Online Predator Used Familiar Tactics to Victimize 12-Year-Old Girl

A 32-year-old Georgia man who pretended to be someone else online is behind bars after using familiar predatory tactics to coerce a 12-year-old girl to produce child pornography and send it to him.

The victims of this type of crime—commonly referred to as sextortion—are almost always vulnerable teenagers who are tricked online and then find themselves in a nightmare situation: They are afraid to tell their parents or friends what is happening, and believe complying with their abuser is the only solution.

“The predators typically pretend to be teenagers online and lurk on popular social media sites,” said Special Agent Kevin Orkin, who investigated the case from the FBI’s Atlanta Division. “The victims—striving for attention, maybe having issues with their parents, as teens often do—are easily manipulated.”

The predators establish an online relationship, flirt, and in time convince the victims to send them a sexually provocative picture. “That initial image might not be too incriminating by today’s standards,” Orkin said, but the predators use the image to blackmail the victims. If they don’t send more explicit material, the victims are told, the image will be shared online with their friends and family to humiliate them.

“The victims are too scared to tell anyone what’s going on,” Orkin said, “and before they know it, they are in way over their heads.”

In the case of the Georgia man, Gerardo Uribe, he masqueraded online as a 13-year-old boy, and later as a 25-year-old man. After the young victim sent a partially nude image of herself at his request in 2014, Uribe was eventually able to take over one of her social media accounts by resetting her password and then locking her out.

With access to all her information, including the initial compromising image, Uribe coerced the girl into providing more sexually explicit material—four images that met the federal definition of child pornography.

The girl’s parents discovered the crime and reported it to the local sheriff’s office, which referred the matter to the FBI. Through various investigative methods, Uribe was located in Georgia and charged with child pornography offenses.

He pleaded guilty in August 2017, and in November 2017 was sentenced to 10 years in prison. A Mexican citizen who was living in the United States as a permanent resident, Uribe will be deported after he completes his prison term. Investigators said that Uribe had tried to victimize at least one other girl.

“Sextortion is a growing problem on social media sites,” Orkin said, and although it may be easy to blame the victims of sextortion for the predicament they find themselves in, he explained, “we are talking about children being manipulated by adults. It’s clear that these criminals are preying on their victims and taking advantage of them in the worst way.”

Read More

U.S. bars drones over nuclear sites for security reasons

WASHINGTON (Reuters) - The Federal Aviation Administration said Monday it will bar drone flights over seven major U.S. nuclear sites, including Los Alamos National Laboratory in New Mexico.

The move is the latest in a series of growing restrictions on unmanned aerial vehicles over U.S. sites that have national security implications.

The new restrictions begin Dec. 29 and include the Hanford Site in Washington State, Idaho National Laboratory, Savannah River National Laboratory in South Carolina, Pantex Site in Texas and the Y-12 National Security Site and Oak Ridge National Laboratory in Tennessee.

The FAA said it is considering additional requests from other federal security agencies to bar drones.

Earlier this year, the FAA banned drone flights over 133 U.S. military facilities. The Pentagon said in August that U.S. military bases could shoot down drones that endanger aviation safety or pose other threats.

The FAA also banned drone flights over 10 U.S. landmarks in September, including the Statue of Liberty in New York and Mount Rushmore National Memorial in South Dakota, at the request of national security and law enforcement agencies.

It separately barred drone flights over the USS Constitution in Boston, the Gateway Arch in St. Louis and Independence National Historical Park in Philadelphia. The list also includes Glen Canyon Dam in Arizona, Hoover Dam in Nevada and Grand Coulee Dam in Washington state.

Last week, the National Transportation Safety Board said a September collision between a small civilian drone and a U.S. Army helicopter was caused by the drone operator’s failure to see the helicopter because he was intentionally flying the drone out of visual range.

The incident between a U.S. Army UH-60M Black Hawk helicopter and a DJI Phantom 4 drone near Staten Island, New York occurred as concerns mount over the rising number of unmanned aircraft in U.S. airspace.

Read More

Virginia Credit Union using new eye print security option

Virginia Credit Union is offering another layer of security for its mobile banking users.

EyeVerify is a biometric authentication based on a person’s eye print. The feature uses a phone camera and eye print to confirm the user’s identity when opening the credit union’s mobile banking app.

EyeVerify is an option for members who do not want to manually enter a password or for those do not have a phone that accepts fingerprint identification. Unlike other biometric technologies, it doesn’t depend on a particular model of smartphone.

 
“Since not all phones are enabled for fingerprint authentication but most offer a camera, we wanted to provide an additional layer of security for their mobile banking information,” said Frank Macrina, senior vice president of products and channels for Virginia Credit Union.

The optional technology can provide users with a fast and secure way to use the mobile banking app, Macrina said. Also, if a phone is lost, EyeVerify locks down access to the member’s accounts.

It can be used as well for people who have joint accounts, with eye prints recorded for both users and verified upon opening the app.

The eye biometric offers a stronger option than a thumbprint, Macrina said. However, it is a new technology, and the thumbprint is still the most popular method of biometric security.

The credit union began offering the technology in the spring ahead of many of its banking competitors.

Read More

Drone pilot arrested after multiple NFL stadium incidents

A California man was arrested Sunday for flying a drone over two NFL stadiums and attempting to drop anti-media pamphlets into the crowd.

Tracy Mapes, a 55-year-old Sacramento resident, was cited and released by Santa Clara police for flying the drone in violation of a local municipal code, department spokesperson Dan Moreno told USA TODAY Sports on Monday.

The drone appeared at Levi’s Stadium during the second quarter of the San Francisco 49ers’ 24-13 loss to the Seattle Seahawks and was later seen over Oakland Coliseum, where the Oakland Raiders were playing the Denver Broncos.

Moreno said the message on the leaflets was “anti-local news media, and TV news stations specifically.” The charge was a misdemeanor, he said.

There is also an ongoing federal investigation and Mapes may face additional charges, according to Moreno, because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi’s Stadium and Oakland Coliseum are within that range.

The San Francisco Chronicle added that the drone was a relatively ineffective messenger because “most of the drone-dropped leaflets were carried away by the win.

View Source

30 tickets issued daily through RPS bus camera system

RICHMOND, Va. (WRIC) — 8News investigates to see how Richmond Public Schools bus camera system is keeping students safe.

RPS is the only district in Central Virginia that has installed a stop-arm camera system on their school buses. The second district in the state.

The camera system is designed to catch reckless drivers illegally passing school buses.

“We’re averaging 30 violations a day,” Interim Superintendent Tommy Kranz says, “So that indicates to me that yes, it is working.”

100 school buses are equipped with a total of 13 cameras, nine on the outside and four on the inside.

From the first day of Fall to October 24, 1,021 citations were issued to drivers who illegally pass a school bus when the stop-arm is out or red lights are flashing.

8News obtained video through Richmond Public Schools in which cameras caught drivers nearly hitting students when the school bus was stopped.

Michelle Kitts is a RPS parent and admits she even goes a different route in the mornings to avoid the bus stops.

“If they have kids they know how it feels to see somebody speed passed the buses when there are kids,” Kitts says, “even at the stop with no buses around so everyone should slow down and take it easy.”

Kevin Hunter, another RPS parent says he wasn’t surprised by the number of tickets that were issued in the first seven weeks this Fall. He says he believes drivers need to put down their cell phones and pay more attention to the road before a child is hurt.

“As a foster dad I don’t want to see any of my kids go you know shot across the street then you got some driver coming and don’t pay attention,” Hunter said.

In a press release sent to 8News this summer, Richmond Public Schools said they wanted to have all school buses equipped with the camera system by the start of the semester. However, the company that installs the camera paid to install cameras on the first 50 buses and have been working in phases to install the rest. This revenue is generated from the citations that are issued.

Read More

‘Hacker-for-hire’ cases going federal in Minnesota

“In the first Minnesota case to address a new and growing form of cybercrime, federal prosecutors have charged a former state resident with employing “hackers-for-hire” to sabotage the website of a local business.

The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.

Prosecutors say John Kelsey Gammell, 46, paid hacking services to inflict a year’s worth of “distributed denial of service” (DDoS) attacks to bring down websites affiliated with Washburn Computer Group, a Monticello business where he used to work.

DDoS attacks overwhelm a network with data, blocking access for legitimate users and even knocking web services offline. Washburn, a point-of-sale system repair company, told prosecutors that Gammell’s attacks cost it about $15,000.

Authorities say Gammell didn’t stop there: He is accused of paying $19.99 to $199.99 in monthly payments to try to bring down web networks that included those of the Minnesota Judicial Branch, Hennepin County and several banks.

“As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Acting U.S. Attorney Gregory Brooker in Minneapolis said, speaking generally about the new forms of crime.

The FBI’s Internet Crime Complaint Center reported more than $11 million in losses to victims of DDoS attacks last year.

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS,” said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis.

Devices such as digital video recorders and home appliances recently have been marshaled by cyber criminals to carry out massive operations like last year’s flooding of a prominent web infrastructure company that affected sites like Amazon and Netflix. In a separate attack, in June 2016, the Minnesota Judicial Branch’s website went down for 10 days, alarming local officials because so many government services have at least some nexus to the web.

“A lot of people think it’s just a nuisance,” said Chris Buse, Minnesota’s chief information security officer. “But it’s not. If you look at what government does — basic critical services — if those services don’t continue, people can literally die.”

Minnesota IT Services, which administers the state’s computer systems, said state networks field an average of more than 3 million attempted cyberattacks daily. Officials say the state still hasn’t experienced a major attack on par with a 2012 South Carolina breach that exposed personal data for 3.7 million residents and cost the state $20 million.

But with hackers able to take over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse said.

‘We will do much business’

The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.

One of his preferred hacking-for-hire services was called vDOS, which was shuttered last year after the arrests of two alleged operators in Israel. The FBI obtained files from vDOS that included records of Gammell’s purchases, attacks and communications with vDOS administrators and customers.

One day in 2015, according to a criminal complaint, Gammell eagerly wrote the company boasting of his success in blowing past a “DDoS mitigation” program to kick an unnamed network offline for at least two days. “We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell sought out seven sites offering DDoS-for-hire services and paid monthly fees to three to carry out web attacks from July 2015 to September 2016.

Charges are also expected out of Colorado and New Mexico for firearms offenses stemming from searches in the case.

Appearing in a Minneapolis courtroom last week, Gammell confirmed that he rejected a plea offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. A federal magistrate is reviewing motions filed by Gammell’s attorney, Rachel Paulose, to dismiss the case or suppress evidence.

On Monday, Paulose told U.S. Magistrate Judge David Schultz that evidence the FBI obtained from an unnamed researcher should be thrown out and suggested the data could itself have been retrieved by hacking.

Paulose, who did not respond to messages seeking comment for this story, also argued in pretrial motions that Gammell didn’t personally attack Washburn.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Addressing Schultz last week, Paulose described the attacks on Washburn as “essentially a prank on a dormant site not doing business.”

“Even if Mr. Gammell thinks it’s a prank,” Assistant U.S. Attorney Timothy Rank replied, “it’s a criminal prank.”

View Source

TSA Pre ✓® expands to include 5 additional airlines

WASHINGTON — The Transportation Security Administration today announced the expansion of its TSA Pre✓® expedited screening program to five additional domestic and international carriers. Now in operation, the five new partnering airlines are All Nippon Airways, Cathay Pacific Airways, Contour Aviation, Finnair and Korean Air. Today’s announcement brings the number of airlines participating in TSA Pre✓® to 42 domestic and international carriers.

TSA Pre✓® is an expedited screening program that enables low-risk travelers to enjoy a smart and efficient screening experience at 200 U.S. airports. For TSA Pre✓® travelers, there is no need to remove shoes, laptops, 3-1-1 liquids, belts or light jackets.

TSA Pre✓® is available when departing from a U.S. airport to a foreign country, and for domestic, connecting flights after returning to the U.S. Travelers who are U.S. citizens, U.S. nationals and lawful permanent residents of the U.S. can apply for TSA Pre✓® for a cost of $85 for five years, or $17 per year through the TSA Pre✓® application program. Once approved, travelers will receive a “Known Traveler Number” and will have the opportunity to utilize TSA Pre✓® lanes at select security checkpoints when traveling on any of the 42 participating airlines.

Other passengers who are eligible for TSA Pre✓® include: U.S. Customs and Border Protection’s Trusted Traveler programs, Global Entry, NEXUS, and SENTRI. TSA Pre✓® is also available for U.S. Armed Forces service members, including those serving in the U.S. Coast Guard, Reserves and National Guard. To find the program that best suits your travel needs, use the Department of Homeland Security trusted traveler comparison tool.

As always, TSA continues to incorporate unpredictable security measures, both seen and unseen, throughout the airport. All travelers will be screened, and no individual will be guaranteed expedited screening.

For more information, visit tsa.gov or read the frequently asked questions.

View Source

Ranger Guard app lets businesses order security guards like Uber

“You can order just about anything from your phone these days, and that now includes security guards.

Ranger Guard works a lot like a ride sharing app, and users say it’s changed the way they protect their businesses.

During Harvey’s flooding, many business owners had to close up shop due to flood damage. That left many businesses with no one to watch out for them.

“Definitely don’t recommend that,” says Jonah Nathan, owner of Ranger Guard and Investigations.

His company offers the app, which works like a ride sharing service except instead of cars, you’re summoning security guards.

“Just ordering your security service just like you do your Uber. Just for the amount of time you need it,” Nathan said.

It doesn’t require a contract and businesses can request armed or unarmed guards to perform specific tasks– like confronting a specious person.

Nathan says many of the calls his guards are sent to involve businesses dealing with homeless people.

“Most homeless people are nonviolent,” Nathan said. “They just want to sit there in peace.”

But he says during Harvey’s flooding, the demand shifted. Many businesses used the app to protect the properties they had to flee.

He hopes once those businesses are back up and running, they’ll continue with the service.

The app is intended for businesses and it not available for residential use.”

View Source

Robo-parking enforcement to hit Edmonton this fall

Be warned. An Edmonton driver’s chances of getting away with illegal parking are set to drop dramatically when city officials roll out their new robo-parking patrol.

Car-mounted cameras will automatically check licence plates against the parking payment records while rolling at 50 km/h on downtown streets. A wall-mounted camera will take a picture every time a car enters or exits a city-owned parking lot to ensure payment and the human patrol no longer tasked with marching downtown streets will redeploy to school zones and other hot-spot areas.

City officials are evaluating product bids now and hope to have a test car on city streets in October. The full rollout would hit Edmonton by spring. “That would be ideal,” said Erin Blaine, parking enforcement co-ordinator.

“It’s just a way more efficient way to use resources,” Blaine said. The parking rules are there to ensure spots remain open for drop-in customers for local businesses, and the automated enforcement will be more reliable for everyone. “It eliminates officer error.”

Similar to photo radar, scofflaws will get a ticket in the mail rather than under their vehicle’s windshield wiper. It will include a photo of the licence plate, which Blaine hopes will reduce the number of people appealing these tickets in court. She currently has five to 10 officers called to court every week.

It’s a $50 ticket for motorists who do not pay for parking.

An update on the project went to city council last week. It’s a $12-million effort, with $5.2 million already spent on the new digital parking meters. It’s listed as late because the city originally thought it could roll out the whole plan by 2015.

The third phase — having city-owned parkades calculate the number and location of spots left — is still being developed.

The report to council says implementation was delayed while city officials investigated the possibility of partnering with another municipality.

Read More

Equifax says 143m Americans’ social security numbers exposed in hack

Credit monitoring company Equifax says a breach exposed the social security numbers and other data of about 143 million Americans.

After discovering the breach, but before notifying the public, three Equifax senior executives sold shares in the company worth almost $1.8m. Since the public announcement, the company’s share price has tumbled.

The Atlanta-based company said Thursday that “criminals” exploited a US website application to access files between mid-May and July of this year.

It said consumers’ names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers were exposed. Credit card numbers for about 209,000 US consumers were also accessed.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said the company’s chairman and CEO Richard Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

The company said hackers also accessed some “limited personal information” from British and Canadian residents.

Equifax said it doesn’t believe that any consumers from other countries were affected.

Such sensitive information can be enough for crooks to hijack people’s identities, potentially wreaking havoc on the victims’ lives.

Financial institutions, landlords and other businesses draw on data from credit monitoring companies like Equifax to verify people’s identity and ensure they are suitable for leases and loans. This breach has given cybercriminals a treasure trove of data to assume the identities of those affected and carry out fraudulent transactions in their name.

“On a scale of one to 10, this is a 10 in terms of potential identity theft,” said Gartner security analyst Avivah Litan. “Credit bureaus keep so much data about us that affects almost everything we do.”

Ryan Kalember, from cybersecurity company Proofpoint said: “This has really called into question the entire model of how we authenticate ourselves to financial institutions. The fact that we still use things like mother’s maiden name, social security number and date of birth is ridiculous.”

The breach could also undermine the integrity of the information stockpiled by two other major credit bureaus, Experian and TransUnion, since they hold virtually all the data that Equifax does, Litan said.

Equifax discovered the hack 29 July, but waited until Thursday to warn consumers. In the interim, as first reported by Bloomberg, chief financial officer John Gamble sold shares worth $946,374 and president of US information solutions Joseph Loughran exercised options to sell stock worth $584,099. President of workforce solutions Rodolfo Ploder also sold stock worth $250,458.

Ines Gutzmer, head of corporate communications for Equifax, said: “The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.”

Read More