Crime

UK Teen Who Hacked CIA Director Sentenced To 2 Years In Prison (gizmodo.com) 85

An anonymous reader quotes a report from Gizmodo: A British teenager who gained notoriety for hacking a number of high profile United States government employees including former CIA director John Brennan and former director of intelligence James Clapper was sentenced Friday to two years in prison. Eighteen-year-old Kane Gamble pleaded guilty to 10 separate charges, including eight counts of "performing a function with intent to secure unauthorized access" and two counts of "unauthorized modification of computer material," the Guardian reported.

Gamble, otherwise known by his online alias Cracka, was 15 at the time that he started his hacking campaigns. The alleged leader of a hacking group known as Crackas With Attitude (CWA), Gamble made it a point to target members of the U.S. government. The young hacker's group managed to successfully gain access to ex-CIA director John Brennan's AOL email account. The group hacked a number of accounts belonging to former Director of National Intelligence James Clapper, including his personal email, his wife's email, and his phone and internet provider account. The hackers allegedly made it so every call to Clapper's home phone would get forwarded to the Free Palestine Movement.

Government

Palantir Knows Everything About You (bloomberg.com) 109

Palantir, a data-mining company created by Peter Thiel, is aiding government agencies by tracking American citizens using the War on Terror, Bloomberg reports. From the report: The company's engineers and products don't do any spying themselves; they're more like a spy's brain, collecting and analyzing information that's fed in from the hands, eyes, nose, and ears. The software combs through disparate data sources -- financial documents, airline reservations, cellphone records, social media postings -- and searches for connections that human analysts might miss. It then presents the linkages in colorful, easy-to-interpret graphics that look like spider webs.

[...] The U.S. Department of Health and Human Services uses Palantir to detect Medicare fraud. The FBI uses it in criminal probes. The Department of Homeland Security deploys it to screen air travelers and keep tabs on immigrants. Police and sheriff's departments in New York, New Orleans, Chicago, and Los Angeles have also used it, frequently ensnaring in the digital dragnet people who aren't suspected of committing any crime.

Bitcoin

German ICO Savedroid Pulls Exit Scam After Raising $50 Million (techcrunch.com) 195

German company Savedroid has pulled a classic exit scam after raising $50 million in ICO and direct funding. The site is currently displaying a South Park meme with the caption "Aannnd it's gone." The founder, Dr. Yassin Hankir, has posted a tweet thanking investors and saying "Over and out." TechCrunch reports: A reverse image search found Hankir's photo on this page for Founder Institute, and he has pitched his product at multiple events, including this one in German. Savedroid was originally supposed to use AI to manage user investments and promised a crypto-backed credit card, a claim that CCN notes is popular with scam ICOs. It ran for a number of months and was clearly well-managed as the group was able to open an office and appear at multiple events.
Crime

Former FCC Broadband Panel Chair Arrested For Fraud (dslreports.com) 106

An anonymous reader quotes a report from DSLReports: The former chair of a panel built by FCC boss Ajit Pai to advise the agency on broadband matters has been arrested for fraud. Elizabeth Ann Pierce, former CEO of Quintillion Networks, was appointed by Pai last April to chair the committee, but her tenure only lasted until September. Pierce resigned from her role as Quintillion CEO last August after investigators found she was engaged in a scam that tricked investors into pouring money into a multi-million dollar investment fraud scheme. According to the Wall Street Journal, Pierce convinced two investment firms that the company had secured contracts for a high-speed fiber-optic system that would generate hundreds of millions of dollars in future revenue. She pitched the system as a way to improve Alaska's connectivity to the rest of the country, but the plan was largely a fabrication, law enforcement officials say. "As it turned out, those sales agreements were worthless because the customers had not signed them," U.S. Attorney Geoffrey Berman said in prepared remarks. "Instead, as alleged, Pierce had forged counterparty signatures on contract after contract. As a result of Pierce's deception, the investment companies were left with a system that is worth far less than Pierce had led them to believe." Quintillion says it began cooperating with lawmakers as soon as allegations against Pierce surfaced last year. Pierce was charged with wire fraud last Thursday and faces a maximum sentence of 20 years in prison.
Bitcoin

New York's Attorney General Is Investigating Bitcoin Exchanges (theverge.com) 42

The office of New York Attorney General Eric Schneiderman announced today that it has launched an investigation into bitcoin exchanges. He's reportedly looking into thirteen major exchanges, including Coinbase, Gemini Trust, and Bitfinex, requesting information on their operations and what measures they have in place to protect consumers. The Verge reports: "Too often, consumers don't have the basic facts they need to assess the fairness, integrity, and security of these trading platforms," Schneiderman said in a statement. His office sent detailed questionnaires to the thirteen exchanges, asking them to disclose who owns and controls them, and how their basic operation and transaction fees work. The questionnaire also asks for specific details on how exchanges might suspend trading or delay orders, indicating Schneiderman is particularly concerned with exchanges manipulating the timing of public orders. The investigation will attempt to shed more transparency on how platforms combat market manipulation attempts and suspicious trading, as well as bots, theft, and fraud. Many of the exchanges Schneiderman is targeting, such as Beijing-based Huobi, have headquarters located outside the U.S., but the attorney general has jurisdiction over any foreign business operating in New York. Coin Center's director of research Peter Van Valkenburgh tells The Verge that the new investigation might be overkill, given the existing rules already in place for bitcoin exchanges. "Far from being unregulated," he says, "these businesses must contend with state money transmission licensing laws, federal anti-money laundering law, CFTC scrutiny for commodities spot market manipulation, SEC scrutiny for securities trading (should any tokens traded be securities), and in this case, state consumer protection investigations from the several attorneys general."
Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 420

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
Wireless Networking

Planet Fitness Evacuated After WiFi Network Named 'Remote Detonator' Causes Scare (windsorstar.com) 168

An anonymous reader quotes a report from Windsor Star: A Michigan gym patron looking for a Wi-Fi connection found one named "remote detonator," prompting an evacuation and precautionary search of the facility by a bomb-sniffing dog. The Saginaw News reports nothing was found in the search Sunday at Planet Fitness in Saginaw Township, about 85 miles (140 kilometers) northwest of Detroit. Saginaw Township police Chief Donald Pussehl says the patron brought the Wi-Fi connection's name to the attention of a manager, who evacuated the building and called police. The gym was closed for about three hours as police responded. Pussehl says there's "no crime or threat," so no charges are expected. He notes people often have odd names for WiFi connections. Planet Fitness says the manager was following company procedure for when there's suspicion about a safety issue.
Encryption

Former FBI Director James Comey Reveals How Apple and Google's Encryption Efforts Drove Him 'Crazy' (fastcompany.com) 351

An anonymous reader shares a report: In his explosive new book, A Higher Loyalty, fired FBI director James Comey denounces President Trump as "untethered to the truth" and likens him to a "mob boss," but he also touches on other topics during his decades-long career in law enforcement -- including his strong objection to the tech industry's encryption efforts. When Apple and Google announced in 2014 that they would be moving their mobile devices to default encryption, by emphasizing that making them immune to judicial orders was good for society, "it drove me crazy," he writes. He goes on to lament the lack of "true listening" between tech and law enforcement, saying that "the leaders of the tech companies don't see the darkness the FBI sees," such as terrorism and organized crime.

He writes, "I found it appalling that the tech types couldn't see this. I would frequently joke with the FBI 'Going Dark' team assigned to seek solutions, 'Of course the Silicon Valley types don't see the darkness -- they live where it's sunny all the time and everybody is rich and smart." But Comey understood it was an unbelievably difficult issue and that public safety had to be balanced with privacy concerns.

Crime

Jailed Kansas 'Swat' Perpetrator Sneaks Online, Threatens More 'Swats' (kansas.com) 285

An anonymous reader quotes the Wichita Eagle: Tyler Barriss -- the man charged in a swatting hoax that led to the death of an innocent Wichita man -- apparently got access to the internet from jail for at least 28 minutes [last] Friday and threatened to swat again. "How am I on the Internet if I'm in jail? Oh, because I'm an eGod, that's how," a tweet posted at 9:05 a.m. said.
Other developments in the case:
  • Another tweet from the Barriss account 19 minutes later asked who was "talking shit," warning "your ass is about to get swatted." And nine minutes later his final tweet from jail bragged, "Y'all should see how much swag I got in here." The county sheriff's office blamed an outside vendor's improper software upgrade to an inmate kiosk, arguing that 14 inmates potentially had full internet access "for less than a few hours."
  • 25-year-old Barris is still in jail facing an 11-year prison sentence, noted a Twitter user who responded to the tweets. "This will play well at sentencing when you're pretending to be remorseful and asking the judge for mercy."
  • Meanwhile, the Wichita police officer who mistakenly fired the fatal shot that killed a 28-year-old father of two will not face charges. The district attorney concluded that several of the officers closest to victim Andrew Finch thought he reached down to pull up his pants, leaving his right arm hidden from the officers, the Wichita Eagle reports. "The officer who fired the shot, along with some others, thought Finch was reaching for a gun."
  • "This shooting should not have happened," said the district attorney. "But this officer's decision was made in the context of the false call." Finch was shot 10 seconds after opening his front door, and his family's civil case against the police department is still going forward.
  • Two other gamers involved in the shooting -- including one who allegedly hired Barriss over a $1.50 bet in the game Call of Duty -- have not been charged with a crime.

Google

Google Loses 'Right To Be Forgotten' Case (bbc.com) 160

A businessman fighting for the "right to be forgotten" has won a High Court action against Google. BBC reports: The man, who has not been named due to reporting restrictions surrounding the case, wanted search results about a past crime he had committed removed from the search engine. The judge, Mr Justice Mark Warby, ruled in his favour on Friday. But he rejected a separate claim made by another businessman who had committed a more serious crime. The businessman who won his case was convicted 10 years ago of conspiring to intercept communications. He spent six months in jail. The other businessman, who lost his case, was convicted more than 10 years ago of conspiring to account falsely. He spent four years in jail.
Bitcoin

438 Bitcoins Worth Nearly $3.5 Million Stolen From Exchange In India, CSO Accused (indiatimes.com) 85

William Robinson shares a report from The Economic Times: Nearly 438 bitcoins, worth nearly $3.5 million, were stolen from a top exchange firm in India in what is being billed as the biggest cryptocurrency theft in the country so far. The exchange, which has over two hundred thousand users across the country, found that all the bitcoins that were stored offline had vanished. It was later found that the private keys -- the password that is kept by the company and is stored offline -- were leaked online, leading to the hack. The company tried to trace the hackers, but found that all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred. Coinsecure, a Delhi-based cryptocurrency exchange, is accusing its CSO, Amitabh Saxena, of siphoning off the money from the firm's wallet. The exchange is urging the government to seize Saxena's passport, fearing that he may leave the country.
Crime

Backpage Founders Charged With Money Laundering, Aiding Prostitution (theverge.com) 256

Federal authorities have charged the two founders of classified site Backpage.com, along with five other employees, with laundering money and facilitating prostitution. According to The Washington Post, the Justice Department claims Backpage took "consistent and concerted action" to knowingly allow ads for illegal sex work. The indictment alleges that "virtually every dollar flowing into Backpage's coffers represents the proceeds of illegal activity." The Verge reports: Law enforcement agencies seized Backpage's servers last week, and co-founder Michael Lacey was charged in a sealed 93-count indictment, which has now been revealed. Lacey, as well as his co-founder James Larkin, were already charged with violating California money laundering laws, although a judge threw out state-level pimping charges. Beyond Lacey and Larkin, the Backpage indictment includes charges against the site's chief financial officer, operations manager, assistant operations manager, and marketing director. It also charges the executive vice president of one of Backpage's parent companies. Backpage CEO Carl Ferrer, who was previously charged with pimping in California, was not charged in this indictment. The Justice Department claims Backpage's owners tried to cover up the fact that most of its "adult services" ads involved prostitution, and that Backpage allowed child sex traffickers to keep ads on the site as long as they deleted age-related keywords. The indictment also claims that Backpage disguised payments for illegal services by having customers funnel money to foreign bank accounts or apparently unrelated companies, or by transferring funds into cryptocurrency. These federal chargers are reportedly unrelated to the Stop Enabling Sex Traffickers Act, a bill that would make website operators liable for illegal content posted to their sites. The bill is currently awaiting Trump's signature.
Security

'Vigilante Hackers' Strike Routers In Russia and Iran, Reports Motherboard (vice.com) 121

An anonymous reader quotes Motherboard: On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. "We were tired of attacks from government-backed hackers on the United States and other countries," someone in control of an email address left in the note told Motherboard Saturday... "We simply wanted to send a message...." In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: "Don't mess with our elections," along with an image of an American flag...

In a blog post Friday, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said in its own blog post on Thursday it found 168,000 systems potentially exposed by the software. Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors...

Reuters reported that Iran's IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the U.S.... The hackers said they did scan many countries for the vulnerable systems, including the U.K., U.S., and Canada, but only "attacked" Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK "to prevent further attacks... As a result of our efforts, there are almost no vulnerable devices left in many major countries," they claimed in an email.

Their image of the American flag was a black-and-white drawing done with ASCII art.
Education

Schools Are Giving Up on Smartphone Bans (gizmodo.com) 117

Bans on phones in schools are increasingly becoming a thing of the past, new research shows. From a report: A survey from the National Center for Education Statistics exploring crime and safety at schools indicates that there is a trend toward relaxing student smartphone bans. The survey reports that the percentage of public schools that banned cell phones and other devices that can send text messages dropped from nearly 91 percent in 2009 through 2010 to nearly 66 percent in 2015 through 2016.

This drop did not coincide, however, with more lenient rules around social media. In 2009 and 2010, about 93 percent of public schools limited student access to social networking sites from school computers, compared to 89 percent from 2015 through 2016. That's likely because these bans aren't lifted in response to student demands to use their electronics during school hours -- they are bending to the pressure of parents who want to be able to reach their kids.

Businesses

Cities Worldwide Spent Over $3 Billion Last Year To Peep On You (cnet.com) 98

The world market for security equipment in city surveillance surged past $3 billion last year and won't be slowing down anytime soon, a research report by IHS Markit said Wednesday. From a report: State capitals and major cities have been spurring rapid development of city surveillance market in recent years, mostly to help police forces maintain public safety and reduce crime, the researcher said. Demand has surged for video content analysis, like facial recognition, as well as for things like body-worn cameras and services for police officers. IHS Markit estimated the city surveillance market will grow at average annual rate of 14.6 percent from 2016 to 2021. China is the biggest market for security equipment in city surveillance, taking up a two-thirds share, and it will also be the first country to widely use facial recognition in city surveillance projects, according to the researcher. More than 10,000 smart cameras are expected to roll out in Shenzhen city this year.
The Courts

Pirate Music Site's Owner Sentenced to Five Years in Prison (torrentfreak.com) 101

An anonymous reader shares an update on Artur Sargsyan, who owned the music-pirating site Sharebeast as well as Newjams and Albumjams. TorrentFreak reports: Thursday a U.S. District Judge sentenced the 30-year-old to five years in prison, three years of supervised release, and more than $642,000 in restitution and forfeiture... The RIAA claimed that ShareBeast was the largest illegal file-sharing site operating in the United States... "Millions of users accessed songs from ShareBeast each month without one penny of compensation going to countless artists, songwriters, labels and others who created the music," RIAA Chairman & CEO Cary Sherman commented at the time...

If Sargsyan had responded to takedown notices more positively, it's possible that things may have progressed in a different direction. The RIAA sent the site more than 100 copyright-infringement emails over a three-year period but to no effect. This led the music industry group to get out its calculator and inform the Deparmtment of Justice that the total monetary loss to its member companies was "a conservative" $6.3 billion "gut-punch" to music creators who were paid nothing by the service... "His reproduction of copyrighted musical works were made available only to generate undeserved profits for himself," said U.S. Attorney Byung J. "BJay" Pak. "The incredible work done by our law enforcement partners and prosecutors in light of the complexity of Sargsyan's operation demonstrates that we will employ all of our resources to stop this kind of theft."

David J. LaValley, Special Agent in Charge of FBI Atlanta, said "His sentence sends a message that no matter how complex the operation, the FBI, its federal partners and law enforcement partners around the globe will go to every length to protect the property of hard working artists and the companies that produce their art."

Today if you visit ShareBeast.com or AlbumJams.com, they display an "FBI anti-piracy warning" image notifying visitors the domain has been seized, adding "Willful copyright infringement is a federal crime that carries penalties for first time offenders of up to five years in federal prison, a $250,000 fine, forfeiture and restitution." The image is surrounded by a red border with the word "seized" written over and over again.
Cellphones

How Technology Caught the Austin Serial Bomber (foxnews.com) 148

Wednesday police in Austin, Texas finally located the "serial bomber" believed to be responsible for six package bombs which killed two people over the last three weeks. "The operation was aided by different uses of technology, including surveillance cameras and cell phone triangulation." An anonymous reader shares this article: The suspect, who has been identified as 24-year-old Mark Anthony Conditt, was killed near the motel he was traced to thanks to surveillance footage from a Federal Express drop-off store, The Austin American-Stateman reported. The authorities were able to gather information after police noticed the subject shipped an explosive device from a Sunset Valley FedEx store, a suburb approximately 25 minutes away from Austin. The evidence included the security footage from the store, as well as store receipts obtained showing suspicious transactions. The authorities were also able to look at the individual's Google search history, the Statesman noted, which gave them further insight into his dealings...

The authorities were also able to use cell phone triangulation technology, which provides a cell phone's location data via information collected from nearby cell towers... The phone's GPS capabilities can track the phone within 5 to 10 feet and can also provide "historical" or "prospective" location information. It can also "ping" the phone, forcing it to reveal its exact location... As cell phone companies store this type of data, law enforcement authorities must request it via the appropriate court processes.

"Authorities in Austin were able to use this technology to trace the suspect to a hotel in Williamson County."
United States

DIY Explosives Experimenter Blows Self Up, Contaminates Building (fdlreporter.com) 366

Long-time Slashdot reader hey! writes: Benjamin D. Morrison of Beaver Dam Wisconsin was killed on March 5 while synthesizing explosives in his apartment... The accident has left the apartment building so contaminated that it will be demolished in a controlled burn, and residents are not being allowed in to retrieve any of their belongings.
It was just five years ago that Morrison graduated from Pensacola Christian College in Florida with a degree in pre-pharmacy and minors in chemistry and math. Though a local reverend believes 28-year-old Morrison was "not a bomb maker," USA Today's site FDL Reporter notes that "Officials assume he was making bombs that accidentally exploded and killed him... They have not publicly disclosed what chemicals were in apartment 11 where Morrow lived, only describing them as 'extremely volatile and unstable explosives.'"
Electronic Frontier Foundation

North Carolina Police Obtained Warrants Demanding All Google Users Near Four Crime Scenes (wral.com) 214

An anonymous reader quotes the public records reporter from North Carolina TV station WRAL: In at least four investigations last year -- cases of murder, sexual battery and even possible arson at the massive downtown fire in March 2017 -- Raleigh police used search warrants to demand Google accounts not of specific suspects, but from any mobile devices that veered too close to the scene of a crime, according to a WRAL News review of court records... The demands Raleigh police issued for Google data [in two homicide cases] described a 17-acre area that included both homes and businesses... The account IDs aren't limited to electronics running Android. The warrant includes any device running location-enabled Google apps, according to Raleigh Police Department spokeswoman Laura Hourigan...

On March 16, 2017, a five-alarm fire ripped through the unfinished Metropolitan apartment building on West Jones Street... About two months later, Raleigh police obtained a search warrant for Google account IDs that showed up near the block of the Metropolitan between 7:30 and 10 p.m. the night of the fire... In addition to anonymized numerical identifiers, the warrant calls on Google to release time stamped location coordinates for every device that passed through the area. Detectives wrote that they'd narrow down that list and send it back to the company, demanding "contextual data points with points of travel outside of the geographical area" during an expanded timeframe. Another review would further cull the list, which police would use to request user names, birth dates and other identifying information of the phones' owners.

"Do people understand that in sharing that information with Google, they're also potentially sharing it with law enforcement?" asks a former Durham prosecutor who directs the North Carolina Open Government Coalition at Elon University. And Stephanie Lacambra, criminal defense staff attorney at the Electronic Frontier Foundation, also criticized the procedure. "To just say, 'Criminals commit crimes, and we know that most people have cell phones,' that should not be enough to get the geo-location on anyone that happened to be in the vicinity of a particular incident during a particular time." She believes that without probable cause the police department is "trying to use technology as a hack for their job... It does not have to be that we have to give up our privacy rights in order to participate in the digital revolution."

Nathan Freed Wessler, staff attorney with the ACLU's Speech, Privacy and Technology Project, put it succinctly. "At the end of the day, this tactic unavoidably risks getting information about totally innocent people."
Businesses

Former Equifax CIO Charged With Insider Trading (bloomberg.com) 90

OffTheLip writes: Jun Ying, a former CIO with Equifax has been charged with insider trading by the US Department of Justice. From the linked article:

Wednesday's announcement marks the first criminal charge brought in one of the largest data breaches in history. Ying, the former chief information officer for Equifax's U.S. information-solutions business, used confidential information entrusted to him by the company to determine it had been hacked, according to a separate complaint filed by the Securities and Exchange Commission.

ZDNet adds: According to a Justice Department statement, Ying sent a text message to a colleague two weeks before Equifax revealed the hack, in which he said the breach "sounds bad." Three days later, Ying searched the web to research the effect of Experian's 2015 own breach on its stock price. Later that day, Ying excised all his available stock options.


Slashdot Top Deals