Drone pilot arrested after multiple NFL stadium incidents

A California man was arrested Sunday for flying a drone over two NFL stadiums and attempting to drop anti-media pamphlets into the crowd.

Tracy Mapes, a 55-year-old Sacramento resident, was cited and released by Santa Clara police for flying the drone in violation of a local municipal code, department spokesperson Dan Moreno told USA TODAY Sports on Monday.

The drone appeared at Levi’s Stadium during the second quarter of the San Francisco 49ers’ 24-13 loss to the Seattle Seahawks and was later seen over Oakland Coliseum, where the Oakland Raiders were playing the Denver Broncos.

Moreno said the message on the leaflets was “anti-local news media, and TV news stations specifically.” The charge was a misdemeanor, he said.

There is also an ongoing federal investigation and Mapes may face additional charges, according to Moreno, because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi’s Stadium and Oakland Coliseum are within that range.

The San Francisco Chronicle added that the drone was a relatively ineffective messenger because “most of the drone-dropped leaflets were carried away by the win.

View Source

30 tickets issued daily through RPS bus camera system

RICHMOND, Va. (WRIC) — 8News investigates to see how Richmond Public Schools bus camera system is keeping students safe.

RPS is the only district in Central Virginia that has installed a stop-arm camera system on their school buses. The second district in the state.

The camera system is designed to catch reckless drivers illegally passing school buses.

“We’re averaging 30 violations a day,” Interim Superintendent Tommy Kranz says, “So that indicates to me that yes, it is working.”

100 school buses are equipped with a total of 13 cameras, nine on the outside and four on the inside.

From the first day of Fall to October 24, 1,021 citations were issued to drivers who illegally pass a school bus when the stop-arm is out or red lights are flashing.

8News obtained video through Richmond Public Schools in which cameras caught drivers nearly hitting students when the school bus was stopped.

Michelle Kitts is a RPS parent and admits she even goes a different route in the mornings to avoid the bus stops.

“If they have kids they know how it feels to see somebody speed passed the buses when there are kids,” Kitts says, “even at the stop with no buses around so everyone should slow down and take it easy.”

Kevin Hunter, another RPS parent says he wasn’t surprised by the number of tickets that were issued in the first seven weeks this Fall. He says he believes drivers need to put down their cell phones and pay more attention to the road before a child is hurt.

“As a foster dad I don’t want to see any of my kids go you know shot across the street then you got some driver coming and don’t pay attention,” Hunter said.

In a press release sent to 8News this summer, Richmond Public Schools said they wanted to have all school buses equipped with the camera system by the start of the semester. However, the company that installs the camera paid to install cameras on the first 50 buses and have been working in phases to install the rest. This revenue is generated from the citations that are issued.

Read More

‘Hacker-for-hire’ cases going federal in Minnesota

“In the first Minnesota case to address a new and growing form of cybercrime, federal prosecutors have charged a former state resident with employing “hackers-for-hire” to sabotage the website of a local business.

The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.

Prosecutors say John Kelsey Gammell, 46, paid hacking services to inflict a year’s worth of “distributed denial of service” (DDoS) attacks to bring down websites affiliated with Washburn Computer Group, a Monticello business where he used to work.

DDoS attacks overwhelm a network with data, blocking access for legitimate users and even knocking web services offline. Washburn, a point-of-sale system repair company, told prosecutors that Gammell’s attacks cost it about $15,000.

Authorities say Gammell didn’t stop there: He is accused of paying $19.99 to $199.99 in monthly payments to try to bring down web networks that included those of the Minnesota Judicial Branch, Hennepin County and several banks.

“As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Acting U.S. Attorney Gregory Brooker in Minneapolis said, speaking generally about the new forms of crime.

The FBI’s Internet Crime Complaint Center reported more than $11 million in losses to victims of DDoS attacks last year.

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS,” said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis.

Devices such as digital video recorders and home appliances recently have been marshaled by cyber criminals to carry out massive operations like last year’s flooding of a prominent web infrastructure company that affected sites like Amazon and Netflix. In a separate attack, in June 2016, the Minnesota Judicial Branch’s website went down for 10 days, alarming local officials because so many government services have at least some nexus to the web.

“A lot of people think it’s just a nuisance,” said Chris Buse, Minnesota’s chief information security officer. “But it’s not. If you look at what government does — basic critical services — if those services don’t continue, people can literally die.”

Minnesota IT Services, which administers the state’s computer systems, said state networks field an average of more than 3 million attempted cyberattacks daily. Officials say the state still hasn’t experienced a major attack on par with a 2012 South Carolina breach that exposed personal data for 3.7 million residents and cost the state $20 million.

But with hackers able to take over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse said.

‘We will do much business’

The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.

One of his preferred hacking-for-hire services was called vDOS, which was shuttered last year after the arrests of two alleged operators in Israel. The FBI obtained files from vDOS that included records of Gammell’s purchases, attacks and communications with vDOS administrators and customers.

One day in 2015, according to a criminal complaint, Gammell eagerly wrote the company boasting of his success in blowing past a “DDoS mitigation” program to kick an unnamed network offline for at least two days. “We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell sought out seven sites offering DDoS-for-hire services and paid monthly fees to three to carry out web attacks from July 2015 to September 2016.

Charges are also expected out of Colorado and New Mexico for firearms offenses stemming from searches in the case.

Appearing in a Minneapolis courtroom last week, Gammell confirmed that he rejected a plea offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. A federal magistrate is reviewing motions filed by Gammell’s attorney, Rachel Paulose, to dismiss the case or suppress evidence.

On Monday, Paulose told U.S. Magistrate Judge David Schultz that evidence the FBI obtained from an unnamed researcher should be thrown out and suggested the data could itself have been retrieved by hacking.

Paulose, who did not respond to messages seeking comment for this story, also argued in pretrial motions that Gammell didn’t personally attack Washburn.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Addressing Schultz last week, Paulose described the attacks on Washburn as “essentially a prank on a dormant site not doing business.”

“Even if Mr. Gammell thinks it’s a prank,” Assistant U.S. Attorney Timothy Rank replied, “it’s a criminal prank.”

View Source

TSA Pre ✓® expands to include 5 additional airlines

WASHINGTON — The Transportation Security Administration today announced the expansion of its TSA Pre✓® expedited screening program to five additional domestic and international carriers. Now in operation, the five new partnering airlines are All Nippon Airways, Cathay Pacific Airways, Contour Aviation, Finnair and Korean Air. Today’s announcement brings the number of airlines participating in TSA Pre✓® to 42 domestic and international carriers.

TSA Pre✓® is an expedited screening program that enables low-risk travelers to enjoy a smart and efficient screening experience at 200 U.S. airports. For TSA Pre✓® travelers, there is no need to remove shoes, laptops, 3-1-1 liquids, belts or light jackets.

TSA Pre✓® is available when departing from a U.S. airport to a foreign country, and for domestic, connecting flights after returning to the U.S. Travelers who are U.S. citizens, U.S. nationals and lawful permanent residents of the U.S. can apply for TSA Pre✓® for a cost of $85 for five years, or $17 per year through the TSA Pre✓® application program. Once approved, travelers will receive a “Known Traveler Number” and will have the opportunity to utilize TSA Pre✓® lanes at select security checkpoints when traveling on any of the 42 participating airlines.

Other passengers who are eligible for TSA Pre✓® include: U.S. Customs and Border Protection’s Trusted Traveler programs, Global Entry, NEXUS, and SENTRI. TSA Pre✓® is also available for U.S. Armed Forces service members, including those serving in the U.S. Coast Guard, Reserves and National Guard. To find the program that best suits your travel needs, use the Department of Homeland Security trusted traveler comparison tool.

As always, TSA continues to incorporate unpredictable security measures, both seen and unseen, throughout the airport. All travelers will be screened, and no individual will be guaranteed expedited screening.

For more information, visit tsa.gov or read the frequently asked questions.

View Source

Ranger Guard app lets businesses order security guards like Uber

“You can order just about anything from your phone these days, and that now includes security guards.

Ranger Guard works a lot like a ride sharing app, and users say it’s changed the way they protect their businesses.

During Harvey’s flooding, many business owners had to close up shop due to flood damage. That left many businesses with no one to watch out for them.

“Definitely don’t recommend that,” says Jonah Nathan, owner of Ranger Guard and Investigations.

His company offers the app, which works like a ride sharing service except instead of cars, you’re summoning security guards.

“Just ordering your security service just like you do your Uber. Just for the amount of time you need it,” Nathan said.

It doesn’t require a contract and businesses can request armed or unarmed guards to perform specific tasks– like confronting a specious person.

Nathan says many of the calls his guards are sent to involve businesses dealing with homeless people.

“Most homeless people are nonviolent,” Nathan said. “They just want to sit there in peace.”

But he says during Harvey’s flooding, the demand shifted. Many businesses used the app to protect the properties they had to flee.

He hopes once those businesses are back up and running, they’ll continue with the service.

The app is intended for businesses and it not available for residential use.”

View Source

Robo-parking enforcement to hit Edmonton this fall

Be warned. An Edmonton driver’s chances of getting away with illegal parking are set to drop dramatically when city officials roll out their new robo-parking patrol.

Car-mounted cameras will automatically check licence plates against the parking payment records while rolling at 50 km/h on downtown streets. A wall-mounted camera will take a picture every time a car enters or exits a city-owned parking lot to ensure payment and the human patrol no longer tasked with marching downtown streets will redeploy to school zones and other hot-spot areas.

City officials are evaluating product bids now and hope to have a test car on city streets in October. The full rollout would hit Edmonton by spring. “That would be ideal,” said Erin Blaine, parking enforcement co-ordinator.

“It’s just a way more efficient way to use resources,” Blaine said. The parking rules are there to ensure spots remain open for drop-in customers for local businesses, and the automated enforcement will be more reliable for everyone. “It eliminates officer error.”

Similar to photo radar, scofflaws will get a ticket in the mail rather than under their vehicle’s windshield wiper. It will include a photo of the licence plate, which Blaine hopes will reduce the number of people appealing these tickets in court. She currently has five to 10 officers called to court every week.

It’s a $50 ticket for motorists who do not pay for parking.

An update on the project went to city council last week. It’s a $12-million effort, with $5.2 million already spent on the new digital parking meters. It’s listed as late because the city originally thought it could roll out the whole plan by 2015.

The third phase — having city-owned parkades calculate the number and location of spots left — is still being developed.

The report to council says implementation was delayed while city officials investigated the possibility of partnering with another municipality.

Read More

Equifax says 143m Americans’ social security numbers exposed in hack

Credit monitoring company Equifax says a breach exposed the social security numbers and other data of about 143 million Americans.

After discovering the breach, but before notifying the public, three Equifax senior executives sold shares in the company worth almost $1.8m. Since the public announcement, the company’s share price has tumbled.

The Atlanta-based company said Thursday that “criminals” exploited a US website application to access files between mid-May and July of this year.

It said consumers’ names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers were exposed. Credit card numbers for about 209,000 US consumers were also accessed.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said the company’s chairman and CEO Richard Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

The company said hackers also accessed some “limited personal information” from British and Canadian residents.

Equifax said it doesn’t believe that any consumers from other countries were affected.

Such sensitive information can be enough for crooks to hijack people’s identities, potentially wreaking havoc on the victims’ lives.

Financial institutions, landlords and other businesses draw on data from credit monitoring companies like Equifax to verify people’s identity and ensure they are suitable for leases and loans. This breach has given cybercriminals a treasure trove of data to assume the identities of those affected and carry out fraudulent transactions in their name.

“On a scale of one to 10, this is a 10 in terms of potential identity theft,” said Gartner security analyst Avivah Litan. “Credit bureaus keep so much data about us that affects almost everything we do.”

Ryan Kalember, from cybersecurity company Proofpoint said: “This has really called into question the entire model of how we authenticate ourselves to financial institutions. The fact that we still use things like mother’s maiden name, social security number and date of birth is ridiculous.”

The breach could also undermine the integrity of the information stockpiled by two other major credit bureaus, Experian and TransUnion, since they hold virtually all the data that Equifax does, Litan said.

Equifax discovered the hack 29 July, but waited until Thursday to warn consumers. In the interim, as first reported by Bloomberg, chief financial officer John Gamble sold shares worth $946,374 and president of US information solutions Joseph Loughran exercised options to sell stock worth $584,099. President of workforce solutions Rodolfo Ploder also sold stock worth $250,458.

Ines Gutzmer, head of corporate communications for Equifax, said: “The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.”

Read More

NC College Launches Drone Academy for Public Safety

A North Carolina college is offering a bird’s-eye view to enhanced public-safety innovation with the opening of a drone academy this fall.

Located 50 miles south of Greensboro, Montgomery Community College will launch the NC Public Safety Drone Academy to prepare regional emergency service members and first responders with the needed tools to become effective and well-educated drone pilots.

The college’s drone program got off the ground last year in offering a Part 107 Prep course as well as a basic flight training class for emergency services.

“We decided to legitimize ourselves throughout North Carolina by partnering with the state Division of Aviation, Department of Emergency Services, and several local and state municipalities to create the academy,” MCC Director of Health & Public Safety Riley Beaman said.

Tuition will be waived for emergency/public-safety employees such as sheriff’s deputies, police officers, firefighters and first responders.

The 95-hour academy will focus on drone laws and regulations while offering a hands-on flight school that will expose pilots to:

Simulation Flight Time: grasping drone mechanics and basic operation through simulation;
Real-World Flight Time: after learning the basics, completing real flight time objectives and training;
Live Scenario-based Flight Objectives: focusing on fire, rescue, police, and emergency management situations and scenarios;
UAV Mobile Command Center operations training.
The college deploys a variety of more than 40 drones of all sizes – from microdrones to quadcopters, specifically the industrial grade DJ1 Matrice 100 equipped with a thermal camera.

“There’s something about North Carolina being first in flight and first in unmanned flight,” MCC Dean of Continuing Education said in a recent interview with The (Asheboro, N.C.) Courier-Tribune. “It’s been said that drones are the most impactful thing in aviation since the jet engine.”

When it comes to innovative drone education, colleges and universities are soaring – especially in North Carolina.

As earlier reported in DroneLife, Lenoir Community College now offers a drone-piloting program and several Lenoir County agencies plan to take advantage of it to receive federally-mandated training. The program grants students an associate’s degree in drone piloting – the first ever in the state. Edgecombe Community College in eastern North Carolina offers a consumer-level class.

Read More

Facebook shuts down 1 million fake accounts per day

Facebook turns off more than 1 million accounts a day as it struggles to keep spam, fraud and hate speech off its platform, its chief security officer says.

Still, the sheer number of interactions among its 2 billion global users means it can’t catch all “threat actors,” and it sometimes removes text posts and videos that it later finds didn’t break Facebook rules, says Alex Stamos.

“When you’re dealing with millions and millions of interactions, you can’t create these rules and enforce them without (getting some) false positives,” Stamos said during an onstage discussion at an event in San Francisco on Wednesday evening.

Stamos blames the pure technical challenges in enforcing the company’s rules — rather than the rules themselves — for the threatening and unsafe behavior that sometimes finds its way on to the site.

Facebook has faced critics who say its rules for removing content are too arbitrary and make it difficult to know what types of activity it will and won’t allow.

Political leaders in Europe this year have accused it of being too lax in allowing terrorists to use Facebook to recruit and plan attacks, while a U.S. Senate committee last year demanded to know its policies for removing fake news stories, after accusations it was arbitrarily removing posts by political conservatives.

Free speech advocates have also criticized its work.

“The work of (Facebook) take-down teams is not transparent,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, which advocates for free speech online.

“The rules are not enforced across the board. They reflect biases,” says Galperin, who shared the stage with Stamos at a public event that was part of Enigma Interviews, a series of cybersecurity discussions sponsored by the Advanced Computing Systems Association, better known as USENIX.

Stamos pushed back during the discussion, saying “it’s not just a bunch of white guys” who make decisions about what posts to remove.

“When you turn up the volume on hate speech, you’ll get more false positives, (and) catch people who are just talking about it,” rather than promoting it, Stamos said.

The company also must operate within the laws of more than 100 countries, some of which use speech laws to suppress political dissent, he said.

“The definition of hate speech in some countries is problematic,” Stamos said.

Facebook CEO Mark Zuckerberg has said the company will hire 3,000 extra workers to monitor and remove offensive content.

That effort continues apace, according to Stamos, who said the company is “massively expanding our team to track threat actors.”

Still, “you can’t do all that with humans,” he said, which is why Facebook also relies on artificial intelligence software to judge whether someone trying to log in is a legitimate user.

Read More

A Look at Romanian ‘Hackerville’ Reveals Human Element of Cybercrime

“Editor’s Note: Welcome to my weekly column, Virtual Case Notes, in which I interview industry experts for their take on the latest cybersecurity situation. Each week I will take a look at a new case from the evolving realm of digital crime and digital forensics. For previous editions, please type “Virtual Case Notes” into the search bar at the top of the site.

Cybercrime if often thought of as something that only happens within the generalized, invisible space of the internet. It is seen as virtual rather than physical, and those who commit cybercrime are thought of as anonymous individuals whose activities are all within the confines of the web. Run an image search for “hacker” or “cybercriminal” and you will see plenty of pictures of people with their faces hidden by hoods or masks, sitting alone in a dark room in front of a computer. But what if, instead of a hooded loner, the universal image of cybercrime was that of a group of neighbors in an impoverished part of the world, gathered together at a local cafe?

The latter is a new picture of cybercrime that researchers Jonathan Lusthaus and Federico Varese hope to make more people aware of in their recent paper “Offline and Local: The Hidden Face of Cybercrime.” The co-authors, working on the Human Cybercriminal Project out of the sociology department of the University of Oxford, traveled to Romania in 2014 and 2015 to study the oft-ignored real-world aspect of cybercrime in an area known to be a hub for one specific form of this crime—cyber fraud.

“Hackerville”

The town of Râmnicu Vâlcea, which has a population of around 100,000, has faced some economic setbacks in the last decade, including the loss of a major employer, a chemical plant; in addition, the average monthly salary in Romania as a whole (in 2014) was only €398 compared to €1,489 across the European Union. However, upon arriving in town, Lusthaus and Varese found themselves surrounded by luxury cars, “trendy” eateries, and shopping malls stocked with designer clothes and electronics. Though Râmnicu Vâlcea is poor “on paper,” the town seemed to be thriving, and interviews with Romanian law enforcement agents, prosecutors, cybersecurity professionals, a journalist, a hacker, and a former cybercriminal would soon give the researchers a clue as to why that might be.

“It was rumored that some 1,000 people (in Râmnicu Vâlcea) are involved almost full-time in internet fraud,” Varese told me, explaining why the town sometimes nicknamed “Hackerville” became a key target of their research (although the authors point out, in their paper, that the more accurate term would be “Fraudville,” as scams are focused more on the sale of fake goods than hacking or the spread of malware).

Varese said major findings from their interviews in Râmnicu Vâlcea as well as the Romanian cities of Bucharest and Alexandria were that cybercriminals knew each other and interacted with each other at local meeting spots offline, such as bars and cafes; that they operated in an organized fashion with different people filling different roles; that many in the town were aware of the organized crime but either didn’t say anything or sought to become involved themselves; and that there have been several cases throughout the years of corrupt officials, including police officers, who accepted bribes from the fraudsters and allowed them to perpetuate their schemes without interference.

“These are almost gangs,” Varese said. “They are not the individual, lonely, geeky guy in his bedroom that does the activities, but it’s a more organized operation that involves some people with technical skills and some people who are just basically thugs.”

The paper describes a culture of local complacency, often under threat of violence by a network of seasoned cybercriminals. This picture is far from that of the anonymous, faceless hacker many have come to envision, and instead reveals how internet crime can become embedded in specific populations.

“Most people think of cybercrime as being a global, international sort of liquid problem that could be anywhere and could come at you from anywhere,” Varese said. “In fact, the attacks—the cybercrime attacks or the cyber fraud—really come from very few places disproportionately. So cybercrime is not randomly distributed in the world. It’s located in hubs.”

Cultural and Human Factors

I asked Varese two major questions—why Romania and why cybercrime, as opposed to other forms of profitable crime? He responded that a look at the country’s history reveals why, instead of weapons or drugs, criminals in Romania might turn instead to their computers.

“Romania is a very special place. Mainly because, during the dictatorship of Nicolae Ceaușescu—that was the communist dictator that ruled Romania from the 60s to the 90s—he emphasized the importance of technical education, and especially IT,” Varese explained. “There was a very good technical basis among people. When the internet arrived, a lot of Romanians built up their own micro-networks. And so it turns out that when the regime fell, Romania turned out to be a country which was very, very well-connected.”

The high level of technical education, combined with a high level of poverty and a high level of corruption—as shown in the paper, which points out that Romania’s score on Transparency International’s 2016 Corruption Perceptions Index is only 48 out of possible 100—created a perfect storm for a culture of cybercrime to grown, Varese said.

But Romania is not the only place where cybercrime is highly concentrated and where online activities are strongly tied to offline factors. Varese identifies Vietnam in Asia, Nigeria in Africa and Brazil in the Americas as three other cybercrime hubs. Varese and his coauthor also plan to take their future research to Eastern Europe, where “corruption and the technical and economic of legacy of communism” have created “a highly conducive environment for cybercrime,” their paper states.

Varese hopes this sociological research will help authorities recognize and manage the human element of cybercrime that is often ignored in the fight against online threats.”

Read More