Search This Blog

Tuesday, April 26, 2011

Law Enforcement Online

Here is a little information on an online law enforcement group so that all law enforcement agencies can connect and share information to better perform their jobs.


So you’re a police officer in Topeka, Kansas who’s looking for information about gangs in your state. Or an intelligence analyst in the U.K. who wants to chat with peers about the latest counterterrorism trends. Where do you turn?
One important answer: to Law Enforcement Online, or LEO.

LEO is a secure, Internet-based communications portal for law enforcement, first responders, criminal justice professionals, and anti-terrorism and intelligence agencies around the globe. LEO catalyzes and strengthens collaboration and information-sharing by providing access to sensitive but unclassified information and various state-of-the-art communications services and tools. It is available to vetted users anywhere in the world around the clock and is offered free of charge to members.

LEO started in 1995 as a small dial-up service with just 20 members. Now, it has more than 100,000 members across the world and a host of features and capabilities offered through a Virtual Private Network on the Internet.

What does LEO offer specifically? Here’s a rundown:
1. A national alert system directing members to the LEO site for information on emergencies (like the London bombings, for example);
2. Some 540 Special Interest Groups (SIG) that allow members who share expertise or interests to connect with each other, including sections on terrorism, street gangs, and bombs;
3. Access to important and useful databases, like those run by the National Center for Missing and Exploited Children;
4. E-mail services, which enable members to submit fingerprints to the FBI for processing by our Integrated Automated Fingerprint Identification System;
5. A Virtual Command Center (VCC)—an information sharing and crisis management tool that allows the law enforcement community to use LEO at local and remote sites as an electronic command center to submit and view information and intelligence;
6. Distance learning, with several online learning modules on topics like terrorism response, forensic anthropology, and leadership; and
7. A multimedia library of publications, documents, studies, research, technical bulletins, and other reports of interest to LEO users.

Do you all feel that this improves our society?

Monday, April 18, 2011

Are You Next to be Sued?

If you use Limewire, Frostwire, or other file sharing software you could be sued by the Recording Industry Association of America (RIAA) or the Motion Picture Association of America (MPAA). Did you know that over three short years, between 2003 and 2006, the RIAA sued over 20,000 music fans for thousands of dollars per person for file sharing? Here's some tips to make sure you avoid law enforcement and are not then next person sued:

1) Normally, people are sued only for sharing music, not for just downloading it.  Make sure you keep copyrighted material out of your shared folder or disable the sharing feature of your P2P application.

2) Avoid publicly accessible file sharing networks, such as those at colleges.  Sometimes, these networks will report you making your chance of getting sued significantly greater.

3) To be safe, you could always just avoid downloading any copyrighted material.

If you have received notice or your ISP address has already been sued visit the Electronic Frontier Foundation's website at www.eff.org for help and additional information.

Sunday, April 10, 2011

Epsilon Data Breach: Expect a Surge in Spear Phishing Attacks

Epsilon, the world’s largest permission-based email marketing company, reported an unauthorized entry to its email database on March 30. The company, which sends more than 40 billion emails a year, has assured its clients that the hacked information is limited to names and email addresses. Epsilon has warned customers not to respond to fraudulent emails asking for account information. The hackers did not get any information regarding Social Security or credit card numbers. Financial institutions affected include Barclays Bank, Capital One Financial Corp., Citigroup, JPMorgan Chase and U.S. Bancorp. The parent companies of Best Buy, Ethan Allen furniture stores, the Kroger grocery chain, the Home Shopping Network and Walgreens drugstores issued similar warnings, as did the Hilton and Marriott hotel chains.
Phishing' scams are the number one concern from this breach. Hackers could send fake emails pretending to be your bank, pharmacy, hotel or other business that were customers of Epsilon. The email will look real and will be convincing as attackers have the customer's name and the company information that they did business with. The email could ask unsuspecting users to click on a link which can ask for credit card numbers, run malware, install spyware or carry out other attacks.
Epsilon posted a press release two days later after the breach happened on March 30. The breach is currently under the investigation of the U.S. Secret Service, which asks all Epsilon customers who are suspicious about any fraudulent emails to report to phishing-report@us.cert.gov.
http://www.dailyrosetta.com/epsilon-data-breach-under-investigation/12190.html

Sunday, April 3, 2011

Going Dark

Earlier, I blogged about law enforcement's efforts to implement an ISP data retention mandate to improve their ability to investigate and prosecute crimes. This blog is about a similar law enforcement effort to improve their ability to actively intercept wire and electronic communications. During testimony to the Congressional Subcommittee on Crime, Terrorism and Homeland Security, Valerie Caproni, FBI General Counsel, described the difficulties that law enforcement faces in establishing surveillance after receiving court authorization. Often the provider does not have sufficient technical resources to accomplish the surveillance. This capability gap is referred to as "going dark." Complex environments with multiple layers between end-user and primary provider using multiple technologies make the task of surveillance much more complicated than in the past. Not surprisingly, additional funding and bureaucracy is being proposed to help address the issue. The 2012 federal budget requests $15 million to establish a Domestic Communications Assistance Center (DCAC) to advance solutions to the "going dark" issue. The DCAC will "leverage the research and development efforts of federal, state and local law enforcement with respect to electronic surveillance capabilities, facilitate the sharing of technology between agencies, and advance initiatives to implement solutions..." Even in these tough financial times, it's not the money that makes people uneasy, it is the potential for abuse. Wouldn't it be great if $15 million could fix that? http://1.usa.gov/h7yB3w

Sunday, March 27, 2011

Cloud Computing & Jurisdiction


I’d like to write about something that I briefly mentioned during our presentation but, due to time constraints, was unable to get into too much detail about: jurisdiction.  As I stated in our presentation, jurisdiction refers to the power of a law enforcement agency or court to investigate or hear a case.  This can be from either geographic location or subject matter.  Unfortunately for law enforcement, the Internet doesn’t have a specific geographic location, or a specific subject matter.  Now another complicating factor has entered the mix: cloud computing.

Cloud computing is, basically, computer software and services available over the Internet.  A “cloud” can allow people or companies to access software online instead of having the software on each computer or device.  This can save a lot of money and effort.  However, when it comes to law enforcement, a problem arises.  In civil cases, a defendant may be required to produce documents under its “custody and control.”  But in a “cloud,” who maintains custody and control of documents?  The company can certainly claim that the documents are no longer in their custody or control, as they are stored on the servers of another company.  Would that company then need to be included in the lawsuit in order to gain access to the original documents?

Then there’s the issue of geographic jurisdiction.  Some countries have very strict privacy laws, such that releasing banking documents can be punishable as a criminal act.  Could a company escape criminal or civil liability in the U.S. by simply using a cloud-computing provider located in one such country?  Cloud computing is a relatively new technological innovation, so it’s not yet in wide use.  But more and more countries are realizing the money-saving capabilities of the cloud.  Whether or not the cloud will make it easier for unscrupulous companies to take advantage of the gray areas in the law has yet to be seen.

Monday, March 21, 2011

Youtube: Law Enforcements New Best Friend

Who needs to go looking for evidence these days when you can just find it on YouTube?

Today, many youth boast about crimes they have committed via YouTube. Hopefully they will think twice after this story:

Four teen boys from Scottsdale, Arizona posted a video of their gang vandalizing property with the title boasting, ""Hey, this is basicly (sic) just a video of us breaking stuff." The video displayed these boys smashing their skate boards into vending machines and looting all of the candy out of them.Another shot showed one of these hooligans smashing into a front windshield of a car and finishing it off with his foot.

About a month after the video was posted on YouTube; the children were detained by local authorities who identified their faces from the video. Now they are facing charges in Maricopa County Juvenile Court for robbery and criminal damage.



So who's laughing now boys?

http://www.azcentral.com/news/articles/0321sr-vandals0322ON.html

Sunday, March 13, 2011

Why do people commit cyber crimes?

Computer crime comes in many different varieties. As new computer technologies are made available, there is sure to be someone lurking in the cyber-shadows who are ready to exploit, test or take advantage of security holes that may exist. Computer crime has become the most widespread criminal activity in the world. But what motivates someone to attempt or commit computer crimes?
1. Easy of Anonymity. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain.
2. Inadequate Legal Jurisdiction. Computer networks literally span the entire globe. This makes it virtually impossible for any government to enact or enforce laws when computer criminals are set up in foreign countries.
3. New Technology. Many computer criminals use their computers merely as a logical extension of “traditional” crimes that can take advantage of computer technology to help facilitate or carry out crime. For example, automated software can be programmed to steal credit-card numbers, personal-identification information and even cell-phone codes.
4. Holding a Grudge. Malicious computer codes like worms and viruses are often spread by someone who is seeking to cause harm to an individual or company-possibly over losing a job, perceived unethical business conduct or maybe even jealousy or envy. Such parties intend to destroy or cripple their targets for the personal satisfaction of seeing them suffer the effects.
5. Thrill of the Game. For many computer criminals, the excitement and challenge of exploiting a computer system can be too great to resist.
6. Opportunistic crime. Individuals who spend a significant amount of time on their computer have many opportunities to commit crimes. These people may have never known that these criminal prospects exist before, but, by spending increased amount of time on the Internet, have come to see a whole variety of opportunities laid out in front of them.
What do you think? Would you like to add something to this list?

Read more: Why Do People Commit Computer Crimes? eHow.com http://www.ehow.com/about_4709031_do-people-commit-computer-crimes.html#ixzz1GWkxpSR3