The Collar Bomb Robbery
Really interesting story of the collar-bomb robbery—and subsequent investigation—from 2003.
Entries Tagged "law enforcement"
Page 16 of 46
Tagging People with Invisible Ink
In Montreal, police marked protesters with invisible ink to be able to identify them later. The next step is going to be a spray that marks people surreptitiously, maybe with SmartWater.
EDITED TO ADD (12/14): Official explanation.
Full-Disk Encryption Works
According to researchers, full-disk encryption is hampering police forensics.
The authors of the report suggest there are some things law enforcement can do, but they all must happen prior to a drive being buttoned up by encryption. Specifically, they say that law enforcement should stop turning computers off to bring them to another location for study, doing so only causes the need for a password to be entered to read the encrypted data. Also, in some cases, doing so causes the data to be automatically destroyed. Fortunately, there are some tools forensics experts can use to gather data if it sits untouched, such as copying everything in memory to a separate disk. The team also suggests that law enforcement look first to see if the drive has been encrypted before scanning it with their own software, as doing so will likely result in a lot of wasted time.
Paper, behind a paywall.
Detecting Psychopaths by their Speech Patterns
The researchers interviewed 52 convicted murderers, 14 of them ranked as psychopaths according to the Psychopathy Checklist-Revised, a 20-item assessment, and asked them to describe their crimes in detail. Using computer programs to analyze what the men said, the researchers found that those with psychopathic scores showed a lack of emotion, spoke in terms of cause-and-effect when describing their crimes, and focused their attention on basic needs, such as food, drink and money.
[…]
To examine the emotional content of the murderers’ speech, Hancock and his colleagues looked at a number of factors, including how frequently they described their crimes using the past tense. The use of the past tense can be an indicator of psychological detachment, and the researchers found that the psychopaths used it more than the present tense when compared with the nonpsychopaths. They also found more dysfluencies—the “uhs” and “ums” that interrupt speech—among psychopaths. Nearly universal in speech, dysfluencies indicate that the speaker needs some time to think about what they are saying.
I worry about people being judged by these criteria. Psychopaths make up about 1% of the population, so even a small false-positive rate can be a significant problem.
Weaponized UAV Drones in the Hands of Local Police
Why does anyone think this is a good idea?
The police in Montgomery County – and area north of Houston, Texas – is the first local police in the united States to deploy a drone that can carry weapons.
[…]
He said they are designed to carry weapons for local law enforcement. “The aircraft has the capability to have a number of different systems on board. Mostly, for law enforcement, we focus on what we call less lethal systems,” he said, including Tazers that can send a jolt to a criminal on the ground or a gun that fires bean bags known as a “stun baton.”
“You have a stun baton where you can actually engage somebody at altitude with the aircraft. A stun baton would essentially disable a suspect,” he said.
I’m sure it works much better in the movies than it does in real life.
Cell Phone Surveillance System
I was not surprised that police forces are buying this system, but at its capabilities.
Britain’s largest police force is operating covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area.
The surveillance system has been procured by the Metropolitan police from Leeds-based company Datong plc, which counts the US Secret Service, the Ministry of Defence and regimes in the Middle East among its customers. Strictly classified under government protocol as “Listed X”, it can emit a signal over an area of up to an estimated 10 sq km, forcing hundreds of mobile phones per minute to release their unique IMSI and IMEI identity codes, which can be used to track a person’s movements in real time.
[…]
Datong’s website says its products are designed to provide law enforcement, military, security agencies and special forces with the means to “gather early intelligence in order to identify and anticipate threat and illegal activity before it can be deployed”.
The company’s systems, showcased at the DSEi arms fair in east London last month, allow authorities to intercept SMS messages and phone calls by secretly duping mobile phones within range into operating on a false network, where they can be subjected to “intelligent denial of service”. This function is designed to cut off a phone used as a trigger for an explosive device.
A transceiver around the size of a suitcase can be placed in a vehicle or at another static location and operated remotely by officers wirelessly. Datong also offers clandestine portable transceivers with “covered antennae options available”. Datong sells its products to nearly 40 countries around the world, including in Eastern Europe, South America, the Middle East and Asia Pacific.
Company website.
Demands from Law Enforcement for Google Data
Google releases statistics:
Google received more than 15,600 requests in the January-June period, 10 percent more than the final six months of last year. The requests in the latest period spanned more than 25,400 individual accounts worldwide – a tiny fraction of Google’s more than billion users.
[…]
The highest volume of government demands for user data came from the U.S. (5,950 requests, a 29 percent increase from the previous six-month stretch); India (1,739 requests, up 2 percent); France (1,300 requests, up 27 percent); Britain (1,273 requests, up 10 percent); and Germany (1,060 requests, up 38 percent).
[…]
The company usually complies with at least a portion of most government demands. Google has said that it often has little choice because it must obey laws in the countries where it operates. The alternative is to leave, as it did last year when it shifted its search engine to Hong Kong so it wouldn’t have to follow mainland China’s censorship requirements.
In the U.S., Google gave federal, state and other agencies what they wanted 93 percent of the time. The nearly 6,000 requests affected more than 11,000 user accounts during the January-June period.
In India, Google honored 70 percent of the 1,739 requests, which targeted more than 2,400 users, the second highest totals.
Google, which is based in Mountain View, Calif., rejected the most government demands for user information in Argentina, where 68 percent of the requests were denied. Less than 50 percent of the government requests for user data were complied with in Canada, Chile, France, Hong Kong, Mexico, the Netherlands, Russia, Turkey and South Korea.
I’m sure they have an office full of attorneys versed in the laws of various countries.
Another article.
Burglars Tip Off Police About Bigger Crime
I find this fascinating:
A central California man has been arrested for possession of child pornography, thanks to a tip from burglars who robbed the man’s property, authorities said.
I am reminded of the UK story of a burglar finding some military secrets on a laptop—or perhaps a USB drive—that he stole, and returning them with a comment that was something like: “I’m a crook; I’m not a bloody traitor.”
Official Malware from the German Police
The Chaos Computer Club has disassembled and analyzed the Trojan used by the German police for legal intercept. In its default mode, it takes regular screenshots of the active window and sends it to the police. It encrypts data in AES Electronic Codebook mode with—are you ready?—a fixed key across all versions. There’s no authentication built in, so it’s easy to spoof. It sends data to a command-and-control server in the U.S., which is almost certainly against German law. There’s code to allow the controller to install additional software onto the target machine, but that’s not authenticated either, so it would be easy to fool the Trojan into installing anything.
Detailed analysis in German. F-Secure has announced it will treat the Trojan as malware. I hope all the other anti-virus companies will do the same.
EDITED TO ADD (10/12): Another story. And some good information on the malware. Germany’s Justice Minister is calling for an investigation.
FBI-Sponsored Backdoors
From a review of Susan Landau’s Surveillance or Security?:
To catch up with the new technologies of malfeasance, FBI director Robert Mueller traveled to Silicon Valley last November to persuade technology companies to build “backdoors” into their products. If Mueller’s wish were granted, the FBI would gain undetected real-time access to suspects’ Skype calls, Facebook chats, and other online communicationsand in “clear text,” the industry lingo for unencrypted data. Backdoors, in other words, would make the Internet—and especially its burgeoning social media sector—”wiretappable.”
This is one of the cyber threats I talked about last week: insecurities deliberately created in some mistaken belief that they will stop crime. Once you build a backdoor into a product, you need to ensure that only the good guys use that backdoor, and only when they should. We’d all be much more secure if the backdoor didn’t exist at all.
Sidebar photo of Bruce Schneier by Joe MacInnis.