s eight major international airports. Built by Portugal’s Vision-Box, the gates get you out of the airport and into Australia with minimum fuss.

Australia wants to make that process even faster.

During May and June 2017, the country tested the world’s first “contactless” immigration technology at Canberra International Airport. The passport-free facial recognition system confirms a traveller’s identity by matching his or her face against stored data. A second trial is set to start in Canberra soon.

Biometrics aren’t just being used at border control. Sydney Airport has announced it’s teaming up with Qantas, Australia’s largest airline, to use facial recognition to simplify the departure process.

Under a new trial, passengers on select Qantas international flights can have their face and passport scanned at a kiosk when they check in. From then on, they won’t need to present their passport to Qantas staff — they’ll be able to simply scan their face at a kiosk when they drop off luggage, enter the lounge and board their flight at the gate. Travellers will still need to go through regular airport security and official immigration processing, but all of their dealings with Qantas can be handled with facial recognition.

Read More

Cybercrime sounds like something done in a dark room by a group of hackers.

But according to the law, using a fraudulent account number to buy something on Amazon is a cybercrime, and the 2nd Judicial District Prosecutor’s Office is making sure people pay for their crimes.

Assistant Prosecutor Grant DeProw told The Jonesboro Sun his office is looking at establishing a circuit court cybercrime fee that could be as much as $500.

“Any offenses that are computer related will have a fee attached to it along with the original punishment,” DeProw said.

DeProw said in 2017 Arkansas legislators passed a bill that allowed them to add a cybercrime fee to almost any felony that requires special electronic investigation.

According to AR Code 5-4-706, a circuit court can assess an additional fee of up to $500 for each applicable felony conviction for an offense that involved the use of a computer, an electronic device or the internet; and the investigation of which expended specialized law enforcement personnel or materials designed to investigate offenses involving a computer, an electronic device or the internet.

Cybercrimes range from possession of child pornography and cyber-attacks to nonpayment or non-delivery scams.

“If it requires someone who received specialized training or special equipment, then it would be eligible for the fee,” DeProw said. “This includes identity theft and the use of stolen debit cards.”

Read More

The GI Bill provides the country’s service members and veterans a free or reduced-cost college education to those who qualify, offering them a head start on their return to civilian life. But one group of fraudsters used the Post-9/11 GI Bill and other U.S. Department of Defense educational programs for veterans as a piggy bank to line their own pockets while cheating more than 2,500 service members out of an education they were entitled to under the law.

“This was straight up stealing. Stealing money for veterans that was supposed to help them advance their careers and make themselves more marketable to employers after coming out of the military,” said FBI Special Agent James Eagleeye, who investigated the case out of the FBI’s Newark Division along with investigators from the Department of Veterans Affairs (VA), the Department of Defense, and Department of Education.

The scheme was a basic bait-and-switch. A company called Ed4Mil worked with two schools: one, the private liberal arts Caldwell University in New Jersey; the other, an online correspondence school hired by Ed4Mil to develop and administer courses. Ed4Mil aggressively recruited service members and veterans, offering them free computers and gift cards to sign up for what they thought were classes taught by Caldwell University. Yet when Ed4Mil enrolled the students, they would put them in and pay for unaccredited correspondence school classes—but then charge the government the university tuition rates and pocket the difference.

At the center of the scheme was Ed4Mil founder and president David Alvey. The Harrisburg, Pennsylvania resident saw a business opportunity in educating veterans with government funds but learned that when the government provides tuition and other educational benefits directly to a school, certain requirements must be met that his startup could not satisfy.

To get around the law, Alvey conspired with a Caldwell University official to use the university’s name on coursework that the VA would not have approved. The official—then an associate dean at the school—falsely certified that students were taking the same courses from the same instructors who taught on campus at Caldwell.

But the veterans were instead enrolled in online courses like archery and heavy diesel mechanics that were actually taught by the correspondence school. Students sometimes received a housing allowance for the online school, in violation of the rules governing educational benefits.

Read More

The Defense Security Service is preparing to take over all background investigations for civilian and defense agencies and doesn’t want to inherit stale and potentially broken processes, officials told Nextgov.

The Defense Department office is currently reviewing white papers obtained through an other transaction authority solicitation seeking innovative methods for conducting background checks of current and potential federal employees who need security clearances.

The project is not about the technology behind background investigations process but rather how to innovate the process itself—from when the SF-86 form is filled out to when the clearance decision is made by the agency—according to Tara Petersen, head of DSS Office of Acquisitions, and her deputy, Stephen Heath.

“We’re really looking broader at the process itself,” Petersen said. “We’re looking to prototype a process.”

“Don’t think of the prototype like a widget,” Heath said. “It’s looking at that whole process: Where can we improve on that, where can we potentially save costs, where can we save time and where can we bring technology advancements into the process that are already out there in the commercial marketplace?”

After the 2015 data breach of Office of Personnel Management that exposed the personal information on more than 20 million current and former federal employees, background investigation duties were transferred to a new agency, the National Background Investigation Bureau with technical support delegated to the Defense Department.

But the security clearance backlog grew to more than 700,000 and the Government Accountability Office added the investigations process to its High-Risk List this year. Congress also passed legislation last year requiring DSS to take over all defense clearances work currently done by NBIB. Now, the administration wants to shift responsibility for all government background checks—defense and civilian—over to the Defense Department. While the lawmakers work that out, DSS is getting ready.

Read More

Fingerprint sensors—once a rarity—are now fairly common on smartphones. South Korean researchers have now given the fingerprint scanner an upgrade.

This new scanner is a clear sensory array, meaning that it could be hidden underneath the display rather than accessed as a button. It can also check the temperature of the fingerprint pressing into it to add an extra layer of security, CNET reports.

So why would your phone need to detect your temperature? It’s not for your health. Instead, it helps ensure that someone else isn’t using a fake hand or some other form of artificial fingerprints to get access to your phone.

Researchers from the Samsung Display-UNIST Center at Ulsan National Institute of Science and Technology in South Korea published an article on Tuesday detailing how they developed the sensor.

“This fingerprint sensor array can be integrated with all transparent forms of tactile pressure sensors and skin temperature sensors, to enable the detection of a finger pressing on the display,” the researchers wrote.

The researchers also confirmed that the sensor does this at a resolution that satisfies the FBI’s criteria for extracting fingerprint patterns.

View Source