Tag: law & disorder

A beginner’s guide to building botnets—with little assembly required

Original photo by Michael Kappel / Remixed by Aurich Lawson Have a plan to steal millions from banks and their customers but can’t write a line of code? Want to get rich quick off advertising click fraud but “quick” doesn’t include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away. Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them. In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. As a result, the tools and techniques used by last years’ big professional bank fraud operations, such as the ” Operation High Roller ” botnet that netted over $70 million last summer, are available off-the-shelf on the Internet. They even come with full technical support to help you get up and running. Read 63 remaining paragraphs | Comments

Read this article:
A beginner’s guide to building botnets—with little assembly required

How the maker of TurboTax fought free, simple tax filing

This story was co-produced with NPR . Imagine filing your income taxes in five minutes—and for free. You’d open up a prefilled return, see what the government thinks you owe, make any needed changes and be done. The miserable annual IRS shuffle, gone. It’s already a reality in Denmark, Sweden, and Spain . The government-prepared return would estimate your taxes using information your employer and bank already send it. Advocates say tens of millions of taxpayers could use such a system each year, saving them a collective $2 billion and 225 million hours in prep costs and time, according to one estimate. Read 49 remaining paragraphs | Comments

Read the article:
How the maker of TurboTax fought free, simple tax filing

Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it,” said Sen. Mike Lee (R-UT) on Tuesday in a statement. Ed Yourdon On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated. This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the  much-maligned Electronic Communications Privacy Act . It’s an act, by the way, that dates back to 1986. As Ars’ Tim Lee wrote  in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it’s been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient’s e-mail box for 180 days, a lower standard applies. These rules simply don’t line up with the way modern e-mail systems work.” Read 14 remaining paragraphs | Comments

More:
Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

US regulator: Bitcoin exchanges must comply with money-laundering laws

Zach Copley The federal agency charged with enforcing the nation’s laws against money laundering has issued new guidelines suggesting that several parties in the Bitcoin economy qualify as Money Services Businesses under US law. Money Services Businesses (MSBs) must register with the federal government, collect information about their customers, and take steps to combat money laundering by their customers. The new guidelines do not mention Bitcoin by name, but there’s little doubt which “de-centralized virtual currency” the Financial Crimes Enforcement Network (FinCEN) had in mind when it drafted the new guidelines. A FinCEN spokesman told Bank Technology News last year that “we are aware of Bitcoin and other similar operations, and we are studying the mechanism behind Bitcoin.” America’s anti-money-laundering laws require financial institutions to collect information on potentially suspicious transactions by their customers and report these to the federal government. Among the institutions subject to these regulatory requirements are “money services businesses,” including “money transmitters.” Until now, it wasn’t clear who in the Bitcoin network qualified as a money transmitter under the law. Read 7 remaining paragraphs | Comments

See original article:
US regulator: Bitcoin exchanges must comply with money-laundering laws

911 tech pinpoints people in buildings—but could disrupt wireless ISPs

NextNav’s enhanced 911 technology locates people within buildings—but may interfere with millions of existing devices. NextNav Cell phones replacing landlines are making it difficult to accurately locate people who call 911 from inside buildings. If a person having a heart attack on the 30th floor of a giant building can call for help but is unable to speak their location, actually finding that person from cell phone and GPS location data is a challenge for emergency responders. Thus, new technologies are being built to accurately locate people inside buildings. But a system that is perhaps the leading candidate for enhanced 911 geolocation is also controversial because it uses the same wireless frequencies as wireless Internet Service Providers, smart meters, toll readers like EZ-Pass, baby monitors, and various other devices. NextNav , the company that makes the technology, is seeking permission from the Federal Communications Commission to start commercial operations. More than a dozen businesses and industry groups oppose NextNav (which holds FCC licenses through a subsidiary called Progeny), saying the 911 technology will wipe out devices and services used by millions of Americans. Read 37 remaining paragraphs | Comments

Read this article:
911 tech pinpoints people in buildings—but could disrupt wireless ISPs

For first time, US military says it would use offensive cyberweapons

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime. According to an article published Tuesday night by The New York Times , that admission came from General Keith Alexander, the chief of the military’s newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense. “I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.” Read 3 remaining paragraphs | Comments

Excerpt from:
For first time, US military says it would use offensive cyberweapons

Porn trolling mastermind is the world’s most evasive witness

Stefan Schlautmann On Wednesday we wrote about the elaborate chart defense attorney Morgan Pietz created to help Judge Otis Wright keep track of the many organizations associated with porn copyright trolling firm Prenda law, all of which seem to be run by the same half-dozen people. Pietz has now released a transcript of a remarkable deposition he took of Paul Hansmeier, who along with John Steele is widely regarded as the brains behind Prenda’s litigation campaign. Officially, a Prenda-linked shell company called “AF Holdings” is suing Pietz’s client for infringing copyright by downloading a pornographic film from BitTorrent. But in recent weeks, the focus of the litigation has shifted to alleged misconduct by Prenda, including whether the firm stole the identity of Minnesota resident Alan Cooper to use as an officer of AF Holdings. Judge Wright has scheduled a Monday hearing to get to the bottom of the allegations. Last month, we covered a filing by Prenda attorney Brett Gibbs, who insisted that all the important decisions had been made by “senior members of the law firms” connected to Prenda. Gibbs later identified these individuals as Hansmeier and Steele. Read 18 remaining paragraphs | Comments

Continue Reading:
Porn trolling mastermind is the world’s most evasive witness

Why a one-room West Virginia library runs a $20,000 Cisco router

Yes, this library has a Cisco 3945 router. Marmet, West Virginia is a town of 1,500 people living in a thin ribbon along the banks of the Kanawha River just below Charleston. The town’s public library is only open Thursdays, Fridays, and Saturdays. It’s housed in a small building the size of a trailer, which the state of West Virginia describes as an “extremely small facility with only one Internet connection.” Which is why it’s such a surprise to learn the Marmet Public Library runs this connection through a $15,000 to $20,000 Cisco 3945 router intended for “mid-size to large deployments,” according to Cisco. In an absolutely scathing report  (PDF) just released by the state’s Legislative Auditor, West Virginia officials are accused of overspending at least $5 million of federal money on such routers, installed indiscriminately in both large institutions and one-room libraries across the state. The routers were purchased without ever asking the state’s libraries, cops, and schools what they needed. And when distributed, the expensive routers were passed out without much apparent care. The small town of Clay received seven of them to serve a total population of 491 people… and all seven routers were installed within only .44 miles of each other at a total cost of more than $100,000. In total, $24 million was spent on the routers through a not-very-open bidding process under which non-Cisco router manufacturers such as Juniper and Alcatel-Lucent were not “given notice or any opportunity to bid.” As for Cisco, which helped put the massive package together, the Legislative Auditor concluded that the company “had a moral responsibility to propose a plan which reasonably complied with Cisco’s own engineering standards” but that instead “Cisco representatives showed a wanton indifference to the interests of the public in recommending using $24 million of public funds to purchase 1,164 Cisco model 3945 branch routers.” Read 20 remaining paragraphs | Comments

Original post:
Why a one-room West Virginia library runs a $20,000 Cisco router

Sexy scammers entice men into stripping on webcam, then blackmail them

Police in Singapore have issued an alert citing a dramatic rise in the number of “cyber blackmail” cases being reported. But unlike many cases that target women or teenagers , this latest rash of crimes targets men through social media sites. The Singapore Police Force reports that there have been more than 50 reported cases in the last year where “foreign” women have lured men through invitations on social networks, such as Facebook and Tagged.com, into video sex sessions that are recorded for blackmail purposes. The women “initiate cybersex” with the men over video chat, stripping for them and then encouraging them to do the same. The men are told to perform sex acts on camera for the women, and the video feeds are recorded. The men are then contacted later and told that the videos will be posted in public if the victims don’t wire money to the scammers. Read 4 remaining paragraphs | Comments

More:
Sexy scammers entice men into stripping on webcam, then blackmail them

How alleged crooks used ATM skimmers to compromise thousands of accounts

Federal authorities have charged two men suspected of running an international operation that used electronic devices planted at automatic teller machine locations to compromise more than 6,000 bank accounts. The operation—which targeted Capital One, J. P. Morgan Chase, and other banks—netted, or attempted to net, about $3 million according to an indictment filed in Manhattan federal court. It allegedly worked by obtaining payment card readers from Hungary and other countries and installing them on top of card readers already located on ATMs and doors to ATM vestibules. The fraudulent readers were equipped with hardware that recorded the information encoded onto a card’s magnetic stripe each time it was inserted. A hidden pinhole camera with a view of the ATM keypad then captured the corresponding personal identification number. Antonio Gabor and Simion Tudor Pintillie allegedly led a gang of at least nine other people who regularly planted the skimming devices in the Manhattan, Chicago, and Milwaukee metropolitan areas, prosecutors said. They would later revisit the ATM to retrieve the information stored on the skimming devices and cameras. Gang members would then encode the stolen data onto blank payment cards and use the corresponding PINs to make fraudulent purchases or withdrawals. Read 3 remaining paragraphs | Comments

Taken from:
How alleged crooks used ATM skimmers to compromise thousands of accounts