law enforcement Archives - Page 18 of 46

Entries Tagged "law enforcement"

Page 18 of 46

25% of U.S. Criminal Hackers are Police Informants

I have no idea if this is true:

In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In others, undercover FBI agents posing as “carders” —hackers specialising in ID theft —have themselves taken over the management of crime forums, using the intelligence gathered to put dozens of people behind bars.

So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. “Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation,” Corley told the Guardian.

But if I were the FBI, I would want everyone to believe that it’s true.

Posted on June 8, 2011 at 3:46 PM • View Comments

Security Risks of Running an Open WiFi Network

As I’ve written before, I run an open WiFi network. It’s stories like these that may make me rethink that.

The three stories all fall along the same theme: a Buffalo man, Sarasota man, and Syracuse man all found themselves being raided by the FBI or police after their wireless networks were allegedly used to download child pornography. “You’re a creep… just admit it,” one FBI agent was quoted saying to the accused party. In all three cases, the accused ended up getting off the hook after their files were examined and neighbors were found to be responsible for downloading child porn via unsecured WiFi networks.

EDITED TO ADD (4/29): The EFF is calling for an open wireless movement. I approve.

Posted on April 26, 2011 at 6:59 AM • View Comments

Software as Evidence

Increasingly, chains of evidence include software steps. It’s not just the RIAA suing people—and getting it wrong—based on automatic systems to detect and identify file sharers. It’s forensic programs used to collect and analyze data from computers and smart phones. It’s audit logs saved and stored by ISPs and websites. It’s location data from cell phones. It’s e-mails and IMs and comments posted to social networking sites. It’s tallies from digital voting machines. It’s images and meta-data from surveillance cameras. The list goes on and on. We in the security field know the risks associated with trusting digital data, but this evidence is routinely assumed by courts to be accurate.

Sergey Bratus is starting to look at this problem. His paper, written with Ashlyn Lembree and Anna Shubina, is “Software on the Witness Stand: What Should it Take for Us to Trust it?”

We discuss the growing trend of electronic evidence, created automatically by autonomously running software, being used in both civil and criminal court cases. We discuss trustworthiness requirements that we believe should be applied to such software and platforms it runs on. We show that courts tend to regard computer-generated materials as inherently trustworthy evidence, ignoring many software and platform trustworthiness problems well known to computer security researchers. We outline the technical challenges in making evidence-generating software trustworthy and the role Trusted Computing can play in addressing them.

From a presentation he gave on the subject:

Constitutionally, criminal defendants have the right to confront accusers. If software is the accusing agent, what should the defendant be entitled to under the Confrontation Clause?

[…]

Witnesses are sworn in and cross-examined to expose biases & conflicts—what about software as a witness?

Posted on April 19, 2011 at 6:47 AM • View Comments

New French Law Reduces Website Security

I didn’t know about this:

The law obliges a range of e-commerce sites, video and music services and webmail providers to keep a host of data on customers.

This includes users’ full names, postal addresses, telephone numbers and passwords. The data must be handed over to the authorities if demanded.

Police, the fraud office, customs, tax and social security bodies will all have the right of access.

The social benefits of anonymity aside, we’re all more secure if these websites do not have a file of everyone’s plaintext password.

EDITED TO ADD (4/12): Seems that the BBC article misstated the law. Companies have to retain information they already collect for a year after it is no longer required. So if they’re not already storing plaintext passwords, they don’t have to start.

Posted on April 11, 2011 at 1:20 PM • View Comments

Optical Stun Ray

It’s been patented; no idea if it actually works.

…newly patented device can render an assailant helpless with a brief flash of high-intensity light. It works by overloading the neural networks connected to the retina, saturating the target’s world in a blinding pool of white light. “It’s the inverse of blindness—the technical term is a loss of contrast sensitivity,” says Todd Eisenberg, the engineer who invented the device. “The typical response is for the person to freeze. Law enforcement can easily walk up and apprehend [the suspect].”

Posted on April 7, 2011 at 6:29 AM • View Comments

FBI Asks for Cryptanalysis Help

Could be interesting.

Posted on March 30, 2011 at 1:48 PM • View Comments

FBI and the Future of Wiretapping

Last month I posted Susan Landau’s testimony before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security on government eavesdropping. In fairness to the other side, here’s testimony of Valerie Caproni, General Counsel of the FBI.

Posted on March 11, 2011 at 6:06 AM • View Comments

Pickpockets are a Dying Breed

Pickpockets in America are dying out. This is the bit I found interesting:

And perhaps most important, the centuries-old apprenticeship system underpinning organized pickpocketing has been disrupted. Pickpocketing has always perpetuated itself by having older hooks—nicknamed “Fagins,” after the crime boss in Oliver Twist—teach younger ones the art, and then absorbing them into canons. But due to ratcheted-up law enforcement measures, including heftier sentences (in some states, a pick, defined as theft from the body of another person and charged as a felony regardless of the amount taken) and better surveillance of hot spots and known pickpockets, that system has been dismantled.

This is not the case in Europe, where pickpocketing has been less of a priority for law enforcement and where professionals from countries like Bulgaria and Romania, each with storied traditions of pickpocketing, are able to travel more freely since their acceptance into the European Union in 2007, developing their organizations and plying their trade in tourist hot spots like Barcelona, Rome, and Prague. “The good thieves in Europe are generally 22 to 35,” says Bob Arno, a criminologist and consultant who travels the world posing as a victim to stay atop the latest pickpocketing techniques and works with law enforcement agencies to help them battle the crime. “In America they are dying off, or they had been apprehended so many times that it’s easier for law enforcement to track them and catch them.”

Posted on March 3, 2011 at 6:35 AM • View Comments

The Security Threat of Forged Law-Enforcement Credentials

Here’s a U.S. Army threat assessment of forged law-enforcement credentials.

The authors bought a bunch of fake badges:

Between November 2009 and March 2010, undercover investigators were able to purchase nearly perfect counterfeit badges for all of the Department of Defense’s military criminal investigative organizations to include the Army Criminal Investigation Command (Army CID), Naval Criminal Investigative Service (NCIS), Air Force Office of Special Investigations (AFOSI), and the Marine Corps Criminal Investigation Division (USMC CID). Also, purchased was the badge for the Defense Criminal Investigative Service (DCIS).

Also available for purchase were counterfeit badges of 42 other federal law enforcement agencies including the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), Alcohol, Tobacco and Firearms (ATF), Secret Service, and the US Marshals Service.

Of the other federal law enforcement agency badges available, the investigators found exact reproductions of the badges issued to Federal Air Marshals, Transportation Security Administration (TSA) Screeners, TSA Inspectors, and Special Agents of the TSA Office of Inspector General.

Average price: $60.

Then, they tried using them:

During the period of January to June 2010, undercover investigators utilized fraudulent badges and credentials of the DoD’s military criminal investigative organizations to penetrate the security at: 6 military installations; 2 federal courthouses; and 3 state buildings in the New York and New Jersey area.

[…]

Once being granted access to the military installation or federal facility, the investigators proceeded to areas that were designed as “Restricted Area” or “Authorized Personnel Only” and were able to wander around without being challenged by employees or security personnel. On one military installation, investigators were able to go to the police station and request local background checks on several fictitious names. All that was required was displaying the fraudulent badge and credentials to a police officer working the communications desk.

The authors didn’t try it getting through airport security, but they mentioned a 2000 GAO report where investigators did:

The investigation found that investigators were 100% successful in penetrating 19 federal sites and 2 commercial airports by claiming to be law enforcement officers and entering the facilities unchecked by security where they could have carried weapons, listening devices, explosives, chemical/biological agents and other such materials.

Websites are listed in the report, if you want to buy your own fake badge and carry a gun onto an airplane.

I’ve written about this general problem before:

When faced with a badge, most people assume it’s legitimate. And even if they wanted to verify the badge, there’s no real way for them to do so.

The only solution, if this counts as one, is to move to real-time verification. A credit card used to be a credential; it gave the bearer certain privileges. But the problem of forged and stolen credit cards was so pervasive that the industry moved to a system where now the card is mostly a pointer to a database. Your passport, when you present it to the customs official in your home country, is basically the same thing. I’d like to be able to photograph a law-enforcement badge with my camera, send it to some police website, and get back a real-time verification—with picture—that the officer is legit.

Of course, that opens up an entire new set of database security issues, but I think they’re more manageable than what we have now.

Posted on January 13, 2011 at 8:00 AM • View Comments

Recording the Police

I’ve written a lot on the “War on Photography,” where normal people are harassed as potential terrorists for taking pictures of things in public. This article is different; it’s about recording the police:

Allison’s predicament is an extreme example of a growing and disturbing trend. As citizens increase their scrutiny of law enforcement officials through technologies such as cell phones, miniature cameras, and devices that wirelessly connect to video-sharing sites such as YouTube and LiveLeak, the cops are increasingly fighting back with force and even jail time—and not just in Illinois. Police across the country are using decades-old wiretapping statutes that did not anticipate iPhones or Droids, combined with broadly written laws against obstructing or interfering with law enforcement, to arrest people who point microphones or video cameras at them. Even in the wake of gross injustices, state legislatures have largely neglected the issue. Meanwhile, technology is enabling the kind of widely distributed citizen documentation that until recently only spy novelists dreamed of. The result is a legal mess of outdated, loosely interpreted statutes and piecemeal court opinions that leave both cops and citizens unsure of when recording becomes a crime.

This is all important. Being able to record the police is one of the best ways to ensure that the police are held accountable for their actions. Privacy has to be viewed in the context of relative power. For example, the government has a lot more power than the people. So privacy for the government increases their power and increases the power imbalance between government and the people; it decreases liberty. Forced openness in government—open government laws, Freedom of Information Act filings, the recording of police officers and other government officials, WikiLeaks—reduces the power imbalance between government and the people, and increases liberty.

Privacy for the people increases their power. It also increases liberty, because it reduces the power imbalance between government and the people. Forced openness in the people—NSA monitoring of everyone’s phone calls and e-mails, the DOJ monitoring everyone’s credit card transactions, surveillance cameras—decreases liberty.

I think we need a law that explicitly makes it legal for people to record government officials when they are interacting with them in their official capacity. And this is doubly true for police officers and other law enforcement officials.

EDITED TO ADD: Anthony Graber, the Maryland motorcyclist in the article, had all the wiretapping charges cleared.

Posted on December 21, 2010 at 1:39 PM • View Comments

←Previous 1 … 16 17 18 19 20 … 46 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.