Entries Tagged "crime"

Page 24 of 39

Hacking of 911 Emergency Phone System

There are no details of what the “hacking” was, or whether it was anything more spoofing the Caller ID:

Randal T. Ellis, 19, allegedly impersonated a caller from the Lake Forest home shortly before midnight March 29, saying he had murdered someone in the house and threatened to shoot others.

Allegedly hacking into systems maintained by America Online and Verizon, Ellis used the couple’s names, which he had confirmed earlier in a prank call to their home, authorities said.

[…]

Authorities spent more than six months tracking down Ellis before arresting him in Mukilteo last week. He was in the process of being extradited to California on Tuesday and was charged with “false imprisonment by violence” and “assault with an assault weapon by proxy.” The crimes carry a possible prison sentence of 18 years.

Elizabeth Henderson, the assistant Orange County district attorney in charge of the economic-crimes unit, said Ellis’ scheme was “fairly difficult to unravel.”

Some more stories, with no more information.

Posted on October 19, 2007 at 6:36 AMView Comments

Light and Crime

A New Yorker article on light pollution has a paragraph on light and crime:

Much so-called security lighting is designed with little thought for how eyes—or criminals—operate. Marcus Felson, a professor at the School of Criminal Justice at Rutgers University, has concluded that lighting is effective in preventing crime mainly if it enables people to notice criminal activity as it’s taking place, and if it doesn’t help criminals to see what they’re doing. Bright, unshielded floodlights—one of the most common types of outdoor security lighting in the country—often fail on both counts, as do all-night lights installed on isolated structures or on parts of buildings that can’t be observed by passersby (such as back doors). A burglar who is forced to use a flashlight, or whose movement triggers a security light controlled by an infrared motion sensor, is much more likely to be spotted than one whose presence is masked by the blinding glare of a poorly placed metal halide “wall pack.” In the early seventies, the public-school system in San Antonio, Texas, began leaving many of its school buildings, parking lots, and other property dark at night and found that the no-lights policy not only reduced energy costs but also dramatically cut vandalism.

Posted on September 12, 2007 at 6:23 AMView Comments

How to Get Free Food at a Fast-Food Drive-In

It’s easy. Find a fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food. This won’t work at the more-common U.S. configuration: a microphone where you order, and a single window where you both pay for and receive your food. The video demonstrates the attack at a McDonald’s in—I assume—France.

Wait until there is someone behind you and someone in front of you. Don’t order anything at the first window. Tell the clerk that you forgot your money and didn’t order anything. Then drive to the second window, and take the food that the person behind you ordered.

It’s a clever exploit. Basically, it’s a synchronization attack. By exploiting the limited information flow between the two windows, you can insert yourself into the pay-receive queue.

It’s relatively easy to fix. The restaurant could give the customer a numbered token upon ordering and paying, which he would redeem at the next window for his food. Or the second window could demand to see the receipt. Or the two windows could talk to each other more, maybe by putting information about the car and driver into the computer. But, of course, these security solutions reduce the system’s optimization.

So if not a lot of people do this, the vulnerability will remain open.

EDITED TO ADD (9/20): The video has been removed from YouTube. It’s available here.

Posted on September 10, 2007 at 6:27 AMView Comments

Thieves Steal Drug-Sniffing Dog

Okay; this is clever:

Rex IV, a highly trained Belgian Malinois sheepdog with a string of drug hauls behind him, was checked on to a flight from Mexico City this week with seven other police dogs bound for an operation in the northern state of Sinaloa.

But when the dogs arrived at Mazatlan airport, Sinaloa, their police handlers discovered a small black mongrel puppy inside Rex IV’s cage, with the sniffer dog nowhere to be seen.

Whatever drug lord ordered that hit probably saved himself a whole lot of grief.

EDITED TO ADD (8/29): The dog was found in a park:

Working on a tip, federal police found Rex IV—a highly trained Belgian Malinois sheepdog with a string of drug hauls to its name—tied to a tree in a park in the gritty Iztapalapa neighborhood, a Public Security Ministry spokesman said.

“When they realized the police were onto them, they abandoned him in a park,” the spokesman told Reuters, adding that the dog’s identity was confirmed by scanning an embedded electronic chip.

Why didn’t they just slit the dog’s throat? I take it back: not so clever.

Posted on August 29, 2007 at 6:59 AMView Comments

New German Hacking Law

There has been much written about the new German hacker-tool law, which went into effect earlier this month.

Dark Reading has the most interesting speculation:

Many security people say the law is so flawed and so broad and that no one can really comply with it. “In essence, the way the laws are phrased now, there is no way to ever comply… even as a non-security company,” says researcher Halvar Flake, a.k.a. Thomas Dullien, CEO and head of research at Sabre Security.

“If I walked into a store now and told the clerk that I wish to buy Windows XP and I will use it to hack, then the clerk is aiding me in committing a crime by [selling me] Windows XP,” Dullien says. “The law doesn’t actually distinguish between what the intended purpose of a program is. It just says if you put a piece of code in a disposition that is used to commit a crime, you’re complicit in that crime.”

Dullien says his company’s BinNavi tool for debugging and analyzing code or malware is fairly insulated from the law because it doesn’t include exploits. But his company still must ensure it doesn’t sell to “dodgy” customers.

Many other German security researchers, meanwhile, have pulled their proof-of-concept exploit code and hacking tools offline for fear of prosecution.

[…]

The German law has even given some U.S. researchers pause as well. It’s unclear whether the long arm of the German law could reach them, so some aren’t taking any chances: The exploit-laden Metasploit hacking tool could fall under German law if someone possesses it, distributes it, or uses it, for instance. “I’m staying out of Germany,” says HD Moore, Metasploit’s creator and director of security research for BreakingPoint Systems.

“Just about everything the Metasploit project provides [could] fall under that law,” Moore says. “Every exploit, most of the tools, and even the documentation in some cases.”

Moore notes that most Linux distros are now illegal in Germany as well, because they include the open-source nmap security scanner tool—and some include Metasploit as well.

The law basically leaves the door open to outlaw any software used in a crime, notes Sabre Security’s Dullien.

Zoller says the biggest problem with the new law is that it’s so vague that no one really knows what it means yet. “We have to wait for something to happen to know the limits.”

Posted on August 28, 2007 at 1:32 PMView Comments

On the Ineffectiveness of Security Cameras

Information from San Francisco public housing developments:

The 178 video cameras that keep watch on San Francisco public housing developments have never helped police officers arrest a homicide suspect even though about a quarter of the city’s homicides occur on or near public housing property, city officials say.

Nobody monitors the cameras, and the videos are seen only if police specifically request it from San Francisco Housing Authority officials. The cameras have occasionally managed to miss crimes happening in front of them because they were trained in another direction, and footage is particularly grainy at night when most crime occurs, according to police and city officials.

Similar concerns have been raised about the 70 city-owned cameras located at high-crime locations around San Francisco.

[…]

Four homicides have occurred in the past 12 months at the intersection of Laguna and Eddy streets—at the corner of the Plaza East public housing development—including the daytime killing of a 19-year-old in May. A security camera is trained on that corner but so far has not proven useful in making any arrests, Mirkarimi said.

Both the Housing Authority and city have many security cameras in the area, and it wasn’t clear Monday whether the camera in question was purchased by the Housing Authority or city. In any case, the camera hasn’t helped make arrests in the crimes, Mirkarimi said.

“They’re feeling strongly that they don’t work,” Mirkarimi said of Western Addition residents’ views of the security cameras. “They’re just apoplectic why they can’t figure out why nothing comes of this.”

He added that he thinks the cameras may have “a scarecrow effect” in that they give residents the feeling they are safer when they actually have little impact on crime.

That’s not a scarecrow effect. A scarecrow is security theater that works: something that doesn’t actually prevent crime, but deters it by scaring off criminals. Mirkarimi is saying that they have the opposite effect; the cameras make victims feel safer than they really are.

Posted on August 17, 2007 at 1:25 PMView Comments

Wholesale Automobile Surveillance Comes to New York City

New York is installing an automatic toll-collection system for cars in the busiest parts of the city. It’s called congestion pricing, and it promises to reduce both traffic and pollution.

The problem is that it keeps an audit log of which cars are driving where. London’s congestion pricing system is already being used for counterterrorism purposes—and now for regular crime as well. The EZPass automatic toll collection system, used in New York and other places, has been used to prove infidelity in divorce court.

There are good reasons for having this system, but I am worried about another wholesale surveillance tool.

EDITED TO ADD (9/4): EZPass records have been used in criminal court as well.

Posted on August 17, 2007 at 6:48 AMView Comments

Police Data Mining Done Right

It’s nice to find an example of the police using data mining correctly: not as security theater, but more as a business-intelligence tool:

When Munroe took over as chief two years ago, his department was drowning in crime and data. Police had a mass of data from 911 calls and crime reports; what they didn’t have was a way to connect the dots and see a pattern of behaviour.

Using some sophisticated software and hardware they started overlaying crime reports with other data, such as weather, traffic, sports events and paydays for large employers. The data was analyzed three times a day and something interesting emerged: Robberies spiked on paydays near cheque cashing storefronts in specific neighbourhoods. Other clusters also became apparent, and pretty soon police were deploying resources in advance and predicting where crime was most likely to occur.

Posted on August 10, 2007 at 6:51 AMView Comments

1 22 23 24 25 26 39

Sidebar photo of Bruce Schneier by Joe MacInnis.