Snapchat Reveals How Often Law Enforcement Asked for Data

Snapchat is growing up, joining the ranks of its older tech giant predecessors when it comes to openness.

The 4-year-old ephemeral messaging app took a big leap this week by releasing its first ever transparency report and unveiling a sophisticated slate of new security features.

From Nov. 1, 2014, until Feb. 28, 2015, Snapchat said it received 375 requests from law enforcement for information in the United States. The company reported complying with 92 percent of those queries.

The release of the transparency report brings Snapchat in line with common practices used by Google, Facebook and other large technology companies and will be updated bi-annually.

Along with the report, Snapchat announced it would roll out a slate of new initiatives to ensure users’ silly photos and scantily clad selfies remain private and unable to be grabbed by third-party apps.

Among the new features are a bug bounty program that will offer incentives to coders around the world who flag any potential vulnerabilities in the app.

Snapchat also vowed a complete shutdown of third-party apps, many of which have been used unscrupulously by Snapchat users to grab and save photos that friends sent to them with the intention of only showing them for a few seconds.

Snapsaved, a third-party app, was hacked last year, resulting in thousands of private photos and videos being posted online.

Read More


The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government-surveillance firm Silent Circle, according to company officials.

Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones. And for its spy-resistant “blackphone.”

Apparently, troops don’t like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with secret code down to its hardware, to communicate “for both unclassified and classified” work, Silent Circle chairman Mike Janke told Nextgov.

In 2012, Janke, who served in the Navy’s elite special operations force, and Phil Zimmermann, creator of Pretty Good Privacy (PGP, in short), started Silent Circle as a California-based secure communications firm. The company is no longer based in the United States, ostensibly to deter U.S. law enforcement from seeking access to user records.

But that hasn’t stopped the Pentagon, a longtime Silent Circle apps customer, from buying the Android-based blackphone, which came out in 2014.

The “wild thing about it is, we’re a Swiss firm,” Janke said Monday. “Our phones aren’t produced in the U.S., but because of the fact that [DOD] can test our phone in a lab — they can look at the code that’s open source — they’ve been testing it for a year now and using it.”

Read More

Panama City Beach Clubs Confiscate Hundreds of Fake IDs Every Night

PANAMA CITY BEACH– Every year thousands of spring breakers come to Panama City Beach to party at the clubs and bars, and every year, thousands of fake IDs are taken away. In fact, Club La Vela confiscates more fake IDs than any other nightclub in Florida. Newschannel 7′s Kelly Baumgarten sat down with the La Vela security team earlier today and found out how to tell a real ID from a fake.

Fake IDs are not new. Teens across the country spend big bucks to get their hands on a phony drivers license, but during spring break in Panama City Beach, security crews for clubs seize hundreds every night.

“Every person that comes up the door if we take their ID from them they wanna argue about it and say it’s real and it’s them and then we end up having to get law enforcement involved,” said Paul Winterman, Director of Customer Service at Club La Vela.

These are just some of the fake IDs that Club La Vela has confiscated in the past few weeks. In fact, club employees estimate that in the month of March alone they’ve confiscated more than 2000 fake IDs.

“It’s a big club sometimes you’ve got 4000 people coming through the door and everybody tries to use a fake ID and drink in the club,” said Winterman

Paul Winterman has been working on La Vela’s security team for 16 years and he’s also a former detective. He says there are a lot of ways to spot a fake.

“You can tell by holograms anything that sells seal of authenticity or has a key on it its fake”

Members of La Vela’s security team say if you bend an id and it creases, it’s almost always a fake.

“They get the holograms right, but they don’t get the glue right. The font’s never correct, the color’s always wrong. Kids are paying for them online they’re buying $120 $130 for two of them and we tend to spot them in the first 30 seconds,” said Philip Trivett, head of security at Club La Vela.

But Winterman says identifying a phony id doesn’t come easy to everyone.

“A lot of people will want to work the door, but when it comes down to it there’s a knack to it. Some people got the knack to catch the IDs, some people don’t. So we go through a lot of people training and end up having to put them in other positions other than the door because they’re not capable of doing the job.”

La Vela employees say officers with the Division of Florida Alcoholic Beverages and Tobacco are on site 60% of the time during spring break. If the club spots a fake ID, the ABT will fine the person because it’s spring break. Any other time, possession of a fake ID would be a felony,

View Source

Android Apps Vulnerable to Hijacking

Almost half of Android smartphones are vulnerable to being hacked through third-party apps downloaded from stores outside the official outlet.

Discovered over a year ago, a Time-of-Check to Time-of-Use (TOCTTOU) vulnerability was uncovered. what is being called “Android Installer Hijacking” allows an attacker to hijack the usual Android APK installation process. It does not work on the Google Play store because a Play Store app cannot be accessed by other installed apps.

“On affected platforms, we discovered that the PackageInstaller has a “Time of Check” to “Time of Use” vulnerability. In layman’s terms, that simply means that the APK file can be modified or replaced during installation without the user’s knowledge. The Installer Hijacking vulnerability affects APK files downloaded to unprotected local storage only because the protected space of Play Store app cannot be accessed by other installed apps,” according to the blog post at Palo Alto Networks.

The PackageInstaller installs a different app than grants permissions to attackers. Legitimate apps could be replaced with malware apps.

Android version 4.4 and later versions have fixed the vulnerability. Android 4.3 and before may have the vulnerability.

A vulnerability scanner app is available in the Google Play store. For security researchers, the open source version of the app has been made available on Github.

Investigators advise users to only install apps from the Google play store on infected devices. To use Android 4.3 or later, though some 4.3 are vulnerable. Don’t give apps permission to use logcat. And don’t use a rooted device.

Read More

Medical, Personal Information Exposed at Premera Blue Cross

As the latest health insurer to be breached, Premera Blue Cross has revealed that it discovered a sophisticated cyber attack that tried to gain unauthorized access to their IT systems on January 29, 2015. The initial attack occurred on May 5, 2014. The company notified the FBI and is working with the cybersecurity firm Mandiant to investigate and repair the damage done by the attack.

Attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information, Premera said.

“About 6 million of the people whose accounts were accessed are residents of Washington state, where customers include employees of Inc, Microsoft Corp and Starbucks Corp, according to Premera. The rest are scattered across every U.S. state,” Reuters reports.

Establish your company as a technology leader. For 50 years, the R&D 100 Awards, widely recognized as the “Oscars of Invention,” have showcased products of technological significance. Learn more.

As explained by KrebsOnSecurity, “Mandiant specializes in tracking and blocking attacks from state-sponsored hacking groups, particularly those based in China.”

It goes on, “There are indications that this may be the work of the Chinese espionage group tied to the breach disclosed earlier this year at Anthem, an intrusion that affected some 78 million Americans.”

View Source

CIA sought to hack Apple iPhones

(Reuters) - CIA researchers have worked for nearly a decade to break the security protecting Apple (AAPL.O) phones and tablets, investigative news site The Intercept reported on Tuesday, citing documents obtained from NSA whistleblower Edward Snowden.

The report cites top-secret U.S. documents that suggest U.S. government researchers had created a version of XCode, Apple’s software application development tool, to create surveillance backdoors into programs distributed on Apple’s App Store.

The Intercept has in the past published a number of reports from documents released by whistleblower Snowden. The site’s editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on Snowden’s revelations, and by Oscar-winning documentary maker Laura Poitras.

It said the latest documents, which covered a period from 2006 to 2013, stop short of proving whether U.S. intelligence researchers had succeeded in breaking Apple’s encryption coding, which secures user data and communications.

Efforts to break into Apple products by government security researchers started as early as 2006, a year before Apple introduced its first iPhone and continued through the launch of the iPad in 2010 and beyond, The Intercept said.

Breaching Apple security was part of a top-secret program by the U.S. government, aided by British intelligence researchers, to hack “secure communications products, both foreign and domestic” including Google Android phones, it said.

Silicon Valley technology companies have in recent months sought to restore trust among consumers around the world that their products have not become tools for widespread government surveillance of citizens.

Last September, Apple strengthened encryption methods for data stored on iPhones, saying the changes meant the company no longer had any way to extract customer data on the devices, even if a government ordered it to with a search warrant. Silicon Valley rival Google Inc (GOOGL.O) said shortly afterward that it also planned to increase the use of stronger encryption tools.

Read More

Grambling State University Police Department Adds Body Cameras to the Uniform

When Interim Police Chief Howard Caviness started at Grambling in July 2014, one of his major goals was obtaining body cameras for the university’s police force. Caviness, who is used to wearing a camera due to years in undercover work in law enforcement, said recent disputes between police officers and public opinion has made getting the cameras a priority. “I’m used to having a camera on me all the time from my undercover days. I knew it was there for my protection as well as theirs (citizens). I think everyone is going to body cameras because of some overzealous police officers around the country,” he said.

With budget restraints, Caviness knew he had to look for other sources of funding that would not increase student fees. In October 2014, he received a Title 3 Grant worth $100,000 to pay for an upgraded communication system and equipment, including body cameras. Grambling’s 10 police officers began wearing the cameras in February, making GSU one of a growing number of university police departments to implement the use of body cameras.

The tiny cameras are about an inch and a half long and are worn with a lanyard and clipped to a shirt. They cost $80 each and are light, portable and wireless. The cameras also have a still photography mode, so officers can take crime scene photos for evidence. The addition of the body cameras is about protection and accountability. It holds the officers more accountable for their actions while on duty, and it gives officers and the public a clear audio and visual record of disputed events.

“I think it reminds an officer that he or she should remain professional at all times, especially with a video going at all times under their chins. It’s also about accountability. We get complaints about our officers from time to time, so now it’s not just an episode of he said/she said. You have the tools to protect yourself. It protects the students as well as the officers,” he said.

According to a November 2014 study by the University of Cambridge’s Institute of Criminology, wearing body cameras serves as a preventive measure that reduces escalation during encounters between police officers and members of the public. The student response to the body cameras has been largely positive, Caviness said. The one worry has been that the body camera footage could be doctored by a police officer. This is not a concern, according to Caviness, who says officers cannot alter the footage, since they do not have access to it. Chief Caviness is the only person with access to the body camera footage.

View Source

Security officers rescue kidnapped girl at hotel

Toronto Canada March 4 2015 Three people are each facing 10 charges after they allegedly held a 14-year-old girl captive in a hotel and forced her into prostitution.

On Feb. 27, hotel security officers in the Bay St. and Dundas St. W. area responded to a noise complaint, and went to a room where they found a girl who had allegedly been confined there for a week.

The girl’s belongings, including her cell phone, were taken from her and the phone in the hotel room was disabled, say police.

The accused allegedly advertised sexual services online and arranged for the girl to meet with clients. She was forced to perform sexual services and hand over any money she made to her captors, police said.

The same day security officers found the girl, Toronto police’s Sex Crimes Human Trafficking Enforcement Team arrested two men and a woman.

Toronto residents Sage Finestone, 21, and Nicholas Faria, 19, as well as 18-year-old Natasha Robataille, of no fixed address, are each facing 10 charges, including forcible confinement, trafficking a person under 18, advertising another person’s sexual services, as well as a number of other trafficking offences.

The 14-year-old girl is safe at home with her family, but police believe there may be more victims.

Anyone with information is asked to call 416-808-7400 or Crime Stoppers anonymously at 416-222-TIPS (8477).

View Source

Accused Granny scammer caught in “Pigeon Drop”

FAYETTEVILLE, Ga. – Two people, including an elderly woman, have been charged with performing a so-called “Pigeon Drop” scam at a Fayette County grocery store.

Juan Alexander Jackson and Marie Mangham face one count each of felony theft by deception. Investigators said Jackson, 57, and Mangham, 74, carried out the scam in the parking lot of the Fayetteville ALDI.

Fayette County Sheriff’s Lt. Mike Whitlow described the Pigeon Drop scam:

The Pigeon Drop scam occurs when a suspect approaches someone, usually an elderly person, in the parking lot and claims to have found a wallet or bag with a large sum of cash. The suspect offers to split the money with the victim if they can obtain cash from the victim’s bank account to “verify” the serial numbers and authenticate the found money as legitimate.

“Normally what we see is $100 on one side and a $100 on the other and a whole bunch of $1 bills in the middle so it looks like several thousand dollars,” Whitlow said.

When they get back to the parking lot to split up the cash, the scammers take off and money is gone.

One victim lost $25,000 in the scam.

Police nabbed the suspects Thursday while conducting surveillance in the area around ALDI. Whitlow said undercover detectives watched Jackson and Mangham approach an elderly woman in the parking lot.

“For us to catch these people is great. For us to actually see it in progress and witness the whole thing is amazing,” said Whitlow.

Read More

Shoplifter has been arrested a whopping 108 times

South Euclid OH Feb 20 2015 He fought the law — again and again.

Nathaniel Ferguson, 49, had been arrested a whopping 108 times when he snatched a bunch of teeth-whiteners and bolted through the open doors of a CVS pharmacy in suburban Cleveland on Monday, police said.

“I don’t have anything on me,” the prolific shoplifter reportedly yelled at a drug store security guard who knows him well.

Ferguson had a getaway car waiting and roared down the road where he was stopped by a couple of old acquaintances from the South Euclid Police Department, authorities said. They asked for his ID as a matter of procedure.

He allegedly gave them the name of his brother.

“Probably the majority of his arrests are just like that,” South Euclid Sgt. Mike O’Connor told the Daily News.

Rarely if ever violent, the career criminal is the most dogged of petty thieves in Northeastern Ohio. His busts date back to at least 1984, and cops and grocery store security guards recognize him at a glance, authorities said.

“He’s an experienced criminal,” O’Connor said. “Experienced, but not necessarily successful.”

His take in the CVS heist was valued at $47.26 in dental products, cops said.

He had seven open warrants from the Cleveland suburbs, including three out of the South Euclid local court. His rap sheet includes 26 aliases — mostly just varied spellings of his real name, but occasionally more ambitious ruses, such as Bruce Hogan and Nathan Hope.

By the time of his 109th arrest, even police seemed impressed by the three-digit tally of run-ins for stealing and drug possession.

“Does anyone have a contact for Guinness Book of World Records?” cops asked in a Facebook post. “We think we might have one worth evaluating.”

View Source