On Q Professional Investigations

Several recent studies have called for improved imaging technology and matching algorithms to support firearm identification. The author investigated and developed a novel, accurate, and low-cost system for structural 3D imaging and comparison of cartridge cases.

He was able to demonstrate the system’s potential for increasing the quality and reducing the cost of forensic analyses. The project, named Top-Match, combines the recently developed GelSight high-resolution surface topography imaging system with state-of-the-art algorithms for matching structural features.

Compared to competing technologies, the author’s GelSight-based system is fast, inexpensive, and not sensitive to the optical properties of the material being measured. The project aimed to extend the system to measure and compare striated toolmarks (e.g., aperture shear), to integrate these marks into the scoring function, and to investigate matching algorithms for comparing 3D surface topographies captured using different imaging modalities (e.g., GelSight vs. confocal microscopy).

The author developed a robust algorithm for extracting the linear profile of aperture shears. This method is able to extract profiles from curved, flat, or arced shears. Manual examination of the extracted profiles shows informative profiles can be extracted for approximately 88 percent of Glock casings.

These linear profiles can then be matched as part of a matching algorithm, which demonstrates a significant improvement in Glock matching ability when the shears are considered.

The author created an open file format (X3P) for the free exchange of 3D surface topography data. This format allowed collaboration with his colleagues at National Institute of Standards and Technology (NIST). They demonstrated that cross-modality matching is possible and that, in many cases, it works extremely well.

To achieve these results, the confocal scans required simple preprocessing (mainly interpolation of drop-outs and denoising with a low-pass filter). The system is able to accurately identify known matches when scans were acquired with GelSight or Confocal scanning systems. The algorithm was also able to identify known matches where one scan is a GelSight scan and the other is a Confocal scan.

View Source

Before companies like Microsoft and Apple release new software, the code is reviewed and tested to ensure it works as planned and to find any bugs.

Hackers and cybercrooks do the same. The last thing you want if you’re a cyberthug is for your banking Trojan to crash a victim’s system and be exposed. More importantly, you don’t want your victim’s antivirus engine to detect the malicious tool.

So how do you maintain your stealth? You submit your code to Google’s VirusTotal site and let it do the testing for you.

It’s long been suspected that hackers and nation-state spies are using Google’s antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups—including, surprisingly, two well-known nation-state teams—as they used VirusTotal to hone their code and develop their tradecraft.

“There’s certainly irony” in their use of the site, Dixon says. “I wouldn’t have expected a nation state to use a public system to do their testing.”

VirusTotal is a free online service—launched in 2004 by Hispasec Sistemas in Spain and acquired by Google in 2012—that aggregates more than three dozen antivirus scanners made by Symantec, Kaspersky Lab, F-Secure and others. Researchers, and anyone else who finds a suspicious file on their system, can upload the file to the site to see if any of the scanners tag it malicious. But the site, meant to protect us from hackers, also inadvertently provides hackers the opportunity to tweak and test their code until it bypasses the site’s suite of antivirus tools.

Dixon has been tracking submissions to the site for years and, using data associated with each uploaded file, has identified several distinct hackers or hacker teams as they’ve used VirusTotal to refine their code. He’s even been able to identify some of their intended targets.

He can do this because every uploaded file leaves a trail of metadata available to subscribers of VirusTotal’s professional-grade service. The data includes the file’s name and a timestamp of when it was uploaded, as well as a hash derived from the uploader’s IP address and the country from which the file was submitted based on the IP address. Though Google masks the IP address to make it difficult to derive from the hash, the hash still is helpful in identifying multiple submissions from the same address. And, strangely, some of the groups Dixon monitored used the same addresses repeatedly to submit their malicious code.

Using an algorithm he created to parse the metadata, Dixon spotted patterns and clusters of files submitted by two well-known cyberespionage teams believed to be based in China, and a group that appears to be in Iran. Over weeks and months, Dixon watched as the attackers tweaked and developed their code and the number of scanners detecting it dropped. He could even in some cases predict when they might launch their attack and identify when some of the victims were hit—code that he saw submitted by some of the attackers for testing later showed up at VirusTotal again when a victim spotted it on a machine and submitted it for detection.

Read More

China has the world’s most powerful supercomputer for the third time in a row as the country once again ups its presence in the global top 500.

Tianhe-2 was top of the twice-yearly list that keeps tabs on supercomputer development and growth.

Since the last list, China had 20% more supercomputers in the top 500, while US representation went down 15%.

However, the US still dominates the chart with 233 computers making the latest tally.

China had 76, up from 63 in the last count. This is almost as many as the UK (30), France (27) and Germany (23) combined.

The full list will be published on Monday at a conference in Leipzig, Germany.

Power

The top500 list is a widely-recognised barometer of the state of worldwide supercomputing. It has been published twice yearly since 1993.

All the computers are measured against the same criteria – a benchmark first devised in 1979 but since improved as computing has become ever more sophisticated.

Such is the immense power of the supercomputers, their computational ability is measured in petaflop/s – quadrillions of calculations per second.

The top performing computer, Tianhe-2, had its power measured at 33.86 petaflop/s (quadrillions of calculations per second). It has been just five years since IBM’s Roadrunner became the first computer to break the 1 petaflop/s mark. That machine was shut down in 2013 due to excessive power consumption.

The entire top 500 list of supercomputers combined offered 274 petaflop/s.

Tianhe-2 is owned by the Chinese government and operated by the National University of Defence Technology. It is used as a “research and educational” tool.

View Source

TOKYO (Reuters) - A 27-year-old Japanese man was arrested on Thursday for illegally possessing handguns made by a three-dimensional printer, media said, marking the first such case in Japan, a country that takes pride in its low crime rate.

Police in April found five plastic guns and a 3D printer at the suspect’s home in Kawasaki, south of Tokyo.

Two of the handguns were later proved capable of killing or wounding people, although no bullets were found at his home, public broadcaster NHK said.

Police also found blueprints for manufacturing guns stored in the suspect’s personal computer. The blueprints were believed to have been downloaded from the Internet, NHK said.

“I made the guns by the 3D printer at home. I did not think it was illegal,” the suspect, a college employee, was quoted by NHK as telling police.

A spokesman at Kanagawa Prefectural Police, which covers Kawasaki, declined to comment.

The suspect has frequently made Twitter entries aimed at justifying possession and manufacturing of guns and once said on the Internet “Gun restrictions are violation of human rights,” NHK said.

Jiji news agency reported the suspect also possessed 10 toy guns.

View Source

Crashing websites and overwhelming data centres, a new generation of cyber attacks is costing millions and straining the structure of the Internet.

While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks.

Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks.

On Feb. 10, internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far.

At its height, the near 400 gigabyte per second (gbps) assault was about 30 percent larger than the largest attack documented in 2013, an attempt to knock down antispam website Spamhaus, which is also protected by Cloudflare.

The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments.

On Feb. 20, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the websites it registers, and bit.ly, which creates shortened addresses for websites like Twitter, says it was also knocked out briefly in February.

In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters.

DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government website knocked out for up to 72 hours.

A report this month by security firm Prolexic said attacks were up 32 percent in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18 percent of outages at U.S.-based data centres From just 2 percent in 2010.

The average cost of a single outage was $630,000, it said.

“It’s really a game of cat and mouse,” said Jag Bains, chief technology officer of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites.

“I’d like to say we are ahead, but I just don’t think it’s true.”

As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of websites, making even a small attack much more effective.

The aims of attackers include extortion, political activism, providing distraction from data theft and, for “hobbyist” hackers, just testing and showcasing their skills, security experts say.

Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major U.S. banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge.

HIJACKING PRINTERS, SMARTPHONES

Many attacks, however, appear to be homegrown. The most popular point of origin for DDoS attacks in the last three months of 2013, Prolexic said, appeared to be the United States, followed by China, Thailand, Britain and South Korea.

As well as hijacking computers, Prolexic said attackers are increasingly targeting smartphones, particularly those using Google’s Android operating system, which by the third quarter of 2013 accounted for more than 80 percent of new phones.

Even wireless printers, experts say, have sometimes been co-opted into attacks, packed together in botnet groups. That, they warn, can put previously unprecedented cyber firepower in the hands of relatively unskilled hackers, who increasingly include teenagers.

Last year, British police arrested a 16-year-old as part of their investigations into the attack on Spamhaus, while German police arrested an 18-year-old after a DDoS attack paralysed the Saxony government website.

DDoSarrest says some of the most recent attacks it has dealt with were on U.S. universities and largely blamed on students showing off or protesting against high tuition fees.

The sheer volume of attacks means many perpetrators are never traced, and some computer security experts complain law-enforcement authorities remain reluctant to prosecute the youngest offenders.

Until recently, DDoS attacks were seen less of a threat than attempts to steal customer data or intellectual property. That, however, is changing fast.

SLOWING THE INTERNET

Last year’s Spamhaus attack was described by some as slowing the entire global Internet, and most experts agree the largest attacks can slow access across entire regions. Cloudflare says there were anecdotal reports of slowness in Europe during the latest attack.

Crashing data centres can wreak havoc with other services based there, including phone systems and vital industrial facilities.

The Ponemon report showed DDoS attacks are now the third largest cause of outages after power system failure and human error, outstripping traditional causes such as weather events.

Even if attacks do not succeed, the cost of mitigating them is rising fast, providing many millions of dollars of business for firms such as Cloudflare and Prolexic, taken over last month by Akamai Technologies for about $370 million.

Namecheap, which aims to offer cut-price hosting for websites, said it had already spread its data centres across five countries and three continents to better handle constant attacks but was still overwhelmed by the roughly 100 Gbps incident.

Attacks on that scale, Prolexic says, now occur several times a month and are now frequently so complex and fast moving that automated systems can no longer tackle them.

Prolexic itself runs a permanently manned operation centre at its headquarters in Florida, allowing it to keep one step ahead and instantly move material between data centres.

“It’s very hard to know what to do,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs currently on exchange at Harvard Kennedy School of Government. “The tools to do this can be purchased online incredibly cheaply, while the damage they can do and the cost of mitigating it is exponentially higher.

View Source

Several million Snapchat usernames and phone numbers were apparently leaked online late Dec., 31, 2013. Several outlets reported that 4.6 million usernames and phone numbers were posted as a downloadable database by hackers, but the site where the database was posted appeared to be down on Wednesday morning, USA Today reports.

Days prior, Snapchat – a popular messaging app that lets users send each other photos that quickly disappear – warned users of this potential scenario in a blog post, saying a security group had alerted it about a potential vulnerability “by which one could compile a database of Snapchat usernames and phone numbers.” The company said that it had implemented safeguards making an exploit “more difficult to do.”

The data gleaned from Snapchat could be very valuable, as phone numbers and corresponding names and other records could be used at call centers, or for social-engineering attacks and identity fraud.

According to Roger Thompson, chief emerging threat researcher at ICSA Labs, a vendor-neutral testing and certification firm, “Security and functionality tend to exist in an inverse relationship – the more functional you make a system, the less secure it tends to be. Web-based systems like Snapchat are built for functionality, so we should not be surprised that hackers found a vulnerability in a new, highly-functional system. The hole will be patched, and hackers will look for new ones. It’s almost a cost of doing business. The moral of the story is that we have to be thoughtful about what information we put online, because it might just leak, and we should only use one password per website. Password re-use is your enemy.”

Meanwhile, the official blog and social networking accounts for Microsoft’s Web calling service Skype appear to have been breached – a post published Wednesday on the official Skype blog featured the headline: “Hacked by Syrian Electronic Army.. Stop Spying!” A pair of tweets attributed to the SEA were then posted on Skype’s official Twitter account, and Skype’s Facebook page hosted a message accusing Microsoft of monitoring email accounts (Hotmail, Outlook) and selling the information to government sources.

Skype has reported that no user information was compromised.

View Source

SUNBURY, Pa. (AP) — A couple married for just three weeks lured a man to his death with a Craigslist ad because they wanted to kill someone together, police said.

Elytte Barbour told officers before his arrest Friday night that he and his wife, Miranda, had planned to kill before, but their plans never worked out until last month when Troy LaFerrara responded to an online posting that promised companionship in return for money, authorities said.

Elytte Barbour told investigators “that they committed the murder because they just wanted to murder someone together,” police said in the affidavit.

Elytte Barbour, 22, and Miranda Barbour, 18, face criminal homicide charges in LaFerrara’s death. His body was found Nov. 12 in an alley in Sunbury, a small city about 100 miles northwest of Philadelphia. The couple had recently moved to nearby Selinsgrove from Dunn, N.C.

Sunbury’s police chief, Steve Mazzeo, said Saturday he did not want to comment on the case or the couple’s motives since it was still an active investigation.

According to Sunbury police, Elytte Barbour told investigators he hid under a blanket in the backseat of the couple’s SUV as his wife picked up LaFerrara at a mall Nov. 11. He told police that, on his wife’s signal, he wrapped a cord around LaFerrara’s neck, restraining him while Miranda Barbour stabbed him.

The 42-year-old Port Trevorton man was stabbed about 20 times, police said.

Miranda Barbour was charged Tuesday, a day after police first contacted her. She initially denied knowing LaFerrara, but her story evolved as investigators gathered evidence, including the discovery that the last call received by the victim’s cellphone was made from her number, according to an affidavit in her case.

That affidavit said Miranda Barbour acknowledged meeting the victim in Selinsgrove and driving with him to Sunbury, where they parked. She said LaFerrara groped her and she took a knife from between the front seats and stabbed him after he put his hand around her throat, according to the affidavit.

Police said Miranda Barbour had told them she purchased cleaning supplies at a department store after stabbing LaFerrara, then picked up her husband and took him to a strip club for his birthday. On Friday, police said, Elytte Barbour told them he was the one who had purchased the cleaning products, an account investigators said was backed up by surveillance footage.

Following his wife’s arrest, Elytte Barbour told The Daily Item of Sunbury that Miranda Barbour, whom he married Oct. 22, regularly hired herself out as a “companion” to men she met on various websites, a business venture he said he supported because it didn’t involve sexual contact.

Barbour said his wife made anywhere from $50 to $850 by meeting with men for such activities as having dinner together or walking around a mall. The ads she placed on websites including Craigslist all said upfront that sex was not part of the deal, he said.

“She is not a prostitute,” he said. “What she does is meet men who have broken marriages or have no one in their lives, and she meets with them and has delightful conversation.”

Elytte Barbour didn’t have an attorney at his arraignment Friday night. Telephone messages left for his wife’s public defenders Saturday were not immediately returned.

Investigators also plan to look into the death of a man with whom Miranda Barbour had a 1-year-old child, Mazzeo said, but he would not say if there is a suspicion of foul play.

View Source

The Monday after Thanksgiving has become known as the biggest online shopping day of the year, with companies offering discounts galore to entice customers. But it’s also a day that scammers hope to use to their benefit by trying to lure in victims with offers that sound too good to be true. From fraudulent auction sales to gift card, phishing, and social networking scams and more, cyber crime schemes are ever-evolving and, unfortunately, still successful.

Here are some tips you can use to avoid becoming a victim of cyber fraud:

Purchase merchandise only from reputable sellers, and be suspicious of websites that do not provide contact information; also be wary if the seller only accepts wire transfers or cash.

Do not respond to or click on links contained within unsolicited (spam) e-mail.

Be cautious of e-mails claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.

Log on directly to the official website for the business identified in the e-mail instead of linking to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.

Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.

If you are requested to act quickly or there is an emergency that requires your attention, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.

Remember—if it looks too good to be true, it probably is.

This Cyber Monday—and every day—the FBI reminds shoppers to exercise due diligence online. Stay alert and beware of cyber criminals and their aggressive and creative ways to steal money and personal information.

Resources

IC3 Alert: Holiday Shopping Tips

View Source

CHARLOTTE NC

In the past week, Google, Facebook and Instagram have all announced security changes that will affect Officer Safety.

The most serious change comes from Facebook.
The company announced Thursday it is officially axing a privacy setting that allowed people to hide their profiles from other users in Facebook’s search field.

The setting “who can look up my timeline by name” had already disappeared from the options for some users — specifically, those who weren’t using the feature in December of last year.

The new change affects a “small percentage of people” on the site who were still using the feature, Facebook (FB, Fortune 500) said, although it did specify how many of its 1.15 billion active users were impacted.

Facebook explained that the search tool has been expanded to allow broader searches by topics, geographical areas and a number of other search criteria.

Facebook has also expanded its internal search capabilities with the roll out of Graph Search. The feature allows users to sift through the social network’s vast data trove to find “friends who live in my city,” “tourist attractions in Italy visited by my friends,” and similar lists. It also allows Facebook to eventually challenge sites that rate and rank local attractions like restaurants and hotels.

Facebook announced that users would no longer be able to block people with whom they are not connected from seeing their profile when searching the social network, a change that could boost the Graph Search feature CEO Mark Zuckerberg championed in a launch event earlier this year. The company said in a blog post that a “small percentage of people still using the setting” would lose it soon, after Facebook stopped offering to block searches for anyone who had not already chosen the option earlier this year.

Facebook has also changed their security threshold for their photo-sharing service Instagram allowing more people to see your photos. The Next Web reported that an update to the popular app takes away the option of not allowing videos to play automatically when a user visits the timeline. The move follows the announcement earlier this week that Instagram would begin to serve advertisements in users’ streams, the first revenue-generating attempt by the San Francisco company since Facebook committed $1 billion in a 2012 acquisition.

Google has also lifted some of their security restrictions, now sharing your photos and other information in advertisements and free displays.

What once was tucked away in your on-line privacy file has been opened and there’s not much that you can do about it.

For officer safety, we suggest that you restrict all pictures and post non-specific information and opt not to include details about your job, home address, phone number or even your favorite restaurant.

In recent years, there have been a number of private security personnel who have been assaulted while off-duty because of an incident that they were involved with while on-duty. Several situations also proved that the assailant had followed the security officer home from their work assignment and in a recent case; an assailant used public information to locate and assault a security officer for having him arrested for shoplifting.

Two security officers killed last year while off duty were found to have been targeted by persons that they had previous confrontations with while on duty.

Remember that once you post something on the Internet, you lose control of it and it’s almost impossible to take back once it has been published. For your safety, and the safety of your family,
use caution, be responsible and let common sense be your guide.

View Source

MIAMI — For the Polk County sheriff’s office, which has been investigating the cyberbullying suicide of a 12-year-old Florida girl, the Facebook comment was impossible to disregard.

In Internet shorthand it began “Yes, ik” — I know — “I bullied Rebecca nd she killed herself.” The writer concluded that she didn’t care, using an obscenity to make the point and a heart as a perverse flourish. Five weeks ago, Rebecca Ann Sedwick, a seventh grader in Lakeland in central Florida, jumped to her death from an abandoned cement factory silo after enduring a year, on and off, of face-to-face and online bullying.

The Facebook post, Sheriff Grady Judd of Polk County said, was so offensive that he decided to move forward with the arrest immediately rather than continue to gather evidence. With a probable cause affidavit in hand, he sent his deputies Monday night to arrest two girls, calling them the “primary harassers.” The first, a 14-year-old, is the one who posted the comment Saturday, he said. The second is her friend, and Rebecca’s former best friend, a 12-year-old.

Both were charged with aggravated stalking, a third-degree felony and will be processed through the juvenile court system. Neither had an arrest record. The older girl was taken into custody in the juvenile wing of the Polk County Jail. The younger girl, who the police said expressed remorse, was released to her parents under house arrest.

Originally, Sheriff Judd said he had hoped to wait until he received data from two far-flung cellphone application companies, Kik Messenger and ask.fm, before moving forward.

“We learned this over the weekend, and we decided that, look, we can’t leave her out there,” Sheriff Judd said, referring to the older girl. “Who else is she going to torment? Who else is she going to harass? Who is the next person she verbally abuses and attacks?”

He said the older girl told the police that her account had been hacked, and that she had not posted the comment.

“She forced this arrest today,” Sheriff Judd said.

Rebecca was bullied from December 2012 to February 2013, according to the probable cause affidavit. But her mother, Tricia Norman, has said the bullying began long before then and continued until Rebecca killed herself.

The older of the two girls acknowledged to the police that she had bullied Rebecca. She said she had sent Rebecca a Facebook message saying that “nobody” liked her, the affidavit said. The girl also texted Rebecca that she wanted to “fight” her, the police said. But the bullying did not end there; Rebecca was told to “kill herself” and “drink bleach and die” among other things, the police added.

The bullying contributed to Rebecca’s suicide, the sheriff said.

Brimming with outrage and incredulity, the sheriff said in a news conference on Tuesday that he was stunned by the older girl’s Saturday Facebook posting. But he reserved his harshest words for the girl’s parents for failing to monitor her behavior, after she had been questioned by the police, and for allowing her to keep her cellphone.

“I’m aggravated that the parents are not doing what parents should do: after she is questioned and involved in this, why does she even have a device?” Sheriff Judd said. “Parents, who instead of taking that device and smashing it into a thousand pieces in front of that child, say her account was hacked.”

The police said the dispute with Rebecca began over a boy. The older girl was upset that Rebecca had once dated her boyfriend, they said.

“She began to harass and ultimately torment Rebecca,” said the sheriff, describing the 14-year-old as a girl with a long history of bullying behavior.

The police said the older girl began to turn Rebecca’s friends against her, including her former best friend, the 12-year-old who was charged. She told anyone who tried to befriend Rebecca that they also would be bullied, the affidavit said.

The bullying leapt into the virtual world, Sheriff Judd said, and Rebecca began receiving sordid messages instructing her to “go kill yourself.” The police said Rebecca’s mother was reluctant to take her cellphone away because she did not want to alienate her daughter and wanted her to be able to communicate with her friends. Ms. Norman tried, she has said, to monitor Rebecca’s cellphone activity.

In December, the bullying grew so intense that Rebecca began cutting herself and was sent to a hospital by her mother to receive psychiatric care. Ultimately, her mother pulled her out of Crystal Lake Middle School. She home schooled her for a while and then enrolled her in a new school in August.

But the bullying did not stop.

“As a child, I can remember sticks and stones can break your bones but words will never hurt you,” the sheriff said. “Today, words stick because they are printed and they are there forever.”

Some of the messages were sent using a variety of social media smartphone messaging and photo-sharing applications, including ask.fm and Kik Messenger, that parents have a difficult time keeping track of.

“Watch what your children do online,” Sheriff Judd said. “Pay attention. Quit being their best friend and be their best parent. That’s important.”

View Source