On Q Professional Investigations

News of criminal suspects being identified by posts on Facebook and other social media sites isn’t all that unusual.

But a homeowner in Tega Cay, S.C., didn’t even know his house had been the site of an apparent trespass by partying teens, at a time when the entire family was away on vacation, until he spotted some photos online, NBC Charlotte reports.

After he came across the photos on Facebook, said the unidentified 39-year-old man, “I’m looking at them like, ‘Wait, this is my house!’” Although he said the seeming teenagers were “running around doing lewd things with funnels, throwing up in the sink, passed out on the kitchen floor,” they also apparently cleaned up afterward, so the family saw no sign of damage to alert them when then arrived home after their trip.

The man said he recognized the teens as classmates of his children, who were subsequently able to get some details about what had happened at their home around the time of the July 4 holiday by talking to some of their acquaintances, according to the article.

Using photo tagging information, Tega Cay police officers have made a list of suspects and are trying to reach their families.

View Source

The New York Police Department has, for the first time, laid out rules for using social media sites like Facebook and Twitter during investigations.

New York City Police Commissioner Raymond Kelly issued a memo that makes it OK for cops to register fake aliases to cruise social media, as long as they keep the department informed.

The five page memo says officers involved in probes involving social media may register their aliases with the department and use a department-issued laptop whose Internet-access card can’t be traced back to the NYPD, the New York Daily News reports.

Trolling the Internet can give police a tipoff to an imminent threat or give cops a leg up if they are conducting undercover work that requires deception, such as posing online as a teen to nab a rapist.

According to the paper, Christopher Dunn, an associate legal director for the New York Civil Liberties Union, pointed out that police work on the Internet is ripe for abuse.

“Electronic undercover work is fine. But we worry about the ease with the police can use deceit on the Internet to monitor private communications. Police infiltration of social media should be closely regulated,” the paper quoted him, as saying.

Jethro Eisenstein, a lawyer, whose lawsuit led to the Handschu Guidelines, a consent decree that governs how police investigate political activity, also stressed that using aliases violates those guidelines.

The NYPD memo comes as police have made headlines for how it uses and deals with the Internet.

The memo says officers can use subpoenas, court orders or search warrants to obtain certain electronic evidence, the paper said.

View Source

A defamatory anti-Muslim movie made in the United States on YouTube sparked a week of violence across the Middle East, then Friday, threats on two American campuses took over Twitter.

All you need is a cell phone to watch it all unfold and contribute to its momentum.

As an advisory to the Department of Homeland Security and a private security consultant, Mohamed Elibiary helps the United States government deal with the effects of social networks.

He can tell you which places in the world Twitter holds sway over Facebook, and where YouTube is not allowed. He can overlay the power of certain social networks on the maps of certain countries.

Elibiary was born in Dallas, but has relatives in Egypt, and he said social networks have in some ways become more powerful than countries.

“In an information age, the nation state becomes a weaker player, and information and social networks are much more influential in affecting public opinion,” Elibiary said. “Governments are going to become weaker, and social networks are going to become more influential.”

In this week where social misinformation has humbled the power of the United States, Elibiary said one way the U.S. can counteract social networks is by tapping the family networks already in place between Americans and their relatives overseas.

“Everybody has a family member overseas, in Egypt or Yemen, or somewhere in the world,” he said. “Those relatives know the truth about the United States, and they can help strengthen a new kind of communication where the U.S. hasn’t established itself yet.”

Read More

Police may soon be able to catch criminals by the ink they are sporting.

Computer scientists are developing a new program that will be able to identify suspects by their tattoos and match them to photos in police databases or on social media.

Automatic identification through recognition of body art could provide a much needed breakthrough in detective work, often thwarted by grainy footage from surveillance videos that make it difficult to see a criminal’s face to use facial recognition.

‘Those photos are often so bad that face recognition wouldn’t come even close’ to finding a match in a database, Terrance Boult, a computer science professor at the University of Colorado, explained to Live Science.

To rectify this problem, Boult worked with a team of researchers to develop a computer program that reviews body ink, scars, moles and visible skin markings in photos.

The program scans images for these identifiable skin symbols and then looks for people bearing the same markings in a photo database.

The program is designed to pick up patterns in tattoos and could even link together members of gangs, who often share body tags.
Though this isn’t the first program to examine body markings for identification, the computer program was designed to better handle low quality photos, like those taken from a smart phone.

Read More

It could be time for you to start worrying about what Facebook might be doing with the identity information collected on you and “tagged” photos.

The Hamburg Commissioner for Data Protection and Freedom of Information in Germany has announced legal action against the company and charged that Facebook’s use of facial-recognition technology is illegal.

In addition, the Federation of German Consumer Organizations is ordering Facebook to stop giving third-party applications users’ data without their consent.

If the social network doesn’t do this by Sept. 4, the FGCO will sue. Earlier this month, Norway also announced that it is looking into the legality of the social network’s use of face-matching technology.

Unlike the United States, Germany has regulations that allow Internet users control over their data.

Regarding photo tags, a Facebook spokesperson told CNET: “We believe that the photo tag suggest feature on Facebook is fully compliant with EU data protection laws. During our continuous dialogue with our supervisory authority in Europe, the Office of the Irish Data Protection Commissioner we agreed to develop a best practice solution to notify people on Facebook about photo tag suggest.”
Facebook: facial recognition profiles without user consent

A number of companies – like Facebook, Apple and Google – have facial recognition or detection as an automatic part of various services and apps.

With Apple and Google, users must opt-in, and they can opt-out. While its users can remove tags, Facebook’s facial recognition feature is active by default.

But what happens with that information? It’s not just that Facebook is using facial recognition (biometric data) to increase the worth of its data for sale, trade, or for whatever currency it’s lining litterboxes with in Menlo Park.

In its December 2011 comments the Electronic Privacy Information Center told the Federal Trade Commission:

(…) the Commission should specifically prohibit the use of Facebook’s biometric image database by any law enforcement agency in the world, absent a showing of adequate legal process, consistent with international human rights norms.

Facebook reportedly possessed an estimated 60 billion photos by late 2010, and approximately 2.5 billion photos are uploaded to Facebook each month.

The democratization of surveillance

EPIC’s comments came after the FTC held a day-long forum called “Face Facts: A Forum on Facial Recognition Technology,” focusing on the commercial applications of facial recognition technology and its potential privacy implications.

The “Face Facts” participants came from disparate sides of the discussion. They included FTC attorneys, the Face.com CEO, Facebook’s senior privacy advisor and director, and reps from Google, the Privacy Rights Clearinghouse, the Center for Democracy and Technology and the ACLU.

Demos were done for participants by Intel AIM Suite (Audience Impression Metrics: a CMS-friendly and API-ready, public-use face detection software product) and Andrew Cummins, self-described strategy expert in tech/defense markets and the chief technology officer of controversial app-maker SceneTap.

There was also a representative from the National Institute of Standards and Technology. Interestingly, in 2010 NIST tested various facial recognition systems and found that the best algorithm correctly recognized 92 percent of unknown individuals from a database of 1.6 million criminal records.

FTC Chairman Jon Leibowitz opened “Face Facts” saying this summit was timely because, “Facebook has launched new facial recognition technology” and that “These sorts of technologies have already taken hold in law enforcement and the military; in that area, they are as controversial as they are interesting.”

I’m not sure if his use of a clip from the Tom Cruise film Minority Report in his opening remarks was meant to be ironic or not. Perhaps Mr. Leibowitz misses working for the MPAA (where he was chief lobbyist until being tapped for the FTC by George W. Bush in 2004).

Leibowitz did say, “We must confront openly the real possibility that these technologies, if not now, then soon, may be able to put a name with the face, so to speak, and have an impact on our careers, credit, health, and families.”

The Face Facts meeting raised an alarm for privacy organizations; Privacy Rights Clearinghouse director Beth Givens stated outright that there is insufficient public awareness about all aspects of facial recognition tech, and zero auditing mechanisms in place for any entity using the technologies.

Six months after the FTC meeting, Facebook acquired one of the biz-dev side participants, Face.com.

It’s clear that after meetings and summits, even with good intentions for privacy protections, regulators like the FTC are merely only still on the outside looking in.

Ties between video profiling in private and government sectors more murky than ever

Back in July at a Senate Judiciary subcommittee hearing Senator Al Franken said, “Facebook may have created the world’s largest privately held database of face prints without the explicit knowledge of its users.”

Franken continued to link the holes in citizen protections and stressed implications with the then-new Federal Bureau of Investigation facial-recognition pilot program.

Franken stated that any law-enforcement gains from the program could come at a high cost to civil liberties. “The FBI pilot could be abused to not only identify protesters at political events and rallies, but to target them for selective jailing and prosecution, stifling their First Amendment rights,” he said.

Think about the implications of facial recognition profiles on social media sites along with current trends in cybersecurity legislation hysteria.

Remember CISPA? The surveillance bill would have given Homeland Security a backdoor pass to access your email, private information and social network data without a warrant or notice if it fit into a plan to stop “cybersecurity” threats. CISPA would have made it so that Facebook would be completely unrestricted (say, by your rights) to cooperate with Homeland Security to the fullest extent.

Just in the past few weeks, information has surfaced from a Wikileaks leak of private intelligence documents that the purpose of a surveillance product called TrapWire is to combine various intelligent surveillance technologies with tracking and location data, individual profile histories from various sources (datamining and social media), and image data analysis (such as facial recognition; TrapWire’s video component) to monitor people under the guise of threat detection.

TrapWire is a commercial product sold to and implemented by private entities, the US Government “and its allies overseas.”

Too little FTC, too late?

Facial recognition technologies are no longer held back from commercial sectors by high costs and poor accuracy and are quickly becoming directed at recording faces in public places and business establishments, rather than only online.

The FTC had impressed the point that the avenue of interest for “Face Facts” would solely address commercial uses and does not address the use of facial recognition technologies for security purposes or by law enforcement or government actors.

Right now there is nothing that requires any private entity to provide the individual with notice that facial recognition information is being collected, or the duration of the period in which the information will stored, or used.

There is nothing preventing private entities (businesses, app developers, data brokers or advertisers) from selling, trading, or otherwise profiting from an individual’s biometric information – or from disclosing or disseminating the information without obtaining the individual’s consent or pursuant to a valid warrant or subpoena.

It will be interesting to see how Facebook handles its newest privacy problem in Germany.

View Source

Well, now it is official. Mark Zuckerberg was not so smart after all, but just fronting for the CIA in one of the biggest Intelligence coups of all times.

But there remains one small problem, the CIA is not supposed to monitor Americans. I guess we will hear more on that soon from the lawyers once the litigation gets cranked up.

Personally I will be more interested in how this is going to effect the stock offering and shares as all Americans should own the entity that has been spying on them.

And then there are the SEC full disclosure regulations and penalties. It’s bonanza time for the lawyers.

Could the loophole the CIA used be that, ‘you aren’t being spied on if you are willingly posting everything a repressive regime would love to have on your Facebook account, with no threats, no family hostages, no dirty movies or photos that could be released?

Read more

This Friday, Facebook will go public in one of the most anticipated IPOs in history. With more than 900 million users, Mark Zuckerberg’s expanding social media empire has become a seemingly irreplaceable part of the online experience. Unfortunately, a byproduct of its success is that millions of Americans are far more exposed to a number of cyber crimes that also teem on the site.

To be sure, cyber crimes have been occurring for some time, but the presence of social media has made many crimes much easier to commit. In social networks people make “friends” without knowing the person and make personal information easily available. And none of the networks present more opportunity to criminals than Facebook and its hundreds of millions of users. With this in mind, 24/7 Wall St. looked at some of the most common ways criminals use Facebook.

There are the nine ways criminals use Facebook — here are five. (You can read the rest at 24/7 Wall St.)

1. Hacking accounts
When criminals hack a Facebook account, they typically use one of several available “brute force” tools, Grayson Milbourne, Webroot’s manager of threat research for North America, told 24/7 Wall St. in an interview. These tools cycle through a common password dictionary, and try commonly used names and dates, opposite hundreds of thousands of different email IDs. Once hacked, an account can be commandeered and used as a platform to deliver spam, or — more commonly — sold. Clandestine hacker forums are crawling with ads offering Facebook account IDs and passwords in exchange for money. In the cyber world, information is a valuable thing.

2. Commandeering accounts
A more direct form of identity theft, commandeering occurs when the criminal logs on to an existing user account using an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity. The impostor can use this identity for a variety of confidence schemes, including the popular London scam in which the fraudster claims to be stranded overseas and in need of money to make it home. The London scam has a far-higher success rate on Facebook — and specifically on commandeered accounts — because there is a baseline of trust between the users and those on their friends list.

3. Profile cloning
Profile cloning is the act of using unprotected images and information to create a Facebook account with the same name and details of an existing user. The cloner will then send friend requests to all of the victim’s contacts. These contacts will likely accept the cloner as a friend since the request appears to be from someone they’re familiar with. Once accepted, the crook has access to the target’s personal information, which they can use to clone other profiles or to commit fraud. As Milbourne puts it, “Exploiting a person’s account and posturing as that person is just another clever mechanism to use to extract information.” Perhaps what’s scariest about this kind of crime is its simplicity. Hacking acumen is unnecessary to clone a profile; the criminal simply needs a registered account.

4. Fake Facebook
A common form of phishing is the fake Facebook scam. The scammers direct users via some sort of clickable enticement, to a spurious Facebook log-in page designed to look like the real thing. When the victims enter their usernames and passwords, they are collected in a database, which the scammer often will sell. Once scammers have purchased a user’s information, they can take advantage of their assumed identity through apps like Facebook Marketplace and buy and sell a laundry list of goods and services. Posing as a reputable user lets the scammer capitalize on the trust that person has earned by selling fake goods and services or promoting brands they have been paid to advertise.

5. Mining unprotected info
Few sites provide an easier source of basic personal information than Facebook. While it is possible to keep all personal information on Facebook private, users frequently reveal their emails, phone numbers, addresses, birth dates and other pieces of private data. As security experts and hackers know, this kind of information is often used as passwords or as answers to secret security questions. While the majority of unprotected information is mined for targeted advertising, it can be a means to more pernicious ends such as profile cloning and, ultimately, identity theft.

Read more

Facebook estimates that as of December 31, 2011, false or duplicate accounts represented approximately 5-6% of monthly active users, but also stated, “This estimate is based on an internal review of a limited sample of accounts and we apply significant judgment in making this determination, such as identifying names that appear to be fake or other behavior that appears inauthentic to the reviewers. As such, our estimation of false or duplicate accounts may not accurately represent the actual number of such accounts.”

Why would anyone set up a fake Facebook account?

To steal your clients or potential clients. To squat on your name or brand. To post infected links while posing as legitimate individuals or businesses. To offer deals with links to spoofed websites in order to extract credit card numbers. To damage your name or brand. To harass you or someone you know. To co-opt a name or brand that has leverage in order to obtain privileged access.

Social media websites could go a long way in protecting their users by incorporating device reputation management. Rather than relying solely on information provided by a user (who could be an impersonator), device reputation goes deeper, identifying the computer or other devices being used, so that known scammers and spammers are exposed immediately, and potentially threatening accounts are denied and users abused.

Read more

ST. LOUIS, MO (KTVI)– Goldia Coldon continues to hold out hope in the search for her daughter Phoenix.

It was on December 18, 2011 when the 23 year old UMSL student went missing. Her 1998 Chevy blazer was found in East St. Louis with the engine running. Her glasses, purse, driver`s license and shoes were found inside. Phoenix’s phone and bank activity stopped.

The family has been working with private detectives and police to follow up on leads and one tip from Texas ended up costing them their life savings, health and now their home.

“They called in a tip saying that they thought that their relative might have our daughter.” said Goldia Coldon.

According to the family’s private investigator a man claiming to be Phoenix’s father created a fake Facebook page using her picture. The unnamed man also said he knew where the 23 year old was. The family invested money in pursuit of what appeared to be a good lead, but it all turned out to be a lie.

“It’s a scary thing because we thought that he might have Phoenix with him. The person he was presenting as his long lost daughter was a picture of Phoenix,” said Coldon.

The family continues to work with the Black and Missing Foundation and others in the search. They’ve also started a fund to help find Phoenix.

Read more

Facial-recognition platform Face.com could foil the plans of all those under-age kids looking to score some booze. Fake IDs might not fool anyone for much longer, because Face.com claims its new application programming interface (API) can be used to detect a person’s age by scanning a photo.

With its facial recognition system, Face.com has built two Facebook apps that can scan photos and tag them for you. The company also offers an API for developers to use its facial recognition technology in the apps they build.

Its latest update to the API can scan a photo and supposedly determine a person’s minimum age, maximum age, and estimated age. It might not be spot-on accurate, but it could get close enough to determine your age group.

“Instead of trying to define what makes a person young or old, we provide our algorithms with a ton of data and the system can reverse engineer what makes someone young or old,” Face.com chief executive Gil Hirsch told VentureBeat in an interview. ”We use the general structure of a face to determine age. As humans, our features are either heighten or soften depending on the age. Kids have round, soft faces and as we age, we have elongated faces.”

The algorithms also take wrinkles, facial smoothness, and other telling age signs into account to place each scanned face into a general age group. The accuracy, Hirsch told me, is determined by how old a person looks, not necessarily how old they actually are. The API also provides a confidence level on how well it could determine the age, based on image quality and how the person looks in photo, i.e. if they are turned to one side or are making a strange face.

“Adults are much harder to figure out [their age], especially celebrities. On average, humans are much better at detecting ages than machines,” said Hirsch.

The hope is to build the technology into apps that restrict or tailor content based on age. For example the API could be built into a Netflix app, scan a child’s face when they open the app, determine they’re too young to watch The Hangover, and block it. Or — and this is where the tech could get futuristic and creepy — a display with a camera could scan someone’s face when they walk into a store and deliver ads based on their age.

In addition to the age-detection feature, Face.com says it has updated its API with 30 percent better facial recognition accuracy and new recognition algorithms. The updates were announced Thursday and the API is available for any developer to use.

One developer has already used the API to build app called Age Meter, which is available in the Apple App Store. On its iTunes page, the entertainment-purposes-only app shows pictures of Justin Bieber and Barack Obama with approximate ages above their photos.

Other companies in this space include Cognitec, with its FaceVACS software development kit, and Bayometric, which offers FaceIt Face Recognition. Google has also developed facial-recognition technology for Android 4.0 and Apple applied for a facial recognition patent last year.

The technology behind scanning someone’s picture, or even their face, to figure out their age still needs to be developed for complete accuracy. But, the day when bouncers and liquor store cashiers can use an app to scan a fake ID’s holder’s face, determine that they are younger than the legal drinking age, and refuse to sell them wine coolers may not be too far off.

Read more