Government

Victims Aren't Reporting Ransomware Attacks, FBI Report Concludes (bleepingcomputer.com) 72

Catalin Cimpanu, writing for BleepingComputer: Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report (PDF), released yesterday by the FBI's Internet Crime Complaint Center (IC3). During 2016, FBI IC3 officials said they received only 2,673 complaints regarding ransomware incidents, which ranked ransomware as the 22nd most reported cyber-crime in the US, having caused just over $2.4 million in damages (ranked 25th). The numbers are ridiculously small compared to what happens in the real world, where ransomware is one of today's most prevalent cyber-threats, according to multiple reports from cyber-security companies.
Social Networks

Supreme Court Rules Sex Offenders Can't Be Barred From Social Media (gizmodo.com) 114

An anonymous reader quotes a report from Gizmodo: In a unanimous decision today, the Supreme Court struck down a North Carolina law that prevents sex offenders from posting on social media where children might be present, saying it "impermissibly restricts lawful speech." In doing so, the Supreme Court asserted what we all know to be true: Posting is essential to the survival of the republic. The court ruled that to "foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights." The court correctly noted that "one of the most important places to exchange views is cyberspace." The North Carolina law was ruled to be overly broad, barring "access to what for many are the principal sources for knowing current events, checking ads for employment, speaking and listening in the modern public square, and otherwise exploring the vast realms of human thought and knowledge."
The Almighty Buck

Is Coinbase Closing Accounts For Paying Ransoms With Bitcoins? (coindesk.com) 200

Even as some comparnies are stockpiling bitcoins so they can quickly pay ransom demands, security firms that try paying those ransoms may face losing their accounts on Coinbase. Slashdot reader Mosquito Bites quotes a report from CoinDesk: Less than a year ago, Vinny Troia, CEO and principal security consultant of Night Lion Security and a certified white hat hacker, was sent a compliance form by US bitcoin exchange Coinbase, where he had an account. Coinbase wanted to know how Troia was using bitcoin and his account. "I told them I run a security firm. I pay for ransoms and buy documents on the dark web when clients request it," Troia told CoinDesk. The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years. Many, like the well-publicized WannaCry attack, are asking for bitcoin.

And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.

United States

Louisville's Fiber Internet Expansion Opposed By Koch Brothers Group (usatoday.com) 230

Slashdot reader simkel shared an article from the Courier-Journal: A group affiliated with the Koch brothers' powerful political network is leading an online campaign against Mayor Greg Fischer's $5.4 million proposal to expand Louisville's ultra-fast internet access... Critics argue that building roughly 96 miles of fiber optic cabling is an unnecessary taxpayer giveaway to internet service providers, such as Google Fiber, which recently announced plans to begin building its high-speed network in the city. "Fundamentally, we don't believe that taxpayers should be funding broadband or internet systems," said David Williams, president of the taxpayers alliance, which is part of industrialists Charles and David Koch's political donor network... The group says $5.4 million is a misuse of taxpayer funds when the city has other needs, such as infrastructure and public safety.
To shore up public support, the mayor has begun arguing that high-speed connectivity would make it cheaper to install crime-monitoring cameras in violent neighborhoods.
Facebook

Facebook Exposes Employee Data To Terrorists (theguardian.com) 50

An anonymous reader writes: The Guardian is reporting that Facebook accidentally exposed the personal information of the moderators that remove terrorist content to the groups that posted that very content. From the article it looks like 6 of them actually had their profiles viewed. From the article, "The security lapse affected more than 1,000 workers across 22 departments at Facebook who used the company's moderation software to review and remove inappropriate content from the platform, including sexual material, hate speech and terrorist propaganda."

What are Facebook's responsibilities here?


Piracy

HBO, Netflix, Other Hollywood Companies Join Forces To Fight Piracy (theverge.com) 195

New submitter stikves writes: It looks like media and technology companies are forming a group to "fight piracy." The Verge reports: "A group of 30 entertainment companies, including power players like Netflix, HBO, and NBCUniversal, have joined forces today in an effort to fight online piracy. The new group is called the Alliance for Creativity and Entertainment (ACE), and the partnership, while somewhat thin on specifics, will allow the content creators involved to pool resources to conduct research and work closely with law enforcement to find and stop pirates from stealing movies and TV shows. The first-of-its-kind alliance is composed of digital media players, networks, and Hollywood outfits, and all recognize how the internet has paved the way to an explosion in quality online content. However, piracy has boomed as a result: ACE says that last year saw 5.4 billion downloads of pirated films and TV shows." I'm not sure how these statistics hold against real revenue loss (or the imaginary one), however this might be a development to watch for.
The Almighty Buck

Kim Dotcom Loses Latest Battle To Recover Seized Assets (cnet.com) 58

The Justice Department wants to keep Kim Dotcom's millions of dollars worth of seized assets, citing the Megaupload founder's fugitive status. The department filed a brief on Friday, which cited his fugitive status as well as a lack of evidence supporting claims that poor health was preventing him from entering the U.S. CNET reports: Dotcom has been in the news since 2012, when the FBI and the US Department of Justice shut down file-sharing site Megaupload and charged the site's operators with the piracy-related offenses. The U.S. government also seized $42 million in assets. Dotcom, alongside Mathias Ortmann, Bram van der Kolk and Finn Batato, are wanted for trial in the U.S. on 13 counts, including copyright infringement, conspiracy to commit racketeering, money laundering and wire fraud. In February, the New Zealand High Court found that Dotcom, a New Zealand resident, and his co-accused were eligible for extradition to the United States.
Communications

FCC Can't Cap the Cost of Cross-State Prison Phone Calls, Court Rules (theverge.com) 173

An anonymous reader quotes a report from The Verge: The Federal Communications Commission does not have the authority to cap the cost of prison and jail phone calls within states, an appeals court ruled in a decision today, dealing a massive blow to inmates and their advocates who have spent years litigating caps on the cost of such calls. Over several years, the FCC, under Democratic leadership, moved to cap the cost of calls for inmates. Activists argued that prisoners were effectively being extorted by private companies charging exorbitant rates -- a move that benefited private prisons and the states that got cuts of the revenue. Some of those states joined with companies in appealing the FCC's rules. The agency first moved to cap rates across state lines, and then, later, within states. Today, the court ruled that the FCC had overstepped when it attempted to regulate the price of calls within states. In the majority opinion, the court left little wiggle room for advocates of price-capping, with the possible exception of the cross-state caps, which are a minority of calls made by inmates. The opinion vacated not only the agency's proposed caps for in-state calls, but said the agency also lacked justification to require reports on video calling services. It also vacated a provision that would ban site commission payments.
Bitcoin

Opioid Dealers Embrace the Dark Web To Send Deadly Drugs by Mail (nytimes.com) 175

Anonymous online sales are surging, and people are dying. Despite dozens of arrests, new merchants -- many based in Asia -- quickly pop up. From a report on the New York Times: In a growing number of arrests and overdoses, law enforcement officials say, the drugs are being bought online. Internet sales have allowed powerful synthetic opioids such as fentanyl -- the fastest-growing cause of overdoses nationwide -- to reach living rooms in nearly every region of the country, as they arrive in small packages in the mail (syndicated source). The authorities have been frustrated in their efforts to crack down on the trade because these sites generally exist on the so-called dark web, where buyers can visit anonymously using special browsers and make purchases with virtual currencies like Bitcoin. The problem of dark web sales appeared to have been stamped out in 2013, when the authorities took down the most famous online marketplace for drugs, known as Silk Road. But since then, countless successors have popped up, making the drugs readily available to tens of thousands of customers who would not otherwise have had access to them. Among the dead are two 13-year-olds, Grant Seaver and Ryan Ainsworth, who died last fall in the wealthy resort town of Park City, Utah, after taking a synthetic opioid known as U-47700 or Pinky. The boys had received the powder from another local teenager, who bought the drugs on the dark web using Bitcoin, according to the Park City police chief.
United Kingdom

British PM Seeks Ban On Encryption After Terror Attack (boingboing.net) 339

"British Prime Minister Theresa May has used last Saturday's terrorist attack to again push for a ban on encryption," according to ITWire. Slashdot reader troublemaker_23 shared their article, which quotes this strong rebuttal from Cory Doctorow: Use deliberately compromised cryptography, that has a back door that only the "good guys" are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption... Theresa May doesn't understand technology very well, so she doesn't actually know what she's asking for. For Theresa May's proposal to work, she will need to stop Britons from installing software that comes from software creators who are out of her jurisdiction... any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts, which is also the only educational institution whose computer science department believes in 'golden keys' that only let the right sort of people break your encryption.
Crime

Prosectors Say the Kansas Shooting of Garmin Engineers Was a Hate Crime (theverge.com) 227

An anonymous reader quotes a report from The Verge: Federal prosecutors have filed a hate crime charge against 51-year-old Kansas resident Adam Purinton, according to the Department of Justice. Purinton, who is accused of shooting three people in an Olathe bar, reportedly told a local Garmin engineer to "get out of my country" before opening fire. Purinton is currently being held on first-degree murder charges filed by local prosecutors. Today's indictment accuses Purinton of committing murder "because of Kuchibhotla's actual and perceived race, color, religion and national origin," with additional charges for the attempted murder of Madasani and violations of federal firearm statutes. The Justice Department declined to say whether it will pursue the death penalty, although it is authorized by the hate crime statute.
Government

Edward Snowden On Trump Administration's Recent Arrest of an Alleged Journalistic Source (freedom.press) 342

Snowden writes: Winner is accused of serving as a journalistic source for a leading American news outlet about a matter of critical public importance. For this act, she has been charged with violating the Espionage Act -- a World War I era law meant for spies -- which explicitly forbids the jury from hearing why the defendant acted, and bars them from deciding whether the outcome was to the public's benefit. This often-condemned law provides no space to distinguish the extraordinary disclosure of inappropriately classified information in the public interest -- whistleblowing -- from the malicious disclosure of secrets to foreign governments by those motivated by a specific intent to harm to their countrymen. The prosecution of any journalistic source without due consideration by the jury as to the harm or benefit of the journalistic activity is a fundamental threat to the free press. As long as a law like this remains on the books in a country that values fair trials, it must be resisted. No matter one's opinions on the propriety of the charges against her, we should all agree Winner should be released on bail pending trial. Even if you take all the government allegations as true, it's clear she is neither a threat to public safety nor a flight risk. To hold a citizen incommunicado and indefinitely while awaiting trial for the alleged crime of serving as a journalistic source should outrage us all.
Cellphones

Police In Oklahoma Have Cracked Hundreds of People's Cell Phones (vice.com) 73

An anonymous reader shares an excerpt from a report via Motherboard: Mobile phone forensic extraction devices have been a law enforcement tool for years now, and the number of agencies using them is only rising. As part of an ongoing investigation, we have finally been able to turn up some usage logs of this equipment, from Tulsa Police Department, and Tucson Police Department. While the logs do not list the cause of the crime or any other notes about why the phone was being searched, it does list the make of the phone, the date, and the type of extraction. First, let's go over what extraction devices are being used here. Tucson PD opted for the brand that is arguably the worldwide leader in mobile device forensics, the Israeli company Cellebrite. Tulsa Police Department however opted for a few different models -- they purchased two different password breakers from Teel Technologies in 2015, and in March 2016 gave about $1,500 to Susteen for their SecureView extraction device (SecureView was the product Susteen created when the FBI requested they create a more advanced extraction device for them). It does its work instantly, and has an incredible reach into a phone's data. They renewed this contract in 2017. In August 2016 they also purchased the Detective extraction device from Oxygen Forensics. Oxygen is much less common than Cellebrite, from what we have found. The kicker really is how often these are being used -- it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone's data. Even for the 316 times Tucson PD used theirs in the last year, it is still a real stretch to think that some low-level non-violent offenders weren't on the receiving end. There are some days where the devices were used multiple times -- Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren't even able to understand the why.
Privacy

Supreme Court Agrees To Decide Major Privacy Case On Cellphone Data (reuters.com) 82

An anonymous reader shares a report: The U.S. Supreme Court on Monday agreed to hear a major case on privacy rights in the digital age that will determine whether police officers need warrants to access past cellphone location information kept by wireless carriers. The justices agreed to hear an appeal brought by a man who was arrested in 2011 as part of an investigation into a string of armed robberies at Radio Shack and T-Mobile stores in the Detroit area over the preceding months. Police helped establish that the man, Timothy Carpenter, was near the scene of the crimes by securing cell site location information from his cellphone carrier. At issue is whether failing to obtain a warrant violates a defendant's right to be free from unreasonable searches and seizures under the U.S. Constitution's Fourth Amendment. The information that law enforcement agencies can obtain from wireless carriers shows which local cellphone towers users connect to at the time they make calls. Police can use historical data to determine if a suspect was in the vicinity of a crime scene or real-time data to track a suspect.
United Kingdom

After London Attack, PM Calls For Internet Regulation To Fight Terrorists (cnn.com) 535

CNN reports that "At least seven people were killed in a short but violent assault that unfolded late Saturday night in the heart of the capital, the third such attack to hit Britain this year." An anonymous reader quotes their follow-up report: Prime Minister Theresa May has called for closer regulation of the internet following a deadly terror attack in London... May said on Sunday that a new approach to tackling extremism is required, including changes that would deny terrorists and extremist sympathizers digital tools used to communicate and plan attacks. "We cannot allow this ideology the safe space it needs to breed," May said. "Yet that is precisely what the internet and the big companies that provide internet-based services provide. We need to work with allied democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremist and terrorism planning."
The Courts

When Sentencing Criminals, Should Judges Use Closed-Source Algorithms? (technologyreview.com) 196

Some judges in America have recently started using a closed-source algorithm that predicts how likely convicts are to commit another crime. Mosquito Bites shared an article by law professor Frank Pasquale raising concerns about the algorithms: They may seem scientific, an injection of computational rationality into a criminal justice system riddled with discrimination and inefficiency. However, they are troubling for several reasons: many are secretly computed; they deny due process and intelligible explanations to defendants; and they promote a crabbed and inhumane vision of the role of punishment in society...

When an algorithmic scoring process is kept secret, it is impossible to challenge key aspects of it. How is the algorithm weighting different data points, and why? Each of these inquiries is crucial to two core legal principles: due process, and the ability to meaningfully appeal an adverse decision... A secret risk assessment algorithm that offers a damning score is analogous to evidence offered by an anonymous expert, whom one cannot cross-examine... Humans are in charge of governments, and can demand explanations for decisions in natural language, not computer code. Failing to do so in the criminal context risks ceding inherently governmental and legal functions to an unaccountable computational elite.

This issue will grow more and more important, the law professor argues, since there's now proprietary analytics software that also predicts "the chances that any given person will be mentally ill, a bad employee, a failing student, a criminal, or a terrorist."
Iphone

Man Sentenced To 180 Days In Jail For Refusing To Give Police His iPhone Passcode (miamiherald.com) 234

schwit1 quotes a report from Miami Herald: A Hollywood man must serve 180 days in jail for refusing to give up his iPhone password to police, a Broward judge ruled Tuesday -- the latest salvo in intensifying legal battles over law-enforcement access to smartphones. Christopher Wheeler, 41, was taken into custody in a Broward Circuit Court, insisting he had already provided the pass code to police investigating him for child abuse, although the number did not work. "I swear, under oath, I've given them the password," a distraught Wheeler, his hands handcuffed behind his back, told Circuit Judge Michael Rothschild, who earlier in May found the man guilty of contempt of court. As Wheeler was jailed Tuesday, the same issue was unfolding in Miami-Dade for a man accused of extorting a social-media celebrity over stolen sex videos. That man, Wesley Victor, and his girlfriend had been ordered by a judge to produce a passcode to phones suspected of containing text messages showing their collusion in an extortion plot. Victor claimed he didn't remember the number. He prevailed. On Tuesday, Miami-Dade Circuit Judge Charles Johnson ruled that there was no way to prove that Victor actually remembered his passcode, more than 10 months after his initial arrest. Johnson declined to hold the man in contempt of court. Wheeler will eventually be allowed to post bond pending an appeal. If he gives up a working pass code, he'll be allowed out of jail, Judge Rothschild told him.
Electronic Frontier Foundation

EFF Sues FBI For Records About Paid Best Buy Geek Squad Informants (eff.org) 147

The Electronic Frontier Foundation is suing the FBI for records "about the extent to which it directs and trains Best Buy employees to conduct warrantless searches of people's devices." The lawsuit stems around an incident in 2011 where a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. The repair technician was a paid FBI informant that found child pornography on the doctor's computer, ultimately resulting in the doctor being charged with possessing child pornography. From the EFF's report: A federal prosecution of a doctor in California revealed that the FBI has been working for several years to cultivate informants in Best Buy's national repair facility in Brooks, Kentucky, including reportedly paying eight Geek Squad employees as informants. According to court records in the prosecution of the doctor, Mark Rettenmaier, the scheme would work as follows: Customers with computer problems would take their devices to the Geek Squad for repair. Once Geek Squad employees had the devices, they would surreptitiously search the unallocated storage space on the devices for evidence of suspected child porn images and then report any hits to the FBI for criminal prosecution. Court records show that some Geek Squad employees received $500 or $1,000 payments from the FBI. At no point did the FBI get warrants based on probable cause before Geek Squad informants conducted these searches. Nor are these cases the result of Best Buy employees happening across potential illegal content on a device and alerting authorities. Rather, the FBI was apparently directing Geek Squad workers to conduct fishing expeditions on people's devices to find evidence of criminal activity. Prosecutors would later argue, as they did in Rettenmaier's case, that because private Geek Squad personnel conducted the searches, there was no Fourth Amendment violation. The judge in Rettenmaier's case appeared to agree with prosecutors, ruling earlier this month that because the doctor consented both orally and in writing to the Geek Squad's search of his device, their search did not amount to a Fourth Amendment violation. The court, however, threw out other evidence against Rettenmaier after ruling that FBI agents misstated key facts in the application for a warrant to search his home and smartphone. We disagree with the court's ruling that Rettenmaier consented to a de-facto government search of his devices when he sought Best Buy's help to repair his computer. But the court's ruling demonstrates that law enforcement agents are potentially exploiting legal ambiguity about when private searches become government action that appears intentionally designed to try to avoid the Fourth Amendment.
Security

Chipotle Says 'Most' of Its Restaurants Were Infected With Credit Card Stealing Malware (theverge.com) 115

Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.
Robotics

Robot Police Officer Goes On Duty In Dubai (bbc.com) 49

The first robot officer has joined the Dubai Police force tasked with patrolling the city's malls and tourist attractions. "People will be able to use it to report crimes, pay fines and get information by tapping a touchscreen on its chest," reports BBC. "Data collected by the robot will also be shared with the transport and traffic authorities." From the report: The government said the aim was for 25% of the force to be robotic by 2030 but they would not replace humans. "We are not going to replace our police officers with this tool," said Brig Khalid Al Razooqi, director general of smart services at Dubai Police. "But with the number of people in Dubai increasing, we want to relocate police officers so they work in the right areas and can concentrate on providing a safe city. "Most people visit police stations or customer service, but with this tool we can reach the public 24/7. It can protect people from crime because it can broadcast what is happening right away to our command and control center."

Slashdot Top Deals