Entries Tagged "police"

Page 10 of 29

Bomb Threats As a Denial-of-Service Attack

The University of Pittsburgh has been the recipient of 50 bomb threats in the past two months (over 30 during the last week). Each time, the university evacuates the threatened building, searches it top to bottom—one of the threatened buildings is the 42-story Cathedral of Learning—finds nothing, and eventually resumes classes. This seems to be nothing more than a very effective denial-of-service attack.

Police have no leads. The threats started out as handwritten messages on bathroom walls, but are now being sent via e-mail and anonymous remailers. (Here is a blog and a
Google Docs spreadsheet documenting the individual threats.)

The University is implementing some pretty annoying security theater in response:

To enter secured buildings, we all will need to present a University of Pittsburgh ID card. It is important to understand that book bags, backpacks and packages will not be allowed. There will be single entrances to buildings so there will be longer waiting times to get into the buildings. In addition, non-University of Pittsburgh residents will not be allowed in the residence halls.

I can’t see how this will help, but what else can the University do? Their incentives are such that they’re stuck overreacting. If they ignore the threats and they’re wrong, people will be fired. If they overreact to the threats and they’re wrong, they’ll be forgiven. There’s no incentive to do an actual cost-benefit analysis of the security measures.

For the attacker, though, the cost-benefit payoff is enormous. E-mails are cheap, and the response they induce is very expensive.

If you have any information about the bomb threatener, contact the FBI. There’s a $50,000 reward waiting for you. For the university, paying that would be a bargain.

Posted on April 12, 2012 at 1:34 PMView Comments

Law Enforcement Forensics Tools Against Smart Phones

Turns out the password can be easily bypassed:

XRY works by first jailbreaking the handset. According to Micro Systemation, no ‘backdoors’ created by Apple used, but instead it makes use of security flaws in the operating system the same way that regular jailbreakers do.

Once the iPhone has been jailbroken, the tool then goes on to ‘brute-force’ the passcode, trying every possible four digit combination until the correct password has been found. Given the limited number of possible combinations for a four-digit passcode—10,000, ranging from 0000 to 9999—this doesn’t take long.

Once the handset has been jailbroken and the passcode guessed, all the data on the handset, including call logs, messages, contacts, GPS data and even keystrokes, can be accessed and examined.

One of the morals is to use an eight-digit passcode.

EDITED TO ADD (4/13): This has been debunked. The 1Password blog has a fairly lengthy post discussing the details of the XRY tool.

Posted on April 3, 2012 at 2:01 PMView Comments

Full-Disk Encryption Works

According to researchers, full-disk encryption is hampering police forensics.

The authors of the report suggest there are some things law enforcement can do, but they all must happen prior to a drive being buttoned up by encryption. Specifically, they say that law enforcement should stop turning computers off to bring them to another location for study, doing so only causes the need for a password to be entered to read the encrypted data. Also, in some cases, doing so causes the data to be automatically destroyed. Fortunately, there are some tools forensics experts can use to gather data if it sits untouched, such as copying everything in memory to a separate disk. The team also suggests that law enforcement look first to see if the drive has been encrypted before scanning it with their own software, as doing so will likely result in a lot of wasted time.

Paper, behind a paywall.

Posted on December 1, 2011 at 1:44 PMView Comments

Detecting Psychopaths by their Speech Patterns

Interesting:

The researchers interviewed 52 convicted murderers, 14 of them ranked as psychopaths according to the Psychopathy Checklist-Revised, a 20-item assessment, and asked them to describe their crimes in detail. Using computer programs to analyze what the men said, the researchers found that those with psychopathic scores showed a lack of emotion, spoke in terms of cause-and-effect when describing their crimes, and focused their attention on basic needs, such as food, drink and money.

[…]

To examine the emotional content of the murderers’ speech, Hancock and his colleagues looked at a number of factors, including how frequently they described their crimes using the past tense. The use of the past tense can be an indicator of psychological detachment, and the researchers found that the psychopaths used it more than the present tense when compared with the nonpsychopaths. They also found more dysfluencies—the “uhs” and “ums” that interrupt speech—among psychopaths. Nearly universal in speech, dysfluencies indicate that the speaker needs some time to think about what they are saying.

I worry about people being judged by these criteria. Psychopaths make up about 1% of the population, so even a small false-positive rate can be a significant problem.

Posted on November 17, 2011 at 6:37 AMView Comments

Weaponized UAV Drones in the Hands of Local Police

Why does anyone think this is a good idea?

The police in Montgomery County – and area north of Houston, Texas – is the first local police in the united States to deploy a drone that can carry weapons.

[…]

He said they are designed to carry weapons for local law enforcement. “The aircraft has the capability to have a number of different systems on board. Mostly, for law enforcement, we focus on what we call less lethal systems,” he said, including Tazers that can send a jolt to a criminal on the ground or a gun that fires bean bags known as a “stun baton.”

“You have a stun baton where you can actually engage somebody at altitude with the aircraft. A stun baton would essentially disable a suspect,” he said.

I’m sure it works much better in the movies than it does in real life.

Posted on November 4, 2011 at 5:05 AMView Comments

Cell Phone Surveillance System

I was not surprised that police forces are buying this system, but at its capabilities.

Britain’s largest police force is operating covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area.

The surveillance system has been procured by the Metropolitan police from Leeds-based company Datong plc, which counts the US Secret Service, the Ministry of Defence and regimes in the Middle East among its customers. Strictly classified under government protocol as “Listed X”, it can emit a signal over an area of up to an estimated 10 sq km, forcing hundreds of mobile phones per minute to release their unique IMSI and IMEI identity codes, which can be used to track a person’s movements in real time.

[…]

Datong’s website says its products are designed to provide law enforcement, military, security agencies and special forces with the means to “gather early intelligence in order to identify and anticipate threat and illegal activity before it can be deployed”.

The company’s systems, showcased at the DSEi arms fair in east London last month, allow authorities to intercept SMS messages and phone calls by secretly duping mobile phones within range into operating on a false network, where they can be subjected to “intelligent denial of service”. This function is designed to cut off a phone used as a trigger for an explosive device.

A transceiver around the size of a suitcase can be placed in a vehicle or at another static location and operated remotely by officers wirelessly. Datong also offers clandestine portable transceivers with “covered antennae options available”. Datong sells its products to nearly 40 countries around the world, including in Eastern Europe, South America, the Middle East and Asia Pacific.

Company website.

Posted on October 31, 2011 at 12:29 PMView Comments

1 8 9 10 11 12 29

Sidebar photo of Bruce Schneier by Joe MacInnis.