Tesla: Journalists Trespassed At Gigafactory, Assaulted Employees ( 134

An anonymous reader writes: Telsa Motors has published a blog post saying that a pair of journalists from the Reno Gazette Journal trespassed on the grounds of the company's new Gigafactory and attacked security workers with their vehicle when confronted. "As the Tesla employee attempted to record the license plate number on the rear bumper, the driver put it in reverse and accelerated into the Tesla employee, knocking him over, causing him to sustain a blow to the left hip, an approximate 2" bleeding laceration to his right forearm, a 3" bleeding laceration to his upper arm, and scrapes on both palms." Officials from the Sheriff's Department arrived shortly after this happened and arrested one of the trespassers for felony assault. The RGJ has a story about the altercation as well, confirming there was an altercation, but also noting, "The newspaper's vehicle was damaged in the altercation. A rock had been used to shatter the driver's-side window and the driver's-side seat belt had been cut in half."

Australian ISPs Not Ready For Mandatory Data Retention ( 81 writes: October 13 marks the day Australian ISPs are required by law to track all web site visits and emails of their users, but according to an article on the Australian Broadcasting Corporation's news site the majority of ISPs are not ready to begin mandatory data retention. The article's author, Will Ockenden, had previously released his own metadata to readers in an experiment to see how effectively this kind of data reveals personal habits of online users. The majority of Australians appear unconcerned with this level of scrutiny of their lives, given the minimal reaction to this and proposed tougher legislation designed to deal with the threats of crime and terrorism.

China Arrests Hackers At Behest of US Government ( 74

An anonymous reader writes: For the first time, the Chinese government has arrested a group of hackers at the request of the United States. The hackers are suspected of having "stolen commercial secrets" from companies in the U.S., which were then passed on to Chinese competitors. "The arrests come amid signs of a potential change in the power balance between the U.S. and Chinese governments on commercial cyberespionage, one of the most fraught issues between the two countries. For years, U.S. firms and officials have said Beijing hasn't done enough to crack down on digital larceny." It's a big first step in establishing a functional cybersecurity relationship between the two nations. Now, everyone will be watching to see if China follows up the arrests with prosecution. "A public trial is important not only because that would be consistent with established principles of criminal justice, but because it could discourage other would-be hackers and show that the arrests were not an empty gesture."

Prison Debate Team Beats Harvard's National Title Winners 191 writes: Lauren Gambino reports at The Guardian that months after winning this year's national debate championship, Harvard's debate team has fallen to a debate team of three inmates with violent criminal records. The showdown took place at the Eastern correctional facility in New York, a maximum-security prison where convicts can take courses taught by faculty from nearby Bard College, and where inmates have formed a popular debate club. The Bard prison initiative has expanded since 2001 to six New York correctional facilities, and aims to provide inmates with a liberal arts education so that when the students leave prison they are able to find meaningful work. A three-judge panel concluded that the Bard team had raised strong arguments that the Harvard team had failed to consider and declared the team of inmates victorious. "Debate helps students master arguments that they don't necessarily agree with," says Max Kenner. "It also pushes people to learn to be not just better litigators but to become more empathetic people, and that's what really speaks to us as an institution about the debate union."

The prison team has proven formidable in the past, beating teams from the US military academy at West Point and the University of Vermont. They lost a rematch against West Point in April, setting up a friendly rivalry between the teams. The competition against West Point has become an annual event, and the prison team is preparing for the next debate in spring. In the morning before the debate, team members talked of nerves and their hope that competing against Harvard—even if they lost—would inspire other inmates to pursue educations. "If we win, it's going to make a lot of people question what goes on in here," says Alex Hall, a 31-year-old from Manhattan convicted of manslaughter. "We might not be as naturally rhetorically gifted, but we work really hard."

International Exploit Kit Angler Thwarted By Cisco Security Team 36

An anonymous reader writes: Researchers at a Cisco security unit have successfully interrupted the spread of a massive international exploit kit which is commonly used in ransomware attacks. The scientists discovered that around 50% of computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. Once informed, Limestone cut the servers from its network and handed over the data to the researchers who were able to recover Angler authentication protocols, information needed to disrupt future diffusion.

4 Calif. Students Arrested For Alleged Mass-Killing Plot 450

The New York Times reports that four high school students in the small California town of Tuolumne, about 120 miles east of San Francisco, have been arrested, but not yet charged, for planning an attack on their school, Summerville High School. According to the Times, three of the four were overheard discussing this plot, and a fourth conspirator was later identified. Their goal, according to Toulumne sheriff James Mele, was "to shoot and kill as many people as possible at the campus"; they had not however been able yet to obtain the weapons they wanted to carry out the attack. From NBC News' version of the story: "Detectives located evidence verifying a plot to shoot staff and students at Summerville High School," Mele said. "The suspects' plan was very detailed in nature and included names of would-be victims, locations and the methods in which the plan was to be carried out."

Experian Breached, 15 Million T-Mobile Customer's Data Exposed 161

New submitter Yuuki! writes: The Washington Post reports that T-Mobile's Credit Partner, Experian, has been breached revealing names, addresses, Social Security numbers, birth dates and driver's license and passport numbers for any customer who has applied for device financing or even services from T-Mobile which required a credit check. Both parties were quick to point out that no no credit card or banking data was stolen as part of the attack. The attack started back in September 2013 and was only just discovered on September 16, 2015. Both Experian and T-Mobile have posted statements on their websites and Experian is offering credit for two free years of identity resolution services and credit monitoring in the wake of the breach.

Patreon Hacked, Personal Data Accessed 79

AmiMoJo writes: In a blog post Jake Conte, CEO and co-founder of Patreon, writes: "There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."

Citadel Botnet Operator Gets 4.5 Years In Prison 42

An anonymous reader writes: The U.S. Department of Justice has announced that Dimitry Belorossov, a.k.a. Rainerfox, an operator of the "Citadel" malware, has been sentenced to 4.5 years in prison following a guilty plea. Citadel was a banking trojan capable of stealing financial information. Belorossov and others distributed it through spam emails and malvertising schemes. He operated a 7,000-strong botnet with the malware, and also collaborated to improve it. The U.S. government estimates Citadel was responsible for $500 million in losses worldwide. Belorossov will have to pay over $320,000 in restitution.

How the FBI Hacks Around Encryption 91

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.

Curbing the For-Profit Cybercrime Food Chain 19

msm1267 writes: A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime. Instead, the focus, they says, should be on attacking the criminal infrastructure. The report outs a number of soft spots and inter-dependencies in the criminal underground that could be leveraged to cut into the efficacy of cybercrime. "Commoditization directly influences the kinds of business structures and labor agreements that drive recent cybercrime," the researchers write. While shutting down the black market is easier said than done, the paper notes a few ways to deter the behavior of attackers, if not fully break the chain.

Police Program Aims to Pinpoint Those Most Likely to Commit Crimes 244

An anonymous reader writes: Using profiling algorithms, police are tracking suspected criminals to prevent them from committing predicted crimes. We're one step from locking people up for what they might do. The New York Times reports: "The strategy, known as predictive policing, combines elements of traditional policing, like increased attention to crime “hot spots” and close monitoring of recent parolees. But it often also uses other data, including information about friendships, social media activity and drug use, to identify “hot people” and aid the authorities in forecasting crime."

'RipSec' Goes To Hollywood: How the iCloud Celeb Hack Happened 28

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipSec using a photoshopped naked image of major TV star who offered access to her iCloud account. "I contacted some of the celebrities and she gave me access to her account," Doering says. "From there I baited them (the hackers)."
United States

OPM Says 5.6 million Fingerprints Stolen In Cyberattack 93

mschaffer writes: The Office of Personnel Management data breach that happened this summer just got a little worse. The OPM now says that 5.6 million people's fingerprints were stolen as part of the hacks. The Washington Post reports: "That's more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. However, OPM said Wednesday the total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same."

Morgan Stanley Employee Pleads Guilty In Data Breach Case 43

An anonymous reader writes: A former Morgan Stanley financial adviser who was fired in connection with a major breach of client information pleaded guilty to accessing client data and taking it home with him. According to court records Galen Marsh copied names, addresses, account numbers, investment information and other data for approximately 730,000 accounts. "This action, which follows Morgan Stanley's initial investigation and reporting of his misconduct, makes clear that misuse of client account information will not be tolerated," the bank said in a statement.

Bitcoin Ponzi Scheme Operator Pleads Guilty To $150M Fraud 114

JustAnotherOldGuy writes: Bitcoin Savings & Trust founder Trendon Shavers pleaded guilty to fraud over his company's Ponzi scheme, whose victims believed they would earn one percent interest every three days — an annual rate of 3,641 percent. Shavers used new depositors' money to pay the existing depositors, and skimmed enough cream to pay for a car, a $1000 Vegas steak dinner, and plenty of casino gambling. He cost his depositors about $150M and was holding onto $40.7M in Bitcoin when he was arrested. At his peak, he controlled about 7 percent of all Bitcoins in circulation. He netted $164,758 from the scheme. Under a plea deal, Shavers has agreed not to appeal any sentence at or below 41 months in prison. Sentencing before U.S. District Judge Lewis Kaplan is scheduled for Feb. 3. Shavers, who went by "pirateat40" online, was arrested in November, two months after a federal judge in Texas ordered him to pay $40.7 million in a related U.S. Securities and Exchange Commission civil lawsuit.
United Kingdom

UK Man Gets Britain's First-Ever Conviction For Illegal Drone Use 77

jfruh writes: Nigel Wilson of Nottingham was quite a drone enthusiast: he flew a drone over a Champions League soccer match low enough to startle police horses, and at other times flew drones over iPro Stadium in Derby, the Emirates Stadium in north London, and near the Houses of Parliament, Buckingham Palace, the HMS Belfast and the Shard tower in London. He's been convicted under the Air Navigation Order 2009 and fined £1,800.

A Call To RICO Climate Change Science Deniers 737

GregLaden writes: The argument could be made that the organized effort to disrupt climate change science and the development of effective policies to address climate change is criminal, costing life and property. The effort is known to be generally funded by various actors and there are people and organizations that certainly make money on this seemingly nefarious activity. A group of prominent scientists have written a letter to President Obama, Attorney General Lynch, and OSTP Director Holdren asking for this to be investigated under RICO laws, which were originally designed to address organized crime.

Some Trump Donors Get Fleeced By 3rd-Party Payment System 113

According to an article in Maine's WMTW Channel 8, some Donald Trump supporters claim they've ended up giving more than they intended to this campaign, because a since-resolved "glitch" (according to campaign spokeswoman Hope Hicks) meant they were charged multiple times. From the article: "Heather Nason of Saco told WMTW News 8 that her husband was one of the affected customers. ... Nason said a series of unauthorized charges appeared on her husband's bank statement days later. She said someone tried to make 13 withdrawals from her husband's account. After the first six charges went through, the account was almost empty."

Tracking a Bluetooth ATM Skimming Gang In Mexico 44

tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.