Entries Tagged "crime"

Page 35 of 39

The Beginnings of a U.S. Government DNA Database

From the Washington Post:

Suspects arrested or detained by federal authorities could be forced to provide samples of their DNA that would be recorded in a central database under a provision of a Senate bill to expand government collection of personal data.

The controversial measure was approved by the Senate Judiciary Committee last week and is supported by the White House, but has not gone to the floor for a vote. It goes beyond current law, which allows federal authorities to collect and record samples of DNA only from those convicted of crimes. The data are stored in an FBI-maintained national registry that law enforcement officials use to aid investigations, by comparing DNA from criminals with evidence found at crime scenes.

[…]

The provision, co-sponsored by Kyl and Sen. John Cornyn (R-Tex.), does not require the government to automatically remove the DNA data of people who are never convicted. Instead, those arrested or detained would have to petition to have their information removed from the database after their cases were resolved.

Posted on September 27, 2005 at 11:31 AMView Comments

Automobile Identity Theft

This scam was uncovered in Israel:

  1. Thief rents a car.
  2. An identical car, legitimately owned, is found and its “identity” stolen.
  3. The stolen identity is applied to the rented car and is then offered for sale in a newspaper ad.
  4. Innocent buyer purchases the car from the thief as a regular private party sale.
  5. After a few days the thief steals the car back from the buyer and returns it to the rental shop.

What ended up happening is that the “new” owners claimed compensation for the theft and most of the damage was absorbed by the insurers.

Clever.

Posted on September 21, 2005 at 7:45 AMView Comments

Criminals Learn Forensic Science

Criminals are adapting to advances in forensic science:

There is an increasing trend for criminals to use plastic gloves during break-ins and condoms during rapes to avoid leaving their DNA at the scene. Dostie describes a murder case in which the assailant tried to wash away his DNA using shampoo. Police in Manchester in the UK say that car thieves there have started to dump cigarette butts from bins in stolen cars before they abandon them. “Suddenly the police have 20 potential people in the car,” says Rutty.

The article also talks about forensic-science television shows changing the expectations of jurors.

“Jurors who watch CSI believe that those scenarios, where forensic scientists are always right, are what really happens,” says Peter Bull, a forensic sedimentologist at the University of Oxford. It means that in court, juries are not impressed with evidence presented in cautious scientific terms.

Detective sergeant Paul Dostie, of Mammoth Lakes Police Department, California, found the same thing when he conducted a straw poll of forensic investigators and prosecutors. “They all agree that jurors expect more because of CSI shows,” he says. And the “CSI effect” goes beyond juries, says Jim Fraser, director of the Centre for Forensic Science at the University of Strathclyde, UK. “Oversimplification of interpretations on CSI has led to false expectations, especially about the speed of delivery of forensic evidence,” he says.

Posted on September 9, 2005 at 7:16 AMView Comments

Identity Cards Don't Help

Emily Finch, of the University of East Anglia, has researched criminals and how they adapt their fraud techniques to identity cards, especially the “chip and PIN” system that is currently being adapted in the UK. Her analysis: the security measures don’t help:

“There are various strategies that fraudsters use to get around the pin problem,” she said. “One of the things that is very clear is that it is a difficult matter for a fraudster to get hold of somebody’s card and then find out the pin.

“So the focus has been changed to finding the pin first, which is very, very easy if you are prepared to break social convention and look when people type the number in at the point of sale.”

Reliance in the technology actually reduces security, because people stop paying attention:

“One of the things we found quite alarming was how much the human element has been taken out of point-of-sale transactions,” Dr Finch said. “Point-of-sale staff are told to look away when people put their pin number in; so they don’t check at all.”

[…]

Some strategies relied on trust. Another fraudster trick was to produce a stolen card and pretend to misremember the number and search for it on a piece of paper.

Imagine, she said, someone searching for a piece of paper and saying, “Oh yes, that’s my signature”; there would be instant suspicion.

But there was utter trust in the new technology to pick up a fraudulent transaction, and criminals exploited this trust to get around the problem of having to enter a pin number.

“You go in, you put the card in, you type any number because you don’t know what it is. It won’t go through. The fraudster—because fraudsters are so good with people—says, ‘Oh, it’s no good, I haven’t got the hang of this yet. I could have sworn that was my number… I’ve probably got it confused with my other card.’

“They chat for a bit. The sales assistant, who is either disinterested or sympathetic, falls back on the old system, and swipes the card through.

“Because a relationship of empathy has already been established, and because they have already become accustomed to averting their gaze when people put pin numbers in, they don’t check the signature at all.

“So fraud is actually easier. There is very little vigilance at the point of sale any more. Fraudsters know this and they are taking advantage of it.”

I’ve been saying this kind of thing for a while, and it’s nice to read about some research that backs it up.

Other articles on the research are here, here, and here.

Posted on September 6, 2005 at 4:07 PMView Comments

The Keys to the Sydney Subway

Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.

This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them.

Unfortunately, this isn’t a thief who got lucky. It happened twice, and it’s possible that the keys were the target:

The keys, each of which could start every train, were taken in separate robberies within hours of each other from the North Shore Line although police believed the thefts were unrelated, a RailCorp spokeswoman said.

The first incident occurred at Gordon station when the driver of an empty train was robbed of the keys by two balaclava-clad men shortly after midnight on Sunday morning.

The second theft took place at Waverton Station on Sunday night when a driver was robbed of a bag, which contained the keys, she said.

So, what can someone do with the master key to the Sydney subway? It’s more likely a criminal than a terrorist, but even so it’s definitely a serious issue:

A spokesman for RailCorp told the paper it was taking the matter “very seriously,” but would not change the locks on its trains.

Instead, as of Sunday night, it had increased security around its sidings, with more patrols by private security guards and transit officers.

The spokesman said a “range of security measures” meant a train could not be stolen, even with the keys.

I don’t know if RailCorp should change the locks. I don’t know the risk: whether that “range of security measures” only protects against train theft—an unlikely scenario, if you ask me—or other potential scenarios as well. And I don’t know how expensive it would be to change the locks.

Another problem with global secrets is that it’s expensive to recover from a security failure.

And this certainly isn’t the first time a master key fell into the wrong hands:

Mr Graham said there was no point changing any of the metropolitan railway key locks.

“We could change locks once a week but I don’t think it reduces in any way the security threat as such because there are 2000 of these particular keys on issue to operational staff across the network and that is always going to be, I think, an issue.”

A final problem with global secrets is that it’s simply too easy to lose control of them.

Moral: Don’t rely on global secrets.

Posted on September 1, 2005 at 8:06 AMView Comments

Identity Thief Steals House

From Plastic:

James Cook left on a business trip to Florida, and his wife Paula went to Oklahoma to care for her sick mother. When the two returned to Frisco, Texas, several days later, their keys didn’t work. The locks on the house had been changed.

They spent their first night back sleeping in a walk-in closet, with a steel pipe ready to cold-cock any intruders. The next day, they met the man who thought he owned their house, because he had put a US$12,000 down payment to someone named Carlos Ramirez. The Cooks went to the Denton County Courthouse and checked their title. Someone had forged Paula Cook’s maiden name, Paula Smart, and transferred the deed to Carlos Ramirez. Paula’s identity was not only stolen, but the thief also stole her house. Even the police said they’ve never seen a case like this one, but suspect the criminal was able to steal the identity and the house with just Mrs. Cook’s Social Security number, driver’s license number and a copy of her signature.

This is a perfect example of the sort of fraud issue that a national ID card won’t solve. The problem is not that identity credentials are too easy to forge. The problem is that the criminal needed nothing more than “Mrs. Cook’s Social Security number, driver’s license number and a copy of her signature.” And the solution isn’t a harder-to-forge card; the solution is to make the procedure for transferring real-estate ownership more onerous. If the Denton County Courthouse had better transaction authentication procedures, the particulars of identity authentication—a national ID, a state driver’s license, biometrics, or whatever—wouldn’t matter.

If we are ever going to solve identity theft, we need to think about it properly. The problem isn’t misused identity information; the problem is fraudulent transactions.

Posted on August 29, 2005 at 7:42 AMView Comments

Cryptographically-Secured Murder Confession

From the Associated Press:

Joseph Duncan III is a computer expert who bragged online, days before authorities believe he killed three people in Idaho, about a tell-all journal that would not be accessed for decades, authorities say.

Duncan, 42, a convicted sex offender, figured technology would catch up in 30 years, “and then the world will know who I really was, and what I really did, and what I really thought,” he wrote May 13.

Police seized Duncan’s computer equipment from his Fargo apartment last August, when they were looking for evidence in a Detroit Lakes, Minn., child molestation case.

At least one compact disc and a part of his hard drive were encrypted well enough that one of the region’s top computer forensic specialists could not access it, The Forum reported Monday.

This is the kind of story that the government likes to use to illustrate the dangers of encryption. How can we allow people to use strong encryption, they ask, if it means not being able to convict monsters like Duncan?

But how is this different than Duncan speaking the confession when no one was able to hear? Or writing it down and hiding it where no one could ever find it? Or not saying anything at all? If the police can’t convict him without this confession—which we only have his word for as existing—then maybe he’s innocent?

Technologies have good and bad uses. Encryption, telephones, cars: they’re all used by both honest citizens and by criminals. For almost all technologies, the good far outweighs the bad. Banning a technology because the bad guys use it, denying everyone else the beneficial uses of that technology, is almost always a bad security trade-off.

EDITED TO ADD: Looking at the details of the encryption, it’s certainly possible that the authorities will break the diary. It probably depends on how random a key Duncan chose, although possibly on whether or not there’s an implementation error in the cryptographic software. If I had more details, I could speculate further.

Posted on August 15, 2005 at 2:17 PMView Comments

Low-Tech Loitering Countermeasure

Amazingly, this works:

To clear out undesirables, opera and classical music have been piped into Canadian parks, Australian railway stations, 7-Eleven parking lots and, most recently, London Underground stops.

According to most reports, it works. Figures from the British capital released in January showed robberies in the subway down by 33 percent, assaults on staff by 25 percent and vandalism of trains and stations by 37 percent. Sources in other locales have reported fewer muggings and drug deals. London authorities now plan to expand the playing of Mozart, Vivaldi, Handel and opera (sung by Pavarotti) from three tube stations to an additional 35.

It’s not new:

But as Kahle points out, “It’s well known within the industry that classical music discourages teen loitering. It was first used by 7-11 stores across the country over a decade ago.”

Note that this does not reduce loitering, but moves it around. But if you’re the owner of a 7-Eleven, you don’t care if kids are loitering at the store down the block. You just don’t want them loitering at your store.

Posted on August 6, 2005 at 7:46 AMView Comments

How to Not Fix the ID Problem

Several of the 9/11 terrorists had Virginia driver’s licenses in fake names. These were not forgeries; these were valid Virginia IDs that were illegally sold by Department of Motor Vehicle workers.

So what did Virginia do to correct the problem? They required more paperwork in order to get an ID.

But the problem wasn’t that it was too easy to get an ID. The problem was that insiders were selling them illegally. Which is why the Virginia “solution” didn’t help, and the problem remains:

The manager of the Virginia Department of Motor Vehicles office at Springfield Mall was charged yesterday with selling driver’s licenses to illegal immigrants and others for up to $3,500 apiece.

The arrest of Francisco J. Martinez marked the second time in two years that a Northern Virginia DMV employee was accused of fraudulently selling licenses for cash. A similar scheme two years ago at the DMV office in Tysons Corner led to the guilty pleas of two employees.

And after we spend billions on the REAL ID act, and require even more paperwork to get a state ID, the problem will still remain.

Posted on July 19, 2005 at 1:15 PMView Comments

1 33 34 35 36 37 39

Sidebar photo of Bruce Schneier by Joe MacInnis.