THE FBI WANTED A BACKDOOR TO THE IPHONE. TIM COOK SAID NO

IN 2016, TIM Cook fought the law—and won.

Late in the afternoon of Tuesday, February 16, 2016, Cook and several lieutenants gathered in the “junior boardroom” on the executive floor at One Infinite Loop, Apple’s old headquarters. The company had just received a writ from a US magistrate ordering it to make specialized software that would allow the FBI to unlock an iPhone used by Syed Farook, a suspect in the San Bernardino shooting in December 2015 that left 14 people dead.

The iPhone was locked with a four-digit passcode that the FBI had been unable to crack. The FBI wanted Apple to create a special version of iOS that would accept an unlimited combination of passwords electronically, until the right one was found. The new iOS could be side-loaded onto the iPhone, leaving the data intact.

But Apple had refused. Cook and his team were convinced that a new unlocked version of iOS would be very, very dangerous. It could be misused, leaked, or stolen, and once in the wild, it could never be retrieved. It could potentially undermine the security of hundreds of millions of Apple users.

In the boardroom, Cook and his team went through the writ line by line. They needed to decide what Apple’s legal position was going to be and figure out how long they had to respond. It was a stressful, high-stakes meeting. Apple was given no warning about the writ, even though Cook, Apple’s top lawyer, Bruce Sewell, and others had been actively speaking about the case to law enforcement for weeks.

The writ “was not a simple request for assistance in a criminal case,” explained Sewell. “It was a forty-two-page pleading by the government that started out with this litany of the horrible things that had been done in San Bernardino. And then this . . . somewhat biased litany of all the times that Apple had said no to what were portrayed as very reasonable requests. So this was what, in the law, we call a speaking complaint. It was meant to from day one tell a story . . . that would get the public against Apple.”

The team came to the conclusion that the judge’s order was a PR move—a very public arm twisting to pressure Apple into complying with the FBI’s demands—and that it could be serious trouble for the company. Apple “is a famous, incredibly powerful consumer brand and we are going to be standing up against the FBI and saying in effect, ‘No, we’re not going to give you the thing that you’re looking for to try to deal with this terrorist threat,’” said Sewell.

They knew that they had to respond immediately. The writ would dominate the next day’s news, and Apple had to have a response. “Tim knew that this was a massive decision on his part,” Sewell said. It was a big moment, “a bet-the-company kind of decision.” Cook and the team stayed up all night—a straight 16 hours—working on their response. Cook already knew his position—Apple would refuse—but he wanted to know all the angles: What was Apple’s legal position? What was its legal obligation? Was this the right response? How should it sound? How should it read? What was the right tone?

Read More

Tracking Phones, Google Is a Dragnet for the Police

When detectives in a Phoenix suburb arrested a warehouse worker in a murder investigation last December, they credited a new technique with breaking open the case after other leads went cold.

The police told the suspect, Jorge Molina, they had data tracking his phone to the site where a man was shot nine months earlier. They had made the discovery after obtaining a search warrant that required Google to provide information on all devices it recorded near the killing, potentially capturing the whereabouts of anyone in the area.

Investigators also had other circumstantial evidence, including security video of someone firing a gun from a white Honda Civic, the same model that Mr. Molina owned, though they could not see the license plate or attacker.

But after he spent nearly a week in jail, the case against Mr. Molina fell apart as investigators learned new information and released him. Last month, the police arrested another man: his mother’s ex-boyfriend, who had sometimes used Mr. Molina’s car.

The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement.

The Arizona case demonstrates the promise and perils of the new investigative technique, whose use has risen sharply in the past six months, according to Google employees familiar with the requests. It can help solve crimes. But it can also snare innocent people.

Technology companies have for years responded to court orders for specific users’ information. The new warrants go further, suggesting possible suspects and witnesses in the absence of other clues. Often, Google employees said, the company responds to a single warrant with location information on dozens or hundreds of devices.

Law enforcement officials described the method as exciting, but cautioned that it was just one tool.

Read More

Evaluating the Use of Automated Facial Recognition Technology in Major Policing Operations

Academics at Cardiff University have conducted the first independent academic evaluation of Automated Facial Recognition (AFR) technology across a variety of major policing operations.

The project by the Universities’ Police Science Institute evaluated South Wales Police’s deployment of Automated Facial Recognition across several major sporting and entertainment events in Cardiff city over more than a year, including the UEFA Champion’s League Final and the Autumn Rugby Internationals.

The study found that while AFR can enable police to identify persons of interest and suspects where they would probably not otherwise have been able to do so, considerable investment and changes to police operating procedures are required to generate consistent results.

Researchers employed a number of research methods to develop a rich picture and systematically evaluate the use of AFR by police across multiple operational settings. This is important as previous research on the use of AFR technologies has tended to be conducted in controlled conditions. Using it on the streets and to support ongoing criminal investigations introduces a range of factors impacting the effectiveness of AFR in supporting police work.

The technology works in two modes: Locate is the live, real-time application that scans faces within CCTV feeds in an area. It searches for possible matches against a pre-selected database of facial images of individuals deemed to be persons of interest by the police.

Identify, on the other hand, takes still images of unidentified persons (usually captured via CCTV or mobile phone camera) and compares these against the police custody database in an effort to generate investigative leads. Evidence from the research found that in 68 percent of submissions made by police officers in the Identify mode, the image was not of sufficient quality for the system to work.

Over the period of the evaluation, however, the accuracy of the technology improved significantly and police got better at using it. The Locate system was able to correctly identify a person of interest around 76 percent of the time. A total of 18 arrests were made in ‘live Locate deployments during the evaluation, and in excess of 100 people were charged following investigative searches during the first 8-9 months of the AFR Identify operation (end of July 2017-March 2018).

The report suggests that it is more helpful to think of AFR in policing as ‘Assisted Facial Recognition’ rather than a fully ‘Automated Facial Recognition’ system. ‘Automated’ implies that the identification process is conducted solely by an algorithm, when in fact, the system serves as a decision-support tool to assist human operators in making identifications. Ultimately, decisions about whether a person of interest and an image match are made by police operators. It is also deployed in uncontrolled environments, and so is impacted by external factors including lighting, weather and crowd flows.

“There is increasing public and political awareness of the pressures that the police are under to try and prevent and solve crime. Technologies such as Automated Facial Recognition are being proposed as having an important role to play in these efforts. What we have tried to do with this research is provide an evidence-based and balanced account of the benefits, costs and challenges associated with integrating AFR into day-to-day policing,” says Professor Martin Innes, director, Crime and Security Research Institute and Director, Universities’ Police Science Institute.

Read More

Federal Partnerships Key to Dismantling Online Drug Markets

When Knoxville first responders found a man dead in his home, there was clear evidence on the scene of the heroin that caused his overdose. Also nearby were clues to how the deadly drugs had reached him. Investigators found a padded manila envelope with postage and markings that provided them another link back to the online drug sellers who have proliferated on the Darknet in recent years.

Drug traffickers are increasingly using anonymous online networks to sell narcotics, including potent synthetic opioids like fentanyl, to buyers who can order and receive the drugs without ever leaving home. What can appear to be a regular e-commerce transaction is one of the delivery channels fueling a deadly nationwide epidemic. The Centers for Disease Control and Prevention reports that drug overdose deaths have been on an upward climb for several years, across the United States and across all demographic groups. In 2017 alone, 70,237 people in this country died of a drug overdose; two-thirds of those deaths involved an opioid.

As part of a government-wide effort to address the epidemic, the Department of Justice created the Joint Criminal Opioid and Darknet Enforcement (J-CODE) team in 2018 to leverage the power of federal and international partnerships to combat the complex and deadly threat of online drug sales.

Now in its second year, J-CODE is delivering results through coordinated efforts and the commitment of the nation’s law enforcement agencies to address opioid sales on the Darknet. Building on the success of last year’s Operation Disarray, the J-CODE team led Operation SaboTor between January and March of this year. These concentrated operations in the United States and abroad led to 61 arrests and shut down 50 Darknet accounts used for illegal activity. Agents executed 65 search warrants, seizing more than 299 kilograms of drugs, 51 firearms, and more than $7 million ($4.504 million in cryptocurrency, $2.485 million in cash, and $40,000 in gold).

Read More

An $80 Million Cyber Crime in 1999 Foreshadowed Modern Threats

Two decades ago, computer viruses—and public awareness of the tricks used to unleash them—were still relatively new notions to many Americans.

One attack would change that in a significant way.

In late March 1999, a programmer named David Lee Smith hijacked an America Online (AOL) account and used it to post a file on an Internet newsgroup named “alt.sex.” The posting promised dozens of free passwords to fee-based websites with adult content. When users took the bait, downloading the document and then opening it with Microsoft Word, a virus was unleashed on their computers.

On March 26, it began spreading like wildfire across the Internet.

The Melissa virus, reportedly named by Smith for a stripper in Florida, started by taking over victims’ Microsoft Word program. It then used a macro to hijack their Microsoft Outlook email system and send messages to the first 50 addresses in their mailing lists. Those messages, in turn, tempted recipients to open a virus-laden attachment by giving it such names as “sexxxy.jpg” or “naked wife” or by deceitfully asserting, “Here is the document you requested … don’t show anyone else ;-) .” With the help of some devious social engineering, the virus operated like a sinister, automated chain letter.

The virus was not intended to steal money or information, but it wreaked plenty of havoc nonetheless. Email servers at more than 300 corporations and government agencies worldwide became overloaded, and some had to be shut down entirely, including at Microsoft. Approximately one million email accounts were disrupted, and Internet traffic in some locations slowed to a crawl.

Within a few days, cybersecurity experts had mostly contained the spread of the virus and restored the functionality of their networks, although it took some time to remove the infections entirely. Along with its investigative role, the FBI sent out warnings about the virus and its effects, helping to alert the public and reduce the destructive impacts of the attack. Still, the collective damage was enormous: an estimated $80 million for the cleanup and repair of affected computer systems.

Finding the culprit didn’t take long, thanks to a tip from a representative of AOL and nearly seamless cooperation between the FBI, New Jersey law enforcement, and other partners. Authorities traced the electronic fingerprints of the virus to Smith, who was arrested in northeastern New Jersey on April 1, 1999. Smith pleaded guilty in December 1999, and in May 2002, he was sentenced to 20 months in federal prison and fined $5,000. He also agreed to cooperate with federal and state authorities.

The Melissa virus, considered the fastest spreading infection at the time, was a rude awakening to the dark side of the web for many Americans. Awareness of the danger of opening unsolicited email attachments began to grow, along with the reality of online viruses and the damage they can do.

Read More

FBI thwarts Brinks armed car robbery outside Merrillville Aldi

HAMMOND — “Bingo,” a would-be robber told his accomplice as a Brinks armored truck pulled into their view in Merrillville Monday, federal authorities allege.

Traveling in a black Jeep Cherokee, the suspects began following the Brinks truck to various stops, with the ultimate plan of robbing it, federal prosecutors allege.

But the FBI was reportedly trailing them each step of the way.

A short time later, FBI agents thwarted the robbery by following and arresting the two men outside of the Aldi grocery store in Merrillville, the agency reported.

The men also are suspects in another $500,000 robbery of an armored truck in July, federal law enforcement officials said.

On Wednesday, the U.S. attorney’s office charged Reilly Jackson Jr., 23, of Griffith, with conspiracy to commit robbery after the Merrillville incident.

His alleged companion, Delvin Perkins, 23, of South Holland, was charged with being an armed felon.

Federal prosecutors allege in a criminal complaint that an ongoing FBI investigation of the suspects prompted agents to follow Jackson and Perkins on Monday.

The government alleges the men are suspects in a $500,000 robbery of a Thillens Cagistics armored truck July 25 in Blue Island, Illinois.

The government alleges that robbery was an inside job because Jackson was the armored car driver employed by Thillens Cagistics, and Perkins was the alleged robber.

The FBI said it found a photo in Jackson’s cellphone of Perkins wearing the same clothes in which he robbed that armed truck and concluded the pair worked together to commit the Blue Island robbery.

An FBI surveillance team was following the two defendants as they traveled in the Jeep Cherokee on Monday. Agents saw the men following a Brinks armed truck as it made multiple stops to collect money from local banks and businesses, the agency reported.

Read More

Treasurer accused of stealing $410,000 from charity for families of slain NYPD officers

The treasurer of a charity that benefits the families of New York Police Department officers who are killed in the line of duty was charged Thursday with stealing more than $410,000 from the fund.

Lorraine Shanley, 68, was charged by federal prosecutors in New York with bank fraud and aggravated identity theft. She will appear Thursday in court after prosecutors said she was stealing more than 20 percent of donations to the charity between 2010 to 2017 at least.

A person with direct knowledge of the matter confirmed to NBC News that Shanley acted as the treasurer for the nonprofit Survivors of the Shield.

The U.S. Attorney’s Office for the Southern District of New York said that Shanley spent the money in a variety of ways — $29,000 for her grandchild’s private school tuition, $32,000 for personal dental expenses, and $25,000 for landscaping.

Shanley is also accused of using about $63,000 of the stolen money to pay for her son’s legal expenses related to criminal cases, prosecutors said.

Her son was reportedly served about three years in prison on drug charges from 2006 to 2009. He was also charged in 2014 with second-degree manslaughter and leaving the scene of an incident without reporting, resulting in death after he crashed his SUV in Manhattan, killing an activist, and fled. The manslaughter charges were dropped.

She also allegedly wrote $45,000 in checks to family members and other people, which she then endorsed herself and deposited into her own account. Prosecutors said Shanley, from Staten Island, also used $1,400 of the stolen money to buy Barbra Streisand tickets and $6,600 more on other event tickets.

According to court documents, 99 percent of the donations to Survivors of the Shield come from New York police officers, and on average, 5,500 NYPD employees donate to the charity each year.

Read More

Mortgage Fraudster Caused Victims to Lose Out on Dream of Homeownership

The pitch sounded enticing: for an upfront fee, real estate “investor” Hasan Hussain promised to find clients the homes of their dreams or negotiate the loans of existing homeowners struggling to pay their mortgages.

Yet Hussain did neither of those things. He simply took his victims’ money—depriving them of their dreams of homeownership and defrauding them out of more than $1 million. Hussain targeted people for whom English was a second language, encouraging them to sign documents they did not understand.

“One woman gave him her life savings. It was her American dream to find a home, and he told her he’d help her,” said Special Agent Christina Grady, who investigated the case out of the FBI’s Boston Field Office. “But he never followed through on any promises to anyone. He would collect money—from people who didn’t have much money—and pocket it.”

Not only did he target vulnerable homeowners or would-be homeowners but Hussain also had a knack for winning his victims’ trust, becoming “like part of their family,” Grady said.

Hussain, who began his years-long fraud scheme in Rhode Island in 2009 while on supervised release for similar crimes in Massachusetts, used a variety of tactics to defraud his victims, which got more complex over time as he acquired more homes.

For example, he convinced a family struggling to pay their mortgage to move out of their home and into one his other properties; he then rented their home out, collecting rent from the tenants without paying the homeowner’s mortgage.

Another tactic involved convincing homeowners that he was trying to negotiate with their lender on their behalf. Instead he would damage their property to decrease its value, and once the home was damaged, he’d buy the home in a short sale—a term for a property being sold at a price lower than what is owed on the mortgage.

Read More

Former FBI Director Webster Assists Investigation

The heavily accented caller who promised William Webster a grand sweepstakes prize of $72 million and a new Mercedes Benz had done most of his homework on his potential fraud target.

“I know that you was [sic] a judge, you was a lawyer, you was in the U.S. Navy,” the caller told his elderly mark. “I do your background check. You are a big man.”

What the caller, Keniel Thomas, 29, of Jamaica, missed was possibly the most salient detail about his intended victim, who was 90 years old the time: William Webster had served as director of both the FBI and the CIA, and so had a pretty good radar for pernicious criminal schemes—in this case, a Jamaican lottery scam.

Thomas’ persistent calls in 2014 to Webster and his wife, Lynda, followed the familiar arc of scams that target the elderly: The caller promises riches but requires some form of payment to move the process forward. The caller demands more and more, and then resorts to intimidation when the cooperation tapers off.

In the Websters’ case, the former judge was told he had to pay $50,000 to get his prize. When the money wasn’t forthcoming, the frequent calls escalated to scary threats, which led the couple to contact the FBI.

“I don’t know how the conversation turned sour,” said Webster, 95, director of the FBI for a decade beginning in 1978. “But it did. And at that point, he shifted gears. Instead of sweet talk, he began to threaten her.”

In one expletive-filled recorded message left on the Websters’ phone, Thomas threatened to kill them and burn down their house if he didn’t get what he wanted. “You live at a very lonely place,” he said. “And the moment you arrive, I’m gonna put a shot in your head.”

Special agents from the FBI’s Washington Field Office enlisted the Websters’ help in nabbing the caller by recording their phone conversations to build a case and develop a clear picture of the scheme. The legwork ultimately led to Thomas’ arrest in 2017 and his sentencing last month in federal court in Washington, D.C., to nearly six years in prison. It also revealed that Thomas and his relatives in Jamaica had successfully scammed others in the U.S. out of hundreds of thousands of dollars.

Read More

Director Discusses FBI Approach at Cybersecurity Conference

With cyber threats to the United States and across globe reaching unprecedented levels, the FBI uses a full spectrum of expertise, technology, and partnerships to root out cyber criminals, FBI Director Christopher Wray said at the annual RSA Conference in San Francisco yesterday.

“Today’s cyber threat is bigger than any one government agency—frankly, bigger than government itself,” Wray said in an on-stage interview at the cybersecurity conference. “But I think no agency brings the same combination of scope and scale, experience, tools, and relationships that the FBI has.”

From multinational cyber syndicates to foreign intelligence services, hacktivists, and insider threats, Wray explained that the FBI takes a multidisciplinary approach to combating threats. For example, the Bureau has an elite rapid deployment force and Cyber Action Teams that can respond to incidents anywhere in the world. In addition, the FBI has joined other federal, state, and local law enforcement agencies on Cyber Task Forces to coordinate responses. Specially trained cyber agents are also embedded in FBI legal attaché offices in more than 60 countries worldwide.

In addition to law enforcement partnerships, Wray also stressed the importance of public-private partnerships, so prevention and response can be swift and coordinated.

“The key is having the private sector start to form relationships with their local field office beforehand,” Wray said.

As the FBI continues to grow its partnerships, the FBI is also developing its workforce’s cyber expertise. Wray spoke about the FBI’s success in recruiting special agents and professional staff over the past year.

“We’re dealing with the most sophisticated, toughest cyber actors in the world, and if you want the ability to take on those people, to be on the front lines of that battle, dealing with incredibly cutting-edge technology … you would be in the right place,” Wray said of FBI cyber careers.

View Source