Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×

Real-Life RoboCop Guards Shopping Centers In California (metro.co.uk) 100

An anonymous reader quotes a report from Metro: While machines from the likes of RoboCop and Chappie might just be the reserve of films for now, this new type of robot is already fighting crime. This particular example can be found guarding a shopping center in California but there are other machines in operation all over the state. Equipped with self-navigation, infra-red cameras and microphones that can detect breaking glass, the robots, designed by Knightscope, are intended to support security services. Stacy Dean Stephens, who came up with the idea, told The Guardian the problem that needed solving was one of intelligence. "And the only way to gain accurate intelligence is through eyes and ears," he said. "So, we started looking at different ways to deploy eyes and ears into situations like that." The robot costs about $7 an hour to rent and was inspired by the Sandy Hook school shooting after which it was claimed 12 lives could have been saved if officers arrived a minute earlier.

New Surveillance System May Let Cops Use All Of The Cameras (engadget.com) 117

An anonymous reader quotes a report from Wired: [Computer scientists have created a way of letting law enforcement tap any camera that isn't password protected so they can determine where to send help or how to respond to a crime.] The system, which is just a proof of concept, alarms privacy advocates who worry that prudent surveillance could easily lead to government overreach, or worse, unauthorized use. It relies upon two tools developed independently at Purdue. The Visual Analytics Law Enforcement Toolkit superimposes the rate and location of crimes and the location of police surveillance cameras. CAM2 reveals the location and orientation of public network cameras, like the one outside your apartment. You could do the same thing with a search engine like Shodan, but CAM2 makes the job far easier, which is the scary part. Aggregating all these individual feeds makes it potentially much more invasive. [Purdue limits access to registered users, and the terms of service for CAM2 state "you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream." A reasonable step to ensure privacy, but difficult to enforce (though the team promises the system will have strict security if it ever goes online). Beyond the specter of universal government surveillance lies the risk of someone hacking the system.] EFF discovered that anyone could access more than 100 "secure" automated license plate readers last year.
United States

Computers and Warrants: Some Senators Oppose Justice Plan (go.com) 47

A group of bipartisan senators introduced a bill on Thursday that blocks a pending judicial rule change allowing U.S judges to issue search warrants for remote access to computers in any jurisdiction, even overseas. Associated Press reports: Justice Department officials say that requirement is not practical in complex computer crime cases where investigators don't know the physical location of the device they want to search. In instances when cybercriminals operate on networks that conceal their identity and location, the government wants to ensure that any magistrate in a judicial district where a crime may have occurred can sign off on a search warrant that gives investigators remote access to the computer. The Obama administration says that authority is especially critical in cases involving botnets, which are networks of computers infected with a virus that spill across those districts. As it now stands, federal officials say, they might have to apply for nearly identical warrants in 94 different courthouses to disrupt a botnet.The U.S. Justice Department has pushed for the rule change since 2013. It has assumed it as a "procedural tweak" needed to modernize the criminal code to pursue sophisticated 21st century criminals, reports Reuters. Congress has until Dec 1 to vote to reject, amend or postpone the changes to Rule 41 of the federal rules of criminal procedure. If lawmakers fail to act, the change will automatically take effect, a scenario seen as likely given the short timeline. ZDNet has more details.

Robin Hood Hacker Donates $11,000 of Stolen Bitcoin to Help Fight ISIS (newsweek.com) 66

An anonymous reader writes: A Kurdish region of Syria that borders territory held by the Islamic State militant group (ISIS) has received an $11,000 donation in allegedly stolen bitcoin from a vigilante hacker. (paywalled, alternate source) The pseudonymous Phineas Fisher donated 25 bitcoins to a crowdfunding campaign set up by members of the Rojava region's economic committee, described by Fisher as "one of the most inspiring revolutionary projects in the world." Fisher claims that the bitcoin donation, recorded publicly on the blockchain ledger and listed on the crowdfunding campaign page, came from hacking into a bank. "The money did come from robbing a bank," Fisher said. "Bank robbing is more viable than ever, it's just done differently these days."Phisher adds: "Unfortunately, our world is backwards. You get rich by doing bad things and go to jail for doing good."

Filmmakers Ask 'Pirate' to Take Polygraph, Backtrack When He Agrees (torrentfreak.com) 155

The makers of Dallas Buyers Club (a 2014 movie, which won three Academy awards) are going to great lengths to crackdown on BitTorrent pirates. According to a report on piracy news blog TorrentFreak, the filmmakers challenged an accused pirate to submit a polygraph test to prove that he didn't download a copyright infringing copy of their movie. The accused pirate, California resident Michael Amhari, insists that he did not download any pirated copy of the Dallas Buyers Club and agreed to take the polygraph test. Upon hearing this, the filmmakers, who had imposed a $100,000 fine on Amhari, retracted the offer. "When plaintiff's counsel then agreed to take such a test with the proviso that defense costs and attorney fees be covered, plaintiff then refused to pay costs and revoked his offer to conduct a polygraph," said Amhari's counsel Clay Renick. TorrentFreak reports: "After receiving exculpatory evidence and the sworn declaration of defendant, Mr. Davis then refused to file a dismissal and proceeded to demand that defendant appear in the action or he would file a default." The defendant's counsel added: âoeThis behavior is galling and it should not be permitted by the court.â Because of these dubious tactics the court should set aside the default that was entered earlier this month. According to Renick, Dallas Buyer's Club has nothing more than an IP-address to back up their infringement claims, which is not enough to prove guilt.

Developer Of Anonymous Tor Software Dodges FBI, Leaves US (cnn.com) 323

An anonymous reader quotes a report from CNN: FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned. But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system -- and expose Tor users around the world to potential spying. That's why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany. "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening," she said in an exclusive interview with CNNMoney. Earlier in the month, Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter.

Iran Is Arresting Models Who Pose Without Headscarves On Instagram (bbc.com) 375

An anonymous reader writes: The Tehran cybercrimes court said the country has arrested eight people working for online modeling agencies deemed to be "un-Islamic." The women models were arrested for starring in photos on Instagram and elsewhere without wearing their headscarves, which has been required in public since 1979. A total of 170 people have been identified by investigators for being involved in online modeling, including 59 photographers and make-up artists, 58 models and 51 fashion salon managers and designers. The court's prosecutor Javad Babaei announced the the threats on TV, claiming modeling agencies accounted for about 20 percent of posts on Instagram from Iran and that they had been "making and spreading immoral and un-Islamic culture and promiscuity." He added, "We carried out this plan in 2013 with Facebook, and now Instagram is the focus."

Amazon and Microsoft Directors Charged in Prostitution Sting (kiro7.com) 311

An anonymous reader writes: A director from Microsoft and a former Amazon director have been charged with promoting prostitution after an investigation into Seattle-area sex trafficking, according to a local news report. Investigators say the director of worldwide health for Microsoft submitted over 70 reviews of prostitutes that he had allegedly hired since April 2012, according to the report, while the director of software development at Amazon, who worked on Fire TV, "allegedly hired prostitutes at least 29 times through The Review Board and TheLeague.Net, according to court documents." Both men have pleaded not guilty and are free on $75,000 bail, part of a group of 19 people now facing criminal charges. "These defendants, we allege, were absolutely devoted to the commercial sexual exploitation of vulnerable, powerless immigrant women," King County Prosecutors said in January, adding that the women, who were forced into prostitution to pay off debts to organized crime bosses in Asia, are not being charged.
Last January a Seattle newspaper reported that one alleged brothel owner "previously had made his living off illegal marijuana grows, but moved into prostitution when the drug was legalized."

British Hacker Love Wins Court Battle Over Encryption Keys (theintercept.com) 42

An anonymous reader writes: A judge in Westminster has ruled that alleged hacktivist Lauri Love cannot be forced to provide encryption keys to the National Crime Authority. This move has been called a "victory for all who use encryption in the UK" and a "great decision for privacy and personal freedom." The NCA's request was widely regarded as an attempt to circumvent the Regulatory of Investigative Powers Act of 2000, which specifically legislates police power to compel subjects to hand over encryption keys. The NCA originally tried to force Love to turn over encryption keys under RIPA in 2014 but were unsuccessful. So Love, whose property was seized two years ago, made an application to have it returned under the 1897 Police Property Act. In response, the NCA attempted to legally force decryption under the same act. The NCA argued, in the ruling documents, that they could only ascertain the contents of the devices if Love was forced to provide the encryption key. The district judge was not persuaded by this argument, saying, "The case management powers of the court are not to be used to circumvent specific legislation that has been passed in order to deal with the disclosure sought." Legal experts have noted that this case represents a civil action being put forth in a magistrate's court, which normally only deals with criminal issues.

Security Expert Jailed For Reporting Vulnerabilities In Lee County, FL Elections (theregister.co.uk) 307

rootmon writes: Information Security Professional David Levin was arrested 3 months after reporting un-patched SQL injection vulnerabilities in the Lee County, Florida Elections Office run by Sharon Harrington, the Lee County Supervisor of Elections. Harrington's office has been in the news before for voting systems problems (for example in during the 2012 election, 35 districts in Lee County had to remain open 3 hours past the closing of polls due to long lines and equipment issues, wasting $800,000 to $1.6 million of taxpayer money on incompatible iPads for which her office is facing an audit. Rather than fixing the issues in their systems, they chose to charge the whistleblower with three third-degree felonies. The News Press also has several related interviews.

Homeland Security Wants To Subpoena Techdirt Over The Identity Of A Hyperbolic Commenter (boingboing.net) 225

Techdirt is in hot water with the Department of Homeland Security all thanks to a commenter known as Digger. Techdirt's Tim Cushing published a story about the Hancock County, IN Sheriff's Department officers who stole $240,000 under color of asset forfeiture. In response to the story, Digger wrote, "The only 'bonus' these criminals [the Sheriff's Department officers] are likely to see could be a bullet to their apparently empty skulls." The Department of Homeland Security then contacted Techdirt to ask whom they should send a subpoena to in order to identify Digger. Masnick is worried the subpoena could come with a gag order. "Normally, we'd wait for the details before publishing, but given a very similar situation involving commenters on the site Reason last year, which included a highly questionable and almost certainly unconstitutional gag order preventing Reason from speaking about it, we figured it would be worth posting about it before we've received any such thing," Masnick writes.

Meet The Company That Poached The FBI's Entire Silk Road Investigation Team (dailydot.com) 133

Patrick O'Neill quotes a report from The Daily Dot: The FBI team that brought down Silk Road has a new home. After headline-grabbing investigations, arrests, and prosecutions on some of America's highest-profile cybercriminals, five of U.S. law enforcement's most prized cybercrime aces have all left government service for greener pastures -- a titan consulting firm called Berkeley Research Group (BRG). BRG's newly hired gang of five includes former federal prosecutor Thomas Brown, as well as former FBI agents Christopher Tarbell, Thomas Kiernan, and Ilhwan Yum -- names that punctuated many of the biggest cybercrime stories of the last decade including Silk Road, LulzSec, Liberty Reserve, as well as the hacks of Citibank, PNC Bank, and the Rove Digital botnet; and the prosecution of Samarth Agrawal for stealing crucial code for high-frequency trading from the multinational, multibillion dollar bank Societe Generale. "Private industry provides a lot of opportunity," NYPD intelligence chief Thomas Galati told Congress earlier this year. "So I think the best people out there are working for private companies, and not for the government."

LAPD Hacked An iPhone 5s Before The FBI Hacked San Bernardino Terrorist's iPhone 5c (latimes.com) 47

According to recently released court papers, Los Angeles police investigators found a way to break into a locked iPhone 5s belonging to April Jace, the slain wife of "The Shield" actor Michael Jace. The detectives were able to bypass the security at around the same time period the FBI was demanding Apple unlock the iPhone 5c belonging to San Bernardino terrorist Syed Rizwan Farook. LAPD detective Connie Zych wrote on March 18, the department found a "forensic cellphone expert" who could "override the locked iPhone function," according to the search warrant. There's no mention of how the LAPD broke into the iPhone or what OS the iPhone was running (Note: iOS 8, which features improved encryption and security features, came out months after the killing). The information stored on the iPhone should help in the criminal case against Jace's husband, who is charged with the May 19, 2014, killing.

Hacker Guccifer Claims He Easily and Repeatedly Broke Into Hillary Clinton's Email Server (foxnews.com) 416

An anonymous reader quotes a report from Fox News: The infamous Romanian hacker known as "Guccifer," speaking exclusively with Fox News, claimed he easily -- and repeatedly -- breached former Secretary of State Hillary Clinton's personal email server in early 2013. In the process of mining data from the Blumenthal account, Lazar said he came across evidence that others were on the Clinton server. "As far as I remember, yes, there were up to 10, like, IPs from other parts of the world," he said. From the report: "'For me, it was easy ... easy for me, for everybody,' Marcel Lehel Lazar, who goes by the moniker 'Guccifer,' told Fox News from a Virginia jail where he is being held. Fox News could not independently confirm Lazar's claims. The 44-year-old Lazar said he first compromised Clinton confidant Sidney Blumenthal's AOL account, in March 2013, and used that as a stepping stone to the Clinton server. He said he accessed Clintonâ(TM)s server 'like twice,' though he described the contents as 'not interest[ing]' to him at the time." Guccifer was sent to prison last month, which is when his potential role in the Clinton email investigation became apparent.

Without Encryption, Everything Stops, Says Snowden (thehill.com) 144

An anonymous reader writes about Snowden's appearance on a debate with CNN's Fareed Zakaria: Edward Snowden defended the importance of encryption, calling it the "backbone of computer security." He said, "Encryption saves lives. Encryption protects property. Without it, our economy stops. Our government stops. Everything stops. Our intelligence agencies say computer security is a bigger problem than terrorism, than crime, than anything else," he noted. "[...] Lawful access to any device or communication cannot be provided to anybody without fatally compromising the security of everybody."

Child Porn Suspect Jailed Indefinitely For Refusing To Decrypt Hard Drives (arstechnica.com) 796

An anonymous reader quotes a report from Ars Technica: A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order. The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple.

A Complete Guide To The New 'Crypto Wars' (dailydot.com) 68

blottsie writes: The latest debate over encryption did not begin with a court order demanding Apple help the FBI unlock a dead terrorist's iPhone. The new "Crypto Wars," chronicled in a comprehensive timeline by Eric Geller of the Daily Dot, dates back to at least 2003, with the introduction of "Patriot Act II." The battle over privacy and personal security versus crime-fighting and national security has, however, become a mainstream debate in recent months. The timeline covers a wide-range of incidents where the U.S. and other allied governments have tried to restrict citizens' access to strong encryption. The timeline ends with the director of national intelligence blaming NSA whistleblower Edward Snowden for advancing the spread of user-friendly, widely available strong encryption.

Schools Are Helping Police Spy On Kids' Social Media Activity (orlandosentinel.com) 215

schwit1 shares this excerpt from an article in The Washington Post: Schools in Florida are renewing a program that monitors their students' social media activity for criminal or threatening behavior, although it has caused some controversy since its adoption last year. The school system in Orange County, where Orlando is located, recently told the Orlando Sentinel that the program, which partners the school system with local police departments, has been successful in protecting students' safety, saying that it led to 12 police investigations in the past year. The school district says it will pay about $18,000 annually for SnapTrends, the monitoring software used to check students' activity. It's the same software used by police in Racine, Wisconsin, to track criminal activity and joins a slew of similar social media monitoring software used by law enforcement to keep an eye on the community.

SnapTrends collects data from public posts on students' social media accounts by scanning for keywords that signify cases of cyberbullying, suicide threats, or criminal activity. School security staff then comb through flagged posts and alert police when they see fit.


Dutch Police Seize Encrypted Communication Network With 19,000 Users (reuters.com) 77

An anonymous reader writes: Dutch police have seized and shut down Ennetcom, an encrypted communications network with 19,000 users, according to Reuters. The network's 36-year-old owner, Danny Manupassa, has also been arrested, and faces charges of money laundering and illegal weapons possession, while the information obtained in the seizure may also be used for other criminal prosecutions. "Police and prosecutors believe that they have captured the largest encrypted network used by organized crime in the Netherlands," prosecutors said in a statement.

"Although using encrypted communications is legal," Reuters reports, "many of the network's users are believed to have been engaged in 'serious criminal activity,' said spokesman Wim de Bruin of the national prosecutor's office, which noted that the company's modified phones have repeatedly turned up in cases involving drugs, criminal motorcycle gangs, and gangland killings.

A spokesman for the National Prosecutor's office "declined to comment on whether and how police would be able to decrypt information kept on the servers."
United Kingdom

UK Intel Agencies Have Been Spying on Millions of People 'Of No Security Interest' Since 1990s (arstechnica.com) 101

The UK's intelligence agencies such as MI5, MI6, and GCHQ have been collecting personal information from citizens who are "unlikely to be of intelligence or security interest" since the 1990s, a thousand pages of documents published on Thursday revealed. The documents were published as a result of a lawsuit filed by Privacy International, a UK-based registered charity that defends and promotes the right to privacy across the world. According to the documents, GCHQ and others have been collecting bulk personal data sets since 1998 under the provisions of section 94 of the Telecommunications Act 1984. J.M. Porup, reports for Ars Technica: These records can be "anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities," Privacy International legal officer Millie Graham Wood said in a statement. "The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data." Nor, it seems, are BPDs only being used to investigate terrorism and serious crime; they can and are used to protect Britain's "economic well-being" -- including preventing pirate copies of Harry Potter books from leaking before their release date. The so-called "Bulk Personal Datasets," or BPDs are so powerful, in fact, that the normally toothless UK parliament watchdog that oversees intelligence gathering, the Intelligence and Security Committee (ISC), recommended in February that "Class Bulk Personal Dataset warrants are removed from the new legislation." These data sets are so large and collect so much information so indiscriminately that they even include information on dead people.

Slashdot Top Deals