Jump to content

Search the Community

Showing results for tags 'police'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 25 results

  1. 2018 saw a jump in the number of Germans applying for a basic weapons license. Police say the trend comes from a growing sense of insecurity, but warn increasing numbers of armed citizens may worsen the situation. More Germans are applying for basic weapons licenses according to the country's Interior Ministry. As of December 31, 2018, some 610,937 citizens had been issued licenses. The jump of 53,377 gun permits over 2017 represents a 9.6 percent increase in the number of Germans now licensed to carry gas pistols, flare guns, pepper spray and other weapons not intended for deadly use. Police representatives suggest the increase illustrates a latent sense of insecurity among citizens. However, Left Party domestic policy expert Ulla Jelpke said the increase was "a result of the panic created by law and order politicians like Interior Minister Horst Seehofer and right-wing agitators like the AfD [Alternative for Germany]." 'False sense of security' Police Union (GdP) Chairman Oliver Malchow, warned of the effect that growing numbers of armed citizens might have in everyday life, telling the Germany daily newspaper Neue Osnabrücker Zeitung: "Such weapons give a false sense of security as well as an increased willingness for self-defense. But both those facts could lead to an escalation of the current situation, eventually turning gun owners into criminals." Malchow added that armed citizens could actually be opening themselves to more risk, as those they might face would have no way of knowing that they were carrying non-lethal weapons. Germany's basic weapons license requires an applicant to be of adult age as well as being personally and psychologically fit. Lethal weapons are not readily available in Germany. The Journal of the American Medical Association (JAMA Network), said that 0.9 Germans per 100,000 died of gun violence in 2016. The USA, which garners much press for its high percentage of gun deaths, registered 10.6 per 100,000 in 2016. El Salvador led the world by percentage with 39.2 per 100,000. Germany registered 820 gun deaths in 2016, as compared to 33,336 in the USA. Source
  2. NOVATO — A five-and-a-half standoff ended peacefully Saturday afternoon after a suspect who asked police for cigarettes accepted a vape pen instead, police said. The standoff ended peacefully Saturday afternoon after a suspect who asked police for cigarettes accepted a vape pen instead, police said. Juan Roman, 40, of Novato, surrendered about 1:30 p.m. and was arrested on suspicion of attempted arson and vandalism, according to Novato police. Officers first responded at 7 a.m. to a 76 gas station convenience store on Ignacio Boulevard, where Roman allegedly poured gas and tried to set a fire. Police believe he was angry that he couldn't get a fuel pump to work at the station, and that he was also upset about family issues, said Novato Police Lt. Sasha D'Amico. Authorities had been alerted and followed Roman as he drove away from the 76 station in his pickup truck to a Safeway fueling station on Nave Drive, less than a mile away. Police then tried to talk him out of his vehicle and called in crisis negotiators and a SWAT team, believing Roman might have a weapon. They also believed that he might have splashed fuel on himself at the 76 station. After six hours, he said he would surrender if negotiators gave him cigarettes, but police decided that wouldn't be a good idea, given the possibility of fuel on his clothing. When they gave him a vape pen instead, he agreed to surrender, D'Amico said. Police did not find a firearm on Roman, or in his vehicle, she said. Source
  3. PARIS (Reuters) - Paris police fired water cannon and tear gas to push back “yellow vest” demonstrators from around the Arc de Triomphe monument on Saturday, in the ninth straight weekend of protests against French President Emmanuel Macron’s economic reforms. Thousands of protesters in Paris marched noisily but mostly peacefully through the Grands Boulevards shopping area in northern Paris, close to where a massive gas explosion in a bakery killed two firefighters and a Spanish tourist and injured nearly 50 people early on Saturday. But small groups of demonstrators broke away from the designated route and threw bottles and other projectiles at the police. Around the 19th-century Arc de Triomphe at the top of the Champs Elysees boulevard, riot police fired water cannon and tear gas at militant yellow-vest protesters after being pelted with stones and paint, witnesses said. Groups of protesters also gathered on and around the Champs Elysees, the scene of disturbances in recent weeks, many of them calling loudly for Macron to resign. “Macron, we are going to tear down your place!” one banner read. The Interior Ministry said it estimated that there were 32,000 demonstrators nationwide on Saturday, including 8,000 in Paris, below the 50,000 counted last week and well below the record 282,000 nationwide on Nov. 17, the first day of yellow vest protests. But the number of demonstrators in Paris was well above the past two weekends, when authorities counted just 3,500 people on Jan. 5 and only 800 on Dec. 29. Much of central Paris was in lockdown on the first week of post-Christmas sales with bridges across the Seine river closed and official buildings such as parliament and the Elysee presidential palace protected by police barriers. In Paris, 121 “gilets jaunes” (yellow vest) were arrested, some for carrying objects that could be used as weapons, police said. By nightfall, there had been no looting or burning of cars as seen in previous weeks. There were also thousands of marchers in the cities of Bordeaux and Toulon in southern France as well as Strasbourg in the east and the central city of Bourges. Bourges authorities said nearly 5,000 yellow vests stuck to the designated demonstration area. The historical city center was off-limits for demonstrators, but some 500 protesters made their way to the center where they scuffled with police and set garbage bins on fire. Many businesses in Bourges had boarded themselves up to avoid damage and authorities had removed street furniture and building site materials that could be used for barricades. In Strasbourg, up to 2,000 demonstrators gathered in front of the European Parliament building and later marched to the center of the city on the Rhine river border with Germany. No serious violence or looting was reported there. More than 80,000 police were on duty for the protests nationwide, including 5,000 in Paris. The “yellow vests” take their name from the high-visibility jackets they wear. Their rage stems from a squeeze on household incomes and a belief that Macron, a former investment banker seen as close to big business, is indifferent to their hardships. Macron, often criticized for a monarchical manner, is to launch a national debate on Jan. 15 to try to mollify the yellow vest protest, which has shaken his administration. The debate, to be held on the internet and in town halls, will focus on four themes - taxes, green energy, institutional reform and citizenship. But aides to Macron have said changing the course of Macron’s reforms aimed at liberalizing the economy will be off limits. Source
  4. The tech giant is also upgrading its program that trains law enforcement in digital forensics. Apple is creating a dedicated team to help train law enforcement officials around the world in digital forensics, the company said Tuesday in a letter to Rhode Island Democratic Sen. Sheldon Whitehouse. The company is also working on an online portal, set to be operational by the end of 2018, where law enforcement officials can submit and track requests for data and obtain responses from Apple. When the portal goes live, police and law enforcement agents will be able to apply for "authentication credentials," Apple said in the letter. The letter, seen by CNET, addresses recommendations made in a report issued earlier this year by the Center for Strategic and International Studies (CSIS) regarding cybersecurity and the "digital evidence needs" of law enforcement agencies. Apple said in the letter that it's eager to adopt the report's recommendations, including making upgrades to its law enforcement training program. This includes developing an online training module for police that mirrors Apple's current in-person training, according to the letter and to details on the company's website. "This will assist Apple in training a larger number of law enforcement agencies and officers globally, and ensure that our company's information and guidance can be updated to reflect the rapidly changing data landscape," the site says. Apple also reiterated in the letter that it's "committed to protecting the security and privacy of our users" and that company initiatives and "the work we do to assist investigations uphold this fundamental commitment." Along with tech companies like Google and Microsoft, Apple regularly publishes transparency reports detailing how often it gets requests for data from governments as well as private parties. In the first half of 2017, for example, Apple received between 13,250 and 13,499 national security requests from the US law enforcement. Source
  5. When hackers took over two-thirds of D.C. police’s surveillance cameras days before the 2017 presidential inauguration, it appeared that the cyberattack was limited to elicit a single ransom payment. But court documents show that the alleged scheme that January was far more ambitious. Federal authorities say two Romanians accused in the hacking planned to use the police department computers to email ransomware to more than 179,000 accounts. That would have allowed them to extort those users as well — and use city government computers to hide their digital tracks. Prosecutors said the alleged hackers had also stolen banking credentials and account passwords, and, using the police computers, could have committed “fraud schemes with anonymity.” In addition, authorities said they uncovered a separate scheme run by the same people — an allegedly fraudulent business that tricked Amazon’s offices in Great Britain into sending money to the Romanians. (Amazon’s chief executive, Jeffrey P. Bezos, owns The Washington Post.) The intrusion in the District occurred Jan. 9-12, 2017, and caused 123 of the police department’s 187 surveillance cameras to go dark eight days before Donald Trump was sworn in as president, sparking national security concerns. It appears the timing was a coincidence; prosecutors said the hackers probably did not know that the computers were used by police. D.C. police say the incident did not affect safety or harm any investigations, but cybersecurity experts said it highlights the digital threat faced by governments and businesses and raises questions about the city’s ability to quickly identify hacking. “The question we should be asking of police is what controls were lacking and why were they unable to detect such an obvious intrusion,” said Alex Rice, the chief technology officer and co-founder of HackerOne, a California firm that works with companies and the Defense Department to test computer security. District officials said they are working hard to protect the city against a constant stream of cyberattacks. They did not answer questions specifically about the police cameras, citing the ongoing criminal investigation. Kevin Donahue, the deputy mayor for public safety, said in a statement that the District’s cybersecurity program “is critical to our public safety, health care, and public education agencies.” His statement added that “each year, we see more than one billion malicious intrusion attempts, including ransomware, denial of service, and phishing attacks. We are continuously working to improve our cybersecurity defenses to ensure they protect our IT systems from the constantly evolving methods of cyber attacks.” The U.S. attorney’s office for the District is seeking to extradite Mihai Alexandru Isvanca, 25, from Romania. His alleged accomplice, Eveline Cismaru, 28, has been extradited. She made her initial appearance on Friday in U.S. District Court in Washington. Prosecutors said Cismaru lacks ties to the United States and fled Romania while appealing a court order to extradite her from there to the United States. Authorities tracked her to London, where she was arrested, prosecutors said in court documents filed Friday. Isvanca and Cismaru have been charged with fraud and computer crimes and face 20 years in prison if convicted. An attorney for Isvanca did not return calls seeking comment. Cary Citronberg, who is representing Cismaru, said in a statement that his client has a 2-year-old son in Europe. “We believe Ms. Cismaru belongs back with her son and we are hopeful she will be able to put this ordeal behind her quickly so she can be reunited with her family,” he said. A hearing in federal court is scheduled for Aug. 16. Cismaru is being detained. Police say the alleged hackers were detected only when they shut the system down. D.C. police said the hack that locked up the system was noticed after a city employee tried to sign on to the computer system that runs the outdoor cameras and saw a “splashscreen.” A notice highlighted in red announced a “cerber ransomware” and warned that “your documents, photos, databases and other important files have been encrypted!” It said the system could be unlocked with a bitcoin payment of more than $60,000. Cerber, along with “dharma,” are two types of ransomware programs. Both had been downloaded onto the police system that runs the cameras. Authorities said the hackers routed emails through the police servers, including some sent to “vand.suflete” on Gmail. The term in Romanian means “selling souls.” D.C. officials quickly took the closed-circuit TV system offline, removed the software and restarted the cameras. They ignored the ransom demand. Authorities said they later learned that some of the emails routed through the police computers referenced IP addresses (a computer’s unique address) that did not include systems owned by D.C. police. Authorities said one was a health-care company in London. One browser downloaded onto the police computer had a user name listed as “David Andrew” with a Gmail account of “david.andrews2005.” In one affidavit filed in the case by the Secret Service, prosecutors say Isvanca and Cismaru also set up a fake company called Lake L. and linked it to Amazon.com.uk. Authorities said investigators found some of the same emails used by the fake company as used by the hackers on the police computers. When people placed orders with Amazon, the affidavit says, the suspects used stolen credit cards to buy the requested items at another website. Once those items were shipped from the other website, the affidavit says the suspects provided those postal tracking numbers to Amazon, which then released the money paid by the purchasers to the suspects. Police in Romania and in the United States were able to track various computer IP addresses and email accounts to the suspects, according to the affidavit. One tip came from an online takeout order from Andy’s Pizza, a restaurant in Bucharest. The person placed an order on Jan. 9, 2017 — the same day the D.C. computers were hacked — using the david.andrews2005 account and giving the clerk the name “Mihai Alexandru,” according to an invoice pulled by police and referenced in the affidavit filed in federal court. Later, during an interview with investigators, the affidavit says Isvanca told them that Cismaru lived in a fifth-floor apartment on Strada Bucur, near downtown and where the takeout order had originated. That, police said, helped them link the email address to the suspects. Rice said that police in cyber-investigations try to collect hard evidence such as a paper receipts to make it more difficult for a defendant to argue that someone else had used or hacked a computer. The receipt from Andy’s, Rice said, is probably that type of evidence. Rice said it appears that U.S. and foreign law enforcement agencies worked well together, but he warned “that we can’t rely on law enforcement as a deterrent” to cybercrimes. “We have got to hold companies and organizations responsible for implementing basic security practices that make it difficult for criminals. They are tempted by this low-level fruit.” Source
  6. Face recognition will be used to harm citizens if given to governments or police, writes Brian Brackeen, CEO of the face recognition and AI startup Kairos, in an op-ed published by TechCrunch today. Last week, news broke that bodycam maker Axon requested a partnership with Kairos to explore face recognition. Brackeen declined, and writes today that “using commercial facial recognition in law enforcement is irresponsible and dangerous.” “As the Black chief executive of a software company developing facial recognition services, I have a personal connection to the technology both culturally, and socially,” Brackeen writes. Face recognition is one of the most contentious areas in privacy and surveillance studies, because of issues of both privacy and race. A study by MIT computer scientist Joy Buolamwini published earlier this year found face recognition is routinely less accurate on darker-skinned faces than it is on lighter-skinned faces. A serious problem, Brackeen reasons, is that as law enforcement relies more and more on face recognition, the racial disparity in accuracy will lead to consequences for people of color. “The more images of people of color it sees, the more likely it is to properly identify them,” he writes. “The problem is, existing software has not been exposed to enough images of people of color to be confidently relied upon to identify them. And misidentification could lead to wrongful conviction, or far worse.” Law enforcement agencies have increasingly relied on face recognition in the U.S., celebrating the tech as a public safety service. Just last week, Amazon employees rallied against the use Rekognition, the company’s face recognition technology, by police. Once optional for U.S. citizens, the Orlando Airport now mandates face scans for all international travelers. And CBP has moved to institute face recognition at the Mexican border. In areas where identifying yourself is tied to physical safety, any inaccuracies or anomalies could lead to secondary searches and more interactions with law enforcement. If non-white faces are already more heavily scrutinized in high security spaces, face recognition could only add to that. “Any company in this space that willingly hands this software over to a government, be it America or another nation’s, is willfully endangering people’s lives,” concludes Brackeen. “We need movement from the top of every single company in this space to put a stop to these kinds of sales.” More on this at [TechCrunch] Source
  7. San Bruno police and San Mateo County sheriff’s deputies rushed to YouTube’s headquarters in San Bruno Tuesday afternoon in response to an active shooter inside the building. Several YouTube employees reported on social media hearing gunfire and running for their lives. “Heard shots and saw people running while at my desk,” one employee, Vadim Lavrusik, wrote on Twitter just before 1 p.m. “Now barricaded inside a room with coworkers.” There were no immediate details from authorities other than to confirm that there was an active shooter inside the building at 901 Cherry Avenue. A witness told The Chronicle they saw at least one person with a gunshot wound. “We are responding to an active shooter,” San Bruno police tweeted at 1:28 p.m. “Please stay away from Cherry Ave & Bay Hill Drive.” The building is being evacuated. Authorities have not confirmed reports of injuries or fatalities, but workers who were in the building described a chaotic scene as people scrambled away from a gunman wearing body armor. “I was in the courtyard and we heard the gunshots then saw him. He had a shooting mask on, full body armor and was calmly walking and firing a handgun,” Salahoden Abdul-Kafi, a YouTube product manager wrote on Facebook. “We jumped to the floor then ran as fast as we could. I'm on my way home now.” Abdul-Kafi said he was OK “but I don't know about a lot of coworkers.” It still wasn’t clear an hour after the first reports came in whether the shooter was still in the building. As helicopters circled overhead, police started taking statements from those who were in the building when the shooting began. Dozens of employees stood near a parking garage across the street from the company’s headquarters. They were on their cell phones, contacting friends and family and recounting what happened. One group of employees — who declined to provide their names because of YouTube’s media policy — said they were sitting at their desks working around 1 pm when they suddenly heard a “pop-pop-pop.” Source
  8. Police issued a warrant for devices surrounding a potential homicide. Google was served at least four sweeping search warrants by Raleigh, North Carolina police last year, requesting anonymized location data on all users within areas surrounding crime scenes. In one case, Raleigh police requested information on all Google accounts within 17 acres of a murder, overlapping residences, and businesses. Google did not confirm or deny whether it handed over the requested data to police. WRAL reporter Tyler Dukes found four investigations in 2017 where police issued these uniquely extensive warrants: two murder cases, one sexual battery case, and an arson case that destroyed two apartment complexes and displaced 41 people. Police routinely request information from technology companies—Google says it shares data with law enforcement about 81% of the time—but these specific cases are remarkable: Instead of finding a suspect, and then searching that person’s data, police are searching enormous amounts of data to pinpoint a potential suspect. Warrant for data in an arson case in Raleigh The warrants follow the same template: Police requested location data from all phones that were in the surrounding area of a crime scene, generally within an hour window of when the crime was committed. In the homicide and sexual assault warrant, police drew a box surrounding the scene of the crime, then requested the data for everyone within it. In the second homicide case, it was a circle. Police highlighted a geographic area, requesting data for all devices within Police in each case were requesting account identifiers, an anonymized string of numbers unique to each device, and time-stamped location coordinates for every device. Police wanted to review this information, narrow down their list, and then request user names, birth dates, and other identifying information regarding the phones’ owners. This information doesn’t reveal actual text messages or phone call logs. For that information, police would have to go through a separate warrant process. Disturbingly, if Google has handed over data, it could be under court order not to notify individual users. Google declined to say whether it released data in any of the Raleigh cases, but representatives from the ACLU and EFF reviewed the warrants, questioning Raleigh PD’s justification for the alarmingly broad search. For example, the arson and sexual battery cases don’t mention whether the attacker even had a cell phone. The warrants say police are also interested in locating potential witnesses, but does that necessitate this level of search? Investigations are still ongoing for all four cases. So far, only one has resulted in a suspect being arrested. More on this at WRAL Source
  9. Stuffed tiger causes 45-minute police standoff at Scottish farm RYAN W. MILLER | USA TODAY A fake tiger caused a real headache for a Scottish farmer and local police after a 45-minute showdown turned out to be a sham. Scottish authorities said Tuesday that officers had an armed standoff with a stuffed tiger over the weekend. "It's true — our officers had a roaring shift on Saturday night," the North East Police Division wrote in a Facebook post. The incident began when Bruce Grubb, 24, thought he saw the large cat lurking on his farm in Peterhead, Scotland and quickly called police. Officers arrived at the scene but remained in their vehicles to figure out the best strategy, the Scottish Sun reported. "I had absolutely no doubt it was real," Grubb told the newspaper. "I got a hell of a scare. I was worried it was going to eat all my cows before police managed to shoot it." After a still, nearly hour-long stare down with the alleged beast, Grubb inched closer in his truck, only to discover the animal was a stuffed toy. Police said armed officers were sent to the scene "as a contingency," but were not deployed. "Until you know exactly what you are dealing with, every option has to be considered," Peterhead Inspector George Cordiner said. Grubb, who was hosting a small party at the time, denied that alcohol impaired his judgment and said he hadn't drank because the 200 pregnant cows on his farm "could drop at any time." "I was stone cold sober, drink had nothing to do with me thinking it was real," he told the Sun. Despite the false alarm, police praised Grubb's decision to make the call when he thought he was in danger. "We appreciate that it was a false call made with genuine good intent," Cordiner said. Thinking the toy was placed on his property as a joke, Grubb said he doesn't know who put it there.
  10. Facebook is one social media platform where people from all walks of life share pretty much everything about their life, from work and school to events and adventures. It’s a giant database constantly feeding and growing on personal information. By the end of the first quarter of 2018, Facebook had more than 1.9 billion active users around the world. It should therefore come as no surprise that requests for Facebook data from government agencies have also skyrocketed with time. Law Enforcement Agency Requests for Facebook Data Continue to Rise According to the Facebook biannual report, which provides a good idea of how interested US law enforcement agencies really are in the data that Facebook users create on a daily basis, that interest is increasing. In fact, from the first half of 2013 to the end of 2016, the total data requests and accounts targeted by law enforcement agencies have more than doubled. What’s perhaps more alarming is that around 56 percent of all government requests accompanied a non-disclosure order that legally restrains Facebook from notifying the affected user. So, there is no way Facebook users would know if US law enforcement agencies either requested their data or if it has been compromised. According to the Facebook report, by the second half of 2016, Facebook received 14,736 search warrant requests, 6,536 subpoenas, 738 court orders (18 USC 2703(d)), 236 court orders (non-18 USC 2703(d)), 1,948 pen register/trap and trace requests, 1,695 emergency disclosures and 125 real-time wiretap requests. Action of ACLU against these Alarming Stats The American Civil Liberties Union (ACLU) has taken notice of these stats. It has especially voiced concerns over the complete absence of disclosures that play an integral role in the transparency of the entire process. What is more disturbing, however, is that businesses have realized how big a gold mine social media platforms like Facebook and Twitter really are since they store everything they could possibly want to know about a potential consumer. By knowing about the personal information, geolocation, browsing habits, and likes and dislikes of Facebook users, businesses would be in a better position to tailor their ads according to their needs, tastes and preferences. So your personal data is literally up for sale to the highest bidder. Nicole Ozer, Director of Technology and Civil Liberties Policy at ACLU California, stated in a post on govtech.com that the legal framework of California has seen consistent progressive updates over the years, but federal communications privacy law is one area that still remains unchanged for more three decades. Ozer is quoted, “The federal law, the Electronic Communications Privacy Act, is supposed to … make sure there are proper safeguards in place for when the government can demand electronic information, including things like data from Facebook. That law has not been updated since 1986. In 1986, cellphones were the size of bricks, Mark Zuckerberg was still in diapers, the World Wide Web did not even exist.” She further states that owing to large loopholes in outdated privacy laws, many US law enforcement agencies continue to aggressively pursue myriad forms of digital communications with complete impunity and absolute disregard for user privacy. Of the various types of information available to be collected by law enforcement, Ozer believes there is one in particular that should concern Facebook users the most. There is information out there on the back end of platforms and services that is not easily visible to the public. “This data isn’t publicly available where you can just go onto Facebook; this is actually data held by the back end of the company and you are compelling it with a warrant or another type of legal process,” explained Ozer in the govtech.com post. “That third piece, the kind of legal process that is required for sort of accessing this very sensitive back-end data, that law has not been updated and it leaves a lot of gray areas, which can make users quite vulnerable.” Seeing how government requests for Facebook data have more than doubled in the last four years, this should leave a lot of questions on the minds of users of social media, the most important of which is, “How safe is our data on social media?” And the brutal irony about all this is that the personal data of Facebook users is being collected and scrutinized by the very people sworn in to protect them! In a Nutshell As digital communication connects the far corners of the globe, we are bound to see more and more people connecting to Facebook and other social media. And with this increase in users, a consequent increase in government requests for intelligence data seems inevitable. So, unless US states solidify their legal framework around digital privacy, bipartisan support at the federal level will continue to encourage law enforcement agencies to exploit loopholes. Source
  11. Windows XP is still running on more than 7 percent of desktops worldwide The Abilene Police Department has decided to finally make the move to Windows 10 as part of an upgrade plan that involves buying technology worth no less than $1.3 million. According to reports, the local City Council approved the investment plan back in January 2016, but the police department is only now performing the transition, after purchasing new equipment and mobile software for vehicles and records management system. The transition to the new devices is going smoothly, local officials said, and with Windows 10, all systems are fully up to date. “The largest selling point to this entire system was the fact that we were operating on antiquated hardware,” Assistant Police Chief Doug Wrenn said. “That is no longer the case today, and I sleep a lot better at night knowing that.” What’s interesting is that the police department was using Windows XP, which was launched in 2001 and which no longer receives support since April 2014. Because the configuration powering these systems was very old, every time something broke down, the IT team purchased replacements parts from eBay, mostly because old hardware can no longer be found in stores. Windows XP still insanely popular Windows XP remains the third most popular desktop operating system in the world after Windows 7 and Windows 10, and by the looks of things, it doesn’t seem like it’s going to disappear anytime soon. Instead, Windows XP appears to be here to stay, with its market share shrinking at an insanely slow pace, despite the fact that it hasn’t received a single security update in the last 3 years. This means that systems still running it can become vulnerable to attacks should hackers develop exploits aimed at unpatched vulnerabilities, and with the recent leaks, finding such security flaws isn’t rocket science. Everyone on Windows XP is obviously recommended to upgrade as soon as possible, though in some cases the transition is a lot more expensive given that hardware upgrades are also necessary. Source
  12. The more we rely on technology, the more detailed a technological footprint we leave behind. A recent study from Deloitte shows that, on average, American millennials check their phones roughly 82 times a day. This dependence on technology has led to a world where most people are never more than a few feet away from their cell phone at any given time. Being constantly connected to the world is one of the many benefits of our advanced society, but unfortunately, privacy regulations haven’t kept pace with the advances we’ve made. Your cell phone records every location you visit if the phone’s location services are turned on, which is more often than not. Called cell-site location information, this data is tracked on both Android devices and iPhones. The information can be quite telling; it might show the location of your home, your office, and other places you visit often. The problem is that it can teach police about a person’s behavior and then can be used against them. In some states, the data can be used without a warrant. Across the country police are using this data to track and catch suspects, and the resulting cases are often challenged in court. Since it’s collected by cellular service providers, the data falls under what’s known as the third-party doctrine, which states that by giving information to a third party—banks, internet service providers, email servers, or in this case, phone companies—users have no reasonable expectation to privacy. Still, suspects in these types of cases often claim that by accessing their cell phone data without probable cause or a warrant, law enforcement is violating their Fourth Amendment right against unreasonable search and seizure. In some instances courts have agreed with these arguments, resulting in a patchwork of guidance governing how the data can be used. For instance, in Commonwealth v. Augustine, Massachusetts’ highest court ruled that the government’s acquisition of this data should require a warrant. Meanwhile, four Courts of Appeals have opined on the issue, and only one, the Fourth Court of Appeals, deemed it necessary for government to obtain a warrant first. These divergent rulings mean that a person could travel to four different states and have widely varying levels of privacy protection for the information collected in each places. In some instances, location-specific data can be fully protected, in others not at all. In one state, law enforcement may only be able to access historical data, and in another they may be able to track a person in real-time. Six states—California, Utah, Montana, Minnesota, New Hampshire, and Maine—currently require a warrant for all cell-site location information. Illinois, New Jersey, and Indiana require warrants for real-time tracking only. Thirty-three states have no binding authority or explicitly allow for law enforcement to access this data without a warrant. That is more than half of US states that offer no protection for extremely personal information. Because of this hodgepodge of regulation, or lack thereof, police often claim authority to access this information without a warrant. The absence of consistent protections for citizens opens up the opportunity for rampant abuse by law enforcement. Lisa Marie Roberts of Portland, Oregon, was wrongfully imprisoned for nearly 10 years because of how law enforcement used this data. Her cell phone registered a site near the scene of a murder, and because her attorney wasn’t able to analyze the data or hire an expert, he advised Roberts to plead guilty to receive a reduced sentence. In 2014, a federal judge granted her release after DNA evidence led to another suspect. In Minnesota, Sarah Jean Mann sought a restraining order against her boyfriend, a state narcotics agent who she claimed abused his access to cell-site data information to stalk her. She was granted the order and the man is no longer a police officer. Cell phones aren’t the only devices that can be used for surveillance. Last year, police in Bentonville, Arkansas, investigating a murder case asked Amazon to provide the audio of the suspect’s Echo smart speaker. Amazon refused to provide the information, and the case is still ongoing. In 2014, law enforcement in New York obtained a warrant obligating Sirius XM to provide location data obtained from telematic equipment1 installed in a customer’s car. Congress has yet to regulate this area and the Supreme Court hasn’t weighed in, but, legislatures across this country are taking up the issue and pushing for broader protections for civilians. Both the Texas and New Mexico legislatures are expected to take up the issue this year; in New Mexico, lawmakers will consider Senate Bill 61, the Electronic Communications Privacy Act, which would require government officials to have a warrant or wiretap order in order to obtain cell-site information. Since this policy area currently resembles the Wild West, cell phone companies are taking advantage of the lax regulations as well. Many are offering a range of surveillance techniques to law enforcement for a fee, including text and call tracing and cell phone location services. Judges in an Indiana case last summer wrote, “In the current digital age, courts have continued to accord Fourth Amendment protection to information entrusted to communications intermediaries but intended to remain private and free from inspection.” Regardless of how far technological advancements go, Americans’ civil rights should always be protected. As long as the issue remains ignored by the federal government or dueled out in courtrooms, state legislatures should continue to strengthen privacy protections by making this data only accessible to law enforcement with a warrant or if they can show that it is relevant to an investigation. Source
  13. Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday. Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized. Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks. Ransomware is malware that is said to be proliferating. It infects computers, often when users click on a link or open an attachment in an email. It then encrypts files or otherwise locks users out until they pay. The D.C. hack appeared to be an extortion effort that”was localized” and did not affect criminal investigations, city officials said. On Jan. 12 D.C. police noticed four camera sites were not functioning properly and told OCTO. The technology office found two forms of ransomware in the four recording devices and launched a citywide sweep of the network where they found more infected sites, said Vemulapalli. The network video recorders are connected to as many as four cameras at each site, she said. “There was no access from these devices into our environment,” Vemulapalli said. Interim Police Chief Peter Newsham said that police worked with OCTO but that the incident was limited to about 48 hours He said there was “no significant impact” overall. City officials declined to say who they suspected in the attack. Source
  14. Cockrell Hill, Texas has a population of just over 4,000 souls and a police force that managed to lose eight years of evidence when a departmental server was compromised by ransomware. In a public statement, the department said the malware had been introduced to the department's systems through email. Specifically, it arrived "from a cloned email address imitating a department issued email address" and after taking root, requested 4 Bitcoin in ransom, worth about $3,600 today, or "nearly $4,000" as the department put it. It was at this point that the cops' backup procedures were tested and found to have failed to account for the mischief. When recovery was attempted, they realised they had only managed to back up the encrypted files. The cops then spoke to the FBI "and upon consultation with them it was determined there were no guarantees that the decryption file would actually be provided, therefore the decision was made to not go forward with the Bitcoin transfer and to simply isolate and wipe the virus from the servers". Guarantee or not, the criminals operating ransomware schemes often do indeed decrypt the hijacked files if victims pay up. This is simple economics: if the criminal has a reputation for receiving money without decrypting the files, then their victims will be discouraged from paying up, and this is all about the money. The ransomware is described as having "affected all Microsoft Office Suite documents, such as Word documents and Excel files. In addition, all body camera video, some in-car video, some in-house surveillance video, and some photographs that were stored on the server were corrupted and were lost." While the police state that the malware "was determined to be an 'OSIRIS' virus" no such virus actually exists. Instead, the police seem to have been confused by a new extension being used by the Locky ransomware, which renames the files it encrypts and gives them a .osiris extension. According to news channel WFAA, which broke the story, the department initially discovered the infection back in December, but had not gone public with the information. Instead, the news began to emerge "when the department began alerting defense attorneys that video evidence in some of their criminal cases no longer exists". Stephen Barlag, Cockrell Hill's police chief, said of the encrypted docs: "None of this was critical information." WFAA quoted J Collin Beggs, a criminal defence lawyer in Dallas, who said: "That depends on what side of the jail cell you're sitting," referencing a client of his, charged in a Cockrell Hill case involving some of the lost video evidence. Beggs bemoaned the loss of the video evidence, stating it was significant to his client and to others that the department has charged. "It makes it incredibly difficult if not impossible to confirm what's written in police reports if there's no video," Beggs said. "The playing field is already tilted in their favor enormously and this tilts it even more." Beggs said he has asked the FBI for proof that the computer virus incident happened. An FBI spokeswoman on Wednesday told News 8 that the bureau does not "confirm or deny the existence of an investigation." Chief Barlag contacted The Register shortly after the publication of this article to let us know: "We have been or will be able to recover most if not all of our digital evidence. I am not aware of any criminal cases that will be dropped as a result of this virus." ® Updated to add Stephen Barlag, chief of Cockrell Hill police, has been in touch to say: "We have been or will be able to recover most if not all of our digital evidence. I am not aware of any criminal cases that will be dropped as a result of this virus." Source
  15. When a user sends someone a message through Apple’s iMessage feature, Apple encrypts that message between Apple devices so that only the sender and recipient can read its contents. But a Wednesday report from news site the Intercept is a good reminder that not all data related to iMessage has that same level of protection -- and that information can still be turned over to law enforcement authorities. That may be surprising to everyday users who view Apple as a privacy champion after it's legal battle with the Justice Department this year over a court order that would force the company to break its own security measures. But to experts, it's just a fact of how communication systems work. For instance, as security expert and noted iPhone hacker Will Strafach notes, Apple needs to know things such as whom you're chatting with via iMessage so that it can deliver your messages. According to a document obtained by the Intercept, Apple logs information about whom you're contacting in iMessage while the app figures out if the person you are texting is also using an iOS device. If they are using iOS, the message gets encrypted and routed through iMessage, which is signaled by blue chat bubbles. If the recipient is not using an Apple device, the message gets routed as a standard text without that extra layer of encryption, and messages appear in green bubbles in the iMessage app. According to the document, which the Intercept says originated "from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team," these logs don’t necessarily show that you messaged someone. Instead, they show when you opened up a chat window and selected the contact or entered a phone number. Apple says those logs are wiped every 30 days. But because that data exists at all, police can use court orders to force the company to hand it over. And, as the Intercept notes, in ongoing investigations it's possible to extend court orders to get new data, which would allow law enforcement to build a record that goes beyond just 30 days. "When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession," Apple told The Washington Post in a statement. "In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices." Apple emphasized that because iMessages are encrypted, the company is not able to give police access to the content of conversations. Nor do the message logs "prove that any communication actually took place." All of this seems consistent with Apple’s legal process guide, which notes that information about your contacts is among the data it may turn over to investigators when served with a court order or subpoena. Of course, metadata can still be incredibly revealing, especially when analyzed over time: Knowing whom you're messaging (or even thinking about messaging) can reveal who's in your social network or expose personal data. For instance, if you’re regularly sending text messages to a suicide crisis line someone reviewing your log could assume that you’re having a serious mental health crisis. That type of privacy concern is among the reasons why civil liberties advocates pushed back so hard on the now defunct National Security Agency program that allowed the government to collect bulk metadata about Americans' phone calls, including the numbers they dialed and duration of calls. The Intercept also raised another issue about the logs: They appear to contain IP addresses, which can be used to determine a user's general location. Revealing that information, the Intercept argues, seems to run counter to a statement Apple made in the wake of Edward Snowden’s revelations about the extent of the NSA’s spying powers. “[W]e do not store data related to customers’ location, Map searches or Siri requests in any identifiable form,” Apple said in the June 2013 statement. But it’s worth noting that the geolocation information that can be determined by IP addresses is typically less specific than what you’d get from GPS data or from looking up a specific address. And Apple’s legal process guide also notes that IP addresses are among the information that police can request with a court order or subpoena. Source: https://www.washingtonpost.com/news/the-switch/wp/2016/09/30/why-apple-can-be-forced-to-turn-logs-of-your-imessage-contacts-over-to-police/
  16. A report published this week by the Electronic Frontier Foundation (EFF) warns about the misuse of IP addresses by police and courts, and makes recommendations on how such information can be used efficiently. An increasing number of incidents shows that law enforcement often considers IP addresses a clear indicator of a person’s location or identity. For instance, several privacy activists maintaining Tor exit nodes in their homes have been raided by law enforcement investigating child pornography and other crimes. Internet mapping services that provide a default location when only limited information is available has also caused problems for innocent individuals. Another issue is that police often overstate the reliability of IP address information when trying to obtain a warrant or subpoena. According to the EFF, law enforcement also often uses inaccurate metaphors to explain IP addresses, such as comparing them to physical mailing addresses and license plates. Some judges have begun to realize that an IP address is not enough to determine someone’s guilt. In one such case, a federal court in Oregon dismissed a direct copyright infringement complaint against an individual who allegedly pirated a movie. However, there is more work to be done and the report published by the EFF aims to teach law enforcement and courts on how to reliably use IP information when investigating crimes. The organization pointed out that improper use of such data is especially risky when trying to determine someone’s identity or physical location. The EFF has advised police to treat IP information the same as tips received from anonymous informants. When it gets information from an anonymous informant, law enforcement must also demonstrate probable cause in order to obtain a warrant. Digital rights advocates believe the same skepticism must also be applied by courts and police when provided with IP addresses. “Law enforcement must be required to investigate further, including identifying other electronic or physical evidence that corroborates their theory that evidence of the crime is likely to be found at the physical location that is associated with a particular IP address,” the EFF said in its whitepaper. “And courts must be informed of the technological limitations of the evidence so that they can independently ensure that IP address information is reliable before authorizing law enforcement intrusion into individual privacy.” For a more reliable use of IP information, police and judges should ensure that the link between an IP and a location is based on data from an Internet services provider – rather than a mapping service that could be pointing to a default location – and physical surveillance of the property. As for tying an IP to an identity, law enforcement and courts should make sure that the IP is not associated with a home or organization where several people use the same Internet connection, and that the IP is not associated with servers used to operate the Tor anonymity network. Source: http://www.securityweek.com/eff-warns-police-courts-about-unreliability-ip-addresses
  17. Windows XP no longer receives updates and security fixes since April 8, 2014, but this doesn’t necessarily mean that everyone dumped it and moved to a newer operating system. But what’s worse is that even authorities around the world keep using Windows XP, and the most recent example comes from London, where the Met police is still running this 15-year-old operating system on approximately 27,000 PCs. The Inquirer reports that the Metropolitan Police has an on-going contract with Microsoft to receive custom patches for these PCs, even though more than 2 years have passed since Windows XP reached end-of-support. Details on how much the Met Police is paying for custom patches are not available. PCs now being upgraded to... Windows 8.1 London Assembly member Andrew Boff says that some more PCs are expected to be upgraded to… wait for it… Windows 8.1 this year in September, but many will continue to run Windows XP. Until now, approximately 8,000 PCs have already been upgraded, Boff explains, with another 6,000 to make the switch this year. “Operating systems age more like milk than wine, and Windows XP is well past its sell-by date. The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27,000 computers still use it is worrying,” Boff is quoted as saying. “My major concern is the security of Londoners' information on this dangerously out-of-date system, but I would also like to know how much money the Met has wasted on bespoke security updates. I also question the choice to upgrade to Windows 8.1; this is neither the newest nor the most used version of Windows. Staff are likely to be more familiar with Windows 10, but most importantly it will be supported further into the future.” The Met’s choice not to upgrade to Windows 10, especially since the switch is performed this year, is quite odd, but no matter the operating system, the transition needs to be completed as soon as possible. No specifics have been provided as to what info these Windows XP computers are storing, but they obviously handle data of many Londoners, so they expose millions of people to additional risks by simply running outdated software. Source
  18. Google's data is precise enough to place suspects at the scene of a crime In February 2015, a man with a painter’s mask and a gun walked into a Bank of America office in Ramona, California, and walked out with more than $3,000. Police tried to track down the bank robber, but the mask prevented a positive ID and the trail went cold. Until, in November of the same year, someone matching his description robbed the same bank again. This time, witnesses identified Timothy Graham, a 64-year-old who had taken out steep loans from Chase earlier that year. When they searched Graham’s apartment, investigators found clothes and a gun matching those used in the robbery, effectively sealing the case. The November holdup was solved, and there was reason to think Graham had been responsible for the February holdup too, but how could they prove it? None of the witnesses saw Graham’s face in February, and Graham himself wasn’t talking. He was physically similar to the man who held up the bank in February — but it was only enough to keep the case going, not enough to make it stick. So investigators tried a new trick: they called Google. In an affidavit filed on February 8th, nearly a year after the initial robbery, the FBI requested location data pulled from Graham’s Samsung Galaxy S5. Investigators had already gone to Graham’s wireless carrier, AT&T, but Google’s data was more precise, potentially placing Graham inside the bank at the time the robbery was taking place. "Based on my training and experience and in consultation with other agents," an investigator wrote, "I believe it is likely that Google can provide me with GPS data, cell site information and Wi-fi access points for Graham’s phone." That data is collected as the result of a little-known feature in Google Maps that builds a comprehensive history of where a user has been — information that’s proved valuable to police and advertisers alike. A Verge investigation found affidavits from two different cases from the last four months in which police have obtained court orders for Google’s location data. (Both are embedded below.) Additional orders may have been filed under seal or through less transparent channels. It’s not clear whether either of the public warrants were filled. No Google-based evidence was presented in Graham's trial, and the other suspect plead guilty before a full case could be presented. Still, there's no evidence of a legal challenge to either warrant. There's also reason to think the investigators' legal tactic would have been successful, since Google’s policy is to comply with lawful warrants for location data. While the warrants are still rare, police appear to be catching on to the powerful new tactic, which allows them to collect a wealth of information on the movements and activities of Android users, available as soon as there’s probable cause to search. The data is collected by Google's Location History system, which has been present in various services for years but was made particularly visible with the release of Timeline last July. Location History uses the data in Maps to build a persistent portrait of where a user has traveled with their phone, a history that can be viewed or edited in the Timeline tab of Google Maps. Every time Google Maps establishes a strong enough location point, the system makes an entry in the user’s Timeline history, establishing that the user was in that place at that time. Google Photos users can even incorporate photos into the stream if the systems are fully integrated. The result is meant to let users "visualize your real-world routines," as Google put it in Timeline's official announcement, similar to Facebook's persistent history of everything you've shared. While a user's Location History is largely private, Google can still use the data to target ads, and it's accessible to warrant requests from law enforcement. It's also only collected if a user enabled Location History while setting up their phone, although declining to do so also disables Google Now and other features. The data is far more accurate than what's available from other sources. Police routinely request location data from phone companies, but the result is determined on the basis of the nearest cell tower, which typically only provides a general estimate of a phone's location. (In Graham's case, AT&T warned that the results were "less than exact," and they were subsequently ruled inadmissible.) The location systems in Android and iOS combine that data with GPS, local Wi-Fi networks, and other sources. That lets Android pinpoint users to a single building, rather than a single city block. That capability is also being actively promoted within the law enforcement community. In November, The Intercept reported a training manual specifically instructing police in how to obtain Android location data, available online here. Written by police training expert Aaron Edens, the manual instructs police in how to issue preservation orders to prevent the loss of user-deleted data and how to manage the KMF location files Google typically provides in response to warrant requests. The manual even offers a template for search warrants requesting the data. Both affidavits uncovered by The Verge were filed in the months following the publication of Edens' manual, although it's unclear if either team of investigators read the manual itself. The capability is far more widespread on Android phones than iOS. While both iOS and Android can judge location with the same precision, the Location History functions can't easily log that data outside of the Android ecosystem. Android phones pair to Google accounts at the operating system level, so as long as Location History is enabled when the phone is first launched, location data can be collected even if you've never opened the Timeline tab. The result is a comprehensive location record, collected entirely in the background. It’s possible to construct a similar record from an iPhone, but it’s much more difficult. Google Maps can collect the same location data in iOS, but it doesn't automatically connect that information to a specific user. iPhone users can get the same Timeline experience by installing the Google app, which also enables Android-style voice search, but it requires significant action on the user’s part. The Verge’s research turned up no equivalent affidavits concerning iOS phones or data stored by Apple Maps. It would be possible, even profitable, for Apple to build an equivalent system in Apple Maps, but so far, the company has declined to do so. Apple does collect location data from users, but according to the company's privacy policy, "Location data is collected anonymously in a form that does not personally identify you" unless the user provides explicit consent. Apple executives say the resulting data is not tied to a user's account, and thus cannot be used to determine a specific person's location after the fact. There are a few ways for Android users to manage or opt-out of that record once they're aware of it. Users can delete or rename specific data points from within the Maps app, which Google says will delete the information from company servers within half an hour of the initial request. (Police can request the preservation of those records once a specific suspect is identified, but that won't preserve data retroactively.) You can also opt-out of the system entirely by turning off Location History, a broad setting that also disables Google Now and the Explore function in Maps. That choice is presented during the setup of an Android phone, but modifiable at any point afterwards. Consistent location records are extremely valuable for Google’s advertising business. Google's DoubleClick system can use the records to target ads more precisely, a system that brings in billions each year and effectively funds the company's product ventures. The better Google’s data is, the more its ads are worth — a strong incentive for continuing to collect and store exact location data. "The more Google knows about your shopping, dining, commuting persona, it ultimately translates to higher CPMs for marketers," says Mike Ragusa, a director of mobile at IgnitionOne. "They want to know not just that you were in a mall, but that you were in a Gap store." Unlike data given to police, the advertising data is targeted in aggregate form, making it extremely difficult for a third-party advertiser to reconstruct a specific person's activities. With a warrant, police can see the private, individual form of the data, which is otherwise only available to Google. That data can be extremely valuable to an investigation, since unlike carrier data, it's often precise enough to place a suspect at the scene of the crime. In Graham’s case, that’s exactly what investigators were hoping to do, using the collected Android data to prove the accused armed robber was inside the bank when the robbery took place. In another case, police were looking to solve 12 different retail robberies in the DC metro area over the course of a year. Police believed the same man was behind all 12 robberies, based on his weapon and choice of tactics. When a man named David Flowers was arrested in connection with the last robbery, police turned to his phone, an HTC Desire 610. On the basis that Google "collects and retains location data from Android enabled mobile devices," police requested all the location data between the phone’s activation and the date of Flowers’ arrest. These are the only two public affidavits uncovered so far, but it’s entirely possible that more have been filed under seal. Business records of this kind are also frequent targets for national security requests, a gag-ordered subpoena that some judges have criticized as unconstitutional. The company’s most recent transparency report lists just over 12,000 US government requests in the first half of 2015, 78 percent of which produced some user data, although the majority of those requests are typically for Gmail inbox content. The company does not break out location requests individually. It’s also difficult to be sure that Google complied with either of the two public affidavits, although the court record shows no legal objections filed. Reached by The Verge, a Google representative declined to comment on the specifics of the cases, but said the warrants were consistent with the company's general policy towards user data. "We respond to valid legal requests and require a warrant to disclose Location History information," a Google spokesperson said in a statement. "We have a long track record of advocating on behalf of our users." In requiring a warrant, Google is choosing a higher standard than many courts. Earlier this week, the Fourth Circuit Court of Appeals maintained that the lighter burden of a subpoena was sufficient to obtain location records from a wireless carrier, although the precedent remains controversial. But all the courts agree warrants are sufficient, and since the location records are available on Google servers, it’s not clear whether the company would have legal grounds for resisting the orders. There’s also reason to think there will be more orders in the months to come, as more investigators learn how to access Google's cache of data. As Edens' manual makes clear, being able to track a suspect's movements after the fact is a powerful investigative tool — too powerful for police to pass up. "This could revitalize cold cases and potentially help solve active investigations," Edens writes in the manual. "The personal privacy implications are pretty clear but so are the law enforcement applications." The Source
  19. Over the past few years, police in Europe and the United States have scored some notable botnet-busting successes, disrupting malicious infrastructure and in some cases also identifying and arresting the "botnet herders" and other cybercriminals involved (see Dorkbot Botnets Get Busted). See Also: How to Mitigate Credential Theft by Securing Active Directory But other cybercrime gangs and fraudsters who rely on botnets and malware to generate illegal profits have been adapting. "What we're seeing is the bad guys are starting to learn from this," said Steven Wilson, head of the European Cybercrime Center at Europol - the EU's law enforcement agency - at a recent cybersecurity conference. "They now have their disaster recovery plans. They're the ones who can be back up and running within a day to two days." Wilson delivered those remarks in his keynote presentation at the May 10 "International Conference on Big Data in Cyber Security" hosted by Edinburgh Napier University in Scotland. He provided some new insights into law enforcement agencies' cybercrime-related investigative techniques. Wilson has led EC3 since January. Previously, the 30-year veteran of Police Scotland oversaw all cyber and cyber-enabled crime investigations across Scotland. Criminals' reliance on backup botnets was also described by Andy Settle, head of special investigations at security firm Forcepoint, formerly known as Raytheon Websense, who told the conference that many gangs are "preparing smaller botnets as a resilient infrastructure so that I can lose one, and I still have six to seven of them." Keeping fully functional backup botnets small means they frequently evade detection by security researchers or law enforcement agencies, he added. Botnet-using criminals, of course, have an economic incentive to utilize disaster recovery best practices to keep their malicious infrastructure humming. Indeed, botnets can generate outsize profits for gangs who steal online banking credentials to commit fraud, infect PCs with ransomware or turn infected "zombie" endpoints into spam, phishing and distributed denial-of-service attack relays. Wilson said that disrupting botnets via sinkholing - forcibly redirecting infected, "zombie" endpoints to servers controlled by authorities, thus blocking attackers' access to them - can give law enforcement agencies new insights into how the latest botnets are being built and deployed, provided they can master related "big data" challenges. "In the last two to three years, we've seen significant developments with botnets - 3 million, 4 million, 5 million controlled computers. The amount of data that's coming from the sinkholing that we do to prevent the actual attacks from them, again we've got a massive resource in there to look at," he said. "The important thing for us is to look at this and say, 'How can we actually more effectively analyze that data?' But [it's] volumes beyond the comprehension of what we've ever dealt with before. And for me ... big data analytics is the way to go forward regarding this." Battling Bitcoin-Using Criminals Wilson said police have also made strides when it comes to battling criminals who use bitcoins (see Europol Announces DD4BC Arrests). In part, he said, that's been aided by analyzing the blockchain, which is the public record of every bitcoin transaction. While the pseudo-anonymous cryptocurrency system doesn't list users' names, past cases have revealed that law enforcement agencies do have some capabilities - which they have not publicly detailed - to analyze and cross-reference bitcoin transactions and other information to help them better follow the money. Eamonn Keane, a detective inspector with Police Scotland's cybercrime unit, told conference attendees that it's well known that authorities continue to find new ways to infiltrate dark net forums to bust bitcoin-using criminals. "Are law enforcement in there? Absolutely. That's been charted already with regards to Silk Road, Silk Road 2," he said. "We have a mandate to protect you in the real world; increasingly it's moving into the online environment." EC3's Wilson said many bitcoin-related arrests have been the result of police working with academics to better analyze blockchain transactions (see Tougher to Use Bitcoin for Crime?). Going forward, he hopes that such analysis will help authorities more rapidly spot signs of criminal cryptocurrency use. "There are opportunities in there to predict what's happening and to actually target offenders from that side of things," he said. Emerging Cybercrime Trends Wilson credits many recent cybercrime investigation success stories, in part, to the EU Joint Cybercrime Action Task Force, or J-CAT, which brings together representatives from nine of the EU's biggest member states, as well as representatives from other countries, with a dedicated prosecutor from Eurojust, the EU agency that handles cross-border judicial cooperation relating to criminal matters. That combination has "has allowed us to actually cut through the bureaucracy, the differences in legislation, to actually tackle cyber criminality," Wilson said. In 2015, JCAT took on 20 of the top-level police cases - or "jobs" - in Europe and the United States and successfully concluded nine of them with arrests, he said. "I would suggest that these jobs going back probably three or four years ago were ones that I thought actually probably would never be detected, or could have taken four or five years [to detect]," he said. Europol Gets Expanded Powers Beyond the launch of EC3 in 2013, European officials have continued to double down on the type of information sharing and cross-border coordination that it provides, especially when battling terrorism, child sexual abuse and exploitation, as well as cyber-enabled crime (see How Do We Catch Cybercrime Kingpins?). On May 11, the European Parliament adopted a new regulation that includes new powers for Europol that are designed to help it more quickly - and easily - tackle cross-border terrorism and organized crime. "The new EU regulation will make it easier for Europol to set up specialized units to respond immediately to emerging terrorist threats and other forms of serious and organized crime," Europol said in a statement. Europol said the new powers will enable it to function as "the EU's information hub" and better coordinate between law enforcement agencies in Europe and beyond, aided by the European Counter Terrorism Center and the EU Internet Referral Unit. The Source
  20. A Baltimore police detective shot a boy Wednesday afternoon who he wrongly believed was carrying a semiautomatic pistol, Police Commissioner Kevin Davis said. The boy suffered what police called non-life-threatening injuries to a "lower extremity," Davis said. The weapon turned out to be spring-air-powered BB gun -- not a real firearm. The boy's mother identified him as 14-year-old Dedric Colvin, an eighth-grader. Volanda Young said her son was shot once in the shoulder and once in the leg. The incident came on the day city officials marked the one-year anniversary of the Freddie Gray riots. Davis said two plainclothes detectives were driving when they spotted the boy with what appeared to be a firearm. The detectives got out of their vehicle, identified themselves as officers and told him to stop, Davis said. The boy began running, the officers gave chase for about 150 yards, and one detective shot the boy, Davis said. Young said she was home Wednesday afternoon when an older son came banging on the front door. "Ma," Alvin Colvin said. "The police shot Dedric." Young said she ran outside to find the boy bleeding in a side street near a basketball court. "All I could see was blood," she said. "I was screaming." Police did not release the boy's name. They said he was 13. The detectives were not injured, Davis said. Police did not release their names They did release a photograph of the gun they said he was carrying. It appeared to show a Daisy brand PowerLine Model 340 spring-air pistol. After decades in law enforcement, Davis said, he might have mistaken it for a firearm. "I looked at it myself today, I stood right over top of it, I put my own eyes on it," he said. "It's an absolute, identical replica semiautomatic pistol. Those police officers had no way of knowing that it was not, in fact, an actual firearm. It looks like a firearm." Dedric was taken to Johns Hopkins Hospital. Young said she pleaded with police: "Is my son alive?" She said she was leaving to call the hospital when officers handcuffed her and put her in a police car. "It was humiliating," she said. She said she was taken to a police station and asked questions. At one point, she said, she was put in a cell. She said officers told her she was being belligerent. After two hours, she estimated, she was driven to the hospital: "I begged them to take me." She spoke in her home Wednesday evening. A medal that Dedric earned in the Baltimore Urban Debate League hangs on a trophy in the living room. "He gets good grades. My son is a good kid," Young said. "I know he was scared. They shot at him while he was fleeing." She said she didn't know where he got the BB gun. The incident recalled the death of Tamir Rice, the 12-year-old Cleveland boy who was shot by a police officer in November 2014 after he brandished a toy gun in a public park. The City of Cleveland agreed this week to pay $6 million to settle a federal lawsuit brought by Rice's family. The heavy police presence Wednesday drew neighbors to the scene. Some milled around, condemning what they described as more police brutality in the city. Some noted that the shooting occurred on the day that Mayor Stephanie Rawlings-Blake was hosting a "reconciliation" event in West Baltimore to mark the one-year anniversary of the riots that erupted on the day Gray was buried. The 25-year-old Baltimore man died after suffering a severe spinal cord injury in police custody. Six officers have been charged in Gray's arrest and death; all have pleaded not guilty. Davis said the anniversary was "not lost" on him, either. "The job of police officers here and elsewhere goes on," he said. "Police officers don't take days off. We're constantly tasked with responding to the concerns of the community. Public safety never takes a day off." He noted a recent spike in homicides and nonfatal shootings in the city, and said officers are expected to confront people they believe are armed. "The last 24, 48 hours, we've had a significant spate of gun violence and homicides and nonfatal shootings in our city, so our police officers were doing exactly what we have asked them to do," he said. ARTICLE SOURCE
  21. Eh Wah had been on the road for 12 hours when he saw the flashing lights in his rear-view mirror. The 40-year-old Texas man, a refugee from Burma who became a U.S. citizen more than a decade ago, was heading home to Dallas to check on his family. He was on a break from touring the country for months as a volunteer manager for the Klo and Kweh Music Team, a Christian rock ensemble from Burma, also known as Myanmar. The group was touring the United States to raise funds for a Christian college in Burma and an orphanage in Thailand. Eh Wah managed the band's finances, holding on to the cash proceeds it raised from ticket and merchandise sales at concerts. By the time he was stopped in Oklahoma, the band had held concerts in 19 cities across the United States, raising money via tickets that sold for $10 to $20 each. The sheriff's deputies in Muskogee County, Okla., pulled Eh Wah over for a broken tail light about 6:30 p.m. on Feb. 27. The deputies started asking questions -- a lot of them. And at some point, they brought out a drug-sniffing dog, which alerted on the car. That's when they found the cash, according to the deputy's affidavit. There was the roughly $33,000 from ticket sales and donations, much of it earmarked for the religious college back in Burma, according to Eh Wah and the band members. There was the $1,000 in cash donations to the orphanage in Thailand, small bills bundled in two or three dozen sealed envelopes with the orphanage's name written on them. There was $8,000 in cash from the band's CD and souvenir sales. A $9,000 cash gift to one of the band's members from his family and friends in Buffalo -- cash that Eh Wah says he didn't even know was in the blue and white gift bag he had been asked to hold. And $2,000 in cash for Eh Wah and the band's incidental expenses on the trip: meals and tolls, for example. All told, the deputies found $53,000 in cash in Eh Wah's car that night. Muskogee County Sheriff Charles Pearson said he couldn't comment on the particulars of Eh Wah's case because of the open investigation, but it is clear from his deputy's affidavit that the officers didn't like Eh Wah's explanation for how he got the cash. "Inconsistent stories," the affidavit notes. Despite the positive alert from the drug-sniffing dog, no drugs, paraphernalia or weapons were found. Just the cash. They took Eh Wah to the police station for more questioning. They let him drive his own car there, with deputies' vehicles in front of and behind him the whole way. They interrogated him for several hours. "I just couldn't believe it," Eh Wah said in an interview. "An officer was telling me that 'you are going to jail tonight.' And I don’t know what to think. What did I do that would make me go to jail? I didn’t do anything. Why is he saying that?" Eh Wah tried to explain himself, but he had difficulty because English isn't his first language. He says he had a hard time understanding the officers, and they had a hard time understanding him. He told them about the band and his role with it and how he had been entrusted with the cash. He even had the officers call one of the band's leaders, Saw Marvellous Soe, who had decamped to Miami while the band was on a break. Marvellous saw Eh Wah's number on his phone, but when he answered, he was surprised to hear someone speaking with a thick Southern drawl that he could barely understand -- "like in the movies," Marvellous said in an interview. "The police officer started asking questions," Marvellous recalled. "I explained: 'We are a music team. We came here for a tour.'" Marvellous tried to explain that the band was from Burma. "He kept telling me, 'You are wrong, you are wrong,'" Marvellous said. "Everything I said, [he said,] 'You are wrong.' I said: 'We are doing a good thing! And now you are accusing us of being like a drug dealer or something like that.'" After that phone call, Eh Wah began to realize that no matter what he did or said, he wouldn't be able to satisfy the officers' questions. "I realized that they were seizing all of the money. I was like, 'This can't be happening.' But I didn't know what to do." The officers ended up taking all of the money -- all $53,249 of it. "Possession of drug proceeds," the property receipt reads. But they let Eh Wah go. They didn't charge him with a crime that night, instead sending him back on the road about 12:30 a.m., with the broken tail light. What happened to Eh Wah is known as civil asset forfeiture. It comes from a relatively obscure corner of the law that allows authorities to seize cash and property from people they suspect of a crime. In most states, and under federal law, authorities get to keep the proceeds regardless of whether the person is ever convicted, or even charged, with criminal wrongdoing. Under civil forfeiture, the burden of proof is on the property owner to prove their innocence to get their stuff back. This turns the common criminal-law principle on its head: When it comes to civil forfeiture, you are guilty until proven innocent. Two years ago a wide-ranging Washington Post investigation shined a spotlight on the practice, finding that, since Sept. 11, 2001, more than $2.5 billion in cash seizures had occurred on the nation's highways without either a search warrant or an indictment. Those findings prompted some limited steps toward reform at the federal level. But the forfeitures uncovered by The Post investigation, and the reforms taken to limit them, happened under the auspices of federal law. There is a completely different universe of forfeiture activity that happens strictly under state law. Oklahoma has some of the most permissive forfeiture laws in the nation, according to a 2015 report by the Institute for Justice, a civil liberties law firm. The group gave the state a D-minus on its civil forfeiture laws, citing no conviction required to forfeit, poor protections for innocent property owners and a statute that allows up to 100 percent of forfeiture proceeds to go directly back to law enforcement, creating a possible profit motive. The Oklahoma chapter of the American Civil Liberties Union has been investigating the use of civil forfeiture in the state. Brady Henderson, the group's legal director, said in an interview that Oklahoma law enforcement agencies often focus their efforts on the routes where cash from drug transactions typically travels, rather than the routes the drugs themselves travel. In looking at the data of forfeitures along Interstate 40, which runs east to west through the state, "we definitely see a huge disparity of folks on those interstates focusing on the westbound travel, which tends to be the money here in Oklahoma," Henderson said. In essence, he says, authorities are letting the drugs get to their destinations and be sold and used so that police can grab the money from the drug sales on the return trip. This mirrors the behavior that watchdog groups and news organizations have observed in other states, such as Tennessee. "If the whole notion is that drugs are destructive, that they hurt people, why are we letting the drugs hurt people?" he asked. "We are deliberately letting the drugs get to their final destination, get sold, get used, and in some cases letting someone die of an overdose." ARTICLE SOURCE
  22. On 2 March 2016, some joker posted a Facebook page that spoofed a police department, replete with fake news posts and insults. The site’s since been taken down. Its alleged creator, 27-year-old Anthony Novak, of the US city of Parma, Ohio, was arrested on Friday. Now, he’s facing a potential felony charge of disrupting public services with his supposedly-satirical Facebook account named TheCityOf­Parma­Police­Department. Before the parody page was taken down, the NY Daily News and Cleveland.com spotted posts along these lines: A suggestion that it would be illegal to help the homeless. A post about a food drive that would help fund free abortions for teens, using an experimenta” technique developed by the police and to be carried out in a van stationed in the parking lot. An advertisement for a “Pedophile Reform event” that offered sex offenders an opportunity as an “honorary police officer of the Parma Police Department.” A post that read “Parma is an equal opportunity employer but is strongly encouraging minorities not to apply.” A phony explanation of how the department goes about selecting new recruits: “The test will consist of a 15 question multiple choice definition test followed by a hearing test. Should you pass you will be accepted as an officer of the Parma Police Department.” Funny, or a menace to the populace? There are a whole lot of commenters opting for the “oh, puh-LEEZ” option and telling the police to just get over themselves. On the same day that the fake page went up, the real Parma Police Department put up a Facebook post on its real Facebook page, warning the public about the satirical page and telling them to ignore anything posted there: One reply that captures the “oh, puh-LEEZ” side of things: Minus the actual content, the facsimile that Novak allegedly put up was very convincing: same font, same coloring, same photo of a Parma badge, same gold seal. The fake one does slip in the article “the” in front of its name, which the real police omit on their page. Other differences amounted to these, according to Cleveland.com: The fake page was listed with the category of “community,” instead of the real page’s cartegories of “police station, government organization.” The “About” section of the fake page listed “We no crime.” The real page listed the police address and website. The real page had 4,600 followers, as opposed to the bogus page’s 300. The real page was created in 2011, whereas the fake one was spawned in 2016. Since Novak was arrested, more parody accounts of the Parma Police Department have sprung up in protest, including “For Real Parma Police Department Page,” “City of Parma Police” and “The Parma Police Department.” Their content is predictable: pigs dressed in blue, the face of a wailing baby. It’s not clear whether the creators of these new parody accounts will also be arrested. Is this a question of the police curtailing free speech? Parody and satire are protected by such laws, after all. But the bogus site that Novak allegedly cooked up wasn’t exactly what you’d call on par with The Onion when it comes to insightful, witty commentary. When you subtract funniness and misrepresent a site that posts defamatory content as though it belongs to an official law enforcement department, you’re straying pretty far from it being a laughing matter. Is wit in the eye of the beholder? Some people may find it hilarious to suggest that pedophiles would be welcome on their local police force, or that the department discriminates when hiring. Others might find such the vitriolic spewing of a troll, done up in the guise of a legitimate law enforcement site. Readers, what do you think? Should Parma Police be satisfied that they got the parody site – one that borders on a phishing site – taken down? Or should they also prosecute Novak on the grounds that you just shouldn’t mess with an official service that people really do need when things go wrong? Novak made his first court appearance on Monday. A grand jury will ultimately decide if he’s going to face trial for his alleged offense. He could face a prison sentence of up to 18 months if found guilty. The Source
  23. MENLO PARK, CA (WFSB) - An officer from Los Angeles County took to Twitter on Friday when Facebook users called for help to report that the social media website was down. Sgt. Burton Brink, the public information officer in La Crescenta, CA, posted a Tweet reminding people about the reasons for calling them for help. "#Facebook is not a Law Enforcement issue, please don't call us about it being down, we don't know when FB will be back up!" he wrote. Users who tried to get on Facebook around noon EST were greeted with an apology. "Sorry, something went wrong. We're working on getting this fixed as soon as we can," the site posted. A message posted by a Facebook's developer around noon said the site "is currently experiencing an issue that is affecting all API and web surfaces. Our engineers detected the issue quickly and are working to resolve it ASAP. We'll update shortly." Facebook returned about an hour later. Source: http://www.wfsb.com/story/26174225/police-do-not-call-us-if-facebook-is-down
  24. A published report this weekend says that besides the NSA, local police are also spying on your cellphone calls. According to the report, local and state police are using new technologies to snoop in realtime. This allows the authorities to capture information on people even if they are not the subject of an investigation. Based on a study of 124 police agencies in 33 states, 25% of police agencies employ a method known as a "tower dump" that provides law-enforcement with information including the location, identity and activity of any cellphone that connects to a particular cell tower. The technology used by the police should be scary to those who guard their privacy. A device called the Stingray, which is the size of a suitcase, is placed inside a car that is driven around local neighborhoods. Basically a portable cell tower, Stingray tricks your cellphone into believing that it is a real tower and connects to it, giving the cops information and data. This equipment costs as much as $400,000, but is funded by the federal government thanks to anti-terror grants. "When this technology disseminates down to local government and local police, there are not the same accountability mechanisms in place. You can see incredible potential for abuses."-Catherine Crump, Attorney, ACLU While organizations like the ACLU are worried about the amount of data being collected by police without a warrant, the cops say that they need to mine this information to track criminals, terrorists and kidnappers. The fear is that in the course of sifting through data, the police will stumble on other illegal activities not listed in the court order. But most police officials say that they are interested only in the information generated by a targeted criminal or a victim. Once a tower dump reveals information, the police can refine the data by asking the courts to force the carrier's to release more information like addresses, call logs and texts. Any information that violates a person's constitutional rights will not be allowed to be used by the courts. The problem is that with the recent worry about NSA spying, most Americans are greatly concerned about what is being done with all of the data generated by their cellphone. How Stingray tracks your calls Source
  25. James Duane explains in practical terms why citizens should never talk to police under any circumstances. James Duane is an American law professor at the Regent University School of Law, former criminal defense attorney, and Fifth Amendment expert. He received some viral online attention for his "Don't Talk To Police" video of a lecture he gave to a group of law students with Virginia Beach Police Department Officer George Bruch. Using former Supreme Court Justice Robert Jackson as support of his "Don't Talk to Police" advice, Duane says, inter alia, that: even perfectly innocent citizens may get themselves into trouble even when the police are trying to do their jobs properly, because police malfeasance is entirely unnecessary for the innocent to convict themselves by mistake; talking to police may bring up erroneous but believable evidence against even innocent witnesses; and individuals convinced of their own innocence may have unknowingly committed a crime which they inadvertently confess to during questioning. Link: Backup link: http://www.sockshare.com/file/52821CC375D143BCEnjoy.
  • Create New...