Category: Law Enforcement

Virginia became the first state to make Internet safety classes compulsory for public schools. These classes will be for all safety levels and represents one of several measures to protect young Web users.

Understandably, this mandate came amid concerns that children are a vector for online sex offenders. This comes against a backdrop of increased Internet-related crime.

Excerpt from WDBF7:

In a recent presentation at a suburban Richmond high school, Virginia assistant attorney general Gene Fishel flashed an online social-networking profile a 15-year-old who says she enjoys being around boys and wants to meet new people. The real profile user turned out to be a 31-year-old man convicted of sexually abusing 11 children he met online and sentenced to a 45-year prison term.

Other states such as Texas and Illinois have also passed laws pertaining to Internet safety education. Unlike Virginia, however, the classes are not mandatory

The feeling is that such efforts are long overdue as the paradigm shift that is the Internet has enabled criminals to reach more victims — and faster, than before.

Do you think that all states should quickly implement such classes? Or should instructions on Internet safety best be left to parents?

Retirement should be the time when you step away from the work world and relax. Retired police chief Jim Murray intended to do just that. And then he bought a personal computer.

From Yahoo:

[But] the 69-year-old retired police chief of this small Missouri town cuts a credible figure as a 13-year-old girl surfing the Web, looking for friends. He knows all the instant-messaging shorthand, the emoticons.

Murray’s retirement job from a rural home office has netted 20 arrests since he started in 2002. His latest catch was the biggest: four felony enticement charges against a town mayor, who after his arrest called Murray up and begged him to make the case go away.

Nineteen other defendants have included a Missouri furniture company executive, an Arkansas professor and a Tulsa, Okla., school security guard. Ten of those men have been convicted and sent to prison. One was deported. The other cases are still pending.

The defendants ranged in age from 24 to 62, with an average age of 39.4 years, and mainly come from Missouri, Arkansas and Oklahoma, Diamond police said.

While the good work that Mr. Murray is doing is obvious, what drew my attention was the fact that, until he retired in 2000, he didn’t have any computer experience. When he discovered chat rooms, he was angered to be offered pictures of young girls.

Continued from Yahoo:

He contacted experts in the field of Internet sting operation and got training from the National White Collar Crime Center on basic computer data recovery.

Now, Murray patrols the Web from a cramped home office divided between his police computer and a personal computer ringed with photos of his six grandchildren and three adult kids.

Murray remains a detective on reserve status with the Diamond police but he donates his investigation time. He says he only spends about 30 minutes a week on average in chats but several hours more going over hard drives of arrested suspects looking for contacts with other potential victims.

It’s good to know that there is life after retirement. It is better to know that there are people out there thinking of the safety of children on the Internet.

As a technology professional, is this kind of work something that you would consider doing after you retire?

At a price of $1 billion, the U.S. Federal Bureau of Investigation is undertaking construction of a biometric database that will store a lot more information on individuals including fingerprints, facial characteristics, sound patterns, iris, ear lobe, and palm prints.

An excerpt from Ars Technica:

Moving forward, the FBI expects to make this comprehensive biometric database available to a wide variety of federal, state, and local agencies, all in the name of keeping American safe from terrorists (and illegal immigration). The FBI also intends to retain (upon employer request) the fingerprints of any employee who has undergone a criminal background check, and will inform the employer if the employee is ever arrested or charged with a crime.

The database is being developed in collaboration with the Center for Identification Technology Research (CITeR) at West Virginia University. Physical characteristics such as scars, walking and talking styles will also be stored to identify individuals. The technology is supposed to make possible the detection of individuals from a distance of 200 yards (facial recognition).

The Next Generation Identification System, as the new project is called, seeks to provide real time comparison and follows several such projects under the FBI’s aegis.

Questions remain on the availability of mechanisms for addressing misinterpretations in the system and its effect on civil liberties. The always-on surveillance society is becoming a reality.

More details:

FBI plans to expand biometric operations in state (DailyMail)

FBI Aims For World’s Largest Biometrics Database (InformationWeek)

As part of the FBI’s Operation Bot Roast II, New Zealand police cracked down on a suspected botnet ringleader in New Zealand, whom the FBI says controls over one million computers illegally.

This is part of the same operation that resulted in the arrest of security consultant John Schiefer — which we covered earlier this month — who is expected to be arraigned on December 3.

According to ZDNet News:

The New Zealand suspect, who goes by the name of “Akill”, came under fire after an information-sharing exercise between the New Zealand Police, the U.S. Secret Service and the FBI. He has been interviewed by New Zealand Police, and investigators have seized computers from his home.

You might be interested to know that most individuals identified by the FBI in Operation Bot Roast II are male, under 30 years old, and United States citizens.

While you folks in the United States were having your Black Friday last week, an anti-piracy accord was being signed in France that could have far-ranging repercussions where file-sharing is concerned.

What it means is this, according to The Register:

The plan has been drawn up by French retail exec Denis Olivennes. It will see signatory ISPs — including France Telecom, which owns Orange in the UK — hand over information on heavy users of file-sharing networks to a new enforcement body which will formally warn them to stop. If they persist, their connection will be cut.

Also:

As part of the bargain, movies will be released on DVD six months after the cinema run, and music will be offered for legal download DRM-free.

French President Nicolas Sarkozy, in a landmark speech, reiterated that the rights and recognition of authors, artists, and performers formed an important commitment of his presidential campaign.

He said, “Today an accord is signed and I see a decisive moment for the civilised Internet. Everywhere, in the US, UK and others, industry and government have tried… to find a permanent resolution to the problem of piracy. We are the first, in France, to try to build a national grand alliance around clear and viable proposals.”

The concern here is that France’s deal would set a precedent. Already in the United Kingdom, rights holders have been pressuring ISPs in setting up a similar scheme. In the United States, Comcast is well-known for its bandwidth throttling while Cox has been recently accused of interfering with eDonkey seeding on the sly.

Only in South Korea do we have file-sharing literally get out of hand.

Is this the beginning of the end for file-sharing?

——————————————————————————–

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

A faulty forensic analysis has put hundreds of innocent people in jail over decades, according to a joint investigation by The Washington Post and 60 Minutes. Eventually found to be unreliable, it was quietly dumped four decades later without alerting those convicted.

The “comparative bullet-lead analysis” claimed to link a bullet with ones in suspects’ possession. However, faulty statistical analysis of the elements contained in different lead samples resulted in false matches.

Excerpt from eFluxMedia:

The comparative bullet-lead analysis was based on the supposition that each batch of lead would have a particular, almost unique, chemical makeup. The National Academy of Sciences, however, has invalidated this claim in 2004, pointing out that FBI experts who claimed to jurors the test linked a particular bullet to those found in a suspect’s gun or cartridge box were more or less misleading the jury.

Unfortunately, according to The Washington Post:

But the FBI lab has never gone back to determine how many times its scientists misled jurors. Internal memos show that the bureau’s managers were aware by 2004 that testimony had been overstated in a large number of trials. In a smaller number of cases, the experts had made false matches based on a faulty statistical analysis of the elements contained in different lead samples, documents show.

The reporters have since alerted the FBI on at least 250 cases that may require closer examination.

John Miller, FBI Assistant Director for Public Affairs, noted that the FBI is taking a series of steps to try to fix this snafus on cases where the conviction might have resulted from the flawed analysis.

The question remains as to why it took a media investigation for the FBI to notice and take action.

Thinking ahead, what do you reckon are the chances of flawed computer forensics resulting in a hapless computer idiot being charged for computer crimes that they did not commit.

More than half of computer users have illegally logged on to someone else’s Wi-Fi connection, according an investigation by The Times in the United Kingdom.

Often called “Wi-Fi tapping” or “piggybacking,” the practice has blossomed over the last few years as the proliferation wireless and open access points allowed strangers to access the Internet without paying for it.

Excerpt from Times Online:

Police regard it as a serious offense because intruders can download pornographic materials and illegal images without being caught. Only the legitimate holder of the Wi-Fi account is likely to be tracked down.

Officers are also worried that criminals can use unsecured wireless connections to steal personal details such as passwords and credit card numbers and use them to commit identity theft.

There is some debate about the validity of the survey over at The Register, which was based on data collected from a “Have Your Say” survey conducted by security-specialist Sophos:

… apparently 54 per cent of the 560 people who responded admitted nicking bandwidth from insecure Wi-Fi routers. This might say more about Sophos customers than the general population, and extrapolating the results to every computer user in the country is probably a crime against statistics: so that’s exactly what The Times has done

Still, it is not hard to see that Wi-Fi tapping is probably quite common.

What is the legal situation pertaining to Wi-Fi tapping where you live, and what is your personal opinion of it?

——————————————————————————–

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

Security consultant John Schiefer, 26, has agreed to plead guilty to four counts of fraud and wiretap charges. U.S. federal prosecutors claim he operated a 250,000 PC botnet by night, which he used to steal information and money from users of PayPal.

In the first botnet persecution of its kind in the United States, Schiefer is facing the statutory maximum fine of $1.75 million and up to 60 years in prison.

According to ZDNet UK:

The malicious software developed by Schiefer accessed the Windows system feature “Protected Store,” which encrypts and stores passwords for online accounts. Investigators are yet to determine the full amount of money stolen from victim’s accounts.

Schiefer also distributed software on behalf of a Dutch internet-advertising company, Simpel Internet. He installed the software on 150,000 computers, netting him $19,000 in commissions, but did so without users’ consent.

He is expected to be arraigned on December 3.

Additional reading:

• Botnet herder pleads guilty to massive paypal scam (eWeek)
• Ex-security pro admits running huge botnet (PC World)
• Security pro admits hacking pcs for profit (Washington Post)
• Los Angeles hacker plead guilty to infecting 250,000 computers to steal identities (International Herald Tribune)

Now, 60 years in the slammer is a long time. While it doesn’t excuse the crime, the fact is that the botnet created by Schiefer is considered relatively small compared to other botnets, such as the notorious Storm worm with an estimated 20 million infected PCs.

If he gets 60 years, does this mean that the mastermind of the Storm worm deserves multiple life sentences? Also, do you think what Schiefer did has tarnished the IT profession in any way?

As an IT professional yourself, what is your opinion of this matter?

——————————————————————————–

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

According to Ars Technica, new laws go into effect in the United Kingdom that make it a crime to refuse to decrypt almost any encrypted data that’s requested as part of a police investigation.

Individuals who refuse to comply with orders to hand over either cryptographic keys or data in decrypted form will face up to five years in prison.

Excerpt from Ars Technica:

Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) includes provisions for the decryption requirements, which are applied differently based on the kind of investigation underway… the five-year imprisonment penalty is reserved for cases involving anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.

This law is applicable only to data physically stored in the United Kingdom and does not allow the U.K. government to intercept encrypted materials in transit.

The aspect of this new legislation that has experts worried has to do with the fact that law enforcement now has the power to seize encryption keys.

Cambridge University security expert Richard Clayton said earlier last year, “The notion that international bankers would be wary of bringing master keys into the U.K. if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction. With the appropriate paperwork, keys can be seized. If you’re an international banker you’ll plonk your headquarters in Zurich.”

With the increasing availability and use of strong encryption, enacting laws to force the surrender of encryption keys appears to be the easiest way out for government agencies.

Do you foresee similar laws being passed where you live?

According to a closed-circuit television (CCTV) expert, up to 95 percent of the CCTV systems operating in the United Kingdom are doing so illegally. Apparently, companies operating CCTV systems in the United Kingdom are required to alert the Information Commissioner of what they are doing and to put up signs warning the public that recording is taking place.

According to The Register, this revelation comes in the wake of new legislation about to take effect in Scotland that could render even more of these systems illegal.

Excerpt from the article:

From my own my experience after personally surveying many, many hundreds of buildings, I would say probably less than five percent are compliant,” said Brooks. “I would say that 95 percent are non-compliant in one way, shape, form or another with the [Data Protection] Act. Obviously, that’s quite a worrying thing. If the system is non-compliant it could invalidate the usefulness of the evidence in a court of law.

According to Security Industry Authority (SIA) head of investigations, Jennifer Pattinson, the new licenses for individuals means that the operator of CCTV equipment that is monitoring public spaces will likely need to have an SIA license.

On the more sobering side, it appears that an analysis of London’s 10,000 cameras show that crime-solving statistics are no better with boroughs covered by many cameras compared to those with few cameras.

In recent years, CCTV has started to permeate into IT as the price of IP-based cameras and storage start to plummet. Does your company use any CCTV? Whose jurisdiction are these CCTV under, and do you think that they serve any practical use in the first place?

Network World has news of what may well be the first lawsuit of its kind in the United States.

Excerpt from the article:

The SFLC filed the suit on Wednesday in the United States District Court for the Southern District of New York against Monsoon Multimedia Inc., on behalf of the developers of BusyBox, Erik Andersen, and Rob Landley. The suit charges Monsoon with using BusyBox under the GNU General Public License version 2 but failing to publish its source code. Under the terms of the license, distributors of software that uses the licensed software must make their source code available. Failing to do so is considered copyright infringement.

Despite reminders from BusyBox, members of the public, and the SFLC legal team notifying Monsoon of its responsibilities, the requisite code has yet to be published.

Says Dan Ravicher, legal director of SFLC, “While it is relatively common for licensees to neglect to share their code, parties typically work through the issues without having to go to court.”

From a legal perspective, he adds that the suit is necessary since copyright owners can start to lose rights if they don’t act to protect them. He believes this is the first ever such case filed in the United States in order to enforce an open-source license.

With the increasing prevalence of open source, it is a near certainty that this case will be closely watched from various quarters.

In the meantime, perhaps you might like to share with us the guidelines in your company with regards to the use and/or modification of open-sourced products.

In a recent case that was decided earlier this month, federal agents used a keystroke logger to record the typing of a suspected ecstasy manufacturer who has been using encryption to thwart the police.

In the wake of that, CNET’s News.com did a survey of 13 leading anti-spyware vendors and found none have cooperated (or acknowledge doing that) unofficially with government agencies. Still, some of them did indicate that if so ordered by a court to keep quiet, they would obey and not alert customers to the presence of government-planted spyware.

(more…)

A Microsoft patent just revealed shows Redmond’s plans to make file sharing a music industry revenue stream.

Zunescene found the patent, which could be added to new music playing devices. It would force royalty payment after three plays of a copied track and would give the source of the transferred file a piece of the action, a percentage of the revenue gained from that song.

(more…)

An American Bar Journal eColumn article brings us relevant revelations about Vista’s improved ability to provide evidence for court.

Innovations within Vista apparently make it far easier to find evidence on PCs. Chief among those are Shadow Copy, Transactional NTFS, and Instant Search.

(more…)

ZeroPaid has a new report on an alleged attempt by MediaDefender Inc, self-touted as the “leading provider of anti-piracy solutions in the emerging Internet-Piracy-Prevention industry,” of launching a new Web site that attempts to what amounts to an entrapment operation.

After being Slashdotted, the site in question, “MiiVi,” has apparently been taken down. A simple Google search reveals that it has indeed been up at one point recently.

(more…)

A three-judge panel of the Sixth Circuit of the United States Courts ruled today that e-mail is protected, and law enforcement now requires a warrant before searching e-mail archived at ISPs.

The Supreme Court rarely overturns that heartland circuit, just as its three-judge panels are rarely overruled by the entire appellate panel of the Circuit. Civil liberties confirmed by this heartland court are not easily overturned, so this decision is solid and unlikely to face challenge.

The Electronic Frontier Foundation, the ACLU, the Center for Democracy and Technology, and a coalition of Internet law professors spoke on the behalf of civil rights and argued that e-mail is a vital communication tool. Users’ e-privacy must bear constitutional protection to assure Americans free speech and un-stifled debate.

This overturns the Reagan-era Stored Communications Act (SCA) provisions, which allowed warrantless seizure of e-mail without requiring investigation subjects be aware of the search (and so having no chance to protest). So, ISP operators have one burden lifted, the SCA requirement not to tell their customers of e-mail search. One EFF legal expert termed the no-notice warrants “…absolutely routine. It is and has been the Department of Justice and presumably local law enforcement’s standard practice for obtaining e-mails over the last 20 years.”

Will the administration’s Justice Department use its shrinking credibility in further appeal in quest for the right to open your e-mail without a warrant and without notice, especially when facing e-mail woes of its own? Should the Congress restore no-notice, no-warrant search of your inbox without judicial review? Join the discussion.

Happy Days Are Here Again!

The alleged Seattle Spammer is indicted, booked and docketed for trial on 6 August 2007. Anyone want to bet the defense will try a change of venue motion, to move the trial out of the Silicon Forest to someplace less Internet-manic than Pugetopolis?

“Spam is a scourge of the Internet, and Robert Soloway is one of its most prolific practitioners. Our investigators dubbed him the Spam King because he is responsible for millions of spam e-mails,” Jeffrey Sullivan, U.S. Attorney for the Western District of Washington, said in a statement.

200 spammers are alleged to generate 80% of worldwide spam; and, when we go to the planets and stars, will there be spam there, too?

Computer science has failed us, as this Scientific American story shows. Esteemed First Blogger Dr. Jerry Pournelle (now back east, to use ’science fiction in the public interest’ for Homeland Security, along with other Rocket Scientists, SF writers and ‘deviant thinkers’) has long suggested Cato’s solution, subcontracted to enterprising entrepreneurs like, oh, say, The Godfather Corporation.

But there are some things even Godfathers won’t do… so, do we need lawyers? A classical libertarian solution would be for those bothered by spam, spamdexing, spim, and all the rest of the thousand and one annoyances of greed, would be to create a not-for-profit corporation, obtain IRS 501(c)(3) provisional status, open the books to audits, and provide total information to non-profit information clearinghouses such as Guidestar and Charity Navigator.

Then, buy one tiny text ad on Google, accepting audited PayPal contributions to stamp out spam, by fully funding independent investigators (such as the excellent Greg Palast, whose talents are wholly wasted in searching for Carl Rove’s 500 missing e-mails) and thence to support prosecutions.

What do you think?

Sincerely yours,

Inflorescence B. Afghan

No unreasonable spamfighting idea refused! Join the discussion.

Washington’s governor has signed the first state explicit ban on using SMS while driving, and other states are not far behind in banning DWT (Driving While Texting/Talking).

A legislator proposed the bill after a BlackBerry user caused a five-car pileup on a state highway. Washington State Patrol officers cited cell phones in cars as an increasing problem. DWT is now a traffic offense, which normally carries a $111 fine.

Neighboring Oregon ponders ban teen texting with a $360 fine for under-18 DWT motorists. A Maryland lawmaker is promoting an end to DWT, while other states, D. C. and one Canadian province have bans in place or are considering them. Remember, we’ve noted here before, handsfree phoning is like driving drunk.

Ironically, after voting for California’s ban, a Golden State senator drove her state SUV into another vehicle, while… you guessed it, talking on her cellphone. While Sacramento bans DWT, another state agency plans to use mobile messaging for emergency alerts.

Solution? Add to cell system intelligence. Automate speech to text, and text to speech, while blocking use if GPS shows the car’s moving. It needn’t be in the phone itself; maybe we can get Claire to do it for us.

How can we reach out and touch someone, without crashing? Fess up, though.. do you DWT? Send us some good DWT stories. Join the discussion.

According to a News.com story, Microsoft’s Web site will include training, tips, and tools for investigations and information on cybercrime. This new Law Enforcement Portal should be online by November.  Here’s the complete story: “New Microsoft portal will help cops” (http://techrepublic.com.com/2100-1009_11-5845205.html)

I keep thinking about Microsoft’s ongoing security problems. Who’s going to help them?