Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Businesses

Data Can Help Fix America's Overcrowded Jails, Says White House (cnet.com) 176

An anonymous reader writes from a report via CNET: The White House launched a program called the Data-Driven Justice (DDJ) initiative to help reduce the population of jails. It will allow states to better divert low-level offenders with mental illness out of the criminal justice system and keep low-risk defendants out of jail while they await trial. The DDJ program could help alleviate the cost and congestion facing many of America's local jails, which costs local governments nearly $22 billion a year for minor offenses and low-level non-violent misdemeanors. Every year, 11 million people move through America's local jails. In local jails, 64 percent of people suffer from mental illness, 68 percent have a substance abuse and 44 percent suffer from chronic health problems, according to the White House. Seven states and 60 communities committed to DDJ. The plan is to use data collected on individuals who are often in touch with the police, emergency departments and other services and link them to health, behavioral health and social services within the community. Law enforcement and first responders will also be trained in how to deal with people experiencing mental health issues to better direct them to the proper services. The administration is developing a toolkit that will guide jurisdictions toward the best practices, policies and programs that have been successful in DDJ communities. DDJ will also put in place pre-trial assessment tools to determine whether the individual can safely return to society while awaiting trial without having to post bond. Amazon Web Services is onboard with the project, planning to bring together data scientists, technologists, researchers and private sector collaborators in a Technology and Research Consortium to identify technology solutions and support DDJ communities. A mapping software company, Esri, has pledged half a million dollars worth of software and solutions to the DDJ communities as well. Meanwhile, AWS is providing the cloud-infrastructure, which should help share data between criminal justice and health care practitioners among DDJ communities.
Databases

2 Million-Person Terror Database Leaked Online (thestack.com) 160

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.
The Internet

ACLU Lawsuit Challenges Computer Fraud and Abuse Act (thestack.com) 76

An anonymous reader writes: The American Civil Liberties Union (ACLU) has filed a lawsuit with the U.S. Department of Justice contending that the Computer Fraud and Abuse Act's criminal prohibitions have created a barrier for those wishing to conduct research and anti-discrimination testing online. The ACLU have pursued the matter on behalf of a group of academic researchers, computer scientists and journalists seeking to remove that barrier to allow for third-party testing and research into potential online discrimination. In a public statement the ACLU contend: "The CFAA violates the First Amendment because it limits everyone, including academics and journalists, from gathering the publicly available information necessary to understand and speak about online discrimination."
Crime

Istanbul Attack: A Grim Reminder Of Why Airports Are Easy Targets (firstpost.com) 277

An anonymous reader shares a FirstPost article:Even as I write this the echo of gunfire continues at Ataturk International Airport. For reasons that defy logic, Istanbul's main airport has always been seen as a vulnerable target which only underscores the fact that all airports in the world are open to attack and fail-safe is not a viable option. At Ataturk, security is usually high, but the weak underbelly lies in vehicular traffic entering the airport being given cursory checks, pretty much like most airports which is why President Erdogan was able to say this sort of attack could have occurred anywhere. That is true. Airports are easy targets. That even though Turkey was aware of the chinks nothing much was done to up the security levels. If you take Delhi International as a prime example, the access to the terminal is scarcely blockaded and one can reach the entry points with ease, crossing a couple of indolent checkpoints and a roller fence. (Editor's note: the article has been written by an Indian author, and so he uses an Indian airport as an example.) Indian airports are as porous as a sponge. Most of our airports are red-starred which places them in the inadequate category. Add to that the fact that several thousand VIPs are given privileges that make a pudding out of security and it indicates how easy peasy it would be to amble up to the terminal entrance. The weakness primarily lies in the absence of X-Rays and deterrent technology on approach. You practically can check in and get to immigration before being cleared for hazardous material.
Bitcoin

New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks (arstechnica.com) 124

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.
The Courts

Wisconsin's Prison-Sentencing Algorithm Challenged in Court (engadget.com) 228

"Do you want a computer to help decide a convict's fate?" asks Engadget, telling the story of a Wisconsin convict who "claims that the justice system relied too heavily on its COMPAS algorithm to determine the likelihood of repeat offenses and sentenced him to six years in prison." Sentencing algorithms have apparently been in use for 10 years. His attorneys claim that the code is "full of holes," including secret criteria and generic decisions that aren't as individually tailored as they have to be. For instance, they'll skew predictions based on your gender or age -- how does that reflect the actual offender...?

[T]he court challenge could force Wisconsin and other states to think about the weight they give to algorithms. While they do hold the promise of both preventing repeat offenses and avoiding excessive sentences for low-threat criminals, the American Civil Liberties Union is worried that they can amplify biases or make mistakes based on imperfect law enforcement data.

The biggest issue seems to be a lack of transparency, which makes it impossible to determine whether convicts actually are receiving fair sentences.
Security

Religious Hacker Defaces 111 Escort Sites (softpedia.com) 161

An anonymous reader shares this article from Softpedia: A religiously-motivated Moroccan hacker has defaced 111 different web sites promoting escort services since last summer as part of an ongoing protest against the industry. "In January, the hacker defaced 79 escort websites," writes Softpedia. "His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. While some webmasters did their job, some didn't. During the past days, the hacker has been busy defacing a new set of escort websites... Most of these websites bare ElSurveillance's defacement message even today... Most of the websites are from the UK."
His newest round of attacks replace the sites with a pro-Palestine message and a quote from the quran, though in January Softpedia reported the attacker was also stealing data from some of the sites about their users' accounts.
Government

As It Searches For Suspects, The FBI May Be Looking At You (technologyreview.com) 90

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.

Government

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com) 104

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.
The Almighty Buck

Vacationing Security Researcher Exposes Austrian ATM Skimmer (carbonblack.com) 181

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.
Crime

Why Are Hackers Increasingly Targeting the Healthcare Industry? (helpnetsecurity.com) 111

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.

The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."
Security

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io) 36

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.

Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
Transportation

Austin Is Conducting Sting Operations Against Ride-Sharing Drivers (examiner.com) 258

Since the Uber and Lyft ride-sharing apps stopped service in Austin, drunk driving has increased, riders are hunting for alternatives, and the police are conducting undercover sting operations against unauthorized ride-sharing drivers. With Chicago also considering new restrictions on ride-sharing apps, Slashdot reader MarkWhittington shares this report from Austin: With thousands of drivers and tens of thousands of riders who once depended on ride-sharing services in a lurch, a group called Arcade City has tried to fill the void with a person-to-person site to link up drivers and riders who then negotiate a fare. Of course, according to a story on KVUE, the Austin city government, and the police are on the case. The Austin Police Department has diverted detectives and resources to conduct sting operations on ride-sharing drivers who attempt to operate without official sanction. Undercover operatives will arrange for a ride with an Arcade City driver and then bust them, impounding their vehicle and imposing a fine.
"The first Friday and Saturday after Uber was gone, we were joking that it was like the zombie apocalypse of drunk people," one former ride-sharing driver told Vocative.com. Earlier this month the site compared this year's drunk driving arrests to last years -- and discovered that in the three weeks since Uber and Lyft left Austin, 7.5% more people have been arrested for drunk driving.
Crime

From File-Sharing To Prison: The Story of a Jailed Megaupload Programmer (arstechnica.com) 126

An anonymous reader writes: "I had to be made an example of as a warning to all IT people," says former Megaupload programmer Andrew Nomm, one of seven Megaupload employees arrested in 2012. Friday his recent interview with an Estonian journalist was republished in English by Ars Technica (which notes that at one point the 50 million users on Megaupload's file-sharing site created 4% of the world's internet traffic). The 37-year-old programmer pleaded guilty to felony copyright infringement in exchange for a one-year-and-one-day sentence in a U.S. federal prison, which the U.S. Attorney General's office called "a significant step forward in the largest criminal copyright case in US history."

"It turned out that I was the only defendant in the last 29 years to voluntarily go from the Netherlands to the USA..." Nomm tells the interviewer, adding "I'll never get back the $40,000 that was seized by the USA." He describes his experience in the U.S. prison system after saying good-bye to his wife and 13-year-old son, adding that now "I have less trust in all sorts of state affairs, especially big countries. I saw the dark side of the American dream in all its glory..."

In U.S. court documents Nomm "acknowledged" that the financial harm to copyright holders "exceeded $400 million."
Security

FBI Is Classifying Its Tor Browser Exploit Because 'National Security' (vice.com) 81

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.
Security

Internet Trolls Hack Popular YouTube Channel WatchMojo (csoonline.com) 32

An anonymous reader writes: WatchMojo, one of the most popular channels of YouTube with over 12 million subscribers, has been hacked. Subscribers of one of YouTube's most popular channels, WatchMojo, were greeted with an unusual surprise on Wednesday evening, as a couple of hackers, known only as Obnoxious and Pein, hacked the lineup of the channel's videos. The two hackers then proceeded to rename almost all of WatchMojo's videos with the title "HACKED BY OBNOXIOUS AND PEIN twitter.com/poodlecorp." Since the channel was compromised, the hackers have uploaded two new videos, "Top 5 Facts About the Yakuza," and a video about Neanderthal myths. Apart from these, however, the hackers have not touched anything else on the channel. Though, most of WatchMojo's videos still remain hacked as of writing. The popular channel announced that it is fully aware of the hack. WatchMojo further stated that it has already contacted YouTube about the incident and that it is already starting to fix the changes to its videos.
Businesses

Interview With A Craigslist Scammer (infoworld.com) 241

snydeq writes: Ever wonder what motivates people who swindle others on Craigslist? Roger Grimes did, so he set up a fake Harley Davidson ad on Craigslist and requested an interview with each scammer who replied to the ad. One agreed, and the man's answers shed light on the inner world of Craigslist scamming: "If you mean how often I make money from Craigslist, it depends on the day or week. Many weeks I make nothing. Some weeks I can get five people sending me money. But I respond to a lot of ads to get one email back. I'm not only doing Craigslist -- there are many similar places. I haven't counted, but many. It takes many emails to get paid. That's what I mean. Some weeks I lose money. It's harder than most people think. But I don't have to go into a place at a certain time and deal with bosses and customers. I can make my own time." Grimes asked the scammer a number of questions ranging from "How do you know when you have a good victim?" to "What country do you originate from?" and everything in-between. He ended the interview asking the scammer for any words of advice for readers. The scammer responded: "It's getting harder for business people like me to be successful, but if they [the victims] follow the rules it would be very hard for me to be successful. That's one of the surprises. My friends and I thought we would not be successful for so long, especially with how Craigslist is different now. But there is always someone looking to sell something who doesn't know the game."
Graphics

MSI and ASUS Accused of Sending Reviewers Overpowered Graphics Cards (theverge.com) 133

An anonymous reader writes from a report via The Verge: TechPowerUp discovered that the MSI GeForce GTX 1080 Gaming X card they were sent for review was running at faster GPU and memory clock speeds than the retail version. This was because the review card was set to operate in the OC (overclocking) mode out of the box, whereas the retail card runs in the more regular Gaming mode out of the box. This may result in an unobservant reviewer accidentally misrepresenting the OC performance numbers as the stock results from the card, lending MSI's product an unearned helping hand. The site found this was a recurring pattern with MSI stretching back for years. Fellow Taiwanese manufacturer ASUS, in spite of having better global name recognition and reputation, has also show itself guilty of preprogramming review cards with an extra overclocking boost. Needless to say, the only goal of such actions is to deceive -- both the consumer and the reviewer -- though perhaps some companies have felt compelled to follow suit after the trend was identified among competitors. The Verge notes that TechPowerUp revealed its finding on Thursday of last week, and has not received any official response from either MSI or ASUS. They did update their story to note that MSI addressed the matter, in a comment provided to HardOCP Editor-in-Chief Kyle Bennett, back in 2014.
Books

Hacker Who Stole Half-Life 2's Source Code Interviewed For New Book (arstechnica.com) 192

"Can you love a game so much you must take its sequel?" asks Ars Technica, posting an excerpt from the new book "Death By Video Game: Danger, Pleasure, and Obsession on the Virtual Frontline." At 6am on May 7, 2004, Axel Gembe awoke in the small German town of Schonau im Schwarzwald to find his bed surrounded by police officers bearing automatic weapons... "You are being charged with hacking into Valve Corporation's network, stealing the video game Half-Life 2, leaking it onto the Internet, and causing damages in excess of $250 million... Get dressed..." The corridors were lined by police, squeezed into his father's house...
Gembe had tried creating homegrown keystroke-recorders specifically targeted at Valve, according to the book, but then poking around their servers he'd discovered one which wasn't firewalled from the internal network. Gembe spent several weeks discovering notes and design documents, until eventually he stumbled onto the latest version of the unreleased game's source code. He'd never meant for the code to be leaked onto the internet -- but he did share it with another person who did. ("I didn't think it through. The person I shared the source with assured me he would keep it to himself. He didn't...")

Eventually Gembe contacted Valve, apologized, and asked them for a job -- which led to a fake 40-minute job interview designed to gather enough evidence to arrest him. But ultimately a judge sentenced him to two years probation -- and Half-Life 2 went on to sell 8.6 million copies.
Security

One Million IP Addresses Used In Brute-Force Attack On A Bank (softpedia.com) 50

Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.

Slashdot Top Deals