law enforcement – Tech Today w/ Ken May

US authorities have seized the dark web marketplace AlphaBay

Last week, we reported that an international law enforcement operation had shut down AlphaBay , the dark web’s go-to marketplace after the fall of Silk Road. Today, the U.S. Justice Department announced that it has seized AlphaBay and has brought civil charges against operator Alexandre Cazes (who is now deceased) and his wife, with the intention of taking their assets as well. Cazes, a Canadian citizen, was arrested in Thailand on July 5, but he committed suicide while in custody a week later. While the United States is working with international authorities to freeze the assets of AlphaBay, the Justice Department is also specifically interested in Cazes’ and his wife’s personal assets amassed through illegal AlphaBay activities. These including luxury cars, homes and a Thai hotel. Authorities have already seized Cazes’ vast stores of cryptocurrency. AlphaBay earned millions of dollars per week selling drugs, weapons, tools to help commit internet fraud and more. According to the Justice Department’s press release , Silk Road (which was shut down in 2013) had around 14, 000 goods and services listed when it was seized. Comparatively, AlphaBay had “over 250, 000 listings for illegal drugs and toxic chemicals on AlphaBay, and over 100, 000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms and fraudulent services.” Source: U.S. Department of Justice

More:
US authorities have seized the dark web marketplace AlphaBay

Hackers stole a copy of ‘Orange is the New Black’ season five (updated)

The next season of Orange is the New Black isn’t supposed to premiere until June 9th , but the first episode has already leaked. That’s because a hacker or group of hackers going by the name ‘TheDarkOverlord stole the content from a third party, and they’re demanding Netflix pay a ransom in order to keep the rest of the season private. Late Friday night, TheDarkOverlord tweeted about content belonging to ABC, FOX, IFC and National Geographic, saying “We’re not playing any games anymore.” According to TorrentFreak , the source of the breach was Larson Studios, an audio production company in Hollywood that does ADR (Automatic Dialog Replacement) work. The hackers claim Larson agreed to pay up but didn’t, and now they’re trying to squeeze Netflix. In a statement, Netflix has said “We are aware of the situation. A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved.” Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we’re all going to have. We’re not playing any games anymore. — thedarkoverlord (@tdohack3r) April 29, 2017 We are releasing the remainder of OITNB Season 5. Press Release: https://t.co/5vqYglmZAN — thedarkoverlord (@tdohack3r) April 29, 2017 Update: “TheDarkOverlord” announced that they have released episodes 2-10 of the 13 episode season in another torrent. They also continued to threaten Netflix and the other studios, saying “You’re going to lose a lot more money in all of this than what our modest offer was. We’re quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves. And to the others: there’s still time to save yourselves. Our offer(s) are still on the table – for now.” Source: TorrentFreak , AP , Pastebin

See the article here:
Hackers stole a copy of ‘Orange is the New Black’ season five (updated)

San Francisco airport can now record all visitors’ license plates

When you drive to the airport, you expect a certain amount of tracking, if just from security cameras. However, San Francisco International Airport might be taking things a step too far. The travel hub recently received approval from the Airport Commission to collect the license plate info for everyone who uses its roads and garages, storing that data for over 4 years. It’s ostensibly meant for collecting revenue from parking and commercial drivers like taxis, but SFO has permission to release that info to both local law enforcement and the FBI. Needless to say, that’s raising eyebrows among privacy advocates. The ACLU’s Matt Cagle warns KQED that the airport could become a “honeypot” for police wanting to collect information about anyone paying a visit, whether or not they’re suspected of committing a crime. Also, it’s not clear why SFO needs to preserve all that license plate data for so long. If there isn’t reason to hold on to plate info (whether for crime reports or long-term parking), shouldn’t it be erased within a matter of days? In theory, this is legal: the airport implemented its new policy in response to a law that required public disclosure and security measures for license plate data collection. The very act of scooping up license plates is theoretically legal, then. The question is whether or not SFO is managing that info in a responsible way, and it’s not clear that this is the case. About 53 million passengers go through the airport every year, and many of them drive to get there. While this could help catch car thieves and terrorists, it could also help less scrupulous authorities track the movements of activists and other innocents. Via: SFist Source: KQED News

More:
San Francisco airport can now record all visitors’ license plates

Hack knocks out a fifth of the Dark Web

The Dark Web is having a rough time right now… although the victims in this case won’t earn too much sympathy. An Anonymous-linked hacker speaking to Motherboard brought down about a fifth of the Tor network’s ‘secret’ websites (over 10, 000 of them) in a claimed vigilante move. The intruder decided to attack a Dark Web hosting service, Freedom Hosting II, after discovering that it was managing child porn sites it had to be aware of — they were using gigabytes of data each when the host officially allows no more than 256MB. Each site had its usual pages replaced with a message that not only chastised FH2, but offered a data dump (minus user info) and explained the nature of the hack. Reportedly, the attack wasn’t difficult. The hacker only needed to have control over a site (new or existing) to get started. After that, it was mostly a matter of modifying a configuration file, triggering a password reset and getting root access. From early indications, the perpetrator is handling the data relatively responsibly. It’s going to a security researcher who’ll hand it over to law enforcement, which might just use it to bust the porn peddlers. Investigators may be as frustrated as they are happy, though. When the FBI infiltrated Dark Web porn sites , it used location-tracking malware to help identify individual users. Well, it probably can’t do that now — investigators might pinpoint the site operators, but the clients will have scattered to the four winds. While this is still a blow to the internet’s criminal underbelly, it’s not as big a victory as it could have been. Looks like Freedom Hosting II got pwned. They hosted close to 20% of all dark web sites (previous @OnionScan report) https://t.co/JOLXFJQXiH — Sarah Jamie Lewis (@SarahJamieLewis) February 3, 2017 Source: Motherboard , Sarah Jamie Lewis (Twitter)

Read the article:
Hack knocks out a fifth of the Dark Web

Site that sold access to 3.1 billion passwords vanishes after reported raid

Enlarge LeakedSource, a legally and ethically questionable website that sold access to a database of more than 3.1 billion compromised account passwords, has disappeared amid an unconfirmed report its operator was raided by law enforcement officers. “Leakedsource is down forever and won’t be coming back,” a person using the handle LTD wrote Thursday in an online forum . “Owner raided early this morning. Wasn’t arrested, but all [solid state drives] got taken, and Leakedsource servers got subpoenaed and placed under federal investigation. If somehow he recovers from this and launches LS again, then I’ll be wrong. But I am not wrong.” Attempts to reach LeakedSource operators for comment weren’t successful. Read 5 remaining paragraphs | Comments

View article:
Site that sold access to 3.1 billion passwords vanishes after reported raid

Apple logs your iMessage contacts and could share them with police

Apple’s iMessage had a few security holes in March and April that potentially leaked photos and contacts, respectively. Though quickly patched, they are a reminder that the company faces a never-ending arms race to shore up its security to keep malicious hackers and government agencies out. But that doesn’t mean they will always be able to keep it private. A report from The Intercept states that iMessage conversation metadata gets logged in Apple’s servers, which the company could be compelled to turn over to law enforcement by court order. While the content of those messages remains encrypted and out of the police’s hands, these records list time, date, frequency of contact and limited location information. When an iOS user types in a phone number to begin a text conversation, their device pings servers to determine whether the new contact uses iMessage. If not, texts are sent over SMS and appear in green bubbles, while Apple’s proprietary data messages appear in blue ones. Allegedly, they log all of these unseen network requests. But those also include time and date stamps along with the user’s IP address, identifying your location to some degree, according to The Intercept . Like the phone logs of yore, investigators could legally request these records and Apple would be obliged to comply. While the company insisted that iMessage was end-to-end encrypted in 2013, securing user messages even if law enforcement got access, Apple said nothing about metadata. Apple confirmed to The Intercept that it does comply with subpoenas and other legal requests for these exact logs, but maintained that message content is still kept private. Their commitment to user security isn’t really undermined by these illuminations — phone companies have been giving this information to law enforcement for decades — but it does illustrate what they can and cannot protect. While they resisted FBI requests for backdoor iPhone access earlier this year and then introduced a wholly redesigned file system with a built-in unified encryption method on every device, they can’t keep authorities from knowing when and where you text people. Source: The Intercept

Read this article:
Apple logs your iMessage contacts and could share them with police

DOJ Ups the Ante, Says iPhone Encryption Will Kill a Child

Here we go again. Just a few days after a former FBI agent argued that the new iOS 8 encryption would cause somebody to die , a Department of Justice boss upped the ante. At a meeting on October 1, Deputy Attorney General James Cole told a room full off Apple executives that iPhone encryption would cause a child to die. A child! Read more…

Originally posted here:
DOJ Ups the Ante, Says iPhone Encryption Will Kill a Child

Fed Wiretappers Can’t Keep Up With All These New Chat Apps

Wiretapping used to be straightforward. Potential drug lord? Bug his phone! But the proliferation of online chat options is making it hard for law enforcement officials and intelligence agents to carry out court-ordered wiretaps. Read more…

Excerpt from:
Fed Wiretappers Can’t Keep Up With All These New Chat Apps

FBI responds to ACLU FOIA request…with 111 blank pages

The American Civil Liberties Union filed a Freedom of Information Act request with the FBI seeking details of its surveillance policy — who it spies upon, and how, and under what circumstances. The FBI sent back two 50+ page memos in reply, each of them totally blacked out except for some information on the title page. In a 12-minute video posted online, Weissmann spoke about two memos: one focused on the use of GPS tracking on forms of transportation beyond cars, the other regarding how Jones applies to tracking methods outside of GPS (presumably like cellphone ping data). “Is it going to apply to boats, is it going to apply to airplanes?” Weissmann asks in the video. “Is it going to apply at the border? What’s it mean for the consent that’s given by an owner? What does it mean if consent is given by a possessor? And this is all about GPS, by the way, without getting into other types of techniques.” And those questions remain wholly unanswered. “The Justice Department’s unfortunate decision leaves Americans with no clear understanding of when we will be subjected to tracking—possibly for months at a time—or whether the government will first get a warrant,” Catherine Crump, an ACLU staff attorney, wrote on Wednesday. FBI to ACLU: Nope, we won’t tell you how, when, or why we track you [Cyrus Farivar/Ars Technica]

View article:
FBI responds to ACLU FOIA request…with 111 blank pages