United States Secret Service: New Criminal Nigerian Scam Related To Unemployment In US Due To Pandemic
New, pernicious criminal acts - emanating from a hotbed of internet-miscreants resident within crime-ridden Nigeria are attacking unemployment systems in multiple US States. Via Brian Kreb's tremendous reporting at Krebs On Security and in his tremendous report targeting the battle waged by the United States Secret Service and other allied law enforcement agencies.
'A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.' - Via Brian Kreb's reporting at Krebs On Security) with his outstanding news detailing steps underway to combat the scammers. h/t
Australian Information Commissioner Holds Facebook's Feet To The Barbie...
via Natasha Lomas - writing at TechCrunch, comes this story of the Australian Information Commissioner filing proceedings targeting Facebook Inc. (NASDAQ: FB) over the Cambridge Analytica data breach outrage. My take: Good on ya, Commissioner!
'Australia’s Privacy Act sets out a provision for a civil penalty of up to $1,700,000 to be levied per contravention — and the national watchdog believes there were 311,074 local Facebook users in the cache of ~86M profiles lifted by Cambridge Analytica . So the potential fine here is circa $529BN. (A very far cry from the £500k Facebook paid in the UK over the same data misuse scandal.)' - via Natasha Lomas at TechCrunch
Updated: 20200310 1631 - Here's David Bisson at The State of Security blog take on the news:
As the Australian Information Commissioner, Angelene Falk has the authority to apply for a civil penalty order alleging that an organization bound to comply with the APPs committed serious and/or repeated violations against s 13G of the Privacy Act 1988. The Federal Court could then respond by issuing a penalty of up to $1,700,000 AUD for each serious and/or repeated violation of privacy."
via h/t
GPS Tracking Device Removal From Your Vehicle Is Not Thievery
According to this judicial opinion; that is, however read the full story, via Timothy B. Lee, writing at Ars Technica your opinion may be the same, or - of course - it may differ substantially. As always, you be the judge.
Let The Shilling Begin
Bad behavior by Bezos' Amazon and subsidiary Ring is tainting any police investigation at it's most fundamental levels by forcing secret agreements, and endorsments for the company's products. Jeff Bezos', where is your shame?
The memorandum of understanding is pitched as "a solution to the Lakeland Police Department to help reduce crime and assist with investigations in your community." The document, which includes an "Amazon Legal" watermark, was signed by Ring and Lakeland Police Department representatives on December 13, 2018. - via Caroline Haskins, writing at Vice's Motherboard.
Metropolitan London Police: Face Identity Recognition Tests Proven Fatally Flawed
Problems have arisen for the London Metropolitan Police face recognition program, and more specifically, for the organization's testing facilities, of same. Via reportage by Matt Burgess, this scenario is particularly troublesome for a law enforcement agency highly dependent upon electronic surveillance of the populace to faciltate informed decisions, forensic output, routing of emergency services, et cetera (as the Met is...). Today's Must Read.
The Chicago Five: Heroes All →
City of Los Angeles Files Suit Targeting Illicit Data Use By Weather Channel App
News, via The New York Times reporters Jennifer Valentino-DeVries and Natasha Singer, of a newly filed suit targeting deceptive utilization of user location data by The Weather Channel's phone app. The Weather Channel is an International Business Machines {IBM} {NYSE: IBM} subsidiary). Oops...; and, then there's this.
Questionable Signal Interception Use & Hardware Search Leads Magistrate To Chastise FBI
via the inimitable Cyrus Farivar, writing at Ars Technica, details the recent criticsim of Federal Bureau of Investigation's behavior in inmproper device search (in this case a mobilephone) and a apparently non-standardized practice of signal interception via a Singray devices. Certainly today's MustRead, especially in the event you may be interested in search, seizure and signal interception law you have hit the mother loade!
'The crux of the issue is that, in April 2016, an FBI agent sought and obtained two warrants from an Alameda County Superior Court judge: one to search Artis' phone and another to deploy a stingray to locate Hopkins.' - via Cyrus Farivar, writing at Ars Technica
Vigilanteed →
via Nicholas Schmidle, writing at The New Yorker Magazine, scrutinizes the antics of a purported 'cyber-vigilante' in a superb lash-up of promises-not-kept, career-ending-office-politics, law-enforcement-foibles, and a pinch of purported 'vigilantism' all applied to the computational realm. Today's MustRead.
Senatorial Commands: DOJ - Cough It Up →
Miscreant Gang Runs Drone Intercept Targeting FBI Agents
via Patrick Tucker, the Technology Editor over at DefenseOne, posted a particularly troubling new piece on May 3rd, detailing an incident in which our Federal Bureau of Investigation agents were attacked by a criminal gang's drone swarm. Obviously, a complicating tactic executed by the gang for law enforcement, and for the victim of that gang - a hostage being held nearby. I am certain that LE is thinking anti-drone countermeasures right about now... Read Patrick's well-wrought article over at DefenseOne.
The Grayshift Predicament →
I am sure you have all read the news of Grayshift's issues battling extortionists and their ilk. I have, however, not seen any significant commentary regarding the data theft this SNAFU could facilitate.
Here's the thought problem (looking for culpability, specifically): A Law Enforcement agency has taken custody (adhering to standards of Generally Accepted Chain of Custody guidelines) of a suspect's iPhone. Unbeknownst to the trusted Sworn Officers and Forensicators (often, one in the same) examining the device, the Grayshift appliance undergoes an unfortunate successful attack - mounted by external miscreant(s) unknown, and succumbs to the exfiltration of all data on the applicance AND the slurped data on the iPhone.
Subsequent forensication by the Sworn Officers or Forensicators (again, often one in the same - at least in smaller agencies) entrusted with reasonable and prudent Chain of Custody of the device under scrutiny, discover that the Grayshift appliance and the suspect's iPhone have both undergone the indignity of significant data leakage. How does the Agency proceed in the effort to lay charges - or not - and protect the Agency, as well?
Oh, and while they are at it, perhaps they could explain why the device is attached to a forward facing TCP/UDP connection to our beloved Interweb?
Krebs on Security: USSS Warns of Chip Card Gambit →
Brian Krebs, writing at his eponymous KrebsonSecurity site, details the latest United States Secret Service warning targeting chipped debit, payment and credit cards. Sounds like an old-school mail fraud intercept-remove-replace-remail gambit. Today's Must Read!
September - National Preparedness Month →
Folks, September has been designated by FEMA as National Preparedness Month. Around here, at Infosecurity.US, we will be honoring Our First Responders, and Their Canine Partners During National Preparedness Month. And Remember: Don't Wait. Communicate. Make a family emergency plan today. Learn more at Ready.gov.
The Origami Solution →
Meanwhile - admist all the foo-fa-raw of last weeks' RSAC 2017 - came very good physical security new's of a fascinating kevlar and aluminum origami-based ballistic shield (developed by Engineers at Brigham Young University) that stops .44 calibre magnum slugs. Very good news for law enforcement, and other organizations (think schools, other civilian government organizations, military, businesses)
The design is able to protect multiple people at one time and folds down to a compact shape. Utilizing the Yosimura Origami Crease Pattern, it currently tips the scales at a paltry 55 lbs. (25 kg).
Simply Outstanding.
Of Course We Can →
Seizing data, that is. However, you will generally not require Special Weapons and Tactics to get the job done...
Seventy Percent of Districts' Police Cameras Infected Immediatley Prior to Inauguration →
Yes, you read it correctly, at least 70% of the District of Columbia's Police surviellance cameras were infected with ransomware immediately prior to the 2017 Inauguration of the President and Vice President of the United States.
The singularly astonishing aspect of this debacle was the Department still managed to keep the streets of Washington, D.C. safe for the throngs of visitors at the 2017 Inauguration. Quite simply, testimony to the hard work of the Department's Officers and Staff.
LE Seeking DNA
Kashmir Hill, writing for Fusion, reports on law enforcement efforts to garner DNA records from private sector commercial entities (read - Ancestry and 23andMe). Outstanding reportage kudos to Ms. Hill, and Hat Tip to T. Blalock.