On Q Professional Investigations

The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.

Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.

Rob Joyce, the White House cybersecurity coordinator, set out a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive capabilities. “We are pushing back and we are pushing back hard,” he said.

Joyce stressed the offensive could not be linked to Friday’s raid on Syria. It was not retaliation for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.

Joyce was joined in the call by representatives from the FBI, the US Department of Homeland Security and the UK’s National Cyber Security Centre (NCSC), which is part of the surveillance agency GCHQ.

The US and UK, in a joint statement, said the cyber-attack was aimed not just at the UK and US but globally. “Specifically, these cyber-exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system,” it said.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

Read More

Selwyn Township. Canada March 23 2018 A security firm will be hired to help address littering along the James A. Gifford Causeway in Selwyn Township.

On Wednesday, Peterborough County Council approved staff recommendations to tackle nuisance littering along the causeway, which spans Chemong Lake and links the communities of Bridgenorth and Ennismore.

The area is a hotspot for both local and visiting anglers. Concerns about littering were highlighted last August by area resident Brad Sinclair. Just two days after a thorough cleaning, Sinclair once again found litter scattered everywhere again.

We will have summer staff who will educate the users of where and where not to fish. We will increase and expand litter pick up throughout the season and will update signage along the causeway. Litter is an issue everywhere – we must all do our part!

Chris Bradley, the county’s Director of Public Works, says security will be occasionally hired during expected peak fishing times to ask anglers to move from the areas between the exterior guardrails.

“We are optimistic that the folks who come to the area to enjoy recreational activities will be able to do it in a bit of a safer environment than what we had before,” he said. “This should enable us to keep the area a little cleaner.”

Other recommendations include increasing the frequency of litter collection (three times a week from May to October); launching a new communication/awareness campaign and posting new and improved signage to direct anglers to areas that are safe and maintained by county staff.

The recommendations came as part of county staff consultations with the Ministry of Natural Resources and Forestry, Parks Canada and the Ontario Federation of Anglers and Hunters.

However, Bradley notes there will not be a no-trespassing bylaw for the causeway. In December, county staff met with lawyers, who highlighted the challenges of developing and enforcing a no-trespassing bylaw.

Lawyers indicated that municipal bylaw enforcement officers do not have the authority to compel people to identify themselves verbally or to provide identification. As a result, tickets can’t be issued to an unidentified person and a bylaw could not be enforced.

A staff report notes lawyers recommended that “no trespassing” signage can still be posted near the prohibited areas (exterior guardrails) and that a police officer can be contacted to charge an individual.

Read More

On July 7, 2016, three days after his fellow Americans had celebrated the nation’s Independence Day, engineer Gregory Allen Justice—who worked for a cleared government contractor in California—was arrested in a hotel room for selling sensitive satellite information to someone he believed was a Russian agent.

Unfortunately for Justice, that foreign agent turned out to be an undercover FBI employee. And this wasn’t the first time that Justice had passed satellite secrets to his “handler”—but it would be his last. He was immediately taken into custody by the FBI on charges of selling proprietary trade secrets and technical data that had been controlled for export from the United States.

Justice had been employed with the government contractor—under its satellite systems program—since 2000. He was assigned to a team working to build and test U.S. military satellites, including projects for the Air Force, Navy, and NASA that involved satellites with communication, navigational, and observational technology.

The trade secrets and other technical data he had access to as part of his job related to areas such as satellite operations testing, firmware installed on satellites, and anti-jamming technology.

After the FBI’s Los Angeles Division opened its investigation into Justice’s activities, a lawful search of his vehicle uncovered handwritten notes containing addresses for the Russian Embassy in Washington, D.C. and the Russian Consulate in San Francisco.

In February 2016, the Bureau’s undercover employee—in the guise of a Russian agent—was able to make contact with Justice, who was more than willing to talk and eventually meet with the employee a total of six times. They first met at a coffee shop and then in various hotel rooms—and each time, Justice turned over a thumb drive with information downloaded from his employer’s computer network. All told, Justice received $3,500 in cash from the undercover employee.

Read More

A 32-year-old Georgia man who pretended to be someone else online is behind bars after using familiar predatory tactics to coerce a 12-year-old girl to produce child pornography and send it to him.

The victims of this type of crime—commonly referred to as sextortion—are almost always vulnerable teenagers who are tricked online and then find themselves in a nightmare situation: They are afraid to tell their parents or friends what is happening, and believe complying with their abuser is the only solution.

“The predators typically pretend to be teenagers online and lurk on popular social media sites,” said Special Agent Kevin Orkin, who investigated the case from the FBI’s Atlanta Division. “The victims—striving for attention, maybe having issues with their parents, as teens often do—are easily manipulated.”

The predators establish an online relationship, flirt, and in time convince the victims to send them a sexually provocative picture. “That initial image might not be too incriminating by today’s standards,” Orkin said, but the predators use the image to blackmail the victims. If they don’t send more explicit material, the victims are told, the image will be shared online with their friends and family to humiliate them.

“The victims are too scared to tell anyone what’s going on,” Orkin said, “and before they know it, they are in way over their heads.”

In the case of the Georgia man, Gerardo Uribe, he masqueraded online as a 13-year-old boy, and later as a 25-year-old man. After the young victim sent a partially nude image of herself at his request in 2014, Uribe was eventually able to take over one of her social media accounts by resetting her password and then locking her out.

With access to all her information, including the initial compromising image, Uribe coerced the girl into providing more sexually explicit material—four images that met the federal definition of child pornography.

The girl’s parents discovered the crime and reported it to the local sheriff’s office, which referred the matter to the FBI. Through various investigative methods, Uribe was located in Georgia and charged with child pornography offenses.

He pleaded guilty in August 2017, and in November 2017 was sentenced to 10 years in prison. A Mexican citizen who was living in the United States as a permanent resident, Uribe will be deported after he completes his prison term. Investigators said that Uribe had tried to victimize at least one other girl.

“Sextortion is a growing problem on social media sites,” Orkin said, and although it may be easy to blame the victims of sextortion for the predicament they find themselves in, he explained, “we are talking about children being manipulated by adults. It’s clear that these criminals are preying on their victims and taking advantage of them in the worst way.”

Read More

HADLEY MA Jan 17 2018 — Prosecutors painted a squalid picture of what went on inside the little house on busy Russell Street: The Asian women were kept there night and day, providing sexual services for a fee, sleeping where they worked, and rarely venturing outside except to take out the trash.

The customers themselves led law enforcement to the address in 2016, by writing detailed reviews of the services they received at Hadley Massage Therapy — services that went far beyond massage. On a controversial website called Rubmaps.com, they described their sexual experiences in detail, including how much they paid, what services they received, and their level of satisfaction with the women’s performance.

“These are reviews on victims of human trafficking,’’ said Massachusetts Attorney General Maura Healey, whose office led the investigation into the alleged sex traffickers who ran centers in Hadley, East Longmeadow, and Framingham. “It’s terrible, their depiction of women. . . . It’s just truly appalling.”

The now-closed Hadley Massage Therapy is one of hundreds of erotic massage centers described on Rubmaps.com in Massachusetts alone — and there are some 7,000 nationwide.

But even though law enforcement officials can easily find other suspected sex-trafficking operations on Rubmaps.com and other so-called John boards, listings on these sites seldom lead to prosecution.

That’s because of the sheer number of businesses and the legal resources needed to take each one down. Shutting them down is not as simple as rounding up the men and women in the massage parlor. State and local officials say they don’t want simply to arrest women workers — who are increasingly considered victims — but to take down the business operators who often run multiple storefronts.

Healey said her office will continue to go after the massage businesses described on the review boards. But even when law enforcement moves against erotic massage parlors, conviction of alleged traffickers is no slam dunk. The women, many of them fearful of deportation and unable to speak English, often make reluctant and poor witnesses. After being questioned, they often leave the state. The New England Center’s efforts to reach alleged victims from recent busts proved unsuccessful.

Donna Gavin, head of the human trafficking unit for the Boston Police Department, said police scrutinize review boards during investigations when they get tips about problematic addresses. But they have to be selective because investigations can be labor intensive, she said.

Read More

DALLAS -Alfredo Hinojosa ran an “empire” of nightclubs across North Texas, according to a federal indictment, raking in more than $100 million from 2014 to 2016.

At the same time, Hinojosa allowed dealers to sell cocaine in his clubs’ bathrooms to keep business booming and then helped launder money for a Mexican band’s tour bus.

Hinojosa, 57, pleaded guilty this week to charges of conspiracy to manage a drug premises and conspiracy to structure transactions to evade reporting requirements, according to court documents.

The case was initially filed in October 2016, and a new indictment was filed against Hinojosa and 10 other defendants on Tuesday.

Hinojosa has not yet been sentenced. As part of the plea deal, he agreed to forfeit $200,000, a Ferrari F355, a Land Rover Range Rover, a Hummer H2, a Mercedes-Benz and a Gillig Motorhome, the court documents said.

His attorney, Frank Perez, declined to comment on the case Wednesday.

The case also involved two former Dallas police officers, Eddie Villarreal, 48, and Craig Woods, 60, who worked security at Hinojosa’s clubs. Villarreal and Woods pleaded guilty to making a false statement to the FBI this week for lying about their involvement with Hinojosa.

Their attorneys could not be reached for comment Wednesday.

It was unclear Wednesday night which of the remaining defendants have been taken into custody.

‘Man, they got to do business’

Hinojosa owned more than 40 nightclubs across the state, including the Far West, Medusa and OK Corral clubs in Dallas and the OK Corral club in south Fort Worth, on the north side of La Gran Plaza. The clubs were still open this week, according to the U.S. attorney’s office.

At each location, Hinojosa allowed a crew of “certain selected” dealers to sell cocaine in $20 baggies in the restrooms. In a recording obtained by authorities, Hinojosa said, “we can’t really clean it [up] because then we lose business,” the indictment said.

“Man, they got to do business,” Hinojosa said in the recording. “I told them we don’t care . . . we just don’t want for everybody to see him . . . They want it [cocaine] right there. They don’t want to go looking downtown.”

The indictment named the dealers, who face drug charges in the case: Eloy Alvarado Montantes, 36, of Grand Prairie; Jose Omar Santoyo Salas, 32, of Arlington; Erick Johan Lopez Cuellar, 30, of Fort Worth; Raul Nunez, 25, of Grand Prairie; and Cesar Mendez, 27, of Dallas.

Read More

“In the first Minnesota case to address a new and growing form of cybercrime, federal prosecutors have charged a former state resident with employing “hackers-for-hire” to sabotage the website of a local business.

The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.

Prosecutors say John Kelsey Gammell, 46, paid hacking services to inflict a year’s worth of “distributed denial of service” (DDoS) attacks to bring down websites affiliated with Washburn Computer Group, a Monticello business where he used to work.

DDoS attacks overwhelm a network with data, blocking access for legitimate users and even knocking web services offline. Washburn, a point-of-sale system repair company, told prosecutors that Gammell’s attacks cost it about $15,000.

Authorities say Gammell didn’t stop there: He is accused of paying $19.99 to $199.99 in monthly payments to try to bring down web networks that included those of the Minnesota Judicial Branch, Hennepin County and several banks.

“As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Acting U.S. Attorney Gregory Brooker in Minneapolis said, speaking generally about the new forms of crime.

The FBI’s Internet Crime Complaint Center reported more than $11 million in losses to victims of DDoS attacks last year.

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS,” said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis.

Devices such as digital video recorders and home appliances recently have been marshaled by cyber criminals to carry out massive operations like last year’s flooding of a prominent web infrastructure company that affected sites like Amazon and Netflix. In a separate attack, in June 2016, the Minnesota Judicial Branch’s website went down for 10 days, alarming local officials because so many government services have at least some nexus to the web.

“A lot of people think it’s just a nuisance,” said Chris Buse, Minnesota’s chief information security officer. “But it’s not. If you look at what government does — basic critical services — if those services don’t continue, people can literally die.”

Minnesota IT Services, which administers the state’s computer systems, said state networks field an average of more than 3 million attempted cyberattacks daily. Officials say the state still hasn’t experienced a major attack on par with a 2012 South Carolina breach that exposed personal data for 3.7 million residents and cost the state $20 million.

But with hackers able to take over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse said.

‘We will do much business’

The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.

One of his preferred hacking-for-hire services was called vDOS, which was shuttered last year after the arrests of two alleged operators in Israel. The FBI obtained files from vDOS that included records of Gammell’s purchases, attacks and communications with vDOS administrators and customers.

One day in 2015, according to a criminal complaint, Gammell eagerly wrote the company boasting of his success in blowing past a “DDoS mitigation” program to kick an unnamed network offline for at least two days. “We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell sought out seven sites offering DDoS-for-hire services and paid monthly fees to three to carry out web attacks from July 2015 to September 2016.

Charges are also expected out of Colorado and New Mexico for firearms offenses stemming from searches in the case.

Appearing in a Minneapolis courtroom last week, Gammell confirmed that he rejected a plea offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. A federal magistrate is reviewing motions filed by Gammell’s attorney, Rachel Paulose, to dismiss the case or suppress evidence.

On Monday, Paulose told U.S. Magistrate Judge David Schultz that evidence the FBI obtained from an unnamed researcher should be thrown out and suggested the data could itself have been retrieved by hacking.

Paulose, who did not respond to messages seeking comment for this story, also argued in pretrial motions that Gammell didn’t personally attack Washburn.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Addressing Schultz last week, Paulose described the attacks on Washburn as “essentially a prank on a dormant site not doing business.”

“Even if Mr. Gammell thinks it’s a prank,” Assistant U.S. Attorney Timothy Rank replied, “it’s a criminal prank.”

View Source

“Law enforcement agencies have been aware of virtual kidnapping fraud for at least two decades, but a recent FBI case illustrates how this frightening scam—once limited to Mexico and Southwest border states—has evolved so that U.S. residents anywhere could be potential victims.

Although virtual kidnapping takes on many forms, it is always an extortion scheme—one that tricks victims into paying a ransom to free a loved one they believe is being threatened with violence or death. Unlike traditional abductions, virtual kidnappers have not actually kidnapped anyone. Instead, through deceptions and threats, they coerce victims to pay a quick ransom before the scheme falls apart.

Between 2013 and 2015, investigators in the FBI’s Los Angeles Division were tracking virtual kidnapping calls from Mexico—almost all of these schemes originate from within Mexican prisons. The calls targeted specific individuals who were Spanish speakers. A majority of the victims were from the Los Angeles and Houston areas.

“In 2015, the calls started coming in English,” said FBI Los Angeles Special Agent Erik Arbuthnot, “and something else happened: The criminals were no longer targeting specific individuals, such as doctors or just Spanish speakers. Now they were choosing various cities and cold-calling hundreds of numbers until innocent people fell for the scheme.”

This was significant, Arbuthnot said, because the new tactic vastly increased the potential number of victims. In the case he was investigating, which became known as Operation Hotel Tango, more than 80 victims were identified in California, Minnesota, Idaho, and Texas. Collective losses were more than $87,000.

The incarcerated fraudsters—who typically bribe guards to acquire cell phones—would choose an affluent area such as Beverly Hills, California. They would search the Internet to learn the correct area code and telephone dialing prefix. Then, with nothing but time on their hands, they would start dialing numbers in sequence, trolling for victims.

When an unsuspecting person answered the phone, they would hear a female screaming, “Help me!” The screamer’s voice was likely a recording. Instinctively, the victim might blurt out his or her child’s name: “Mary, are you okay?” And then a man’s voice would say something like, “We have Mary. She’s in a truck. We are holding her hostage. You need to pay a ransom and you need to do it now or we are going to cut off her fingers.”

Most of the time, Arbuthnot said, “the intended victims quickly learned that ‘Mary’ was at home or at school, or they sensed the scam and hung up. This fraud only worked when people picked up the phone, they had a daughter, and she was not home,” he explained. “But if you are making hundreds of calls, the crime will eventually work.”

“The scammers attempt to keep victims on the phone so they can’t verify their loved ones’ whereabouts or contact law enforcement. The callers are always in a hurry, and the ransom demand is usually a wire payment to Mexico of $2,000 or less, because there are legal restrictions for wiring larger amounts across the border.

Although victims were typically instructed to wire ransom payments, two individuals in Houston were coerced into paying larger amounts—totaling approximately $28,000—that could not be wired. The victims were directed to make money drops, and they believed they were being watched as they were directed to the assigned location. When the drops were made—in specified trash cans—a Houston woman, 34-year-old Yanette Rodriguez Acosta, was waiting to pick up the ransom money. After taking her portion of the payment, Acosta wired the rest in small amounts to several individuals in Mexico to transfer to the Mexican prisoner believed to be running the virtual kidnapping scheme.

Acosta was taken into custody for her involvement in the scam, and in July 2017, a federal grand jury in Houston returned a 10-count indictment against her. Among the charges were wire fraud and money laundering.

Arbuthnot noted that the Mexican prisoners who carry out virtual kidnappings use the ransom money to pay bribes and to make their lives behind bars easier. “And sometimes they use the money to buy their way out of jail. That’s the ultimate goal.”

He added that virtual kidnapping cases are difficult to investigate and prosecute because almost all of the subjects are in Mexico, and the money is wired out of the country and can be difficult to trace. The charges against Acosta represent the first federal indictment in a virtual kidnapping case. In addition, many victims do not report the crime, either because they are embarrassed, afraid, or because they don’t consider the financial loss to be significant.

Regardless, Arbuthnot said, “victims of virtual kidnapping scams are traumatized by these events, because at the time, they believe that a loved one has been kidnapped and is in real danger.”

View Source

“CLIFTON NJ Sept 29 2017 -A city employee who worked at senior citizen’s center was arrested Wednesday on charges she used a dead man’s debit card to withdraw Social Security funds from his bank account.

Jacklyn Delillo, 31, is charged with theft by deception and identity theft, Passaic County Prosecutor Camelia M. Valdes said in a statement.

Delillo worked at the Clifton Senior Citizens Center, which is run by city government. It was at the center where she befriended an elderly man, Valdes said.

“When the elderly individual died, Social Security checks continued to be deposited into the individual’s bank account,” Valdes said.

“It is alleged that Ms. Delillo used the decedent’s debit card to make purchases after his death, utilizing Social Security funds,” Valdes said.

Delillo stole about $2,500, the prosecutor alleged.

Delillo salary is $21,726 and has worked for the city for about a year, according to state pension records.

Local authorities were assisted in the investigation by the Social Security Administration Inspector General’s Office, Valdes said.

After her arrest, Delillo was released on a summons to appear in court on Oct. 20, the prosecutor said.”

View Source

Be warned. An Edmonton driver’s chances of getting away with illegal parking are set to drop dramatically when city officials roll out their new robo-parking patrol.

Car-mounted cameras will automatically check licence plates against the parking payment records while rolling at 50 km/h on downtown streets. A wall-mounted camera will take a picture every time a car enters or exits a city-owned parking lot to ensure payment and the human patrol no longer tasked with marching downtown streets will redeploy to school zones and other hot-spot areas.

City officials are evaluating product bids now and hope to have a test car on city streets in October. The full rollout would hit Edmonton by spring. “That would be ideal,” said Erin Blaine, parking enforcement co-ordinator.

“It’s just a way more efficient way to use resources,” Blaine said. The parking rules are there to ensure spots remain open for drop-in customers for local businesses, and the automated enforcement will be more reliable for everyone. “It eliminates officer error.”

Similar to photo radar, scofflaws will get a ticket in the mail rather than under their vehicle’s windshield wiper. It will include a photo of the licence plate, which Blaine hopes will reduce the number of people appealing these tickets in court. She currently has five to 10 officers called to court every week.

It’s a $50 ticket for motorists who do not pay for parking.

An update on the project went to city council last week. It’s a $12-million effort, with $5.2 million already spent on the new digital parking meters. It’s listed as late because the city originally thought it could roll out the whole plan by 2015.

The third phase — having city-owned parkades calculate the number and location of spots left — is still being developed.

The report to council says implementation was delayed while city officials investigated the possibility of partnering with another municipality.

Read More