Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Privacy

GE, Intel, and AT&T Are Putting Cameras and Sensors All Over San Diego (fortune.com) 105

An anonymous reader shares a Fortune report: General Electric will put cameras, microphones, and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of "smart city" tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns. Based on technology from GE's Current division, Intel and AT&T, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday. The city will provide the data to entrepreneurs and students to develop applications. Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of "Internet of things" technology that GE Current provides for commercial buildings and industrial sites.
Piracy

Kim Dotcom Can Be Extradited, Rules A New Zealand Court (reuters.com) 188

Kim Dotcom -- and Megaupload's programmers Mathias Ortmann and Bram van der Kolk, as well as its advertising manager Finn Batato -- could soon be in a U.S. courtroom. A New Zealand judge just ruled they can all be extradited to the U.S. An anonymous reader quotes Reuters: The Auckland High Court upheld the decision by a lower court in 2015 on 13 counts, including allegations of conspiracy to commit racketeering, copyright infringement, money laundering and wire fraud, although it described that decision as "flawed" in several areas. Dotcom's lawyer Ron Mansfield said in a statement the decision was "extremely disappointing" and that Dotcom would appeal to New Zealand's Court of Appeal.

U.S. authorities say Dotcom and three co-accused Megaupload executives cost film studios and record companies more than $500 million and generated more than $175 million by encouraging paying users to store and share copyrighted material. High Court judge Murray Gilbert said that there was no crime for copyright in New Zealand law that would justify extradition but that the Megaupload-founder could be sent to the United States to face allegations of fraud.

"I'm no longer getting extradited for copyright," Dotcom commented on Twitter. "We won on that. I'm now getting extradited for a law that doesn't even apply.
Transportation

Father of Driver In Violent Tesla Crash Blames Sedan's 'Rocket-Ship' Acceleration (autoweek.com) 641

"A Tesla crash that resulted in the deaths of the driver and a passenger in Indianapolis last November is drawing new controversy after the father of one of the victims made comments regarding the role of the Model S in the incident," Autoweek reports. "The crash occurred in downtown Indianapolis on Nov. 3, 2016, with the Model S driven by 27-year-old Casey Speckman striking a tree and catching fire. Speckman was pronounced dead at the scene while her passenger, 44-year-old Kevin McCarthy, succumbed to his injuries after being taken to the hospital." From the report: A report released last week by the Indianapolis Metropolitan Police Department disclosed that Speckman had a blood-alcohol level of 0.21, almost three times the legal limit in the state of Indiana, The Indianapolis Star reports. Another new detail has emerged since the violent crash was first reported: The Tesla could have been been trying to maneuver around a vehicle traveling on the wrong side of the street, suggested by closed-circuit footage obtained by the attorney of the driver's father, Jon Speckman. The coroner's report cited blunt-force injuries caused by the crash as the causes of death for both victims, noting the vehicle's fire as a contributing factor, according to The Indianapolis Star. Jon Speckman recently made comments to the newspaper blaming the acceleration of the Tesla Model S. "Had she been in another vehicle, she would have been alive for me to yell at her for driving after drinking," Speckman told The Indianapolis Star in an interview at his attorney's office. "This is a vehicle that travels from 0 to 60 in 3.1 seconds," Speckman also said during the interview. "She's clearly having to swerve to miss a vehicle going the wrong way on a one-way street. If her foot should happen to hit the accelerator, it's like a rocket ship. I don't know why they have to make a car that does that."
Government

Face Recognition + Mandatory Police Body Cameras = Mass Surveillance? (siliconvalley.com) 110

Facial recognition software is already in use, and it has privacy advocates worried. An anonymous reader quotes the Bay Area Newsgroup. Southern California-based FaceFirst sells its facial recognition technology to retail stores, which use it to identify shoplifters who have been banned from the store, and alert management if they return. Corporate offices and banks also use the software to recognize people who are wanted by police... Several local law enforcement agencies have expressed interest in the technology, but so far none have had the budget for it. FaceFirst sells software police officers can install on their smartphones and use to identify people in the field from up to 12 feet away.

Some privacy experts worry facial recognition technology will show up next in police body cameras, with potentially dangerous consequences... The problem, say privacy advocates, is that all kinds of people come into contact with police, including many who are never suspected of any crimes. So lots of innocent people could be caught up in a police database fed by face-recognizing body cameras. The body cameras could turn into a "massive mobile surveillance network," said Jeramie Scott, national security counsel for the Electronic Privacy Information Center.

One-third of America's police departments use body cameras. (And just in San Jose, there's already 450 neighborhood cameras that have also agreed to share their footage for police investigations.) The new technologies concern the ACLU's policy director for technology and civil liberties. "You have very powerful systems being purchased, most often in secret, with little-to-no public debate and no process in place to make sure that there are policies in place to safeguard community members."
Republicans

Russia Considers Sending Snowden Back To US As a 'Gift' To Trump (nbcnews.com) 294

An anonymous reader quotes a report from NBC News: U.S. intelligence has collected information that Russia is considering turning over Edward Snowden as a "gift" to President Donald Trump -- who has called the NSA leaker a "spy" and a "traitor" who deserves to be executed. That's according to a senior U.S. official who has analyzed a series of highly sensitive intelligence reports detailing Russian deliberations and who says a Snowden handover is one of various ploys to "curry favor" with Trump. A second source in the intelligence community confirms the intelligence about the Russian conversations and notes it has been gathered since the inauguration. Snowden's ACLU lawyer, Ben Wizner, told NBC News they are unaware of any plans that would send him back to the United States. "Team Snowden has received no such signals and has no new reason for concern," Wizner said. Former deputy national security adviser Juan Zarate urged the Trump administration to be cautious in accepting any Snowden offer from Russian President Vladimir Putin. The White House had no comment, but the Justice Department told NBC News it would welcome the return of Snowden, who currently faces federal charges that carry a minimum of 30 years in prison. Putin spokesman Dmitry Peskov said talk about returning Snowden is "nonsense." If he were returned to American soil, Snowden -- a divisive figure in America who is seen by some as a hero and others as treasonous -- would face an administration that has condemned him in the strongest terms.
Privacy

Arby's Probes Possible Data Breach Affecting 355,000 Credit Cards (krebsonsecurity.com) 49

Brian Krebs is reporting that Arby's "recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide." The breach is said to only affect some corporate stores and not franchised restaurant locations. While there is no exact number of those affected, it's possible that more than 355,000 credit and debit cards issued by PCSU members banks may have been compromised. Krebs On Security reports: The first clues about a possible breach at the sandwich chain came in a non-public alert issued by PSCU, a service organization that serves more than 800 credit unions. The alert sent to PSCU member banks advised that PSCU had just received very long lists of compromised card numbers from both Visa and MasterCard. The alerts stated that a breach at an unnamed retailer compromised more than 355,000 credit and debit cards issued by PCSU member banks. Arby's declined to say how long the malware was thought to have stolen credit and debit card data from infected corporate payment systems. But the PSCU notice said the breach is estimated to have occurred between Oct. 25, 2016 and January 19, 2017. Such a large alert from the card associations is generally a sign of a sizable nationwide breach, as this is likely just the first of many alerts Visa and MasterCard will send to card-issuing banks regarding accounts that were compromised in the intrusion. If history is any lesson, some financial institutions will respond by re-issuing thousands of customer cards, while other (likely larger) institutions will focus on managing fraud losses on the compromised cards.
Crime

Police Arrest Five Men For Selling Kodi Boxes 'Fully Loaded' With Illegal Streaming Apps (bbc.com) 105

Five people have been arrested in early morning raids for selling "fully loaded Kodi boxes," which are set-top boxes modified to stream subscription football matches, television channels and films for free. The Federation Against Copyright Theft (FACT) said it believed the suspects had made roughly $250,000 selling the devices online. BBC reports: Kodi is free software built by volunteers to bring videos, music, games and photographs together in one easy-to-use application. Some shops sell legal set-top boxes and TV sticks, often called Kodi boxes, preloaded with the software. The developers behind Kodi say their software does not contain any content of its own and is designed to play legally owned media or content "freely available" on the internet. However, the software can be modified with third-party add-ons that provide access to pirated copies of films and TV series, or free access to subscription television channels. The five arrests were made in Bolton, Bootle, Cheadle, Manchester and Rhyl.
Facebook

DC Inauguration Protestors Are Being Hit With Facebook Data Searches (citylab.com) 341

During the protests over the inauguration of Donald Trump, more than 230 protestors were arrested -- many of which were charged with rioting and had their phones seized by Washington, D.C., police. One of the individuals who was arrested received an email from Facebook's "Law Enforcement Response Team," which raises the question: Did D.C. police ask Facebook to reveal information about this arrestee? CityLab reports: In an emailed response to CityLab's request for more information, Rachel Reid, a spokesperson for the D.C. Metropolitan Police Department, responded that "MPD does not comment on investigative tactics." The District of Columbia United States Attorney's Office -- the agency leading the prosecution of Inauguration protesters -- has not yet responded to CityLab's inquiry. CityLab also asked Facebook about the email. "We don't comment on individual requests," company spokesperson Jay Nancarrow said. He referred CityLab to the site's law enforcement guidelines page and to its Government Requests Report database, where the public can see how many legal processes it receives from countries worldwide. According to this database, U.S. law enforcement requested information on the accounts of 38,951 users over January to June of 2016, and they received some type of data in 80 percent of cases. Which "legal process" authorities sent to Facebook for information on the protester matters considerably in terms of how much data they can seize for investigation. According to Facebook's legal guidelines, a search warrant, for example, could allow Facebook to give away content data including "messages, photos, videos, timeline posts, and location information." A subpoena or a court order would give authorities less information, but would still include the individual's "name, length of service, credit card information, email address(es), and a recent login/logout IP address(es)."
Security

The Netherlands Opts For Manual Vote-Count Amid Cyberattack Fears (independent.co.uk) 117

Bruce66423 writes: Following revelations about the lack of security of the software, the Dutch government has decided to abandon the use of it to count the ballots at the forthcoming election in March. The Independent reports: The decision was taken amidst fears that hackers could influence next month's elections after allegations by the U.S. intelligence agency that Russia hacked into Democrats' emails to help Donald Trump get elected. Russia denies any wrongdoing. Intelligence agencies have warned that three crucial elections in Europe this year in the Netherlands, France and Germany could be vulnerable to manipulation by outside actors. In a letter to the Dutch Parliament, Interior Minister Ronald Plasterk said that 'reports in recent days about vulnerabilities in our systems raise the question of whether the results could be manipulated' and that 'no shadow can be allowed to hang over the result.' In previous elections, the ballots were counted by hand locally but regional and national counts were done electronically. But this year, all ballots will be counted by hand after voters make their choice on 15 March. Dutch media have reported that the counting software may not only be insecure but also outdated. The counting software is reported to be distributed by CD-ROM to regional counting centers, where it is set-up on old computers that are internet connected."
Businesses

US Probes Panasonic Unit For Alleged Bribery Violations (bloomberg.com) 28

A Panasonic inflight entertainment and communications systems subsidiary is under investigation by U.S. authorities for allegedly breaking bribery and securities laws. From a report: Panasonic Avionics Corp. is being probed by the U.S. Department of Justice and Securities and Securities Exchange Commission for violating the Foreign Corrupt Practices Act, the Osaka-based company said in a statement Thursday. Panasonic said it's cooperating with the agencies, and evaluating the potential financial impact of the probe. The announcement of the probe mars an otherwise positive earnings release for Panasonic, which raised its full-year profit and revenue forecasts. The subsidiary is part of a corporate division that also makes mobile phones, projectors and surveillance cameras with a total of 33,000 employees. The segment had $6.7 billion in sales in the nine months ended Dec. 31, or 14 percent of total revenue.
Crime

Police Use Pacemaker Data To Charge Homeowner With Arson, Insurance Fraud (networkworld.com) 216

JustAnotherOldGuy writes from a report via Network World: If you're dependent upon an embedded medical device, the device that helps keep you alive may also be used to incriminate you in a crime. Ross Compton, a 59-year-old homeowner in Ohio called 911 in September 2016 to say that his house was on fire, however there were many irregularities to the blaze that investigators found suspicious, such as contradictory statements from Compton and the way that the fire had started. In the ensuing investigation, the police secured a warrant for the logs from his pacemaker, specifically, "Compton's heart rate, pacer demand and cardiac rhythms before, during and after the fire." They subsequently filed charges of felony aggravated arson and insurance fraud. Middletown Police said this was the first time it had used data from a heart device to make an arrest, but the pacemaker data proved to be an "excellent investigative tool"; the data from the pacemaker didn't correspond with Compton's version of what happened. The retrieved data was used to help indict Compton. Lt. Jimmy Cunningham stated, "It was one of the key pieces of evidence that allowed us to charge him."
Piracy

Swedish Govt Mulls Tougher Punishments To Tackle Pirate Sites (torrentfreak.com) 70

Authorities in Sweden are mulling new measures to deal with evolving 'pirate' sites. As part of a legislative review, the government wants to assess potential legal tools, including categorizing large-scale infringement as organized crime, tougher sentences, domain seizures, and site-blocking, reports TorrentFreak. From the article: Sweden is now considering its options when it comes to its future prosecutions of large-scale copyright infringement cases. As part of a review now underway, the government is accessing the powers it needs to deal with more serious cases of copyright infringement. Police national coordinator for intellectual property crimes Paul Pinter hopes that any changes will enable police to operate more efficiently in the future. "If you have a felony, you can get access to a whole new toolkit. In the terms of reference for the inquiry, the government mentions almost all of the points that we have previously proposed," he told IDG. Considering the way anti-piracy enforcement has developed over the past several years, few of the suggestions from the police come as a surprise. At the top of the tree is treating pirate site operators as more than just large-scale copyright infringers. The Justice Department says that due to the manner in which sites are organized and the subsequent development of revenue, treating them as self-contained crime operations may be appropriate.
Government

Running For Congress, Brianna Wu Criticizes The FBI's GamerGate Report (venturebeat.com) 760

An anonymous reader shares this update about programmer/game developer Brianna Wu as well as the FBI's recently-released report on their GamerGate investigation:Wu has officially unveiled the web site for her campaign for a seat in the U.S. Congress, and says if elected she'll confront the FBI over their "appalling failure" when investigating members of the controversial GamerGate coalition. "Wu catalogued more than 180 death threats that she said she received because she spoke out against sexism in the game industry and #GamerGate misogyny," according to VentureBeat, which quotes Wu as saying "only a fraction of a fraction of the information we gave them was ever looked into."

The article says the FBI did investigate -- even asking Google to "preserve records" for several email addresses and YouTube accounts, and making a similar request to Microsoft. And the FBI also interviewed one minor who admitted to making at least 40 threatening phone calls, but after turning over that information learned that the state of Massachusetts had declined to prosecute. In the end the FBI's 173-page report ultimately concluded that there were no actionable leads.

Wu's response? "All this report does for me is show how little the FBI cared about the investigation."
EU

Ransomware Infects a Hotel's Key System (dailymail.co.uk) 203

An anonymous reader writes: A luxury hotel "paid "thousands" in Bitcoin ransom to cybercriminals who hacked into their electronic key system. The "furious" hotel manager says it's the third time their electronic system has been attacked, though one local news site reports that "on the fourth attempt the hackers had no chance because the computers had been replaced and the latest security standards integrated, and some networks had been decoupled." The 111-year-old hotel is now planning to remove all their electronic locks, and return to old-fashioned door locks with real keys. But they're going public to warn other hotels -- some of which they say have also already been hit by ransomware.
UPDATE: The hotel's managing director has clarified today that despite press reports, "We were hacked, but nobody was locked in or out" of their rooms.
Crime

Police Department Loses Years Worth of Evidence In Ransomware Incident (bleepingcomputer.com) 131

"Police in Cockrell Hill, Texas admitted Wednesday in a press release that they lost years worth of evidence after the department's server was infected with ransomware," reports BleepingComputer. "Lost evidence includes all body camera video, some in-car video, some in-house surveillance video, some photographs, and all Microsoft Office documents." An anonymous reader writes: Most of the data was from solved cases, but some of the evidence was from active investigations. The infection appears to be from the Locky ransomware family, one of the most active today, and took root last December, after an employee opened a document he received via via a spam email. The police department backup system apparently kicked in right after the infection took root, and created copies of the already encrypted data. The department did not pay the $4,000 ransom demand and decided to wipe all its systems.
Canada

Canadian Police Identify Suspect From Remotely-Accessed Stolen Laptop (cochraneeagle.com) 74

An anonymous reader writes: Last week a security consultant remotely logged into his stolen laptop, and gathered clues from a Facebook profile. Though it didn't provide the suspect's real name, the consultant shared the profile online, and says he's now receiving tips from other crime victims who are scouring through the profile's friends list. And according to a local newspaper, the Canadian police say they've now identified a suspect, although "there is a lot of work that needs to be done before we can lay charges."

But despite this apparent victory, one officer is also warning the public against sharing a suspect's identity on social media, according to the paper, "after the social media post may have wrongly identified a suspect."

"When you get to public shaming, I urge caution..." the police officer tells the newspaper. "As a person that gets stuff stolen, I understand the want to publicly shame someone... Give us all the info, and we will follow up once we have the evidence."
Crime

Russia Arrests Top Kaspersky Lab Security Researcher On Charges of Treason (bleepingcomputer.com) 84

An anonymous reader quotes a report from BleepingComputer: Russian authorities arrested Ruslan Stoyanov, one of Kaspersky Lab's top-ranked security researchers, under article 275 of the Russian criminal code, which refers to treason. According to Russian newspaper Kommersant, who broke the story today, Stoyanov was arrested in December, together with the head of the Russian Secret Service (FSB) information security department Sergei Mikhailov. In a statement released today by Kaspersky Lab, the company says that Stoyanov was arrested based on activities he partook in before joining the company. Details regarding the investigation are murky, but according to the Russian newspaper who quotes anonymous sources, Stoyanov was involved in facilitating the transfer of funds from foreign companies to Mikhailov's accounts. According to Stoyanov's LinkedIn account, before serving as Head of the Computer Incidents Investigation Team at Kaspersky, he worked as Deputy Director for a company called Indrik, but also as a Major in the Ministry of Interior's Cyber Crime Unit.
Crime

Western Union Pays $586M Fine Over Wire Fraud Charges (reuters.com) 115

The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters: The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...

Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.

Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."
Databases

Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 67

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Crime

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 377

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.

In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."

Slashdot Top Deals