A Look at Romanian ‘Hackerville’ Reveals Human Element of Cybercrime

“Editor’s Note: Welcome to my weekly column, Virtual Case Notes, in which I interview industry experts for their take on the latest cybersecurity situation. Each week I will take a look at a new case from the evolving realm of digital crime and digital forensics. For previous editions, please type “Virtual Case Notes” into the search bar at the top of the site.

Cybercrime if often thought of as something that only happens within the generalized, invisible space of the internet. It is seen as virtual rather than physical, and those who commit cybercrime are thought of as anonymous individuals whose activities are all within the confines of the web. Run an image search for “hacker” or “cybercriminal” and you will see plenty of pictures of people with their faces hidden by hoods or masks, sitting alone in a dark room in front of a computer. But what if, instead of a hooded loner, the universal image of cybercrime was that of a group of neighbors in an impoverished part of the world, gathered together at a local cafe?

The latter is a new picture of cybercrime that researchers Jonathan Lusthaus and Federico Varese hope to make more people aware of in their recent paper “Offline and Local: The Hidden Face of Cybercrime.” The co-authors, working on the Human Cybercriminal Project out of the sociology department of the University of Oxford, traveled to Romania in 2014 and 2015 to study the oft-ignored real-world aspect of cybercrime in an area known to be a hub for one specific form of this crime—cyber fraud.

“Hackerville”

The town of Râmnicu Vâlcea, which has a population of around 100,000, has faced some economic setbacks in the last decade, including the loss of a major employer, a chemical plant; in addition, the average monthly salary in Romania as a whole (in 2014) was only €398 compared to €1,489 across the European Union. However, upon arriving in town, Lusthaus and Varese found themselves surrounded by luxury cars, “trendy” eateries, and shopping malls stocked with designer clothes and electronics. Though Râmnicu Vâlcea is poor “on paper,” the town seemed to be thriving, and interviews with Romanian law enforcement agents, prosecutors, cybersecurity professionals, a journalist, a hacker, and a former cybercriminal would soon give the researchers a clue as to why that might be.

“It was rumored that some 1,000 people (in Râmnicu Vâlcea) are involved almost full-time in internet fraud,” Varese told me, explaining why the town sometimes nicknamed “Hackerville” became a key target of their research (although the authors point out, in their paper, that the more accurate term would be “Fraudville,” as scams are focused more on the sale of fake goods than hacking or the spread of malware).

Varese said major findings from their interviews in Râmnicu Vâlcea as well as the Romanian cities of Bucharest and Alexandria were that cybercriminals knew each other and interacted with each other at local meeting spots offline, such as bars and cafes; that they operated in an organized fashion with different people filling different roles; that many in the town were aware of the organized crime but either didn’t say anything or sought to become involved themselves; and that there have been several cases throughout the years of corrupt officials, including police officers, who accepted bribes from the fraudsters and allowed them to perpetuate their schemes without interference.

“These are almost gangs,” Varese said. “They are not the individual, lonely, geeky guy in his bedroom that does the activities, but it’s a more organized operation that involves some people with technical skills and some people who are just basically thugs.”

The paper describes a culture of local complacency, often under threat of violence by a network of seasoned cybercriminals. This picture is far from that of the anonymous, faceless hacker many have come to envision, and instead reveals how internet crime can become embedded in specific populations.

“Most people think of cybercrime as being a global, international sort of liquid problem that could be anywhere and could come at you from anywhere,” Varese said. “In fact, the attacks—the cybercrime attacks or the cyber fraud—really come from very few places disproportionately. So cybercrime is not randomly distributed in the world. It’s located in hubs.”

Cultural and Human Factors

I asked Varese two major questions—why Romania and why cybercrime, as opposed to other forms of profitable crime? He responded that a look at the country’s history reveals why, instead of weapons or drugs, criminals in Romania might turn instead to their computers.

“Romania is a very special place. Mainly because, during the dictatorship of Nicolae Ceaușescu—that was the communist dictator that ruled Romania from the 60s to the 90s—he emphasized the importance of technical education, and especially IT,” Varese explained. “There was a very good technical basis among people. When the internet arrived, a lot of Romanians built up their own micro-networks. And so it turns out that when the regime fell, Romania turned out to be a country which was very, very well-connected.”

The high level of technical education, combined with a high level of poverty and a high level of corruption—as shown in the paper, which points out that Romania’s score on Transparency International’s 2016 Corruption Perceptions Index is only 48 out of possible 100—created a perfect storm for a culture of cybercrime to grown, Varese said.

But Romania is not the only place where cybercrime is highly concentrated and where online activities are strongly tied to offline factors. Varese identifies Vietnam in Asia, Nigeria in Africa and Brazil in the Americas as three other cybercrime hubs. Varese and his coauthor also plan to take their future research to Eastern Europe, where “corruption and the technical and economic of legacy of communism” have created “a highly conducive environment for cybercrime,” their paper states.

Varese hopes this sociological research will help authorities recognize and manage the human element of cybercrime that is often ignored in the fight against online threats.”

Read More

Public Safety Academy At School Aims To Prepare Students For Careers

“Is high school too early to figure out what career path to follow?

The Olathe School District doesn’t think so.

When the new Olathe West High School opens for all students on Thursday, the district will have a total of 17 specialty academies in its five high schools.

For as long as most people can remember, the main mission of Johnson County schools has been preparing kids for college.

“I think we’ve done, for years, a really good job of helping kids be college-ready, but the career piece is something that kind of went in a different direction,” says Jay Novacek, principal of the new high school.

The Kansas State Department of Education wants to refocus districts so students are ready for college or a career when they graduate.

So Olathe West will offer courses for kids who are looking for a first-responder career.

“Not every kid has to go to college to be successful,” Novacek says. “There are a lot of awesome professions, public safety included, whether I’m a police officer or firefighter, an EMT person, that are going to give kids a great opportunities and a long career.”

Jeff Van Dyke, who was a Wichita cop for eight years, runs the public safety program and most recently taught middle-school physical education. He says there is a lot of practical experience students can get in the large space that houses the public safety program.

“We can use it for all kinds of real world-type learning situations such as setting up a crime scene, having the kids come in and process the crime scene in here,” Van Dyke says.

The Public Safety space is tucked into the side of the $82 million dollar building. Students pass a girder from the World Trade Center as they enter.

It’s a reminder, says Olathe Fire Chief Jeff DeGraffenreid, of the kind of people police and fire departments around here want to hire.

“A strong moral compass and a willingness to assist their fellow man is really what we’re looking at. Helping these students see the value of that, and hopefully someday we’ll be able to hire a great student from here,” he says.

An Olathe fire captain will teach the firefighting classes in the academy.

Olathe West is certainly not the first high school in the country to offer courses in public safety. But it’s one of the few that’s fully integrated with the rest of its academic courses, DeGraffenreid says.

Students, he says, will get a quality Olathe School District education and, after passing the state firefighting test, be ready to work.

“They’re great at math. They’re great at science. They’re great at writing. But they’re also fully prepared to work on a fire truck soon after graduation,” he says.

In addition to the public service academy at Olathe West, the district has also created a new, green technology academy at the school. It’s the 17th such academy the district has added since 2003.

Most of them, like the engineering or business academies, are geared toward college-bound students.

The crucial thing, says Deputy Superintendent Allison Banikowski, is finding the student’s passion and finding it early.
“And making sure, then, all the content and course work is geared toward that passion,” he says.

The Public Safety program is an acknowledgment, the district says, that it plays a significant role in getting kids ready to work in the community.”

View Source

HACKERS SPY ON HOTEL GUESTS AND TARGET NORTH KOREAN ORGANIZATIONS

“A security firm linked a recent wave of hacked hotel Wi-Fi networks to one of the groups suspected of breaching the Democratic National Committee during the 2016 presidential election, according to Wired.

The group, known as Fancy Bear or APT28, used tools allegedly stolen from the National Security Agency to conduct widespread surveillance on higher-end hotels that were likely to attract corporate or other high-value targets, the cybersecurity firm FireEye reported. FireEye has “moderate confidence” Fancy Bear was behind such a surveillance campaign in 2016, and others in recent months at hotels in Europe and one Middle Eastern capital. The campaign’s target, however, is unclear.

FireEye said the hackers used phishing emails to spread attachments infected with the alleged NSA exploit Eternal Blue. They eventually worked their way to corporate and guest Wi-Fi networks, where they could intercept guest information and collect credentials.

The Wired article suggested travelers should bring their own hotspots and avoid connecting to hotel networks.

Security Researchers: North Korea Hit with Malware Campaign

An unknown group has targeted North Korean organizations with malware that would allow repeated access to systems.

Security researchers say the latest campaign—after a July 3 intercontinental ballistic missile test—is at least the fifth attack in three years, Dark Reading reported. That campaign used a copy-pasted news article about the missile launch to trick recipients into launching the malware, the security firm Talos reported.

At first, the Konni malware used in the campaign only gathered information, but it later evolved to include the ability to remotely take control of some seized accounts, according to Talos and another security firm Cylance. The malware is capable of logging keystrokes, capturing screens and uses advanced techniques to avoid detection, the firms reported.

“The motivation behind these campaigns is uncertain, however it does appear to be geared towards espionage against targets who would be interested in North Korean affairs,” Cylance researchers said.”

View Source

Security officer helps recover 13 year old girl missing for a year

“A 13-year-old girl who has been missing for a year was found in Ohio, according to police.

Aireona Smith was reported as a runaway to the Flint Township Police Department on Aug. 1, 2016, according to a statement from police.

Police asked the public’s help in locating the missing girl and while numerous tips flooded in, investigators were not able to find the girl.

On Thursday, Aug. 3, Smith walked into a public library in Toledo, Ohio, according to police.

A security guard recognized the girl from a missing person’s poster and called 911, police said.

Responding officers confirmed the girl’s identity and notified Flint Township police.

Police said the girl ran away on her own, was not being held against her will and was in good health.

Smith was brought back to Flint on Monday, Aug. 7, and will now receive assistance from the Michigan Department of Health and Human Services, the statement said.”

View Source

Security officer finds woman critically injured in hit and run crash

“Philadelphia Police have released the identity of the woman who was struck and killed in a Center City hit-and-run early Sunday morning.

As officials continue to search for the driver of a newer model white Jeep Wrangler Rubicon with a white top and front-end damage, last seen traveling eastbound on Race Street.

Police say the victim 53 year-old Ann Broderick, from the Kensington section of Philadelphia was hit about 3:15 a.m. Sunday near Broad and Race Streets.

She was pronounced dead at Hahnemann University Hospital around 3:45 a.m.

Broderick is believed to be homeless and was reportedly sleeping nearby when she got up to cross the street and to use the restroom.

That’s when police say the car struck her.

Police say there were no witnesses and that it was a security guard patrolling the area that found her with trauma to her skull on the street and notified police.

“Ann was vibrant, a beautiful soul even though her situation was her situation,” said Abby Anderson, who volunteers with the homeless and says she met Broderick six months ago. “She was a human being. It broke my heart that had happened to her. She was family. I thank God I had the opportunity to give her a hug on Saturday.”

There is no description of the driver at this time, but police say surveillance images in the area captured a newer model white four-door Jeep Wrangler Rubicon with a white top, large tires and a spare tire attached to the back of the vehicle.

Investigators say the vehicle should have front end damage.

Anyone with information is asked to call police at 215-686-TIPS.”

View Source

Sanford security company develops alarm system to prevent thefts

SEMINOLE COUNTY, Fla. July 29 2017- A Sanford security company said it has come up with a solution to stop thieves from trying to rip people off at the gas station with skimmers, devices used to steal credit and debit card numbers.

Chris Gilpin with SignalVault told Channel 9 anchor Jamie Holmes that he’s developed a device that will sound an alarm if a gas pump is opened.

The alarm alerts gas station owners when someone opens the door on a gas pump to install a skimmer device.

The system also sends out an alert through an app to let the gas station owner know that a particular pump has been compromised.

“The pump can be inspected immediately afterwards and the skimmer can be removed from the gas pump before any credit or debit card numbers are stolen,” Gilpin said.

State investigators announced Wednesday that they’ve seen an increase in the number of skimmers found at gas pumps. Nearly 300 devices have been found in Florida this year, but that number is deceiving, investigators said.

“That doesn’t really cover the scope of how bad it actually is because the gas pumps are only inspected every 12 – 16 months, so there are hundreds more skimmers,” Gilpin said.

Gilpin said the bigger problem is the law. Florida only requires gas station owners to put red tape around the pump access panel and the tape is hardly a real deterrent for a thief.

Gilpin said his device constantly monitors skimming activity and although he’s still in the testing phase, he hopes the state eventually does more to really pump the brakes on this crime.

“We can’t stop these criminals from installing gas station skimmers. However, we can stop those skimmers from stealing credit and debit card numbers,” Gilpin said.

Gilpin will meet with state agriculture officials in a couple of weeks to show off his product.

He’s been on the ABC show “Shark Tank,” and has a similar consumer protection product used by a 500,000 people worldwide.

View Source

Missing Florida woman found after she bottled her scent

“A woman with dementia who went missing in Florida was found by a police dog in a matter of minutes, having bottled her scent in advance.

Citrus County Sheriff’s Office said the anonymous woman had used a specialist scent preservation kit.

It can hold a person’s scent for up to seven years.

In a Facebook post police said she stored the scent two-and-a-half years ago, and a picture of the jar showed it was dated January 2015.

Scent preservation kits involve rubbing a pad on a person’s underarm, then sealing it in a sterile jar so police dogs have a reliable scent to smell before looking for a missing person.

Manufacturers say they work better and more quickly than articles of clothing, because they are not contaminated by other people’s smells or smells from the environment.

Dogs have a stronger sense of smell than humans and working police dogs are trained to sniff out drugs, people and in some cases corpses.

Some police forces around the world, including in China and Germany, have held scent samples from criminal suspects and crime scenes to help in their investigations.

But there are concerns over a high failure rate; in 2006 it was found that only a quarter of people indicated by dogs in New South Wales, Australia, turned out to be carrying drugs when they were searched.

In this case, though, the missing person was found and the dog earned a celebratory ice cream.”

Read Source

Becoming an Agent Part 2: Inside The Classroom

“Just beside Hogan’s Alley, the mock town and training facility at the FBI Academy in Quantico, Virginia, there’s a cluster of modern two-story buildings with several classrooms. Inside one of the classrooms, new agent trainees are forming their squads for the morning when they receive word that an “explosion” has occurred in a nearby city.

Over the previous few weeks, the squad has been using the skills they’ve learned to investigate a simulated hotel bombing and track down the criminals responsible for the attack. With this new report, trainees suspect that the events could be linked to terrorist activity. But before they can identify subjects, the squad needs to gather intelligence, conduct interviews, and dig up more clues.

The agents’ partners in this effort are new FBI intelligence analysts who are training right alongside them. Analysts—the men and women who help gather, share, and make sense of information and intelligence from all corners of the globe—have never been more vital to the Bureau’s mission in this post-9/11 world. By integrating their training, the FBI is replicating what agents and analysts will experience in their coming cases and ensuring that seamless collaboration is part of their DNA from day one.

“Agent and analyst trainees need to understand each other’s respective job roles and how that plays out in the real world,” says Carrie Richardson-Zadra, a supervisory special agent with the FBI’s Investigative and Intelligence Training Unit. “That’s why we have them work together from the moment they arrive at the academy.”

Later in the exercise, trainees begin questioning the wife of a suspected extremist (played by a local actor). She’s reluctant to talk at first, but by using their newly learned interviewing tactics based on building rapport, the new agents are slowly able to obtain the information they need to stop a potential terrorist attack. If it weren’t for the insight provided by the intelligence analysts in their squad, the trainees wouldn’t have been so successful.

While trainees are integrated both inside and outside the classroom, specialized courses are provided to students based on what their roles will be in the field. For new agent trainees, the academic side of the training is demanding and includes a broad range of subjects that ground them in the fundamentals of law, ethics (see sidebar), behavioral science, interviewing and report writing, basic and advanced investigative and intelligence techniques, interrogation, and evidence collection.

Agent trainees also receive more than 90 hours of instruction and practical exercises focused on tactics, operations planning, cooperating witnesses and informants, physical and electronic surveillance, undercover operations, and intelligence.

The rigorous academics are vital to the future success of agent trainees. They will need to learn the basics of federal law, the U.S. Constitution, and the legal process. If agents don’t understand all of the details governing searches, questions could be raised during trial about the credibility of recovered evidence.

The intelligence analysts will ultimately graduate before the agents after 12 weeks at Quantico. At that point, new agent trainees begin their tactical training and set their sights on the crooked criminals and gangs waiting for them in Hogan’s Alley.”

Read More

Texas churches allowed to hire in-house security staff

“Security at Texas churches is about to get a big boost. In September, churches will be able to arm members of their own congregation, rather than hire private security firms under SB 2065.

Security at churches has been top of mind after horrific scenes like the 1999 tragedy at Wedgewood Baptist in Fort Worth and more recently in Charleston, South Carolina.

“You can’t just tell everybody bring your guns to church and here we go, it needs to be people who are legally allowed to carry,” said retired Hurst Police Officer and church security expert of Sheepdog Seminars,

Jimmy Meeks. He believes the new law will soon give churches more choices for security.

Under current legislation, in order for churches to have armed security they must hire a private licensed company or officer. The new bill will allow congregations to make up their own security teams with members who are legally allowed to carry a gun on a volunteer basis only, but that person cannot wear a uniform or badge portraying themselves as “security.”

It’s a bill that has been the subject an ongoing discussion in Austin.

“The waters are no longer muddy as of September 1st. They’re more clear now and you just realize.. hey we can protect our own flock without employing an outside service,” said Meeks.

State Representative Matt Rinaldi released a statement to NBC 5 that read in part: “The passage of SB 2065 ensures that churches are empowered to make their own decisions about how they want to implement their security policies without jumping through unnecessary training and licensure hoops.”

View Source

San Antonio Security Officer discovers human trafficking-aids victims

“Police now say that is was a Walmart security guard in a southwest section of the city that made the discovery of human trafficking after a tipster identified a tractor-trailer in the parking lot that was apparently full of migrants, said Joe Arrington, a spokesman for the San Antonio Fire Department.

The tipster, who was not identified, had been in the truck and approached the security guard to ask for water, San Antonio Police Chief William McManus later told reporters.

The security guard found the dead and sick when he searched the back of the truck, Arrington said.

A total of 39 people were inside, the U.S. attorney’s office said Sunday afternoon.

Officials reported earlier that 38 people were found in the trailer, but they said later that they had found an additional person in a wooded area nearby.

“The truck was loaded with people,” Fire Chief Charles Hood told reporters.

Eight people were initially found dead in the tractor-trailer, and an additional victim died at a hospital, a spokeswoman for Immigration and Customs Enforcement told NBC News.

All of the dead are adult men, the U.S. attorney’s office said, and 30 others were being treated at hospitals.

ICE had said earlier that two people died at hospitals, but it later revised the number, citing miscommunication with hospital officials.

A Florida truck driver was in custody Sunday after nine people were found dead in the back of a cramped, overheated 18-wheeler in San Antonio, Texas.

More than a dozen other people — whom authorities described as victims of a “horrific” human smuggling operation — suffered life-threatening injuries.

In a statement, the U.S. attorney’s office for western Texas said the driver, James Mathew Bradley Jr., 60, of Clearwater, Fla., was in custody pending criminal charges. A complaint will likely be filed Monday morning, the statement said.

Some inside the semi ran into nearby woods, triggering a search by helicopter and on foot, McManus said, adding that police would look for the missing again in the morning.

“We’re looking at a human trafficking crime here this evening,” he said, describing it as a “horrific tragedy.” He added that the Department of Homeland Security was working with local police.
After the victims are treated, they will be investigated by ICE, McManus said.

First responders raced to the scene shortly after 12:30 a.m. (1:30 a.m. ET), officials said. Hood said that the people in the truck were “very hot to the touch” and that there were no signs of water inside. The air conditioning was not working, he said.

“Our paramedics and firefighters found that each one of them had heart rates over about 130 beats per minute,” he said. “You’re looking at a lot of heat stroke, a lot of dehydration.”

San Antonio police said in a statement later Sunday that all of the dead were believed to have succumbed to heat exposure and asphyxiation. Official causes of death will be determined by the

Bexar County medical examiner.

Police added that they do not yet know the exact country of origin, destination or demographics of the dead and injured, although Mexico’s consul general, Rayna Torres, confirmed Sunday that

Mexican nationals were among them.

Citing the U.S. law enforcement investigation, Torres said she did not want to provide specifics, but she said that some were minors. Some could not speak, she added, because they are in grave condition.

Police said that the two youngest known victims, both of whom survived, were 15 years old.

Had it not been for the quick response by the security guard there would probably have been many other deaths said police.

The National Weather Service said the temperature in San Antonio hit 101 degrees on Saturday and didn’t dip below 90 degrees until after 10 p.m., according to The Associated Press.

Closed-circuit TV images from before emergency services arrived showed several cars turn up to pick up many of those who had survived the journey inside the truck, McManus said.

The driver and anyone else involved in the incident will face state and federal charges, McManus said.

“This is not an isolated incident,” he said, as he urged anyone who sees anything similar to call 911. “Fortunately, we came across this one. Fortunately, there are people who survived. But this happens all the time.”

Acting ICE Director Thomas Homan said in a statement Sunday that smuggling networks “have repeatedly shown a reckless disregard for those they smuggle, as last night’s case demonstrates.”

“By any standard, the horrific crime uncovered last night ranks as a stark reminder of why human smuggling networks must be pursued, caught and punished,” he said.

Rep. Joaquin Castro, D-Texas, said the deaths were “tragic and avoidable.”

Texas Gov. Greg Abbott said in a statement that Texas is “working to eradicate” traffickers, while Jonathan Ryan, executive director of the Refugee and Immigrant Center for Education and Legal Services, said the political environment was partly to blame.

“You can draw a direct line between the hostile policies and rhetoric against immigrants that are happening nationally, and here in our state, to events like what happened today,” Ryan said.

“You can change laws. You can change policies,” he said. “But you cannot change the fact that people fleeing violence, people seeking to save and protect their families, are going to do whatever they can to flee that danger and find safety.”

View Source