Here is a little information on an online law enforcement group so that all law enforcement agencies can connect and share information to better perform their jobs.
So you’re a police officer in Topeka, Kansas who’s looking for information about gangs in your state. Or an intelligence analyst in the U.K. who wants to chat with peers about the latest counterterrorism trends. Where do you turn?
One important answer: to Law Enforcement Online, or LEO.
LEO is a secure, Internet-based communications portal for law enforcement, first responders, criminal justice professionals, and anti-terrorism and intelligence agencies around the globe. LEO catalyzes and strengthens collaboration and information-sharing by providing access to sensitive but unclassified information and various state-of-the-art communications services and tools. It is available to vetted users anywhere in the world around the clock and is offered free of charge to members.
LEO started in 1995 as a small dial-up service with just 20 members. Now, it has more than 100,000 members across the world and a host of features and capabilities offered through a Virtual Private Network on the Internet.
What does LEO offer specifically? Here’s a rundown:
1. A national alert system directing members to the LEO site for information on emergencies (like the London bombings, for example);
2. Some 540 Special Interest Groups (SIG) that allow members who share expertise or interests to connect with each other, including sections on terrorism, street gangs, and bombs;
3. Access to important and useful databases, like those run by the National Center for Missing and Exploited Children;
4. E-mail services, which enable members to submit fingerprints to the FBI for processing by our Integrated Automated Fingerprint Identification System;
5. A Virtual Command Center (VCC)—an information sharing and crisis management tool that allows the law enforcement community to use LEO at local and remote sites as an electronic command center to submit and view information and intelligence;
6. Distance learning, with several online learning modules on topics like terrorism response, forensic anthropology, and leadership; and
7. A multimedia library of publications, documents, studies, research, technical bulletins, and other reports of interest to LEO users.
Do you all feel that this improves our society?
Tuesday, April 26, 2011
Monday, April 18, 2011
Are You Next to be Sued?
If you use Limewire, Frostwire, or other file sharing software you could be sued by the Recording Industry Association of America (RIAA) or the Motion Picture Association of America (MPAA). Did you know that over three short years, between 2003 and 2006, the RIAA sued over 20,000 music fans for thousands of dollars per person for file sharing? Here's some tips to make sure you avoid law enforcement and are not then next person sued:
1) Normally, people are sued only for sharing music, not for just downloading it. Make sure you keep copyrighted material out of your shared folder or disable the sharing feature of your P2P application.
2) Avoid publicly accessible file sharing networks, such as those at colleges. Sometimes, these networks will report you making your chance of getting sued significantly greater.
3) To be safe, you could always just avoid downloading any copyrighted material.
If you have received notice or your ISP address has already been sued visit the Electronic Frontier Foundation's website at www.eff.org for help and additional information.
1) Normally, people are sued only for sharing music, not for just downloading it. Make sure you keep copyrighted material out of your shared folder or disable the sharing feature of your P2P application.
2) Avoid publicly accessible file sharing networks, such as those at colleges. Sometimes, these networks will report you making your chance of getting sued significantly greater.
3) To be safe, you could always just avoid downloading any copyrighted material.
If you have received notice or your ISP address has already been sued visit the Electronic Frontier Foundation's website at www.eff.org for help and additional information.
Sunday, April 10, 2011
Epsilon Data Breach: Expect a Surge in Spear Phishing Attacks
Epsilon, the world’s largest permission-based email marketing company, reported an unauthorized entry to its email database on March 30. The company, which sends more than 40 billion emails a year, has assured its clients that the hacked information is limited to names and email addresses. Epsilon has warned customers not to respond to fraudulent emails asking for account information. The hackers did not get any information regarding Social Security or credit card numbers. Financial institutions affected include Barclays Bank, Capital One Financial Corp., Citigroup, JPMorgan Chase and U.S. Bancorp. The parent companies of Best Buy, Ethan Allen furniture stores, the Kroger grocery chain, the Home Shopping Network and Walgreens drugstores issued similar warnings, as did the Hilton and Marriott hotel chains.
Phishing' scams are the number one concern from this breach. Hackers could send fake emails pretending to be your bank, pharmacy, hotel or other business that were customers of Epsilon. The email will look real and will be convincing as attackers have the customer's name and the company information that they did business with. The email could ask unsuspecting users to click on a link which can ask for credit card numbers, run malware, install spyware or carry out other attacks.
Epsilon posted a press release two days later after the breach happened on March 30. The breach is currently under the investigation of the U.S. Secret Service, which asks all Epsilon customers who are suspicious about any fraudulent emails to report to phishing-report@us.cert.gov.
http://www.dailyrosetta.com/epsilon-data-breach-under-investigation/12190.html
Phishing' scams are the number one concern from this breach. Hackers could send fake emails pretending to be your bank, pharmacy, hotel or other business that were customers of Epsilon. The email will look real and will be convincing as attackers have the customer's name and the company information that they did business with. The email could ask unsuspecting users to click on a link which can ask for credit card numbers, run malware, install spyware or carry out other attacks.
Epsilon posted a press release two days later after the breach happened on March 30. The breach is currently under the investigation of the U.S. Secret Service, which asks all Epsilon customers who are suspicious about any fraudulent emails to report to phishing-report@us.cert.gov.
http://www.dailyrosetta.com/epsilon-data-breach-under-investigation/12190.html
Sunday, April 3, 2011
Going Dark
Earlier, I blogged about law enforcement's efforts to implement an ISP data retention mandate to improve their ability to investigate and prosecute crimes. This blog is about a similar law enforcement effort to improve their ability to actively intercept wire and electronic communications. During testimony to the Congressional Subcommittee on Crime, Terrorism and Homeland Security, Valerie Caproni, FBI General Counsel, described the difficulties that law enforcement faces in establishing surveillance after receiving court authorization. Often the provider does not have sufficient technical resources to accomplish the surveillance. This capability gap is referred to as "going dark." Complex environments with multiple layers between end-user and primary provider using multiple technologies make the task of surveillance much more complicated than in the past. Not surprisingly, additional funding and bureaucracy is being proposed to help address the issue. The 2012 federal budget requests $15 million to establish a Domestic Communications Assistance Center (DCAC) to advance solutions to the "going dark" issue. The DCAC will "leverage the research and development efforts of federal, state and local law enforcement with respect to electronic surveillance capabilities, facilitate the sharing of technology between agencies, and advance initiatives to implement solutions..." Even in these tough financial times, it's not the money that makes people uneasy, it is the potential for abuse. Wouldn't it be great if $15 million could fix that? http://1.usa.gov/h7yB3w
Sunday, March 27, 2011
Cloud Computing & Jurisdiction
I’d like to write about something that I briefly mentioned during our presentation but, due to time constraints, was unable to get into too much detail about: jurisdiction. As I stated in our presentation, jurisdiction refers to the power of a law enforcement agency or court to investigate or hear a case. This can be from either geographic location or subject matter. Unfortunately for law enforcement, the Internet doesn’t have a specific geographic location, or a specific subject matter. Now another complicating factor has entered the mix: cloud computing.
Cloud computing is, basically, computer software and services available over the Internet. A “cloud” can allow people or companies to access software online instead of having the software on each computer or device. This can save a lot of money and effort. However, when it comes to law enforcement, a problem arises. In civil cases, a defendant may be required to produce documents under its “custody and control.” But in a “cloud,” who maintains custody and control of documents? The company can certainly claim that the documents are no longer in their custody or control, as they are stored on the servers of another company. Would that company then need to be included in the lawsuit in order to gain access to the original documents?
Then there’s the issue of geographic jurisdiction. Some countries have very strict privacy laws, such that releasing banking documents can be punishable as a criminal act. Could a company escape criminal or civil liability in the U.S. by simply using a cloud-computing provider located in one such country? Cloud computing is a relatively new technological innovation, so it’s not yet in wide use. But more and more countries are realizing the money-saving capabilities of the cloud. Whether or not the cloud will make it easier for unscrupulous companies to take advantage of the gray areas in the law has yet to be seen.
Monday, March 21, 2011
Youtube: Law Enforcements New Best Friend
Who needs to go looking for evidence these days when you can just find it on YouTube?
Today, many youth boast about crimes they have committed via YouTube. Hopefully they will think twice after this story:
Four teen boys from Scottsdale, Arizona posted a video of their gang vandalizing property with the title boasting, ""Hey, this is basicly (sic) just a video of us breaking stuff." The video displayed these boys smashing their skate boards into vending machines and looting all of the candy out of them.Another shot showed one of these hooligans smashing into a front windshield of a car and finishing it off with his foot.
About a month after the video was posted on YouTube; the children were detained by local authorities who identified their faces from the video. Now they are facing charges in Maricopa County Juvenile Court for robbery and criminal damage.
So who's laughing now boys?
http://www.azcentral.com/news/articles/0321sr-vandals0322ON.html
Today, many youth boast about crimes they have committed via YouTube. Hopefully they will think twice after this story:
Four teen boys from Scottsdale, Arizona posted a video of their gang vandalizing property with the title boasting, ""Hey, this is basicly (sic) just a video of us breaking stuff." The video displayed these boys smashing their skate boards into vending machines and looting all of the candy out of them.Another shot showed one of these hooligans smashing into a front windshield of a car and finishing it off with his foot.
About a month after the video was posted on YouTube; the children were detained by local authorities who identified their faces from the video. Now they are facing charges in Maricopa County Juvenile Court for robbery and criminal damage.
So who's laughing now boys?
http://www.azcentral.com/news/articles/0321sr-vandals0322ON.html
Sunday, March 13, 2011
Why do people commit cyber crimes?
Computer crime comes in many different varieties. As new computer technologies are made available, there is sure to be someone lurking in the cyber-shadows who are ready to exploit, test or take advantage of security holes that may exist. Computer crime has become the most widespread criminal activity in the world. But what motivates someone to attempt or commit computer crimes?
1. Easy of Anonymity. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain.
2. Inadequate Legal Jurisdiction. Computer networks literally span the entire globe. This makes it virtually impossible for any government to enact or enforce laws when computer criminals are set up in foreign countries.
3. New Technology. Many computer criminals use their computers merely as a logical extension of “traditional” crimes that can take advantage of computer technology to help facilitate or carry out crime. For example, automated software can be programmed to steal credit-card numbers, personal-identification information and even cell-phone codes.
4. Holding a Grudge. Malicious computer codes like worms and viruses are often spread by someone who is seeking to cause harm to an individual or company-possibly over losing a job, perceived unethical business conduct or maybe even jealousy or envy. Such parties intend to destroy or cripple their targets for the personal satisfaction of seeing them suffer the effects.
5. Thrill of the Game. For many computer criminals, the excitement and challenge of exploiting a computer system can be too great to resist.
6. Opportunistic crime. Individuals who spend a significant amount of time on their computer have many opportunities to commit crimes. These people may have never known that these criminal prospects exist before, but, by spending increased amount of time on the Internet, have come to see a whole variety of opportunities laid out in front of them.
What do you think? Would you like to add something to this list?
Read more: Why Do People Commit Computer Crimes? eHow.com http://www.ehow.com/about_4709031_do-people-commit-computer-crimes.html#ixzz1GWkxpSR3
1. Easy of Anonymity. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain.
2. Inadequate Legal Jurisdiction. Computer networks literally span the entire globe. This makes it virtually impossible for any government to enact or enforce laws when computer criminals are set up in foreign countries.
3. New Technology. Many computer criminals use their computers merely as a logical extension of “traditional” crimes that can take advantage of computer technology to help facilitate or carry out crime. For example, automated software can be programmed to steal credit-card numbers, personal-identification information and even cell-phone codes.
4. Holding a Grudge. Malicious computer codes like worms and viruses are often spread by someone who is seeking to cause harm to an individual or company-possibly over losing a job, perceived unethical business conduct or maybe even jealousy or envy. Such parties intend to destroy or cripple their targets for the personal satisfaction of seeing them suffer the effects.
5. Thrill of the Game. For many computer criminals, the excitement and challenge of exploiting a computer system can be too great to resist.
6. Opportunistic crime. Individuals who spend a significant amount of time on their computer have many opportunities to commit crimes. These people may have never known that these criminal prospects exist before, but, by spending increased amount of time on the Internet, have come to see a whole variety of opportunities laid out in front of them.
What do you think? Would you like to add something to this list?
Read more: Why Do People Commit Computer Crimes? eHow.com http://www.ehow.com/about_4709031_do-people-commit-computer-crimes.html#ixzz1GWkxpSR3
Monday, March 7, 2011
Permission to Hack: Finding Out the Hard Way
When someone gives you the password to their e-mail account and you access that account, are you aware that you are committing a crime. Even if given permission it is still illegal, and Leon Walker found this out the hard way.
Leon Walker (AP Photo)(CBS/WWJ/AP) Leon Walker, a Michigan man facing felony charges for allegedly hacking into his estranged wife's computer to access her e-mails, has had his trial postponed to give his lawyers more time to prepare their case.
Walker, of Rochester Hills, is accused under a state hacking law of reading then-wife Clara Walker's e-mail on a laptop in their home in 2009.
The trial was originally slated to begin this month. Instead, it was rescheduled for April 11, in Oakland County Circuit Court in Pontiac.
Walker, an information technology worker, faces up to five years in prison for violating an Internet computer misuse law which was designed to protect the stealing of trade secrets and identities.
Clara Walker, 35, filed the complaint against her husband last year, after she learned he had hacked into her email account and read emails which exposed an affair she was having with her second husband. He had been arrested on charges of beating her in front of a child she had with her first husband.
Walker claims his now ex-wife had told him the password, and that he originally went into her account to confirm that she was taking their 3-year-old daughter on liaisons with the second husband.
Walker also presented the emails to the first husband because he was allegedly concerned for the child's safety. The first husband then filed for custody of the child and attached the emails to the court filing, reports Arizona Central.
Walker's lawyer Leon Weiss is using the additional time to review police records from the sheriff's office involving spouses and ex-spouses reporting that their e-mails had been read; however, he could not find a single prosecution, says Arizona Central.
Prosecutor Paul Walton said Walker's actions merited the felony charge and that he used the information to "humiliate her."
Leon and Clara Walker divorced in December 2010.
http://www.cbsnews.com/8301-504083_162_20030408-504083.html
So before you try to use someone else's e-mails against them you better think twice, because you could be on your way to becoming a convicted hacker.
Leon Walker (AP Photo)(CBS/WWJ/AP) Leon Walker, a Michigan man facing felony charges for allegedly hacking into his estranged wife's computer to access her e-mails, has had his trial postponed to give his lawyers more time to prepare their case.
Walker, of Rochester Hills, is accused under a state hacking law of reading then-wife Clara Walker's e-mail on a laptop in their home in 2009.
The trial was originally slated to begin this month. Instead, it was rescheduled for April 11, in Oakland County Circuit Court in Pontiac.
Walker, an information technology worker, faces up to five years in prison for violating an Internet computer misuse law which was designed to protect the stealing of trade secrets and identities.
Clara Walker, 35, filed the complaint against her husband last year, after she learned he had hacked into her email account and read emails which exposed an affair she was having with her second husband. He had been arrested on charges of beating her in front of a child she had with her first husband.
Walker claims his now ex-wife had told him the password, and that he originally went into her account to confirm that she was taking their 3-year-old daughter on liaisons with the second husband.
Walker also presented the emails to the first husband because he was allegedly concerned for the child's safety. The first husband then filed for custody of the child and attached the emails to the court filing, reports Arizona Central.
Walker's lawyer Leon Weiss is using the additional time to review police records from the sheriff's office involving spouses and ex-spouses reporting that their e-mails had been read; however, he could not find a single prosecution, says Arizona Central.
Prosecutor Paul Walton said Walker's actions merited the felony charge and that he used the information to "humiliate her."
Leon and Clara Walker divorced in December 2010.
http://www.cbsnews.com/8301-504083_162_20030408-504083.html
So before you try to use someone else's e-mails against them you better think twice, because you could be on your way to becoming a convicted hacker.
Sunday, February 27, 2011
"Pirates with Attitudes:" Sharing or Illegal?
Background:
“Pirates with Attitudes” was a worldwide group distributing thousands of copyrighted software including the then unreleased Windows 2000. The site did not actually sell software, but was more of a barter system. Intel employees would give the site access to software they obtained from work in exchange for software that the site had. Justin Robbins from Charlotte, NC was a Microsoft employee who supplied Microsoft software and allowed access to Microsoft’s internal network with his personal identification and password. The software was available on a hidden internet site at a university in Quebec, Canada called Sentinel.
The Question:
The website did not receive a monetary profit for the software, but instead received additional software that they could use. Think about the current controversy over Limewire and how songs are only exchanged with no money involved. Do you think the Pirates with Attitudes group should be punished for sharing software among their group?
The Court's Answer:
Seventeen defendants were indicted from the group in 2000 by a federal grand jury after an undercover FBI investigation. The members pleaded guilty and received jail time, house arrest, probation, and fines. The group was in violation of the No Electronic Theft (NET) act, which holds people responsible for copyright infringement even if no profits are involved. So, basically, under the NET act you do not actually have to sell copyrighted software to be at fault.
Follow this link to view the indictment:
http://www.cybercrime.gov/pirates.htm
http://www.justice.gov/criminal/cybercrime/pirates.htm
“Pirates with Attitudes” was a worldwide group distributing thousands of copyrighted software including the then unreleased Windows 2000. The site did not actually sell software, but was more of a barter system. Intel employees would give the site access to software they obtained from work in exchange for software that the site had. Justin Robbins from Charlotte, NC was a Microsoft employee who supplied Microsoft software and allowed access to Microsoft’s internal network with his personal identification and password. The software was available on a hidden internet site at a university in Quebec, Canada called Sentinel.
The Question:
The website did not receive a monetary profit for the software, but instead received additional software that they could use. Think about the current controversy over Limewire and how songs are only exchanged with no money involved. Do you think the Pirates with Attitudes group should be punished for sharing software among their group?
The Court's Answer:
Seventeen defendants were indicted from the group in 2000 by a federal grand jury after an undercover FBI investigation. The members pleaded guilty and received jail time, house arrest, probation, and fines. The group was in violation of the No Electronic Theft (NET) act, which holds people responsible for copyright infringement even if no profits are involved. So, basically, under the NET act you do not actually have to sell copyrighted software to be at fault.
Follow this link to view the indictment:
http://www.cybercrime.gov/pirates.htm
http://www.justice.gov/criminal/cybercrime/pirates.htm
Monday, February 21, 2011
ISP Data Retention Mandate
There is little disagreement that internet crimes proliferate faster than law enforcement 's ability to investigate and prosecute them. However, there is significant disagreement over the measures that should be taken in order to address the problem.
Recently, the Department of Justice provided testimony to Congress regarding the issue of Internet Service Provider data retention. The testimony emphasized the critical need to preserve digital data and highlighted several cases where investigations of serious crimes were inhibited due to the lack of data retention by the ISP.
Recently, the Department of Justice provided testimony to Congress regarding the issue of Internet Service Provider data retention. The testimony emphasized the critical need to preserve digital data and highlighted several cases where investigations of serious crimes were inhibited due to the lack of data retention by the ISP.
Currently, there are no standard requirements for ISP data retention and practices vary widely among providers. Privacy advocates argue that data retention should be minimized in order to protect individual privacy and prevent misuse of data. They fear that a data retention mandate would create databases that could be used to track the internet activities of all users and could inhibit freedom of speech . Service providers argue that data retention requirements would pose a significant cost burden that would have to be passed on to the consumer . In balancing those concerns against the priority of public safety, it is important to consider the following:
1. Law enforcement's ability to obtain data is controlled through laws regarding subpoenas, court orders, search warrants and surveillance requests. A data retention mandate would not reduce the protections provided by those rules.
2. The consumer already bears a high cost for the damage inflicted by internet crime. Increasing the ability of law enforcement to investigate and prosecute internet criminals could reduce this cost burden.
Standardizing data retention rules for ISPs is an important step in improving the ability to fight internet crime and the DOJ should continue to work with the ISPs , Congress , and other interested parties to find the best solution.
Read the DOJ testimony here: http://www.justice.gov/criminal/ceos/Justice%20Data%20Retention%20Testimony.pdf
Read Time Warner Cable's data retention policies here: http://www.timewarnercable.com/corporate/subpoenacompliance.html
Sunday, February 13, 2011
Welcome!
Welcome to our blog, Law Enforcement on the Internet. I find this a very interesting subject, filled with many different issues. Over the last few years, the Internet has both helped and hindered law enforcement. It has certainly made communication between departments and agencies faster and more efficient. Of course, there is a cost associated with updating federal, state, and local law enforcement agencies with newer technology - a cost that is borne by us, the taxpayers.
Cost isn’t the only issue associated with how law enforcement functions in the age of the Internet. Previously, various agencies determined jurisdiction, or territory in which power can be exercised, by geographic location. But now, it is harder to determine where a crime takes place. Take wire fraud, for example: does the crime occur where the perpetrator is located? Where the victim is located? Where the victim’s servers are located?
These are just a few of the issues we hope to address in our blog and our class presentation. We hope to be able to present some of these issues using real-life examples of current events in order to keep it interesting, and we will respond to any questions or comments you have. Thanks for reading!
- Richard
Subscribe to:
Posts (Atom)