Archive for June, 2019

The tech entrepreneur Ross McNutt wants to spend three years recording outdoor human movements in a major U.S. city, KMOX news radio reports.

If that sounds too dystopian to be real, you’re behind the times. McNutt, who runs Persistent Surveillance Systems, was inspired by his stint in the Air Force tracking Iraqi insurgents. He tested mass-surveillance technology over Compton, California, in 2012. In 2016, the company flew over Baltimore, feeding information to police for months (without telling city leaders or residents) while demonstrating how the technology works to the FBI and Secret Service.

The goal is noble: to reduce violent crime.

There’s really no telling whether surveillance of this sort has already been conducted over your community as private and government entities experiment with it. If I could afford the hardware, I could legally surveil all of Los Angeles just for kicks.

And now a billionaire donor wants to help Persistent Surveillance Systems to monitor the residents of an entire high-crime municipality for an extended period of time––McNutt told KMOX that it may be Baltimore, St. Louis, or Chicago.

McNutt’s technology is straightforward: A fixed-wing plane outfitted with high-resolution video cameras circles for hours on end, recording everything in large swaths of a city. One can later “rewind” the footage, zoom in anywhere, and see exactly where a person came from before or went after perpetrating a robbery or drive-by shooting … or visiting an AA meeting, a psychiatrist’s office, a gun store, an abortion provider, a battered-women’s shelter, or an HIV clinic. On the day of a protest, participants could be tracked back to their homes.

In the timely new book Eyes in the Sky: The Secret Rise of Gorgon Stare and How It Will Watch Us All, the author Arthur Holland Michel talks with people working on this category of technology and concludes, “Someday, most major developed cities in the world will live under the unblinking gaze of some form of wide-area surveillance.”

At first, he says, the sheer amount of data will make it impossible for humans in any city to examine everything that is captured on video. But efforts are under way to use machine learning and artificial intelligence to “understand” more. “If a camera that watches a whole city is smart enough to track and understand every target simultaneously,” he writes, “it really can be said to be all-seeing.”

Read More

The “arms race” of mobile forensics – ever-tougher encryption and the breakneck operations to crack it – has become more of a public tug-of-war than ever before.

Cellebrite, the largest player in the mobile-forensics industry, unveiled its UFED Premium last Friday. Along with the announcement came the bombshell: that it can now get into any Apple iOS device, and many of the high-end Android devices.

“An exclusive solution for law enforcement to unlock and extract data from all iOS and Android devices,” the company said in a tweet.

Those devices have historically been the toughest to crack – and Cellebrite’s newfound ability to perform a full-file system extraction on any iOS device in particular would allow law enforcement “to get much more data than what is possible through logical extractions and other conventional means.”

“Our certified forensic experts can also help you gain access to sensitive mobile evidence form several locked, encrypted or damaged iOS and Android devices using advanced in-lab only techniques,” the company added in its Friday announcement.

The latest tool works on Apple device running anything from iOS 7 to iOS 12.3, according to the company. Among the Android devices covered are the Samsung S6, S7, S8, and S9. Also supported are the most popular models of Motorola, Huawei, LG and Xiaomi.

The announcement follows the highly-publicized breakthrough of the GrayKey devices made by Grayshift more than a year ago. The GrayKey tool had exploited a low-power loophole in some iOS systems, one expert explained to Forensic Magazine. But Apple put in a fix to stop the access late last year, involving an iOS system to reconnect with a home device. Since then, GrayKey has made some inroads on some Apple devices – but not all of them, according to experts.

Read More

MATAMOROS, Mexico — Shortly before dawn one Sunday last August, a driver in an S.U.V. picked up Christopher Cruz at a stash house in this border city near the Gulf of Mexico. The 22-year-old from El Salvador was glad to leave the one-story building, where smugglers kept bundles of cocaine and marijuana alongside their human cargo, but he was anxious about what lay ahead.

The driver deposited Mr. Cruz at an illegal crossing point on the edge of the Rio Grande. A smuggler took a smartphone photograph to confirm his identity and sent it using WhatsApp to a driver waiting to pick him up on the other side of the frontier when — if — he made it across.

The nearly 2,000-mile trip had already cost Mr. Cruz’s family more than $6,000 and brought him within sight of Brownsville, Tex. The remaining 500 miles to Houston — terrain prowled by the United States Border Patrol as well as the state and local police — would set them back another $6,500.

It was an almost inconceivable amount of money for someone who earned just a few dollars a day picking coffee beans back home. But he wasn’t weighing the benefits of a higher-paying job. He was fleeing violence and what he said was near-certain death at the hands of local gangs.

“There’s no other option,” Mr. Cruz said. “The first thought I had was, ‘I just need to get out of here at whatever cost.’”

The stretch of southwest border where he intended to cross has become the epicenter of the raging battle over the Trump administration’s immigration crackdown. One clear consequence of the tightening American border and the growing perils getting there is that more and more desperate families are turning to increasingly sophisticated smuggling operations to get relatives into the United States.

Mr. Cruz’s story provides an unusually detailed anatomy of the price of the journey. The money paid for a network of drivers who concealed him in tractor-trailers and minibuses, a series of houses where he hid out, handlers tied to criminal organizations who arranged his passage, and bribes for Mexican police officers to look the other way as he passed.

Read More

HOUSTON (AP) — U.S. border authorities say they’ve started to increase the biometric data they take from children 13 years old and younger, including fingerprints, despite privacy concerns and government policy intended to restrict what can be collected from migrant youths.

A Border Patrol official said this week that the agency had begun a pilot program to collect the biometrics of children with the permission of the adults accompanying them, though he did not specify where along the border it has been implemented.

The Border Patrol also has a “rapid DNA pilot program” in the works, said Anthony Porvaznik, the chief patrol agent in Yuma, Arizona, in a video interview published by the Epoch Times newspaper.

Spokesmen for the Border Patrol and the Department of Homeland Security did not return several messages from The Associated Press seeking comment on both programs.

The Border Patrol says that in the last year, it’s stopped roughly 3,100 adults and children fraudulently posing as families so they can be released into the U.S. quickly rather than face detention or rapid deportation.

The Department of Homeland Security has also warned of “child recycling,” cases where they say children allowed into the U.S. were smuggled back into Central America to be paired up again with other adults in fake families — something they say is impossible to catch without fingerprints or other biometric data.

“Those are kids that are being rented, for lack of a better word,” Porvaznik said.

But the Border Patrol has not publicly identified anyone arrested in a “child recycling” scheme or released data on how many such schemes have been uncovered. Advocates say they’re worried that in the name of stopping fraud, agents might take personal information from children that could be used against them later.

“Of course child trafficking exists,” said Karla Vargas, an attorney with the Texas Civil Rights Project. But she warned against implementing “a catch-all” policy that could reduce the rights of people who are legally seeking asylum.

Read More

Nearly half a million Alabama cell phone numbers received identical text messages in 2015 telling them to click a link to “verify” their bank account information. The link took recipients to a realistic-looking bank website where they typed in their personal financial information.

But the link was not the actual bank’s website—it was part of a phishing scam. Just like phishing messages sent over email, the text message-based scam was easy to fall for. The web address was only one character off from the bank’s actual web address.

While most recipients appeared to ignore the message, around 50 people clicked on the link and provided their personal information. The website asked for account numbers, names, and ZIP codes, along with their associated debit card numbers, security codes, and PINs. Within an hour, the fraudster had made himself debit cards with the victims’ account information. He then began to withdraw money from various ATMs, stealing whatever the daily ATM maximum was from each account.

“It was a fairly legitimate-looking website, other than the information it was asking for,” said Special Agent Jake Frith of the Alabama Attorney General’s Office, who worked the case along with investigators from the FBI’s Mobile Field Office.

The fraudster, Iosif Florea, stole about $18,000 (including ATM fees), with losses from each individual account ranging from $20 to $800. (Banks typically reimburse customers who are victims of fraud.)

Investigators believe Florea bought a large list of cell phone numbers from a marketing company, and he only needed a few victims out of thousands of phone numbers for the scheme to be successful.

The damage was minimized, however, because of the bank’s quick response. As soon as customers reported the fraud, the bank reached out to federal authorities as well as the local media to alert the community to the fraudulent messages.

Read More

A New York school district has finished installing a facial recognition system intended to spot potentially dangerous intruders, but state officials concerned about privacy say they want to know more before the technology is put into use.

Education Department spokeswoman Emily DeSantis said Monday that department employees plan to meet with Lockport City School officials about the system being tested this week. In the meantime, she said, the district has said it will not use facial recognition software while it checks other components of the system.

The rapidly developing technology has made its way into airports, motor vehicle departments, stores and stadiums, but is so far rare in public schools.

Lockport is preparing to bring its system online as cities elsewhere are considering reining in the technology’s use. San Francisco in May became the first U.S. city to ban its use by police and other city departments and Oakland is among others considering similar legislation.

A bill by Democrat Assembly Member Monica Wallace would create a one-year moratorium on the technology’s use in New York schools to allow lawmakers time to review it and draft regulations. The legislation is pending.

Lockport Superintendent Michelle Bradley, on the district’s website, said the district’s initial implementation of the system this week will include adjusting cameras mounted throughout the buildings and training staff members who will monitor them from a room in the high school. The system is expected to be fully online on Sept. 1.

Read More

Wenfeng Lu was seemingly living the American dream—a comfortable life in Irvine, California, with his family and a career in medical device research and development.

Yet Lu’s secret goal was to use trade secrets stolen from his employer to strike it rich in his native China. However, thanks to an FBI investigation, his plan was thwarted, and Lu is now serving a 27-month prison sentence.

Lu worked for several different U.S. companies, all of which developed high-tech medical equipment, such as clot retrieval tools and balloon-guide catheters. In each job, Lu signed a non-disclosure agreement for his research and development work.

Despite signing the confidentiality agreement, Lu routinely did “data dumps” from his various medical research employers for about three years until his arrest in 2012. Lu transferred all of the data he could get his hands on to a personal laptop. Many of the hundreds of documents Lu stole had nothing to do with his own research; he took as much information as he could access, including proprietary information.

“He had access to so many files, not just for his own projects, and he downloaded files for a variety of different projects and took them home and to China,” said Special Agent Gina Kwon, who investigated this case out of the FBI’s Los Angeles Field Office.

One of Lu’s former employers noticed the unusual activity on their systems and reported the results of their internal investigation to the FBI. Investigators quickly proceeded to build their case and arrested Lu, just before he boarded a plane to China with the files.

The investigative team learned that Lu had planned to create and run his own medical device manufacturing company in China using the stolen technology and Chinese government funding. He had even applied for Chinese patents using technology stolen from the American companies. (China’s government creates policies that disadvantage American businesses, and hacking against American companies and interests is a common tactic.)

“Lu wanted his own business, and he thought there was a great market in China for this technology,” Kwon said.

Read More

A Kentucky couple nearly escaped prosecution for setting a fire that burned their rented home to the ground and led to the death of a firefighter until a new FBI agent’s search for fresh evidence helped bring them to justice.

Steve Allen Pritchard, 44, was found guilty by a federal jury of arson and insurance fraud and was sentenced on November 1, 2018, to 30 years in prison. His wife, Brandi Pritchard, who was his girlfriend at the time of the fire, was sentenced to 121 months after pleading guilty to the same crimes.

“This case has stayed with me because it was just so senseless,” said FBI Special Agent William Kurtz of the arson investigation he supported through the FBI’s Bowling Green Resident Agency out of the Louisville Field Office.

According to case records, on June 24, 2011, Brandi Pritchard purchased a $50,000 renter’s insurance policy for the furniture and possessions within the rented Columbia, Kentucky, home she shared with Steve Pritchard. In the early morning hours of June 30, 2011, prosecutors charge that one or both of the Pritchards set fire to the home and then fled the scene.

As firefighters arrived just past 3 a.m., the structure was engulfed in flames. First responders had just succeeded in bringing the fire under control when Columbia/Adair County Fire Department Assistant Chief Charles Sparks, 49, suffered a heart attack.

When firefighters turned their focus to aiding their ill colleague, Kurtz reported, “the fire rekindled and burned the house to the ground.” Sparks died eight days later at a Louisville hospital. Firefighter fatality investigators determined the physical exertion involved in responding to the fire may have triggered his heart attack.

The firefighter’s death prompted an investigation of the fire, but “because the house burned to the ground, any forensic evidence that could have pointed to an arson was destroyed,” said Kurtz.

Immediately after the fire, Brandi Pritchard made a claim against the renter’s insurance policy. She admitted later that Steve Pritchard directed her to invent or inflate the value of items lost during the fire in order to receive the full $50,000 in the policy.

The Kentucky State Police opened an arson investigation after members of the community reported hearing Steve and Brandi Pritchard brag about setting the fire, but investigators had little to go on beyond hearsay.

Read More