On Q Professional Investigations

The tech entrepreneur Ross McNutt wants to spend three years recording outdoor human movements in a major U.S. city, KMOX news radio reports.

If that sounds too dystopian to be real, you’re behind the times. McNutt, who runs Persistent Surveillance Systems, was inspired by his stint in the Air Force tracking Iraqi insurgents. He tested mass-surveillance technology over Compton, California, in 2012. In 2016, the company flew over Baltimore, feeding information to police for months (without telling city leaders or residents) while demonstrating how the technology works to the FBI and Secret Service.

The goal is noble: to reduce violent crime.

There’s really no telling whether surveillance of this sort has already been conducted over your community as private and government entities experiment with it. If I could afford the hardware, I could legally surveil all of Los Angeles just for kicks.

And now a billionaire donor wants to help Persistent Surveillance Systems to monitor the residents of an entire high-crime municipality for an extended period of time––McNutt told KMOX that it may be Baltimore, St. Louis, or Chicago.

McNutt’s technology is straightforward: A fixed-wing plane outfitted with high-resolution video cameras circles for hours on end, recording everything in large swaths of a city. One can later “rewind” the footage, zoom in anywhere, and see exactly where a person came from before or went after perpetrating a robbery or drive-by shooting … or visiting an AA meeting, a psychiatrist’s office, a gun store, an abortion provider, a battered-women’s shelter, or an HIV clinic. On the day of a protest, participants could be tracked back to their homes.

In the timely new book Eyes in the Sky: The Secret Rise of Gorgon Stare and How It Will Watch Us All, the author Arthur Holland Michel talks with people working on this category of technology and concludes, “Someday, most major developed cities in the world will live under the unblinking gaze of some form of wide-area surveillance.”

At first, he says, the sheer amount of data will make it impossible for humans in any city to examine everything that is captured on video. But efforts are under way to use machine learning and artificial intelligence to “understand” more. “If a camera that watches a whole city is smart enough to track and understand every target simultaneously,” he writes, “it really can be said to be all-seeing.”

Read More

Academics at Cardiff University have conducted the first independent academic evaluation of Automated Facial Recognition (AFR) technology across a variety of major policing operations.

The project by the Universities’ Police Science Institute evaluated South Wales Police’s deployment of Automated Facial Recognition across several major sporting and entertainment events in Cardiff city over more than a year, including the UEFA Champion’s League Final and the Autumn Rugby Internationals.

The study found that while AFR can enable police to identify persons of interest and suspects where they would probably not otherwise have been able to do so, considerable investment and changes to police operating procedures are required to generate consistent results.

Researchers employed a number of research methods to develop a rich picture and systematically evaluate the use of AFR by police across multiple operational settings. This is important as previous research on the use of AFR technologies has tended to be conducted in controlled conditions. Using it on the streets and to support ongoing criminal investigations introduces a range of factors impacting the effectiveness of AFR in supporting police work.

The technology works in two modes: Locate is the live, real-time application that scans faces within CCTV feeds in an area. It searches for possible matches against a pre-selected database of facial images of individuals deemed to be persons of interest by the police.

Identify, on the other hand, takes still images of unidentified persons (usually captured via CCTV or mobile phone camera) and compares these against the police custody database in an effort to generate investigative leads. Evidence from the research found that in 68 percent of submissions made by police officers in the Identify mode, the image was not of sufficient quality for the system to work.

Over the period of the evaluation, however, the accuracy of the technology improved significantly and police got better at using it. The Locate system was able to correctly identify a person of interest around 76 percent of the time. A total of 18 arrests were made in ‘live Locate deployments during the evaluation, and in excess of 100 people were charged following investigative searches during the first 8-9 months of the AFR Identify operation (end of July 2017-March 2018).

The report suggests that it is more helpful to think of AFR in policing as ‘Assisted Facial Recognition’ rather than a fully ‘Automated Facial Recognition’ system. ‘Automated’ implies that the identification process is conducted solely by an algorithm, when in fact, the system serves as a decision-support tool to assist human operators in making identifications. Ultimately, decisions about whether a person of interest and an image match are made by police operators. It is also deployed in uncontrolled environments, and so is impacted by external factors including lighting, weather and crowd flows.

“There is increasing public and political awareness of the pressures that the police are under to try and prevent and solve crime. Technologies such as Automated Facial Recognition are being proposed as having an important role to play in these efforts. What we have tried to do with this research is provide an evidence-based and balanced account of the benefits, costs and challenges associated with integrating AFR into day-to-day policing,” says Professor Martin Innes, director, Crime and Security Research Institute and Director, Universities’ Police Science Institute.

Read More

An older woman with United States citizenship attempted to cross the U.S.-Mexico border on Wednesday with 92 pounds of heroin in her car, according to U.S. Customs and Border Protection.

The 81-year-old woman attempted to enter the U.S. at the Tecate port of entry — located southeast of San Diego — with the drugs, which have an estimated street value of over $870,000, CBP reports.

The drugs were hidden inside a 2011 Chrysler 200 and were found by a K-9 team, according to a news release.

Cartels are known to manipulate people into carrying drugs over the border.

“CBP officers are aware of the many tactics used by the cartels and remain ever vigilant to stop anyone attempting to smuggle narcotics,” the release quotes Pete Flores, CBP director of field operations in San Diego.

One of those tactics: Drug cartels sometimes deceive elderly people into unknowingly carrying drugs across international borders, luring them with false promises and lies. The growing trend was documented in a 2016 New York Times report.

The woman was arrested and turned over to Homeland security officers. Her vehicle was seized, according to CBP.

View Source

In a small office in Ashburn, Va., ensconced among the government contractors that make up the Dulles Technology Corridor, a start-up called Babel Street is bringing government-style surveillance to an entirely new market.

The company’s Web crawlers, offered under a subscription called Babel X, trawl some 40 online sources, scooping up data from popular sites such as Instagram and a Korean social media platform as well as inside “dark Web” forums where cybercriminals lurk.

Police departments investigating a crime might use the service to scan posts linked to a certainneighborhood over a specified period of time. Stadium managers use it to hunt for security threats based on electronic chatter.

The Department of Homeland Security, county governments, law enforcement agencies and the FBI use it to keep tabs on dangerous individuals, even when they are communicating in one of more than 200 languages, including emoji.

The firm, staffed by former government intelligence veterans, is part of an insular but thriving cottage industry of data aggregators that operate outside of military and intelligence agencies. The 100-person company said it is profitable, something that is rare for a tech start-up in its third year. (It declined, though, to release financial details.) It recently took on $2.25 million from investors, bringing its total capital raised from investors to just over $5 million.

A U.S. subsidiary of the European software giant SAP is its largest institutional investor.

Businesses like Babel Street have to tread an ethical line to avoid igniting privacy concerns, even though the data they access is generally publicly available on the Internet. Groups such as the American Civil Liberties Union (ACLU) regard the industry’s growth as a worrying proliferation of online surveillance.

“These products can provide a very detailed picture of a person’s private life,” said Matt Cagle, an ACLU lawyer who studies the issue.

Last year, Chicago-based social media aggregator Geofeedia was thrust into the national spotlight when the ACLU published a report alleging it had helped police departments track racially charged protests in Baltimore and Ferguson, Mo.

Read More

“Violence against law enforcement and their families is a real concern in today’s environment. Every deputy at the Santa Rosa County Sheriff’s Office was given a free home surveillance system on Wednesday.

Sergeant Roman Jackson has been with the sheriff’s office in narcotics for many years. He has a wife and two kids at home. Due to his job, he has received threats against his family.

Sgt. Jackson said, “Just being targeted for what you do has become common in law enforcement. That’s scary, I’ve arrested people for dangerous drugs before.They’ve threatened to blow my house up, whether serious or not, we take them seriously.”

He said every time a deputy heads into work, it’s a real concern that they are leaving the ones they love most unprotected.

Sgt. Jackson said, “We work night shifts, we are away from our families a lot. We want added security for them when we are not there. We are the best protectors when we are home, but then we are out protecting everyone else.”

That’s why State Farm, along with Canary, gave all deputies at the Santa Rosa County Sheriff’s Office a free home surveillance system. State Farm Agent Mike Hill saw that State Farm was doing this in other communities and made it happen here.

Hill said, “You can watch what is going on in your home through your smartphone. There’s audio, video, measures temp, air quality, and see it real time through their phone.”

Sheriff Bob Johnson said it’s often hardest when deputies are working late hours and can’t get home quickly.

“If they work in Pace, live in Navarre, they can look on a smartphone and see what’s happening. It gives them peace of mind of what’s happening 20, 30 miles away,” said Johnson.”

Read More

“Editor’s Note: Welcome to my weekly column, Virtual Case Notes, in which I interview industry experts for their take on the latest cybersecurity situation. Each week I will take a look at a new case from the evolving realm of digital crime and digital forensics. For previous editions, please type “Virtual Case Notes” into the search bar at the top of the site.

Cybercrime if often thought of as something that only happens within the generalized, invisible space of the internet. It is seen as virtual rather than physical, and those who commit cybercrime are thought of as anonymous individuals whose activities are all within the confines of the web. Run an image search for “hacker” or “cybercriminal” and you will see plenty of pictures of people with their faces hidden by hoods or masks, sitting alone in a dark room in front of a computer. But what if, instead of a hooded loner, the universal image of cybercrime was that of a group of neighbors in an impoverished part of the world, gathered together at a local cafe?

The latter is a new picture of cybercrime that researchers Jonathan Lusthaus and Federico Varese hope to make more people aware of in their recent paper “Offline and Local: The Hidden Face of Cybercrime.” The co-authors, working on the Human Cybercriminal Project out of the sociology department of the University of Oxford, traveled to Romania in 2014 and 2015 to study the oft-ignored real-world aspect of cybercrime in an area known to be a hub for one specific form of this crime—cyber fraud.

“Hackerville”

The town of Râmnicu Vâlcea, which has a population of around 100,000, has faced some economic setbacks in the last decade, including the loss of a major employer, a chemical plant; in addition, the average monthly salary in Romania as a whole (in 2014) was only €398 compared to €1,489 across the European Union. However, upon arriving in town, Lusthaus and Varese found themselves surrounded by luxury cars, “trendy” eateries, and shopping malls stocked with designer clothes and electronics. Though Râmnicu Vâlcea is poor “on paper,” the town seemed to be thriving, and interviews with Romanian law enforcement agents, prosecutors, cybersecurity professionals, a journalist, a hacker, and a former cybercriminal would soon give the researchers a clue as to why that might be.

“It was rumored that some 1,000 people (in Râmnicu Vâlcea) are involved almost full-time in internet fraud,” Varese told me, explaining why the town sometimes nicknamed “Hackerville” became a key target of their research (although the authors point out, in their paper, that the more accurate term would be “Fraudville,” as scams are focused more on the sale of fake goods than hacking or the spread of malware).

Varese said major findings from their interviews in Râmnicu Vâlcea as well as the Romanian cities of Bucharest and Alexandria were that cybercriminals knew each other and interacted with each other at local meeting spots offline, such as bars and cafes; that they operated in an organized fashion with different people filling different roles; that many in the town were aware of the organized crime but either didn’t say anything or sought to become involved themselves; and that there have been several cases throughout the years of corrupt officials, including police officers, who accepted bribes from the fraudsters and allowed them to perpetuate their schemes without interference.

“These are almost gangs,” Varese said. “They are not the individual, lonely, geeky guy in his bedroom that does the activities, but it’s a more organized operation that involves some people with technical skills and some people who are just basically thugs.”

The paper describes a culture of local complacency, often under threat of violence by a network of seasoned cybercriminals. This picture is far from that of the anonymous, faceless hacker many have come to envision, and instead reveals how internet crime can become embedded in specific populations.

“Most people think of cybercrime as being a global, international sort of liquid problem that could be anywhere and could come at you from anywhere,” Varese said. “In fact, the attacks—the cybercrime attacks or the cyber fraud—really come from very few places disproportionately. So cybercrime is not randomly distributed in the world. It’s located in hubs.”

Cultural and Human Factors

I asked Varese two major questions—why Romania and why cybercrime, as opposed to other forms of profitable crime? He responded that a look at the country’s history reveals why, instead of weapons or drugs, criminals in Romania might turn instead to their computers.

“Romania is a very special place. Mainly because, during the dictatorship of Nicolae Ceaușescu—that was the communist dictator that ruled Romania from the 60s to the 90s—he emphasized the importance of technical education, and especially IT,” Varese explained. “There was a very good technical basis among people. When the internet arrived, a lot of Romanians built up their own micro-networks. And so it turns out that when the regime fell, Romania turned out to be a country which was very, very well-connected.”

The high level of technical education, combined with a high level of poverty and a high level of corruption—as shown in the paper, which points out that Romania’s score on Transparency International’s 2016 Corruption Perceptions Index is only 48 out of possible 100—created a perfect storm for a culture of cybercrime to grown, Varese said.

But Romania is not the only place where cybercrime is highly concentrated and where online activities are strongly tied to offline factors. Varese identifies Vietnam in Asia, Nigeria in Africa and Brazil in the Americas as three other cybercrime hubs. Varese and his coauthor also plan to take their future research to Eastern Europe, where “corruption and the technical and economic of legacy of communism” have created “a highly conducive environment for cybercrime,” their paper states.

Varese hopes this sociological research will help authorities recognize and manage the human element of cybercrime that is often ignored in the fight against online threats.”

Read More

“WHEN ALPHABAY, THE world’s largest dark web bazaar, went offline two weeks ago, it threw the darknet into chaos as its buyers and sellers scrambled to find new venues. What those dark web users didn’t—and couldn’t—know: That chaos was planned. Dutch authorities had already seized Hansa, another another major dark web market, the previous month.

For weeks, they operated it as usual, quietly logging the user names, passwords, and activities of its visitors–including a massive influx of Alphabay refugees.

On Thursday, Europol and the US Department of Justice jointly announced the fruits of the largest-ever sting operation against the dark web’s black markets, including the seizure of AlphaBay, a market Europol estimates generated more than a billion dollars in sales of drugs, stolen data, and other illegal goods over its three years online. While Alpabay’s closure had previously been reported as an FBI operation, the agency has now confirmed that takedown, while Europol also revealed details of its tightly coordinated Hansa takeover.

With Hansa also shuttered as of Thursday, the dark web looks substantially diminished from just a few short weeks ago—and its denizens shaken by law enforcement’s deep intrusion into their underground economy.

“This is likely one of the most important criminal cases of the year,” attorney general Jeff Sessions said in a press conference Thursday morning. “Make no mistake, the forces of law and justice face a new challenge from the criminals and transnational criminal organizations who think they can commit their crimes with impunity by ‘going dark.’ This case, pursued by dedicated agents and prosecutors, says you are not safe. You cannot hide. We will find you, dismantle your organization and network. And we will prosecute you.”

The Sting

So far, neither Europol nor the Department of Justice has named any of the administrators, sellers, or customers from either Hansa or AlphaBay that they plan to indict. The FBI and DEA had sought the extradition from Thailand of one AlphaBay administrator, Canadian Alexandre Cazes after identifying him in an operation they called Bayonet. But Cazes was found hanged in a Bangkok jail cell last week in an apparent suicide.

Still, expect plenty of prosecutions to emerge from the double-takedown of Hansa and AlphaBay, given the amount of information Dutch police could have swept up in the period after Alphabay’s closure.

“They flocked to Hansa in their droves,” said Interpol director Rob Wainwright. “We recorded an eight-times increase in the number of new users on Hansa immediately following the takedown of Alphabay.” The influx was so large, in fact, that Hansa put up a notice just last week that it was no longer accepting new registrations, a mysterious development given that Dutch police controlled it at the time.

That surveillance means that law enforcement likely now has identifying details on an untold number of dark web sellers—and particularly buyers. Europol claims that it gathered 10,000 postal addresses of Hansa customers, and tens of thousands of their messages, from the operation, at least some of which were likely AlphaBay customers who had migrated to the site in recent weeks.

Though customers on dark web sites are advised to encrypt their addresses so that only the seller of the purchased contraband can read it, many don’t, creating a short trail of breadcrumbs to their homes for law enforcement when they seize the sites’ servers.”

Read More

Vehicular surveillance and foot surveillance each have their challenges, but they share a common objective: to be invisible by hiding in plain sight. I’ve done plenty of both and tend to enjoy foot surveillance the most—mainly because I like the freedom of not being confined to a car.

The success of any surveillance operation relies heavily on preparation. And a good surveillance operative should be ready to go from mobile vehicular to foot surveillance at a moment’s notice. You might be riding along with another investigator as a passenger, ready to jump out and follow on foot. Or you might be following a subject by public transport—which means that surveillance on foot is your only option.

If you suspect that you’ll be on foot for all or part of the job, plan accordingly. Choose clothing that blends well into the places you’re likely to go (and is weather-appropriate), carry lightweight recording equipment that won’t attract attention (including your smartphone), and review the local transport system thoroughly.

Once you arrive at the initial assignment location, canvass the area for surveillance cameras, security guards, or anyone who might notice your activities (such as a doorman). Check for all possible exits from the location under surveillance, and choose the best possible observation post.

From there, don’t just watch the exit(s); keep assessing the whole area, and planning how you might follow your subject(s) once they appear. Is the area busy enough with foot traffic for you to follow closely on the same side of the street, or should you stay further back, or even cross the street to follow? You may be in a busy area, but if there aren’t many pedestrians, you’ll have to maintain your distance. You don’t want be too close, as illustrated in figure 1, without any cover.

Read More

“One of the most important aspects of the recent cybersecurity executive order is also the aspect causing the most confusion.

When President Donald Trump signed the executive order in May, it included the requirement federal agencies use the NIST Cybersecurity Framework to manage their cybersecurity risk. However, some have confused the NIST CSF with the NIST Risk Management Framework, which all federal agencies have been required to follow since its 2010 introduction.

To put it succinctly, they are two different frameworks. As industry and government work together to execute this order, it is very important for everyone to fully understand the two frameworks, and how they differ.

NIST CSF Overview

The NIST CSF was released in February 2014 in response to a 2013 executive order that called for a voluntary framework of industry standards and best practices to help organizations manage cybersecurity risk.

The CSF was created as a result of collaboration between government and the private sector. It “uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.”

The heart of the NIST CSF is the Framework Core, which consists of five functions: identify, protect, detect, respond and recover. The functions and their components aren’t a checklist of actions to be performed in order. Rather, they are concurrent and continuous activities that “provide a high-level, strategic view of the life cycle of an organization’s management of cybersecurity risk.”

Read More

“It was still dark outside when the first undercover operative arrived at the Palace Hotel in San Francisco. A thick layer of fog swirled through the streets as the operative made his way into the lobby. He sat down to wait for his partner, and for the man who had hired them for the job. The hotel was to be the site of a large tech conference that day, and the two operatives had to be in position fast. Conference attendees would soon be streaming in for registration, and before long, the guest speakers would begin to arrive—including one specific Silicon Valley billionaire they would be watching for.

As the hubbub in the lobby built to a crescendo, the operatives slid into the background. It was imperative for their mission that no one knew who they were or what they were doing there.

While this might sound like a nefarious plot in some Hollywood movie, this was actually a covert protective operation, and part of a whole undercover world that very few people know exists—an invisible world I call the “surveillance zone.”

Introducing the “Surveillance Zone”

Let me offer you a peek behind the curtain—and into the “zone.” That first undercover operative mentioned above? That was actually me, and the man who had hired us was the senior security director for a well-known Silicon Valley corporation. We’d been hired to covertly protect the billionaire founder and CEO, whose company—despite some dramatic downswings and falling stock prices—was about to unveil a new venture. The mix of angry stockholders, excited techies, and nervous investors had company execs feeling skittish and us on our guard, and made for a tricky and interesting assignment.

On top of all that, the CEO had been receiving increasingly violent threats from a dedicated stalker who had demonstrated the will and ability to take things to the next level. Having surveilled the CEO’s home and workplace, and even physically confronted the CEO, there was ample reason to take the stalker’s intentions seriously.

When the threat to harm the CEO at the convention had come in (just a day before the event), the company decided to take action. At ten pm, I received a call from the security director, requesting our presence at the hotel at six am the following morning.”

Read More