Archive for the ‘Computer Crimes’ Category:
Here on Long Island. Hacker Admits Guilt, Forfeits $1.65 million
Just over a year ago I reported on the Justice Department’s indictment of 11 “individuals” involved in an identity theft ring that targeted wireless retail networks of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, and DSW, among others. They were charged for stealing over 130 million credit and debit card numbers.
Albert Gonzalez, hacker
One of those indicted was a U.S. citizen named Albert Gonzalez, age 28. Gonzalez, under arrest on one ID theft case, had been working as an informant in a second case, and was found to be criminally involved in a third identity theft ring. Over the weekend he admitted his guilt in an older case, and agreed to forfeit assets gained by crimes. Among his assets were a condominium in Miami, a 2006 BMW, various computers and laptops, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches.
Gonzalez was scheduled to go to trial Sept. 14 in federal court in Central Islip, N.Y. His charges included operating a fraud scheme from April through September in 2007, and hacking into computers at the corporate headquarters of the Dave & Buster’s restaurant chain where he stole debit and credit card numbers. He faces 15 years to 25 years in prison.
On the second case, Gonzalez faces as many as 35 years in prison.In that case Gonzalez and the other hackers malware and so-called “injection strings” to attack the computers and steal data. They installed “sniffer” programs to capture data “on a real-time basis” as it moved through the computer networks. They used instant messaging services to advise each other on how to navigate the systems. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence.
Subscribe to the comments for this postHomeland Security and Laptop Searches
Image from ARS Technica. (Click image for article)
This past Thursday, August 27, 2009, Department of Homeland Security (DHS) Secretary Janet Napolitano announced new directives to enhance and clarify oversight for searches of computers and other electronic media at U.S. ports of entry. New guidelines are being designed to reinforce the Department’s efforts to combat crime and terrorism while protecting personal right’s to privacy and civil liberties.
The new directives and guidelines will “enhance transparency, accountability and oversight” of searches at borders, airports, and other ports of entry to the U.S. Included are new administrative procedures “designed to ensure that officers and agents understand their responsibilities to protect individual private information and that individuals understand their rights.”
Airport laptop search. Image from Center for American Progress. (Click image for article)
The DHS further stated that searches are permitted by law and are not restricted to detection of terrorist plans, but are also necessary to uncover possession of child pornography and criminal possession of intellectual property, trademark and copyright infringement.
You can read three reports made available by the government along with this recent announcement. First, the DHS Privacy Office released a Privacy Impact Assessment, which is also available at www.dhs.gov/privacy. This document is designed to improve the public’s understanding of the authorities, policies, and procedures used during searches. It also let’s them know what is being done to protect individuals’ privacy.
(In a related story, the DHS Office for Civil Rights and Civil Liberties (CRCL) will also conduct a “Civil Liberties Impact Assessment” within 120 days.)
Next, additional reports were released by the U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE). Their guidelines also made mention of searches of iPods and other digital media players, as well as video and digital cameras. Click the links to see the PDFs of the reports.
This is all well and good, but I was a little surprised to learn that out of the 221,000,000 (that’s 221 million) travellers that crossed U.S. borders in the last 10 months that only 1,000 laptops were searched in this period, and that less than 50 of those searches were in depth. That’s about 3 laptops a day being checked out. Typically, the laptop wner is asked to turn on the laptop and demonstrate that it is a working computer, but apparently there are at least 3 PCs a day that require a little bit more scrutiny.
Have you had your camera, iPod, or laptop searched while you were travelling and out of the US? Tell me your story. I’m sure I’m not the only one who’d like to hear it.
Spam Fighting Update
My blog post titled “I’m Fighting Acai Berry Spam Today” from August 14, 2008 is the 4th most read post on Skylarking. It has received a fair amount of commentary since April of this year. The comments have lead me to add an update to the post to clarify the intent and purpose of the article:
This post is about spam in general, using Acai Berry spam as an example. I aim to (1) illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT it is my opinion that web sites can be easier to track.
So my point is that spam is often associated with a web site, and discrepancies between a web site and an email message can often help determine the validity of the email and/or the site.
You can read the updated post and comments here.
Thanks to everyone who has commented, and added their thoughts, ideas, and knowledge concerning the subject. And thank you for leading me to elaborate further. I look forward to hearing more comments and thoughts on the subject.
