Bitcoin

About $1.2 Billion in Cryptocurrency Stolen Since 2017 (reuters.com) 46

Criminals have stolen about $1.2 billion in cryptocurrencies since the beginning of 2017, as bitcoin's popularity and the emergence of more than 1,500 digital tokens have put the spotlight on the unregulated sector, according to estimates from the Anti-Phishing Working Group released on Thursday. From a report: The estimates were part of the non-profit group's research on cryptocurrency and include reported and unreported theft. "One problem that we're seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys," Dave Jevans, chief executive officer of cryptocurrency security firm CipherTrace, told Reuters in an interview.
Crime

Gamers Involved In Fatal Wichita 'Swatting' Indicted On Federal Charges (kansas.com) 367

bricko shares a report from Kansas: A federal grand jury has indicted the man accused in Wichita's fatal swatting as well as the two gamers involved in the video game dispute that prompted the false emergency call. The 29-page indictment was unsealed Wednesday in U.S. District Court for the District of Kansas. It charges 25-year-old Tyler Barriss, who is facing state court charges including involuntary manslaughter, with false information and hoaxes, cyberstalking, threatening to kill another or damage property by fire, interstate threats, conspiracy and several counts of wire fraud, according to federal court records. One of the gamers -- 18-year-old Casey S. Viner of North College Hill, Ohio -- is charged with several counts of wire fraud, conspiracy, obstruction of justice and conspiracy to obstruct justice. The other gamer -- 19-year-old Shane M. Gaskill of Wichita -- is charged with several counts of obstruction of justice, wire fraud and conspiracy to obstruct justice.
Crime

Alleged Owners of Mugshots.com Have Been Arrested For Extortion (lawandcrime.com) 101

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

The Almighty Buck

Hackers Steal Millions From Mexican Banks In Transfer Heist (reuters.com) 29

happyfeet2000 shares a report from Reuters: Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government's investigation said. Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of thousands of pesos from banks including Banorte, to fake accounts in other banks, the sources said, and accomplices then emptied the accounts in cash withdrawals in dozens of branch offices. The total amount is estimated to be as much as $20 million (~400 million pesos).
Crime

Suspect Identified In CIA 'Vault 7' Leak (nytimes.com) 106

An anonymous reader quotes a report from The New York Times: In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency's hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices. It was the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials. Now, The New York Times has learned the identity of the prime suspect in the breach (Warning: source may be paywalled; alternative source): a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets.

F.B.I. agents searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and family members. The search warrant application said Mr. Schulte was suspected of "distribution of national defense information," and agents told the court they had retrieved "N.S.A. and C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics. But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found the material on a server he created as a business in 2009 while he was a student at the University of Texas.

Cellphones

US Appeals Court Rules Border Agents Need Suspicion To Search Cellphones (reason.com) 116

On Thursday, a federal appeals court ruled that U.S. border agents need some sort of reason to believe a traveler has committed a crime before searching their cellphone. Slashdot reader Wrath0fb0b shares an analysis via Reason, written by Fourth Amendment scholar Orin Kerr: Traditionally, searches at the border don't require any suspicion on the theory that the government has a strong sovereign interest in regulating what enters and exits the country. But there is caselaw indicating that some border searches are so invasive that they do require some kind of suspicion. In the new case, Kolsuz (PDF), the Fourth Circuit agrees with the Ninth Circuit that at least some suspicion is required for a forensic search of a cell phone seized at the border. This is important for three reasons. First, the Fourth Circuit requires suspicion for forensic searches of cell phones seized at the border. Second, it clarifies significantly the forensic/manual distinction, which has always been pretty uncertain to me. Third, it leaves open that some suspicion may be required for manual searches, too.

But wait, that's not all. In fact, I don't think it's the most important part of the opinion. The most important part of the opinion comes in a different section, where the Fourth Circuit adds what seems to be a new and important limit on the border search exception: a case-by-case nexus requirement to the government interests that justify the border search exception. Maybe I'm misreading this passage, but it strikes me as doing something quite new and significant. It scrutinizes the border search that occurred to see if the government's cause for searching in this particular case satisfied "a 'nexus' requirement" of showing sufficient connection between the search and "the rationale for the border search exception," requiring a link between the "predicate for the search and the rationale for the border exception." In other words, the Fourth Circuit appears to be requiring the government to identify the border-search-related interest justifying that particular search in order to rely on the border search exception.
"The analysis is interesting throughout, and it would be a fairly large limitation on digital searches conducted at the border, both in requiring some articulable suspicion for digital searches and in the requirement to justify the relationship between the search and the border inspection," writes Wrath0fb0b.
Crime

A Smart Doorbell Company Is Working With Cops To Report 'Suspicious' People, Activities (vice.com) 273

An anonymous reader quotes a report from Motherboard: Smart doorbell company Ring is making it easier for customers to call the cops on "suspicious" people and activities. The startup, which Amazon acquired for reportedly "more than" $1 billion this year, uses security cameras to let people monitor their entryways. Now, it's launching its Neighbors app -- a platform for reporting crime that, so far, police in Fort Lauderdale and Orlando, and the Ventura Sheriff's Department, have access to. "Over the next days and weeks, law enforcement across the U.S. will be joining Neighbors," a Ring spokesperson told me over email.

The app, while presented as a crime-fighting aid, could also be a new place for paranoid people to profile fellow citizens, as similar platforms in the past have turned out to be. According to the company's statement in a press release for Neighbors today: "In addition to receiving push notifications about potential security issues, app users can see recent crime and safety posts uploaded by their neighbors, the Ring team and local law enforcement via an interactive map. If a neighbor notices suspicious activity in their area, they can post their own text, photo or video and alert the community to proactively prevent crime."

Crime

Police Drop Charges Filed Against 19-Year-Old Archivist For Downloading FOIA Releases (techdirt.com) 154

An anonymous reader quotes a report form Techdirt: Last month, [...] an unnamed 19-year-old was facing criminal charges for downloading publicly-available documents from a government Freedom of Information portal. The teen had written a script to fetch all available documents from the Nova Scotia's government FOI site -- a script that did nothing more than increment digits at the end of the URL to find everything that had been uploaded by the government. The government screwed up. It uploaded documents to the publicly-accessible server that hadn't been redacted yet. It was a very small percentage of the total haul -- 250 of the 7,000 docs obtained -- but the government made a very big deal out of it after discovering they had been accessed.

Fortunately, Nova Scotia law enforcement has decided there's nothing to pursue in this case: "In an email to CBC News, Halifax police Supt. Jim Perrin did not mention what kind of information police were given from the province, but he said it was a 'high-profile case that potentially impacted many Nova Scotians.' 'As the investigation evolved, we have determined that the 19-year-old who was arrested on April 11 did not have intent to commit a criminal offense by accessing the information,' Perrin said in the email."

United Kingdom

UK Police Say 92 Percent False Positive Facial Recognition Is No Big Deal (arstechnica.com) 189

An anonymous reader quotes a report from Ars Technica: A British police agency is defending its use of facial recognition technology at the June 2017 Champions League soccer final in Cardiff, Wales -- among several other instances -- saying that despite the system having a 92-percent false positive rate, "no one" has ever been arrested due to such an error. New data about the South Wales Police's use of the technology obtained by Wired UK and The Guardian through a public records request shows that of the 2,470 alerts from the facial recognition system, 2,297 were false positives. In other words, nine out of 10 times, the system erroneously flagged someone as being suspicious or worthy of arrest.

In a public statement, the SWP said that it has arrested "over 450" people as a result of its facial recognition efforts over the last nine months. "Of course, no facial recognition system is 100 percent accurate under all conditions. Technical issues are normal to all face recognition systems, which means false positives will continue to be a common problem for the foreseeable future," the police wrote. "However, since we introduced the facial recognition technology, no individual has been arrested where a false positive alert has led to an intervention and no members of the public have complained." The agency added that it is "very cognizant of concerns about privacy, and we have built in checks and balances into our methodology to make sure our approach is justified and balanced."

Crime

70-Year-Old Former Volkswagen CEO Charged With Fraud Over Emissions Scandal (cnn.com) 84

An anonymous reader quotes CNN: The U.S.government has charged Martin Winterkorn, the former chief executive officer of Volkswagen, with fraud in the company's diesel emissions-cheating scandal. The indictment was unsealed in Detroit on Thursday, revealing that Winterkorn had been charged on March 14 with wire fraud and conspiracy to defraud Volkswagen's American customers and violate the Clean Air Act...

Volkswagen admitted in late 2015 that it fitted as many as 11 million diesel vehicles worldwide with software that could cheat emissions tests... The indictment alleges that Winterkorn was made aware of emissions cheating in May 2014 and July 2015, and that he agreed with other senior executives to continue the practice... Winterkorn, 70, is believed to be a resident of Germany. He is the ninth person charged by the U.S. government over emissions cheating.

Crime

Criminals Used a Fleet of Drones To Disrupt an FBI Hostage Operation (fortune.com) 61

Criminals have discovered another use for drones -- to distract and spy on law enforcement. From a report: They recently tried to thwart an FBI hostage rescue, Joe Mazel, chief of the FBI's operational technology law unit, said this week, according to a report by news site Defense One. Mazel, speaking at the AUVSI Xponential drone conference in Denver, said that criminals launched a swarm of drones at an FBI rescue team during an unspecified hostage situation near a large U.S. city, confusing law enforcement. The criminals flew the drones at high speed over the heads of FBI agents to drive them away while also shooting video that they then uploaded to YouTube as a way to alert other nearby criminal members about law enforcement's location.
United States

White House Considers Restricting Chinese Researchers Over Espionage Fears (nytimes.com) 179

An anonymous reader shares a report: It sounds like something out of a science fiction movie: In April, China is said to have tested an invisibility cloak that would allow ordinary fighter jets to suddenly vanish from radar screens. This advancement, which could prove to be a critical intelligence breakthrough, is one that American officials fear China may have gained in part from a Chinese researcher who roused suspicions while working on a similar technology at a Duke University laboratory in 2008. The researcher, who was investigated by the F.B.I. but never charged with a crime, ultimately returned to China, became a billionaire and opened a thriving research institute that worked on some projects related to those he studied at Duke.

The Trump administration, concerned about China's growing technological prowess, is considering strict measures to block Chinese citizens from performing sensitive research at American universities and research institutes over fears they may be acquiring intellectual secrets, according to people familiar with the deliberations. The White House is discussing whether to limit the access of Chinese citizens to the United States, including restricting certain types of visas available to them and greatly expanding rules pertaining to Chinese researchers who work on projects with military or intelligence value at American companies and universities. The exact types of projects that would be subject to restrictions are unclear, but the measures could clamp down on collaboration in advanced materials, software and other technologies at the heart of Beijing's plan to dominate cutting-edge technologies like advanced microchips, artificial intelligence and electric cars, known as Made in China 2025.

Microsoft

Microsoft Attempts To Spin Its Role in Counterfeiting Case (techcrunch.com) 170

Eric Lundgren, who has spent his life working on e-waste recycling programs, was arrested and charged with "counterfeiting" Microsoft restore discs earlier this week, part of a controversial, years-long legal fight that ended when an appeals court declined to overturn a lower court's decision. Lundgren argued that what he was offering is only recovery CDs loaded with data anyone can download for free. In an interview with The Verge, he said, "Look, these are restore CDs, there's no licenses, you can download them for free online, they're given to you for free with your computer. The only way that you can use them is [if] you have a license, and Microsoft has to validate it.?" Lundgren was going to sell them to repair shops for a quarter each so they could hand them out to people who needed them. Shortly after the Lundgren's was arrested, Microsoft published a blog post which stridently disagrees with Lundgren's characterization of the case. From a report: "We are sharing this information now and responding publicly because we believe both Microsoft's role in the case and the facts themselves are being misrepresented," the company wrote. But it carefully avoids the deliberate misconception about software that it promulgated in court. That misconception, which vastly overstated Lundgren's crime and led to the sentence he received, is simply to conflate software with a license to operate that software. [...] Hardly anyone even makes these discs any more, certainly not Microsoft, and they're pretty much worthless without a licensed copy of the OS in the first place. But Microsoft convinced the judges that a piece of software with no license or product key -- meaning it won't work properly, if at all -- is worth the same as one with a license.

[...] Anyway, the company isn't happy with the look it has of sending a guy to prison for stealing something with no value to anyone but someone with a bum computer and no backup. It summarizes what it thinks are the most important points as follows, with my commentary following the bullets. Microsoft did not bring this case: U.S. Customs referred the case to federal prosecutors after intercepting shipments of counterfeit software imported from China by Mr. Lundgren. This is perfectly true, however Microsoft has continually misrepresented the nature and value of the discs, falsely claiming that they led to lost sales. That's not possible, of course, since Microsoft gives the contents of these discs away for free. It sells licenses to operate Windows, something you'd have to have already if you wanted to use the discs in the first place.

Lundgren went to great lengths to mislead people: His own emails submitted as evidence in the case show the lengths to which Mr. Lundgren went in an attempt to make his counterfeit software look like genuine software. They also show him directing his co-defendant to find less discerning customers who would be more easily deceived if people objected to the counterfeits. Printing an accurate copy of a label for a disc isn't exactly "great lengths." Early on the company in China printed "Made in USA" on the disc and "Made in Canada" on the sleeve, and had a yellow background when it should have been green -- that's the kind of thing he was fixing.

Crime

Genealogy Websites Were Key To Big Break In Golden State Killer Case (nytimes.com) 237

An anonymous reader shares a report from The New York Times: The Golden State Killer raped and murdered victims all across the state of California in an era before Google searches and social media, a time when the police relied on shoe leather, not cellphone records or big data. But it was technology that got him. The suspect, Joseph James DeAngelo, 72, was arrested by the police on Tuesday. Investigators accuse him of committing more than 50 rapes and 12 murders. Investigators used DNA from crime scenes and plugged that genetic profile into a commercial online genealogy database. They found distant relatives of Mr. DeAngelo's and traced their DNA to him.

"We found a person that was the right age and lived in this area -- and that was Mr. DeAngelo," said Steve Grippi, the assistant chief in the Sacramento district attorney's office. Investigators then obtained what Anne Marie Schubert, the Sacramento district attorney, called "abandoned" DNA samples from Mr. DeAngelo. "You leave your DNA in a place that is a public domain," she said. The test result confirmed the match to more than 10 murders in California. Ms. Schubert's office then obtained a second sample and came back with the same positive result, matching the full DNA profile. Representatives at 23andMe and other gene testing services denied on Thursday that they had been involved in identifying the killer.

Crime

Belgium Declares Video Game Loot Boxes Gambling and Therefore Illegal (arstechnica.com) 176

The Belgian Gaming Commission has reviewed several big video games and found that randomized loot boxes in at least three of the titles count as "games of chance," and publishers could therefore be subject to fines and prison sentences under the country's gaming legislation. Ars Technica reports: A statement by Belgian Minister of Justice Koen Geens (machine translation) identifies loot boxes in Overwatch, FIFA 18, and Counter Strike: Global Offensive as meeting the criteria for that "game of chance" definition: i.e., "there is a game element [where] a bet can lead to profit or loss and chance has a role in the game." The Commission also looked at Star Wars: Battlefront II and determined that the recent changes EA made to the game means it "no longer technically forms a game of chance." Beyond that simple definition, the Gaming Commission expressed concern over games that draw in players with an "emotional profit forecast" of randomized goods, where players "buy an advantage with real money without knowing what benefit it would be." The fact that these games don't disclose the odds of receiving specific in-game items is also worrisome, the Commission said. The three games noted above must remove their loot boxes or be in criminal violation of the country's gaming legislation, Geens writes. That law carries penalties of up to 800,000EU (~$973,680) and five years in prison, which can be doubled if "minors are involved." But Geens says he wants to start a "dialogue" with loot box providers to "see who should take responsibility where."
Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 426

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
Privacy

More Than 1 Million Kids Had Their Identities Stolen in 2017 (nypost.com) 69

More than 1 million children were victims of identity fraud in 2017, a new study from Javelin Strategy & Research found, costing a total of $2.6 billion. From a report: With limited financial history or existing account activity, children are the most likely to become victims of new-account fraud, the research showed. These attacks can occur before children even become active internet users, with some two-thirds of victims being under the age of eight. The overall numbers are likely even higher, said Al Pascual, research director at Javelin said, since their study relied on parents and guardians reporting cases of identity theft. In many cases, the parent or another relative may be the one using a child's identity to start a new account.
Facebook

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com) 37

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.
Crime

UK Teen Who Hacked CIA Director Sentenced To 2 Years In Prison (gizmodo.com) 150

An anonymous reader quotes a report from Gizmodo: A British teenager who gained notoriety for hacking a number of high profile United States government employees including former CIA director John Brennan and former director of intelligence James Clapper was sentenced Friday to two years in prison. Eighteen-year-old Kane Gamble pleaded guilty to 10 separate charges, including eight counts of "performing a function with intent to secure unauthorized access" and two counts of "unauthorized modification of computer material," the Guardian reported.

Gamble, otherwise known by his online alias Cracka, was 15 at the time that he started his hacking campaigns. The alleged leader of a hacking group known as Crackas With Attitude (CWA), Gamble made it a point to target members of the U.S. government. The young hacker's group managed to successfully gain access to ex-CIA director John Brennan's AOL email account. The group hacked a number of accounts belonging to former Director of National Intelligence James Clapper, including his personal email, his wife's email, and his phone and internet provider account. The hackers allegedly made it so every call to Clapper's home phone would get forwarded to the Free Palestine Movement.

Government

Palantir Knows Everything About You (bloomberg.com) 111

Palantir, a data-mining company created by Peter Thiel, is aiding government agencies by tracking American citizens using the War on Terror, Bloomberg reports. From the report: The company's engineers and products don't do any spying themselves; they're more like a spy's brain, collecting and analyzing information that's fed in from the hands, eyes, nose, and ears. The software combs through disparate data sources -- financial documents, airline reservations, cellphone records, social media postings -- and searches for connections that human analysts might miss. It then presents the linkages in colorful, easy-to-interpret graphics that look like spider webs.

[...] The U.S. Department of Health and Human Services uses Palantir to detect Medicare fraud. The FBI uses it in criminal probes. The Department of Homeland Security deploys it to screen air travelers and keep tabs on immigrants. Police and sheriff's departments in New York, New Orleans, Chicago, and Los Angeles have also used it, frequently ensnaring in the digital dragnet people who aren't suspected of committing any crime.

Slashdot Top Deals