Saturday, November 22, 2014

Pass It On: FBI Warns Of Cyber Scammers Targeting Holiday Shoppers


The FBI released the below information:

In advance of the holiday season, the Birmingham FBI Field Office reminds shoppers to beware of cyber criminals and their aggressive and creative ways to steal money and personal information.

Scammers use many techniques to fool potential victims, including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, sale of fraudulent or stolen gift cards through auction sites at discounted prices, and phishing e-mails advertising brand name merchandise for bargain prices or e-mails promoting the sale of merchandise that ends up being a counterfeit product.

Fraudulent Classified Ads or Auction Sales

Internet criminals post classified ads or auctions for products they do not have. If you receive an auction product from a merchant or retail store rather than directly from the auction seller, the item may have been purchased with someone else’s stolen credit card number. Contact the merchant to verify the account used to pay for the item actually belongs to you.

Shoppers should be cautious and not provide credit card numbers, bank account numbers, or other financial information directly to the seller. Fraudulent sellers will use this information to purchase items for their scheme from the provided financial account. Always use a legitimate payment service to protect purchases.

Diligently check each seller’s rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100 percent positive feedback if they have a low total number of feedback postings and all feedback was posted around the same date and time.

Gift Card Scam

The safest way to purchase gift cards is directly from the merchant or authorized retail merchant. If the merchant discovers the card you received from another source or auction was initially obtained fraudulently, the merchant will deactivate the gift card number and it will not be honored to make purchases.

Phishing and Social Networking

Be leery of e-mails or text messages you receive indicating a problem or question regarding your financial accounts. In this scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem. The link actually directs the individual to a fraudulent website or message that appears legitimate; however, any personal information you provide, such as account number and personal identification number (PIN), will be stolen.

Another scam involves victims receiving an e-mail message directing the recipient to a spoofed website. A spoofed website is a fake site or copy of a real website that is designed to mislead the recipient into providing personal information.

Consumers are encouraged to beware of bargain e-mails advertising one day only promotions for recognized brands or websites. Fraudsters often use the hot items of the season to lure bargain hunters into providing credit card information. The old adage “If it seems too good to be true, it probably is” is a good barometer to use to legitimize e-mails.

Black Friday has traditionally been the “biggest shopping day of the year.” The Monday following Thanksgiving has more recently (2005) been labeled Cyber Monday, meaning the e-commerce industry endorses this special day to offer sales and promotions without interfering with the traditional way to shop. Scammers try to prey on Black Friday or Cyber Monday bargain hunters by advertising “one-day only” promotions from recognized brands. Consumers should be on the watch for too good to be true e-mails from unrecognized websites.

Along with online shopping comes the growth of consumers using social networking sites and mobile phones to satisfy their shopping needs more easily. Again, consumers are encouraged to beware of e-mails, text messages, or postings that may lead to fraudulent sites offering bargains on brand name products.

Tips

Here are some tips you can use to avoid becoming a victim of cyber fraud:
  • Do not respond to unsolicited (spam) e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mails claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Always run a virus scan on attachment before opening.
  • Avoid filling out forms contained in e-mail messages that ask for personal information.
  • Always compare the link in the e-mail to the web address link you are directed to and determine if they match.
  • Log on directly to the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
  • If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively.
  • If you receive a request for personal information from a business or financial institution, always look up the main contact information for the requesting company on an independent source (phone book, trusted Internet directory, legitimate billing statement, etc.) and use that contact information to verify the legitimacy of the request.
  • Remember if it looks too good to be true, it probably is.
To receive the latest information about cyber scams, please go to the FBI website and sign up for e-mail alerts by clicking the envelope in the upper right corner of the page. If you have received a scam e-mail, please notify the IC3 by filing a complaint at www.ic3.gov.

Friday, November 21, 2014

Fired Philadelphia Narcotics Cop Covered In Pulitzer Price-Winning Newspaper Series 'Tainted Justice' And True Crime Book 'Busted' Gets His Job Back


David Gambacorta at the Philadelphia Daily News offers a piece on the reinstatement of a Philly cop who was fired.

In a decision that Police Commissioner Charles H. Ramsey called "disappointing," an arbitrator on Wednesday moved to reinstate fired Philadelphia narcotics cop Jeffrey Cujdik.

Ramsey booted Cujdik from the force in May, following a long-running Internal Affairs investigation into allegations that the veteran cop lied on search warrants and had an inappropriate relationship with an informant - and then lied about both to investigators. The allegations were first unearthed in the 2009 Daily News series "Tainted Justice."

The series, based on interviews with dozens of victims, detailed incidents of misconduct among a group of undercover narcotics officers, including phony search-warrant applications, the looting of bodegas and even sexual assault.

The city has paid out at least $1.7 million to settle 33 lawsuits filed by bodega owners and two women who said they'd been assaulted by a member of Cujdik's squad.

Federal and local probes of the officers were triggered by the Pulitzer Prize-winning series.

Ramsey said Thursday that the arbitration hearing centered on whether he had just cause to fire Cudjik.

You can read the rest of the piece via the below link:

http://www.philly.com/philly/news/20141120_Tainted_cop_gets_his_job_back.html

You can also read my interview with the Daily News reporters who wrote the newspaper series and the book Busted via the below link:

http://www.pauldavisoncrime.com/2014/05/my-crime-beat-column-my-q-with-wendy.html

Cybercom Chief Details U.S. Cyber Threats, Trends


Cheryl Pellerin at DoD News offers the below piece:

WASHINGTON, Nov. 21, 2014 - Cyber threats are real, hurting the nation and its allies and partners, costing hundreds of billions, and potentially leading to a catastrophic failure if not addressed, Navy Adm. Michael S. Rogers told a House panel yesterday.

Rogers, the commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, testified before members of the House Permanent Select Committee on Intelligence on advanced cybersecurity threats facing the United States.

Cyber Challenges 'Not Theoretical'

"There should be [no] doubt in anybody's mind that the cyber challenges we're talking about are not theoretical. This is something real that is impacting our nation and those of our allies and friends every day," Rogers said. Such incidents are costing hundreds of billions of dollars, leading to a reduced sense of security and potentially to "some truly significant, almost catastrophic failures if we don't take action," the admiral added.

In recent weeks, cyber-related incidents have struck the White House, the State Department, the U.S. Postal Service and the National Oceanic and Atmospheric Administration.

The Defense Department, the U.S. Sentencing Commission and the U.S. Treasury also have had cyber intrusions. Sophisticated malware has been found on industrial control systems used to operate U.S. critical infrastructure, and other major intrusions have been reported by J.P. Morgan Chase, Target, Neiman Marcus, Michaels, Yahoo! Mail, AT&T, Google, Apple and many more companies.

Intrusions Seek to Acquire Capability

"We have ... observed intrusions into industrial control systems," Rogers said. "What concerns us is that ... capability can be used by nation-states, groups or individuals to take down" the capability of the control systems. And "we clearly are seeing instances where nation-states, groups and individuals are aggressively looking to acquire that capability," he added.

Rogers said his team thinks they're seeing reconnaissance by many actors to ensure they understand U.S. systems in advance of exploiting vulnerabilities in the control systems. "We see them attempting to steal information on how our systems are configured, the specific schematics of most of our control systems down to the engineering level of detail so they [see] ... the vulnerabilities, how they are constructed [and] how [to] get in and defeat them," the admiral said. "Those control systems are fundamental to how we work most of our infrastructure across this nation," Rogers added, "and it's not just the United States -- it's on a global basis."

Growth Areas of Vulnerability

When he's asked about coming trends, Rogers said, industry control systems and supervisory control and data acquisition systems, called SCADA systems, come to mind as "big growth areas of vulnerability and action that we're going to see in the coming 12 months." "It's among the things that concern me the most," he added, "because this will be truly destructive if someone decides that's what they want to do."

What it means, he said, is that malware is on some of those systems and attackers may already have the capability to flip a switch and disrupt the activity the switch controls. "Once you're into the system ... it enables you to do things like, if I want to tell power turbines to go offline and stop generating power, you can do that," he explained. "If I want to segment the transmission system so you couldn't distribute the power coming out of power stations, this would enable you to do that."

Criminals as Surrogates for Nation-states

The next trend Rogers sees near-term is for some criminal actors now stealing information designed to generate revenue to begin acting as surrogates for other groups or nations. "I'm watching nation-states attempt to obscure, if you will, their fingerprints," he said. "And one way to do that is to use surrogate groups to attempt to execute these things for you." That's one reason criminal actors are starting to use tools that only nation-states historically have used, the admiral said. "Now you're starting to see criminal gangs in some instances using those tools," he added, "which suggests to us that increasingly in some scenarios we're going to see more linkages between the nation-state and some of these groups. That's a troubling development for us."

Such activities across the cyberscape, he said, make it difficult for private-sector companies to try to defend themselves against rapidly changing threats.

A Legal Framework for Cyber Sharing

But before Cybercom can help commercial companies deal with cyber criminals and adversarial nation-states, Rogers said the command needs a legal framework "that enables us to rapidly share information, machine-to-machine and at machine speed, between the private sector and the government."

The framework, he added, must be fashioned in a way that provides liability protection for the corporate sector and addresses valid concerns about privacy and civil liberties. Such legislation has passed in the House but not in the Senate, and the Senate has created its own similar legislation that has not yet passed the full Senate.

Rogers says there are several ways Cybercom can share what it knows about malicious source code with the private sector so companies can protect their own networks, and assure Americans that NSA isn't collecting or using their personal information while sharing information with private companies.

What the Private Sector Needs

With private-sector companies, Cybercom and NSA must publicly "sit down and define just what elements of information we want to pass to each other," he said, specifying what the private sector needs and what the government needs, and also areas that neither wants to talk about. "I'm not in that private-sector network, therefore I am counting on the private sector to share with us," the admiral said. What he thinks the government owes the private sector is this -- Here are the specifics of the threats we think are coming at you. Here's what it's going to look like. Here's the precursor kinds of activities we think you're going to see before the actual attack. Here's the composition of the malware we think you're going to see. Here's how we think you can defeat it.

What Rogers says he's interested in learning from the private sector is this -- Tell me what you actually saw. Was the malware you detected written along the lines that we anticipated? Was it different and how was it different? When you responded to this, what worked for you and what didn't? How did you configure your networks? What was effective? What can we share with others so the insights of one come to the aid of many? "That's the kind of back-and-forth we need with each other," Rogers said, and legislation is the only thing that will make it happen.

Helping Defend Critical Infrastructure

Rogers says he tells his organization that he fully expects during his time as Cybercom commander to be tasked to help defend critical infrastructure in the United States because it is under attack by some foreign nation or some individual or group. "I say that because we see multiple nation-states and in some cases individuals in groups that have the capability to engage in this behavior," the admiral said, adding that the United States has seen this destructive behavior acted on and observed physical destruction within the corporate sector, although largely outside the nation's borders. "We have seen individuals, groups inside critical U.S. infrastructure. That suggests to us that this vulnerability is an area others want to exploit," the admiral said. "All of that leads me to believe it is only a matter of time when, not if, we are going to see something traumatic." Rogers says he's "pretty comfortable" that there is broad agreement and good delineation within the federal government as to who has what responsibilities if Cybercom is called on during a major cyberattack in the United States.

"The challenge to me is we've got to ... get down to the execution level of detail," he said. "I come from a military culture [which] teaches us to take those broad concepts and agreements and then you train and you exercise. And you do it over and over. That's what we've got to do next."

Note: The above U.S. Navy photo shows sailors assigned to the Navy Cyber Defense Operations Command. The photo was taken by Petty Officer 2nd Class Joshua J. Wahl.

Thursday, November 20, 2014

Spies, Sleepers And Hitmen: How The Soviet Union's KGB Never Went Away

 
Luke Harding at the Guardian offers an interesting piece on Russia's secret police.
 
Vladimir Putin was never an especially distinguished spy. In the 1980s, the KGB dispatched him not to a glamorous western capital but to provincial East Germany. It was here, in Dresden, that he sat out the collapse of the Soviet Union, an event that filled him with horror and rage.
 
For a brief moment in the 90s, the KGB – now re-branded as the FSB, the Federal Security Service – was on the back foot. Since becoming president in 2000, however, Putin has transformed Russia into a giant spy state. He has brought back many of the cold war espionage techniques he first learned as a young recruit in Leningrad’s KGB spy school. Not that they ever quite went away.

FSB spies are a paranoid, conspiratorial and deeply xenophobic bunch. They see themselves as the direct descendants of the Cheka, Lenin’s feared, terrifying secret police. They are obsessed, as in cold war times, with finding and defeating Russia’s “enemies”. Some of these so-called “enemies” are foreign, some are homegrown.

In the 70s, the KGB employed a wide repertoire of operational tricks. Typically, they would eavesdrop on western diplomats, harass British and American journalists (slashing the tyres of their cars was a favourite) and carry out break-ins and buggings. Writing about Soviet dissidents or Jewish emigration got you into trouble

When I got to Moscow in 2007 as the Guardian’s correspondent I was surprised to discover that such ancient KGB practices were back. For reasons that are still mysterious, the FSB decided that I was one of its enemies. Unpromising young men in black leather jackets trailed me round Moscow’s icy streets. This time, the reporting taboos were Putin’s money, top-level Kremlin corruption and the vicious war in the north Caucasus.

As well as demonstrative surveillance – always more Inspector Clouseau than John le CarrĂ© – Putin’s spies made it clear that they were listening to my calls. They pulled the plug, for example, whenever I made a joke about Russia’s president. Like other despots, Putin doesn’t have a sense of humour (though he can do sardonic repartee). 

You can read the rest of the piece via the below link:

http://www.theguardian.com/world/2014/nov/19/spies-spooks-hitmen-kgb-never-went-away-russia-putin

Late Night Comic On Charles Manson's Future Prison Wedding


The late night comics offered their response to the news that Charles Manson will get married in prison.

Conan O'Brien:

I don't know if you know this but Hitler was a painter and one of his watercolor paintings is being auctioned off. It's expected to sell for over $60,000. So if you're looking for a wedding gift for Charles Manson .

Yes, Charles Manson is engaged. And his future mother-in-law says she approves of her daughter marrying Manson. She said Manson has very nice personalities.

David Letterman:
Charles Manson is marrying a woman in prison. Manson is 80 and his bride-to-be is 26 years old. He swept her right off her feet. It's probably because he carved a swastika in his forehead. Chicks dig that.
The Manson couple met on a website called "OK Stupid."
If you're looking to get the Mansons a gift, they're registered at Bloodbath & Beyond. 
 
Note: You can read an earlier post on the Manson prison wedding via the below link:

Justice Department Files Enforcement Actions To Shut Down "Psychic" Mail Fraud Schemes


The U.S. Justice Department released the below information:

The United States filed civil complaints in U.S. District Court for the Eastern District of New York today against individuals and entities alleged to be running two related multimillion-dollar mail fraud schemes.  The United States also filed a motion seeking a temporary restraining order and a preliminary injunction to immediately put a stop to the ongoing schemes.

According to the complaints, the defendants operate two mail fraud schemes in which they send solicitation letters purportedly written by world-renowned psychics to consumers through the U.S. mail.  The first scheme, operated by Destiny Research Center and the Canadian company Infogest Direct Marketing, sends direct mail solicitations allegedly written by psychics Maria Duval and Patrick Guerin.  The second scheme, operated by Christine Moussu through New York companies CLGE Inc. and I.D. Marketing Solutions Inc., sends direct mail solicitations allegedly written by psychics David Phild, Sandra Rochefort, Antonia Donera and Nicholas Chakan.

“The complaints filed today charge that the companies and individuals made blatant misrepresentations in order to reap financial gain by scamming thousands of Americans, many of whom were elderly and in a vulnerable financial condition,” said Acting Assistant Attorney General Joyce R. Branda for the Justice Department’s Civil Division.  “Our job at the Justice Department is to put a stop to fraud schemes that seek to take advantage of vulnerable Americans.”

The complaints allege that in the letters, the purported psychics state that they are contacting the recipient based on a specific vision or psychic reading revealing that the recipient has the opportunity to dramatically improve his or her financial circumstance, including claims of winning millions in the lottery. 

The solicitation letters appear personalized, repeatedly referring to the recipient by first name and often containing portions that appear handwritten.  The solicitations urge victims to purchase various products and services in order to ensure that the foreseen good fortune comes to pass. 

The complaints allege that in reality, the solicitations are identical, mass- produced form letters.  Victims responded to the solicitations by completing a form and submitting a payment, usually around $20 to $50, via U.S. mail.  Victims often also wrote personal, handwritten letters back to the purported psychics, which were never opened, and received worthless, mass-produced trinkets and further solicitations after sending these payments.

“Relying on superstition and fear, the defendants defrauded tens of millions of dollars from thousands of vulnerable citizens,” said U.S. Attorney Loretta Lynch for the Eastern District of New York.  “We have, and will continue to, use all means at our disposal to protect our citizens from such schemes to defraud.”

“These mass solicitations containing purportedly personalized messages to unsuspecting victims were blatant fraud,” said Acting Inspector in Charge Troy Raper of the U.S. Postal Inspection Service's Criminal Investigation Group.  “Postal Inspectors aggressively investigate any operations that use the U.S. mail to fleece unsuspecting victims.”

Metro Data Management Inc., doing business as Data Marketing Group Ltd., a company on Long Island, New York, along with its president, Keitha Rocco, performed “caging” services on behalf of both mail fraud schemes.  According to the complaint, these services consisted of processing victim payments and maintaining databases of consumers who responded to the fraudulent solicitations.  The government alleges that Data Marketing Group processed as much as $500,000 in victim payments in a given two-week period for the Destiny Research Center scheme, resulting in annual gross receipts of at least $13 million.  The CLGE scheme brought in annual revenue of $1.5 to $2 million.  Evidence presented by the United States in support of its motion indicates that victims of the mail fraud schemes were elderly, ill and in perilous financial condition.

The government is seeking an injunction under the Anti-Fraud Injunction Statute immediately shutting down the fraudulent schemes in order to protect victims from further harm.  The injunctions sought by the United States would enjoin the defendants from using the mail to distribute the fraudulent solicitations or to collect victim payments, and from selling lists of consumers who have responded to the solicitations.  The injunctions would also authorize the U.S. Postal Service to detain any outgoing solicitations mailed by the defendants and any incoming responses to solicitations.  

The Justice Department’s case is being handled by the Civil Division’s Consumer Protection Branch and the U.S. Postal Inspection Service, in coordination with the U.S. Attorney’s Office in the Eastern District of New York.

The claims made in the complaints are allegations only, and there has been no determination of liability. 

Wednesday, November 19, 2014

BBC To Produce Mini-Series Based On Len Deighton's Alternative Historical Thriller 'SS-GB'


Imagine that America never entered World War II and Great Britain lost the war. And now the once proud British are occupied by the victorious German Army and the dreaded Nazi SS.

Len Deighton did this in his clever alternative historical thriller GS-GB.

I liked the book when I read it many years ago and I reread the thriller a few years ago.

Now The Hollywood Reporter reports the BBC is producing a mini-series based on SS-GB.

The BBC has ordered a drama that imagines a Britain occupied by the Nazis, penned by the writers of the most recent James Bond films based on an alternate history novel.

U.K. public broadcaster has commissioned ‎SS-GB from Bond writers Robert Wade and Neal Purvis and based on the novel of the same name by Len Deighton. The BBC order is for five hourlong episodes produced by Sid Gentle Films for flagship network BBC One.

... SS-GB is a thriller set in 1940s London under the premise that the Germans won the Battle of Britain and London is under Nazi occupation.

"Archer is a Scotland Yard detective working under the SS facing the dilemma of whether to effectively collaborate or join the resistance," according to a show description. It also says that the drama is "an explosive thriller that will ask: what would you do, faced with stakes as high as this?"

You can read the rest of the piece via the below link:

http://www.hollywoodreporter.com/news/bbc-orders-drama-ss-gb-750236