Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Crime

BMW Traps A Car Thief By Remotely Locking His Doors (cnet.com) 362

An anonymous reader quotes CNET: Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal... Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (November 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," wrote Jonah Spangenthal-Lee [deputy director of communications for the Seattle Police Department].

The suspect found a key fob mistakenly left inside the BMW by a friend who'd borrowed the car from the owner and the alleged crime was on. But technology triumphed. When the owner, who'd just gotten married a day earlier, discovered the theft, the police contacted BMW corporate, who tracked the car to Seattle's Ravenna neighborhood.

The 38-year-old inside was then booked for both auto theft and possession of methamphetamine.
United States

Sysadmin Gets Two Years In Prison For Sabotaging ISP (bleepingcomputer.com) 131

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.

Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.
Security

Crooks Need Just Six Seconds To Guess A Credit Card Number (independent.co.uk) 108

schwit1 quotes The Independent: Criminals can work out the card number, expiration date, and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found... Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack...

According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously. Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.

One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."
China

China's New 'Social Credit Score' Law Means Full Access To Customer Data (insurancejournal.com) 82

AnonymousCube shares this quote about China's new 'Social Credit Score' law from an insurance industry magazine: "Companies are also required to give government investigators complete access to their data if there is suspected wrong-doing, and Internet operators must cooperate in any national security or crime-related investigation."

Note that China has an extremely flexible definition of "national security". Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.

The article suggests businesses like insurers "will likely see the cost of complying with this new action as a disincentive to conducting business in China."
Crime

Foxconn Employee Faces 10-Year Prison Sentence For Stealing 5,700 iPhones Worth $1.5 Million (thenextweb.com) 45

A Taiwanese Foxconn manager faces a stiff prison sentence after he stole 5,700 iPhones from his employer, and went to sell them for $1.56 million. The Next Web reports: Foxconn is a tech manufacturing giant. It makes a lot of things, including laptops for HP, phones for Apple, games consoles for Sony, and its workers so depressed it has to install suicide nets. The Taiwanese manager at the center of this crime -- known only by his family name, Tsai -- worked in the testing department at Foxconn's factory in Shenzhen, mainland China. According to Taiwanese prosecutors, Tsai ordered eight of his subordinates to smuggle out thousands of iPhones which were used by the company for testing and quality assurance purposes. These were destined to be scrapped after use. The stolen iPhones (mostly iPhone 5 and iPhone 5s models) made their way to stores in Shenzhen, and went on to make Tsai and his accomplices nearly $1.56 million USD (Tw$50 million). Tsai has since been charged with breach of trust and, if found guilty, he faces a maximum 10-year jail term.
Crime

Lawyer Sues 20-Year-Old Student Who Gave a Bad Yelp Review, Loses Badly (arstechnica.com) 88

20-year-old Lan Cai was in a car crash this summer, after she was plowed into by a drunk driver and broke two bones in her lower back. She didn't know how to navigate her car insurance and prove damages, so she reached out for legal help. Things didn't go as one would have liked, initially, as ArsTechnica documents:The help she got, Cai said, was less than satisfactory. Lawyers from the Tuan A. Khuu law firm ignored her contacts, and at one point they came into her bedroom while Cai was sleeping in her underwear. "Seriously, it's super unprofessional!" she wrote on Facebook. (The firm maintains it was invited in by Cai's mother.) She also took to Yelp to warn others about her bad experience. The posts led to a threatening e-mail from Tuan Khuu attorney Keith Nguyen. Nguyen and his associates went ahead and filed that lawsuit, demanding the young woman pay up between $100,000 and $200,000 -- more than 100 times what she had in her bank account. Nguyen said he didn't feel bad at all about suing Cai. Cai didn't remove her review, though. Instead she fought back against the Khuu firm, all thanks to attorney Michael Fleming, who took her case pro bono. Fleming filed a motion arguing that, first and foremost, Cai's social media complaints were true. Second, she couldn't do much to damage the reputation of a firm that already had multiple poor reviews. He argued the lawsuit was a clear SLAPP (strategic Lawsuit Against Public Participation). Ultimately, the judge agreed with Fleming, ordering the Khuu firm to pay $26,831.55 in attorneys' fees.
The Courts

French Man Sentenced To Two Years In Prison For Visiting Pro-ISIS Websites (theverge.com) 411

According to French media, a court in the department of Ardeche on Tuesday sentenced a 32-year-old man in France to two years in prison for repeatedly visiting pro-ISIS websites -- even though there was no indication he planned to stage a terrorist attack. Police raided his house and found the man's browsing history. They also found pro-ISIS images and execution videos on his phone, personal computer, and a USB stick, an ISIS flag wallpaper on his computer, and a computer password that was "13novembrehaha," referencing the Paris terrorist attacks that left 130 people dead. Slashdot reader future guy shares with us an excerpt from The Verge's report: In court, the man argued that he visited the sites out of curiosity. "I wanted to tell the difference between real Islam and the false Islam, now I understand," he said, according to FranceBleu. But the man reportedly admitted to not reading other news sites or international press, and family members told the court that his behavior had recently changed. He became irritated when discussing religion, they said, and began sporting a long beard with harem pants. A representative from the Ardeche court confirmed to The Verge that there was no indication that the man had any plans to launch an attack. In addition to the two-year prison sentence, he will have to pay a 30,000 euros (roughly $32,000) fine.
Bitcoin

Bitcoin Exchange Ordered To Give IRS Years of Data On Millions of Users (gizmodo.com) 203

Last month, instead of asking for data relating to specific individuals suspected of a crime, the Internal Revenue Service (IRS) demanded America's largest Bitcoin service, Coinbase, to provide the identities of all of the firm's U.S. customers who made transactions over a three year period because there is a chance they are avoiding paying taxes on their bitcoin reserves. On Wednesday, a federal judge authorized a summons requiring Coinbase to provide the IRS with those records. Gizmodo reports: Covering the identities and transaction histories of millions of customers, the request is believed to be the largest single attempt to identify tax evaders using virtual currency to date. As a so-called "John Doe" summons, the document targets a particular group or class of taxpayers -- rather than individuals -- the agency has a "reasonable basis" to believe may have broken the law. According to The New York Times, the IRS argued that two cases of tax evasion involving Coinbase combined with Bitcoin's "relatively high level of anonymity" serve as that basis. "There is no allegation in this suit that Coinbase has engaged in any wrongdoing in connection with its virtual currency exchange business," said the Justice Department on Wednesday. "Rather, the IRS uses John Doe summonses to obtain information about possible violations of internal revenue laws by individuals whose identities are unknown." In a statement, Coinbase vowed to fight the summons, which the company's head counsel has previously characterized as a "every, very broad" fishing expedition.
Businesses

Amazon and eBay Sellers' VAT Fraud Rife Despite Crackdown (theguardian.com) 81

Huge numbers of VAT fraudsters are illegally selling goods tax-free to British shoppers on Amazon and eBay, despite new government efforts to crack down on this ballooning 1bn pound VAT evasion crisis, reports the Guardian. From the article: A Guardian investigation found a wide variety of popular goods being illegally sold without VAT on Britain's leading shopping sites. They range from cheap Christmas tree lights, electric toothbrushes and thermal socks to expensive laptops, iPads, music keyboards, violins and pingpong tables. In some cases, VAT fraudsters offer unbeatable prices. Mostly, however, their prices remain in line with law-abiding competitors and the proceeds of evasion disappear overseas, often to China. Guardian investigations found many tax-evading sellers were trading without displaying VAT numbers on Amazon or eBay. Others were showing made up numbers, or numbers cloned, without authorisation, from unsuspecting legitimate businesses.
United Kingdom

48 Organizations Now Have Access To Every Brit's Browsing Hstory (zerohedge.com) 251

schwit1 quotes a report from Zero Hedge on Great Britain's newly-enacted "snoopers' charter": For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right. Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list
Click through to the comments to read the entire list.
United States

Ransomware Compromises San Francisco's Mass Transit System (cbslocal.com) 141

Buses and light rail cars make San Francisco's "Muni" fleet the seventh largest mass transit system in America. But yesterday its arrival-time screens just displayed the message "You Hacked, ALL Data Encrypted" -- and all the rides were free, according to a local CBS report shared by RAYinNYC: Inside sources say the system has been hacked for days. The San Francisco Municipal Transportation Agency has officially confirmed the hack, but says it has not affected any service... The hack affects employees, as well. According to sources, SFMTA workers are not sure if they will get paid this week. Cyber attackers also hit Muni's email systems.
Though the article claims "The transit agency has no idea who is behind it, or what the hackers are demanding in return," Business Insider reports "The attack seems to be an example of ransomware, where a computer system is taken over and the users are locked out until a certain amount of money is sent to the attacker." In addition, they're reporting the attack "reportedly included an email address where Muni officials could ask for the key to unlock its systems."

One San Francisco local told CBS, "I think it is terrifying. I really do I think if they can start doing this here, we're not safe anywhere."
United Kingdom

Police in UK Warn About Dating Apps After Serial Killer Conviction (betanews.com) 40

Mark Wilson, writing for BetaNews: Police are warning people who use dating sites and dating apps to take extra precautions to ensure their safety. The advice comes after serial killer Stephen Port who contacted his victims through apps such as Grindr and Gaydar. While people making use of dating services have always been warned to take safety precautions, police are concerned that sexual predators are increasingly using such sites and apps as a way of finding potential victims. The UK's National Crime Agency has noticed an alarming increase in the number of people reporting cases of rape after meeting someone through a dating site or app. In 2009 the number was just 33, while in 2014 it had jumped to 184. Clearly things such changes to the reporting of sexual assault need to be factored in, as do considerations such as whether the number of reported incidents represents an increase in actual incidents in real terms.
Government

FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant (vice.com) 90

Joseph Cox, reporting for Motherboard: In January, Motherboard reported on the FBI's "unprecedented" hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually several orders of magnitude larger. In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case. The figures illustrate the largest ever known law enforcement hacking campaign to date, and starkly demonstrate what the future of policing crime on the dark web may look like. This news comes as the US is preparing to usher in changes that would allow magistrate judges to authorize the mass hacking of computers, wherever in the world they may be located.
Democrats

Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) 385

According to a new study reported by The Wall Street Journal, Google's search results tend to lean liberal. "An analysis by online-search marketer CanIRank.com found that 50 recent searches for political terms on Google surfaced more liberal-leaning webpages than conservative ones, as rated by a panel of four people." The Denver Channel reports: "Minimum wage" tended to yield more liberal results, while "does gun control reduce crime" resulted in more conservative ones. Searches for "financial regulation" and "federal reserve" found mostly nonpartisan links. CanIRank used the opinions of four people to determine how liberal or conservative each website was. For 16 percent of the political search terms studied, no right-leaning results showed up at all on the first page of results. CanIRank noted this could be a problem for democracy. A different study found most people click on one of the first five search results. Users rarely move on to the second page. A Google spokesperson said in an email to the WSJ: "From the beginning, our approach to search has been to provide the most relevant answers and results to our users, and it would undermine people's trust in our results, and our company, if we were to change course." According to Google, their results are "determined by algorithms using hundreds of factors" and "reflect the content and information that is available on the internet."
Crime

New York's District Attorney: Roll Back Apple's iPhone Encryption (mashable.com) 215

An anonymous reader quotes Mashable: Manhattan District Attorney Cyrus Vance said Thursday that he wants Apple's encryption to go back to how it was in early 2014. Back then, police could basically extract any information they wanted after getting a warrant. "Doing nothing about this problem will perpetuate an untenable arms race between private industry and law enforcement," Vance said on Thursday. "Federal legislation is our only chance to lay these arms aside."

Vance said he's got 423 "lawfully-seized Apple devices" that his employees can't do anything with. Forty-two of those devices "pertain to homicide or attempted murder cases" according to the district attorney's office, and a similar number "relate to sex crimes." The argument, of course, is that the district attorney's office would have an easier time solving crimes if they had access to these phones... Apple believes being forced to hack into phones at the government's will is an unreasonable burden.

ZDNet adds that "the call for federal legislation could be given a popular boost by president elect Donald Trump, who previously called for a boycott on Apple products when it refused to help the FBI."
Government

Privacy Group Sues The FBI, Demanding Details About Biometric Database Sharing (onthewire.io) 16

Trailrunner7 writes: A major privacy group has filed a lawsuit against the FBI to force the bureau to release all relevant documents about its plan to share a huge amount of biometric information with the Department of Defense. The lawsuit filed by EPIC (Electronic Privacy Information Center) concerns the FBI's Next Generation Identification (NGI) system, which comprises fingerprint, iris scan, and facial recognition data, and the bureau has been using it for several years... EPIC's lawsuit asks that the FBI be forced to release records about the plan to share NGI data with the Department of Defense under the Freedom of Information Act. EPIC filed a FOIA request about the plan last year and though the FBI said it has located 35 pages of records that are responsive to the request, it hasn't released any of those records.
Bitcoin

IRS Demands Identities of All US Coinbase Traders Over Three Year Period (vice.com) 124

An anonymous reader quotes a report from Motherboard: In bitcoin-related investigations, authorities will often follow the digital trail of an illegal transaction or suspicious user back to a specific account at a bitcoin trading company. From here, investigators will likely subpoena the company for records about that particular user, so they can then properly identify the person suspected of a crime. The Internal Revenue Service, however, has taken a different approach. Instead of asking for data relating to specific individuals suspected of a crime, it has demanded bitcoin trading site Coinbase to provide the identities of all of the firm's U.S. customers who made transactions over a three year period, because there is a chance they are avoiding paying taxes on their bitcoin reserves. Coinbase has a total of millions of customers. According to court filings, which were first flagged by financial blogger Zerohedge on Twitter, the IRS has launched an investigation to determine the correct amount of tax that those who use virtual currencies such as bitcoin are obligated to pay. But according to the documents, the IRS is asking for the identities of any U.S. Coinbase customer who transferred crypto-currency with the service between 2013 and 2015. "The John Does whose identities are sought by the summons are United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency," reads a memorandum written by Department of Justice attorneys and filed on Thursday, November 17.
Privacy

A $5 Tool Called PoisonTap Can Hack Your Locked Computer In One Minute (vice.com) 172

An anonymous reader quotes a report from Motherboard: A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks. Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there's a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday. And all a hacker has to do is plug it in and wait. PoisonTap is built on a Raspberry Pi Zero microcomputer. Once it's plugged into a USB port, it emulates a network device and attacks all outbound connections by pretending to be the whole internet, tricking the computer to send all traffic to it. Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar. Security experts that reviewed Kamkar's research for Motherboard agreed that this is a novel attack, and a good way to expose the excessive trust that Mac and Windows computers have in network devices. That's the key of PoisonTap's attacks -- once what looks like a network device is plugged into a laptop, the computer automatically talks to it and exchanges data with it.
Piracy

Police Raid Pirate Site, Seize 60 Servers Following MPAA Complaint (torrentfreak.com) 60

An anonymous reader quotes a report from TorrentFreak: When it comes to shutting down pirate sites, few groups have a longer history than the Motion Picture Association of America. The Hollywood organization has dozens of pirate scalps under its belt and today is able to claim another. Serving more than a million users every day, FS.to was one of Ukraine's largest pirate sites. Ranked the country's 21st most popular site overall, the movie-focused platform attracted the attention of the MPAA and local rights holders alike. That has resulted in one of the biggest raids ever seen in the country. According to the cyber crime division of Ukraine's national police, an operation shut down the platform Monday following a complaint from Hollywood. The authorities say that 19 people suspected of running the site via a network of local and offshore companies were arrested. The operation to shut the site appears to have been significant. Raids took place at the offices and homes of the suspects, plus datacenters where equipment running the site was installed. Thus far around 60 servers have been seized from a range of local ISPs but the operation is still ongoing so the tally could increase. Local sources indicate that the authorities have linked local Internet company Ferazko Holding Inc. with FS since it owns several of the site's domains including FS.to, BRB.to and FS.ua.
Businesses

Amazon Takes Counterfeit Sellers To Court For First Time (cnbc.com) 62

For the first time, Amazon is taking counterfeit sellers to court. The move comes after several sellers expressed strong concerns about their businesses getting ripped off by Amazon, which is not doing anything to curb distribution of fake, poor quality products on its ecommerce platform. Notably, even Apple had said recently that a lot of its accessories listed on Amazon are fake products. From a CNBC report: On Monday, Amazon filed suit against a group of sellers for infringing on athletic training equipment developed by TRX. In a second case, Amazon sued sellers who are offering fake versions of a patented moving product called Forearm Forklift. [...] There's no way Amazon can litigate away the problem. The company generates over $75 billion a year in commerce, and about half the volume now comes from third-party sellers. However, with Amazon showing its willingness to take abusers to court, the company can at least hope to deter counterfeit sellers with the threat of potential legal action.

Slashdot Top Deals