Hacker pleads guilty to stealing 1.8 million credit cards

One of the most prolific computer hackers in U.S. history pleaded guilty yesterday in federal court to stealing almost 2 million credit card numbers in what prosecutors called a "massive" wire fraud case costing banks some $86 million.

Max Ray Vision, 36, formerly known as Max Ray Butler, admitted that he used encryption programs to disguise extensive hacking into financial institutions and data processing centers from his California apartments.

Mr. Vision, known online as "Iceman," "Digits," "Aphex" and "Darkest," maintained a series of safe houses in San Francisco that he rented under false names to avoid detection.

"That's me, and this is what I did," he told Senior U.S. District Judge Maurice Cohill Jr. after the prosecution summarized the details of the case as part of the plea. "I am guilty."

He was prosecuted here because two Pittsburgh-area informants working with the U.S. Secret Service infiltrated his online operation and would have testified against him had he gone to trial.

His partner, Christopher Aragon of Los Angeles, also would have testified against him. Mr. Aragon, who referred to Mr. Vision as "Sam" and met with him once a month, is being prosecuted by the district attorney's office in Orange County, Calif., where his case is pending.

Assistant U.S. Attorney Luke Dembosky said Mr. Vision and Mr. Aragon established CardersMarket, an online forum devoted to the theft of credit card accounts and identity information that had about 4,500 members worldwide.

Mr. Vision provided many of the card numbers to Mr. Aragon to be encoded onto plastic cards and used to buy merchandise, Mr. Dembosky said. Mr. Vision also sold cards directly online, often to members of the CardersMarket network.

A forensic search of Mr. Vision's computer following a Secret Service raid on his apartment in September 2007 revealed 1.8 million stolen credit card accounts. The total amount of fraudulent purchases on those cards was $86.4 million.

"These losses were borne by the thousands of banks that issued the cards," Mr. Dembosky said.

The exact amount will help Judge Cohill determine a sentence and restitution order, although Michael Novara, Mr. Vision's public defender, argued that the figure may be too high because it includes card numbers that Mr. Vision had collected from other hackers and might not have been aware that he had in his possession.

He described Mr. Vision as a "hacker's hacker" who sometimes gained access to other hackers' computers for no other reason than "because he could."

Mr. Vision, who changed his name shortly before he was arrested, was the target of a 16-month investigation by the Secret Service, which handles financial crimes, and police in California and Canada.

Before his identity was known, a Pittsburgh-area informant gained the trust of "Iceman" as an administrator of the CardersMarket Web site.

The informant, said Mr. Dembosky, told the Secret Service about the network's activities and provided information from Iceman that indicated he was the same person as "Digits" and "Aphex" -- all Mr. Vision's online personas.

The second Pittsburgh-area informant twice bought credit card information from "Digits" in 2006, transactions that formed the basis of the indictment.

After Judge Cohill set sentencing for Oct. 20, federal marshals led Mr. Vision back to jail in shackles.

Read more: http://www.post-gazette.com/pg/09181/980704-84.stm#ixzz0Jt35qRTS&C

Microsoft sues for $1.5m click fraud

Microsoft sues for $1.5m click fraud

by Staff, Brand Republic 16-Jun-09, 11:55

NEW YORK - Microsoft has filed a lawsuit against three individuals for an elaborate "click fraud" scheme, accusing the group of clicking the ads of rival websites thereby exhausting their ad budgets and boosting the ranking of their own search ads.

Microsoft is seeking at least $750,000 (£456,000) in damages from the defendants, claiming the three set up a number of false companies in March of last year and targeted ads for car insurance firms and the computer game 'World of Warcraft'.
ADVERTISEMENT

In March 2008, Microsoft received complaints from car insurance advertisers who said traffic to their ads was spiking in a suspicious manner.

Microsoft investigated the claims and found an unusual number of searches for "auto insurance quotes" and a high click-through rate for the top paid search ads.

A similar scheme was being carried out with the keywords "World of Warcraft", Microsoft found.

Microsoft estimates the alleged fraud cost the advertisers in the region of $1.5m.

The company tracked down the source of the clicks and found the lion's share came from two Canadian-based proxy servers.

Microsoft claims that the three defendants set up fraudulent auto-insurance companies or worked with legitimate firms and bombarded the top-ranked ads with clicks, depleting the companies of their ad budgets and sinking their ad placements.

The defendants then placed their own ads on Microsoft's adCenter, which quickly rose in results rankings and were clicked on by actual customers. The group then sold the personal data of legitimate customers to low-level advertisers, Microsoft claims.

The lawsuit is a rare instance of a search engine going after individual advertisers and not the other way around.

Google was one of the first companies to do so in 2004 when it sued advertisers who were clicking on their own AdSense ads to make money.

Microsoft's general counsel Tim Cranton said the case was "significant" despite the relatively meagre compensation the company is asking for.

Cranton told the New York Times: "We have decided to become more active in the commercial fraud area on the enforcement side. The theory is you can change the economics around crime or fraud by making it more expensive."

About one in every seven clicks (13.8%) is fraudulent, according to consultancy Click Forensics, which measures global click fraud rates with its quarterly Click Fraud Index.

Murder suspect caught with photos on computer

By Blake Spurney

Editor

The wireless universe carries with it no loyalty, a local teenage girl learned recently.

*
Sexually explicit images of her were found by North Carolina investigators on the computer of a Gastonia murder suspect. Those images were traced to Austin Lee Hedden, 21, Franklin, who recently was charged in Rabun County with statutory rape against the girl. Investigators found images of child porn on Hedden’s computer, and he remains the target of a federal investigation.

According to court records, a Buncombe County, N.C., investigator and a State Bureau of Investigation agent were led to Hedden by Yahoo chat log records. He had sent Andrew Douglas Dalzell, the suspect of a 1997 abduction and murder of a 35-year-old woman in Carrboro, N.C., the images of the Rabun County girl.

Hedden told investigators that the girl was his ex-girlfriend and that he had deleted nude photos of her after they broke up in December. He also claimed his computer recently had gotten a virus that put “strange things” on it. Investigators received consent to look at his computer and discovered numerous pictures of nude preteen girls that he said he got from LimeWire, a file-sharing Internet service.

Hedden and the girl had met at the Fun Factory in Franklin, where he worked. He also admitted having sex with her at his home and several times in a car in Rabun County.

When investigators showed the girl the images of herself in April, she expressed surprise because they were supposed to be something private between her and Hedden. She told investigators she met Hedden in June 2008. They went on their first date in July and had sex at his residence. She texted him the next day to tell him she was 15; she initially had told him she was 16. He texted her back that he was upset and that he could go to jail.

However, Hedden continued to see her. He also requested that she send him a sexually explicit video and photos while she was in Florida, and she complied. The two parted ways that summer before getting back together in late fall. The girl had told her parents Hedden was 17. In their last encounter, he picked her up in December and brought her to his residence. He brought out a whip while they were having sex and gave her several alcoholic drinks. He also took nude photos of her with his cell phone, directing her on how to pose.

The girl showed investigators a tattoo of Hedden’s initials on her chest that she made herself using an insulin needle and pen ink. Hedden called off their relationship after their last encounter because he had a girlfriend.

Hedden told investigators he deleted the images of the girl after they broke up. He also told them that of the 2,000 images he deleted, about 10 percent were of girls younger than 10, and about half were of girls between the ages of 10-15. According to court records, he said the images of young girls had begun to make him “sick. … I got sick of myself and didn’t want to look at it anymore.”

Hedden also told investigators he created his Yahoo account in 2005 so he could chat on the Internet. He would pretend to be a 16- or 17-year-old girl while chatting with males. He had been using LimeWire for about two years, and he obtained images by using search terms such as “jailbait” or “young girls.”

Assistant District Attorney Penny Crowder said federal charges against Hedden were pending. The crime lab where his computer was taken for a forensics examination has a six-month backlog on cases. He was charged May 6 with statutory rape in Rabun and remains free on $5,500 bond.

Local authorities say they have been dealing with an ever increasing amount of teenagers sending sexual images of themselves to other teens via cell phones. Those images often get sent to a third party, which can lead to eternal life on the Internet.

“It’s serious, and it’s becoming epidemic in the last couple of years,” said Rabun County Sheriff’s Lt. Kendrick Maxwell, the school resource officer. He knew of six different instances in the past year in which nude images of local youths ended up in the hands of those for whom it wasn’t intended. Typically, it’s a girl sending a picture of herself to her boyfriend, and he forwards it to his friends.

Maxwell said the students didn’t comprehend the severity of what they were doing, either sending or receiving such images, or how easily such pictures can end up on the Internet — forever. Of the cases in which he came across images of local students, he hasn’t found any online yet. “Not saying they’re not out there, we just haven’t run across them yet,” he said.

“With a damn click of the button, it’s out there everywhere,” he said. “They don’t see it that way.”

District Attorney Brian Rickman said his office had been involved with “sexting” cases in all three counties.

Technically, sexually explicit images of an underage person are child porn under the law. However, Rickman said prosecutors had to deal with sexting on a case-by-case basis to determine whether it involved a sexual predator or if it was just a youth making a dumb mistake.

Once an image hits the Internet, it quickly can get in the collection of a pedophile, who “sends it to other pedophiles for their sick kicks,” Rickman said. “Once it gets out there, there’s no way to get it back.”

Dalzell, the murder suspect who received images from Hedden, pleaded guilty in May to enticing a minor to engage in illegal sexual activity. He had gone to Asheville in February to meet what he thought was an 11-year-old girl for sex. He had been communicating on an Internet chat room with an undercover officer posing as a young girl.

Dalzell also was the last person seen with Deborah Leigh Key when she disappeared outside a Carrboro bar in November 1997, according to The Herald-Sun in Durham, N.C. He confessed to killing her in 2004, but the confession was later ruled inadmissible because police used false documents to trick him into thinking he already had been charged with murder. He was told he would receive the death penalty if he didn’t confess.

Dalzell also had been charged with six counts of sexual exploitation of a minor for images found on his computer and fraud for using a stolen credit card number to attempt to order a Russian mail-order bride. Both cases were related to the murder investigation, and both were dismissed after it was ruled the evidence was illegally obtained.

Key’s body has never been found, and the confession was the primary evidence linking Dalzell to her death, authorities told The Herald-Sun.

By Hannah Guzik
Ashland Daily Tidings
June 09, 2009

The Southern Oregon High-Tech Crimes Task Force has seen a 9 percent increase in cases involving child pornography and child sexual exploitation over the past year, according to task force officials.

The increase could be a side-effect of the recession's high unemployment rate, leaving more people with more time to surf the internet — and hurt kids, said Sgt. Josh Moulin, the task force commander.

"Our child porn cases have gone through the roof," he said.
Related Stories

* Letters to the editor, June 8
* Letters to the editor, June 5
* Letters to the editor, June 4
* Prominent Ashlander investigated for child porn
* Nudist in Ashland draws gripes

"Every single year we've been in existence our cases have increased," Moulin said. "But it seems that since the economy has been hit the hardest, our caseload has increased the most."

The task force handles cases from law enforcement agencies located in the southern half of the state.

Moulin and Detective Brandon Bloomfield — the only officials assigned to the lab — are analyzing computers and other electronic equipment seized at the homes of Ashland resident James Auchincloss, half-brother to the late Jacqueline Kennedy Onassis, and Eagle Point resident Dennis Vickoren for evidence of child porn, at the request of the Ashland Police Department.

Police submitted the electronic equipment to the lab last October, but because the task force felt that there was no immediate threat, the case was assigned a low priority, resulting in a processing delay, Moulin said.

In addition, the lab is understaffed, he said. The task force has a five-month backlog of cases, something that could be remedied if the lab had about three more people assigned to it, Moulin said.

"We definitely would like to have added personnel and we hope that in the future some of the agencies will eventually be able to send somebody to the task force," he said. "We have enough work that we could have five full time people up here."

Typically police departments pay to train officers in computer forensics — an expensive and time-consuming process — and then send them to the lab to help with cases.

Most of the child porn and child sexual exploitation cases the lab receives come from Jackson, Josephine and Curry counties, Moulin said. In Jackson and Josephine counties, 400 people are registered for trading child porn, he said.

The task force would like to have the time and resources to go undercover and try to catch some of those people in the act of trading child porn online, Moulin said.

"We're hardly touching those cases," he said. "We have never, ever done a proactive case where we haven't found someone who was breaking the law."

The task force devotes much of its time to investigating cases involving crimes against children. Last year, the lab processed 116 cases, 37 of which involved child sexual exploitation, child pornography or child sexual abuse, Moulin said.

The task forces' total number of cases has increased 27 percent in the past year. In addition to crimes involving children, assault and stalking cases have dramatically increased, Moulin said.

When lab officials receive a piece of electronic equipment, such as a computer or cell phone, they remove the hard drive, where data is stored, make a copy of the hard drive, and then inspect the copy using the lab's computers. This insures that the original evidence is not altered, Moulin said.

The lab, which has been operating in Central Point since 2005 and in 2007 became a regional task force, has faced heavier caseloads each year due to the wider availability and use of technology, he said.

Child porn cases used to involve 400 to 500 images on a computer, he said. Now, they typically involve thousands of images and videos.

"We just finished a case where a person had 180,000 different videos and images of child pornography," Moulin said.

The videos and photographs are often graphic and disturbing — making the job of investigators a harrowing one, he said.

"We've recovered videos here locally of 1- or 2-year-old kids bound and raped. It's all on video. It's the worst of the worst you can imagine, what these people are doing to kids," Moulin said.

However grisly, Moulin said he finds his work worthwhile, because he has helped put hundreds of criminals behind bars. The task force has a 100 percent conviction rate, he said.

"I can tell you that in my law enforcement career this has been the most difficult thing I've done," he said. "But it's also been the most rewarding, because had we not prosecuted these people, they would have gone on undetected."

Contact staff writer Hannah Guzik at 482-3456 ext. 226 or hguzik@dailytidings.com.

Sodomsky cp case.

WASHINGTON – The Supreme Court won't stop Pennsylvania officials from prosecuting a man whose computer was found to contain child pornography while it was at Circuit City being upgraded.

Kenneth Sodomsky wants the high court to suppress the videos found on his computer, which he had taken into a Circuit City in Wyomissing, Penn., to get a DVD burner installed into it. While the computer was in the store, a worker looked through some of the files and found movie files with "questionable" names referring to boys of various ages. The worker then found a video of a hand reaching toward a penis and called the police.

Police seized the computer, obtained a warrant and found child pornography. Sodomsky moved to suppress the discovery, saying the Circuit City employees had no right to search his computer and show any of its contents to police.

A trial judge agreed, but a state appellate court overturned that decision, saying Sodomsky ran the risk of his illegal files being found and viewed by taking the computer out of his house and to the store.

Circuit City Stores Inc. closed the last of its stores in March.

The case is Sodomsky v. Pennsylvania, 08-1274.

Killings suspect done in by dropped cell phone

(06-02) 09:07 PDT PINOLE -- An East Bay triple-slaying suspect left his cell phone behind at the scene of a Pinole burglary and then called it to get it back, unaware that a police officer was on the other end, authorities said Tuesday.

Triple-murder suspect Anthony Ramirez, 23, was arrested a... View More Images

Anthony Ramirez, 23, never got his phone. Instead, he is in jail, charged with killing a man in Emeryville and suspected of two other homicides in Contra Costa County, Pinole police Sgt. Matthew Messier said.

It all began at about 9:30 p.m. May 22 when a burglar broke into a home on Alice Way in Pinole. The resident interrupted the break-in, and the burglar fled out the window. But he left his cell phone behind.

As Pinole police were scouring the home for evidence, they heard a cell phone ring. Officer Uri Nieves answered it.

"Hey, did you find my phone?" said the voice on the other end.

Nieves acted as if he was "just some guy who picked it up off the street," Messier said. Nieves nailed his role. "He's a very street-savvy officer who actually grew up in a rough neighborhood in Sacramento," Messier said.

Nieves asked the caller what his name was, and he replied, "Tony." Nieves arranged to return the phone to Tony - for a price - at the Boys and Girls Club on Appian Way.

Ramirez drove to the scene in a stolen Nissan 350Z, police said. Pinole police tried to box the car in with their cruisers, but Ramirez escaped after crashing the Nissan at Appian and Garden Way, Messier said. Officers found a sawed-off .30-30 rifle in the car.

Pinole police identified Ramirez as the suspect and learned that he was wanted in Emeryville for the April 20, 2008, shooting death of Chad Clarke on the 5500 block of Beaudry Street. Pinole handed the phone over to Emeryville police.

On May 27, officers found Ramirez outside a home on Samuel Street in Pinole, where he had apparently been sleeping on a mattress on the front porch, Messier said. Even as officers were closing in on him, Ramirez was texting his phone to arrange a meeting to get it back, unaware that the person on the other end this time was an Emeryville police officer, Messier said.

Two other sawed-off rifles were found at the home, police said.

In the Emeryville killing, Ramirez is accused of murdering Clarke during an attempted home-invasion robbery. Another man, Ricco Orlando Earl, 29, has also been charged with murder.

Ramirez was also being sought in connection with the April beating death of El Cerrito city employee Bruce King, 55, in his El Sobrante home, and the September shooting death of Ryan Valdez, Ramirez's half-brother, said Jimmy Lee, a Contra Costa sheriff's spokesman.

A second suspect in King's slaying, Raymond Gardner, 45, has been charged with murder.

Police are gratified that Ramirez was arrested without incident, Messier said, because the swastika-tattooed suspect told an acquaintance that "he was not going to be taken alive.

FORT POLK, La. (Army News Service, June 3, 2009) -- Using computers and enormous databases, information analysts are better than ever at weaving together a flow of biometric data-mostly fingerprints-collected from the field to identify individual insurgents.

Many of the fingerprints are extracted from bomb-making materials by experts after buildings are cleared by Soldiers, but there aren't enough experts to do the collecting. The Army thinks the answer may be a well-trained private, as part of the Biometric Intelligence Project, an Army effort to collect, exploit and analyze biometric material collected on the battlefield in order to produce timely and actionable intelligence.

The heart of the initiative is a database with more than 3.1 million biometric records. So far, the system has produced 690 detentions in theater, 18 convictions in the Central Criminal Court of Iraq and has stopped approximately 59 would-be terrorists from entering the United States.

The system can also be used on the battlefield to flag a detainee as a maker of improvised explosive devices.

"Because privates do most of the looking, terrorists need to be smarter than the private," said Byron Cousin, a retired first sergeant and mobile-training-team assistant leader sent to teach battlefield forensics at the Army's Joint Readiness Training Center here.

"A private yells, 'Sergeant, I found an arms cache' as he's rubbing his leg. The sergeant says 'Good job. Army Achievement Medal. Don't tell nobody you fell in on it,'" he joked with the paratroopers of the 82nd Airborne's, 1st Brigade Combat Team, during the four-day forensics course.

The paratroopers were taught to use the handheld interagency identity detection equipment, which looks and feels like a professional camera without an attached lens. The device captures images of the face, the iris and fingerprint and was designed for forward units in the field.

Next, the Soldiers moved to hands-on labs at another training site, followed by two days of practical battlefield scenarios. The 40-hour course wraps up with a written test and one final graded scenario, said team leader Bryant Cox, a former Marine combat photographer who has worked in intelligence for many years.

Soldiers learned the basics of battlefield forensics in one of the buildings in a mock, realistic Iraqi village: how to dust and lift latent prints from common household surfaces; to roll prints from detainees; to photograph fingerprints, deceased enemies, detainees and cleared rooms; as well as how to document it all properly.

"You learn not only to look for the basic materials, but to put two and two together," said Sgt. Clifton Whitley of the 2nd Battalion, 504th Parachute Infantry Regiment, who was retaking the course. "For instance, in one house, a guy may be making something that you think is nothing; in the next house, a guy is making something else; and then there's a third guy. Individually, there's nothing there, but you put them all together, and suddenly you have pressure plates for an IED," he said, suggesting that every team leader at the squad level and above should take the course.

Look in the kitchen for homemade explosives, said Cousin. He asked who had looked inside Iraqi and Afghan refrigerators. A few hands rose.

"You know what I'm talking about then," he said. "In Iraq, they may have things in there you don't recognize, but in Afghanistan, you see things that sometimes need to be shot again."

When the laughter subsided, the Cousin explained that bomb makers are separating components and hiding them in the kitchen, he said.

There will be 29 training events this year, including all of the rotations at JRTC as well as the National Training Center in Fort Irwin, Calif., and Joint Multinational Readiness Center in Hohenfels, Germany.

"The need for trained forensics collectors on the battlefield is immediate," said Cox. "During the last NTC training cycle we attended, three of the teams in our class were told before they even completed the course that they would have a forensics mission upon arriving in Afghanistan."

In a well-known, real-life video of a U.S. Soldier shot by a sniper in Iraq, the Soldier's armor stopped the 7.62mm slug. Following the discovery of the sniper's rifle, numerous bare-handed Soldiers handled it, obliterating the shooter's fingerprints. No chain of custody was documented, and the weapon was not packaged for most of its travel to the forensics lab.

However, after hours of meticulously dismantling and processing the weapon, forensics techs thinking outside the box developed many latent prints left on the rifle by the sniper. The sniper was positively identified three years later.

"Fingerprints are forever," Cousin said. "Finding and documenting this biometric data is a way for you to serve long after you're out of the Army," he said.

http://arklatexhomepage.com/content/fulltext/?cid=65011

Mass. corruption case built around e-mail trail

BOSTON – To build their corruption case against former Massachusetts Speaker Salvatore DiMasi and three associates, federal prosecutors plumbed a web of e-mails sent between the key players.

Those e-mails, contained in a 32-page indictment, detail a scheme to rig state contracts and pressure officials to unknowingly abet a conspiracy from which DiMasi and the others reaped hundreds of thousands of dollars.

Although DiMasi took home just $57,000, it was his political muscle that fueled the scheme, federal prosecutors said.

The four, indicted on conspiracy and fraud charges, maintained their innocence during a court appearance Tuesday and were released on $10,000 bail. DiMasi faces 20 years in prison for each of seven counts of wire and mail fraud and five years for the conspiracy charge.

The case hinges on the pursuit of two lucrative state contracts by software company Cognos spearheaded by Joseph Lally, the company's vice president of sales who left to form his own firm.

Acting U.S. Attorney Michael Loucks said Cognos is cooperating and no other public officials are implicated.

According to the indictment, Lally teamed with DiMasi friends Richard McDonough, a lobbyist referred to as "Dickey," and Richard Vitale, DiMasi's accountant.

A fifth individual, a private attorney who shared office space with DiMasi, was not identified by prosecutors.

Prosecutors say the scheme was hatched in late 2004, when DiMasi, Lally and McDonough arranged to have payments funneled to DiMasi in exchange for his helping Cognos land the first contract — a $5.2 million sale of software to the Department of Education.

Cognos agreed to pay a monthly $5,000 "referral fee" to the private attorney, $4,000 of which would be sent to DiMasi.

"It's about time we got business like this," DiMasi allegedly said.

In return, according to the indictment, DiMasi asked his staff to press another state lawmaker to sponsor budget amendments appropriating the $5.2 million.

When the Commissioner of Education asked DiMasi to change the amendment to give the department more flexibility in negotiating with Cognos, DiMasi allegedly refused.

After the amendment was approved, McDonough sent an e-mail to Lally saying "Mission Accomplished," according to the indictment.

Cognos paid Lally $891,000. He paid McDonough and Vitale $100,000 each. Lally had allegedly told a business partner that Vitale's relationship with DiMasi could help close the deal.

Cognos then embarked on a more ambitious effort to win a $15 million contract selling management software to the Executive Office of Administration and Finance.

After an initial effort failed, DiMasi persisted — reassuring a Cognos executive during a golf game that the plan was on track, according to the indictment.

There were efforts by those involved to cover their tracks.

In November 2006, Vitale sent an e-mail telling Lally to warn his partner against using DiMasi's name.

"On future e-mails let (the partner) know not to use you know who's name or title," Vitale wrote.

In later e-mails, Vitale referred to DiMasi as "Coach."

DiMasi used his clout not only to include the $15 million in a bond bill, but to make sure the state hired Cognos, according to the indictment.

There were glitches.

Toward the end of 2006, Cognos stopped sending the monthly checks, according to the indictment. After DiMasi questioned the delay, Lally e-mailed a Cognos executive saying, "We need to look into the issue fast. Can you escalate this please? We don't want to piss anyone off this late in the game."

Cognos sent a $25,000 check. According to the indictment, DiMasi told the attorney he wanted all the money but to send it to him in four backdated checks.

On Aug. 24, 2007, Administration and Finance Secretary Leslie Kirwan signed the agreement. Days later Cognos paid Lally's firm $2.8 million. The firm, in turn, paid Vitale's firm $500,000 and McDonough $200,000, according to the indictment.

A week later a Cognos officials sent an e-mail to Lally saying: "Please be sure to thank Dick and Sal for getting this contract closed."

The administration ultimately canceled the contract, and Cognos refunded the money.

Prison officials sniffing out contraband cell phones.

Prison officials sniffing out contraband cell phones (CNN) -- In the black market of prison life, cell phones have become perhaps the hottest commodity. Now, Texas is among a growing number of state governments going after them.
Hundreds of contraband cell phones were found behind bars or in transit to Texas inmates in 2008.

Hundreds of contraband cell phones were found behind bars or in transit to Texas inmates in 2008.

Tiny, easy to hide and an unmonitored link for convicts to the outside world, cell phones are valuable contraband, fetching a greater asking price from convicts than some shipments of illegal drugs.

John Moriarty, inspector general for the Texas Department of Criminal Justice, said that one phone can fetch as much as $2,000.

"It takes one crooked prison worker to populate a whole prison unit with them," he said.

More than 1,200 wireless phones sit in law enforcement evidence rooms, all found behind bars or in transit to Texas inmates in 2008.

Moriarty is the investigator and bloodhound the state of Texas uses to trail the illegal traffic.

"These are not stupid people," he said of the coordinated efforts to slip phones into the prison and hide them. "There are a lot of hands in between and they all want a piece of the action."

Accomplices on the outside vary from family members, to friends to fellow criminals who buy or steal the phones and charge them with minutes.
Don't Miss

* How to safeguard your data when you travel

The contraband is then moved through an elaborate series of drop points and usually ferried into the walls of a prison by a guard or trustee -- an escape engineered in reverse. Finding the dirty prison employee is often the key.

"Some of these guys make next to nothing, so you can see how easy it could be to corrupt them," Moriarty said.

State Sen. John Whitmire, a Houston Democrat and the chair of the state senate's Criminal Justice Committee, became an ally of Moriarty's after one phone call in October.

He picked up a phone slip from his secretary and called the number on it -- only to realize he had returned a call to a death row inmate's cell phone.

The inmate, he said, was Richard Tabler -- a convicted double murderer who was sharing a wireless phone with nine other inmates.

"At first I thought it was a hoax," said Whitmire, who said he called the state justice board and "read them the riot act."

Whitmire is one of the sponsors of a bill in the Texas Legislature that would crack down on convicts caught with phones and allow prison systems to monitor and detect cell signals. It's en route to Gov. Rick Perry's desk after clearing both houses of the legislature this week.

Other efforts are under way at both the state and federal level.

In January, U.S. Rep. Kevin Brady, a Texas Republican, introduced legislation that would let prisons jam cell-phone signals within their walls.

Last month, Maryland Gov. Martin O'Malley asked the federal government for permission to do so in his state.

Prison officials in Arizona are training dogs to sniff out cell phones.

Obama calling for better security for computers

WASHINGTON – President Barack Obama is calling digital security a top priority, whether it's guarding the computer systems that keep the lights on in the city and direct airliners to the right runway or those protecting customers who pay their bills online.

To oversee an enhanced security system for the nation's computer networks, Obama is creating a "cyber czar" as part of a long-awaited plan stemming from a review he ordered shortly after taking office.

On Friday, Obama is expected to lay out broad goals for dealing with cyber threats while depicting the U.S. as a digital nation that needs to provide the education required to keep pace with technology and attract and retain a cyber-savvy work force. He also is expected to call for a new education campaign to raise public awareness of the challenges and threats related to cyber security.

The review, however, will not dictate how the government or private industry should tighten digital defenses. Critics say the cyber czar will not have sufficient budgetary and policy-making authority over securing computer systems and spending.

Officials familiar with the discussions say the cyber czar would be a special assistant to the president and would be supported by a new cyber directorate within the National Security Council. The cyber czar would also work with the National Economic Council, said the officials, who described the plan on condition of anonymity because it has not been publicly released.

The special assistant title is not as high in the White House hierarchy as some officials sought. It would not give the czar direct, unfettered access to the president. Instead, the official would report to senior NSC officials — a situation many say will make it difficult to make major changes within the calcified federal bureaucracy.

Government and military officials have acknowledged that U.S. computer networks are constantly assailed by attacks and scans, ranging from nuisance hacking to more nefarious probes and attacks. Some suggest that the actions at times are a form of cyber espionage from other nations, such as China.

Obama is not expected to announce who will get the job during Friday's unveiling of the review, according to an administration official who spoke on condition of anonymity because the selection process is ongoing. Other officials close to the issue say a handful of experts — both in and out of government — are under consideration.

BC student gets computers back

The Boston Globe
BC student gets computers back

By Hiawatha Bray
Globe Staff / May 27, 2009


State Police yesterday returned electronic devices belonging to a Boston College computer science student, days after a state Supreme Court judge threw out the search warrant under which the equipment had been seized.

Associate Justice Margot Botsford said police lacked sufficient evidence for a dorm room search.

Warrant tossed

Massachusetts Supreme Judicial Court Associate Justice Margot Botsford on Thursday said that Boston College and Massachusetts State Police had insufficient evidence to search the dorm room of BC senior Riccardo Calixte. During the search, police confiscated a variety of electronic devices, including three laptop computers, two iPod music players, and two cellphones.

Police obtained a warrant to search Calixte's dorm after a roommate accused him of breaking into the school's computer network to change other students' grades, and of spreading a rumor via e-mail that the roommate is gay.

Camp counselor pleads guilty to child porn

A computer camp counselor and law student showed an autistic boy pornographic images.Click here for link.

At Mobile Forensics World 2009, Oxygen Software Will Unveil Its Newest Innovations

Chicago, IL (PRWEB) May 25, 2009 -- Oxygen Software® today announces that a team of Oxygen specialists, led by Oleg Fedorov, will participate in Mobile Forensics World 2009, where they will provide a one-day course "Advanced Techniques in Forensic Examination of Smartphones" for the registered attendees. The goal of the course is to teach mobile phone examiners and forensic analysts how to use the latest version of Oxygen Forensic Suite 2 and Oxygen Forensics for iPhone to extract the maximum of information from different models of phones, including iPhone. The course will be held at the Chicago Police Training Academy on Wednesday, May 27, 2009 at 9:00 a.m. - 5:00 p.m.

Judge Rules Dorm Room Search for Evidence of Prank Email Illegal

Student's Computers Were Seized Under Baseless Theory of Computer Hacking


Boston, MA - infoZine - A justice of the Massachusetts Supreme Judicial Court has ordered police to return a laptop and other property seized from a Boston College computer science student's dorm room after finding there was no probable cause to search the room in the first place. The police were investigating whether the student sent hoax emails about another student.

The Electronic Frontier Foundation (EFF) and Boston law firm Fish and Richardson are representing the computer science student, who was forced to complete much of the final month of the semester without his computer and phone. Boston College also shut off the student's network access in the wake of the now-rejected search.

"The judge correctly found that there was no legitimate reason to search and seize this student's property," said EFF Civil Liberties Director Jennifer Granick. "Our client was targeted because law enforcement was improperly suspicious of our client's computer skills and misunderstood computer crime laws. We're grateful that the court was able to see through the commonwealth's smokescreen and rectify this mistake."

In her order Thursday, Justice Margot Botsford rejected the commonwealth's theory that sending a hoax email might be unlawful under a Massachusetts computer crime statute barring the "unauthorized access" to a computer, concluding that there could be no violation of what was only a "hypothetical internet use policy." Thursday's decision now stands as the highest state court opinion to reject the dangerous theory that terms of service violations constitute computer "hacking" crimes. Justice Botsford further found that details offered by police as corroboration of other alleged offenses were insufficient and did not establish probable cause for the search.

"No one should be subjected to a search like this based on such flimsy theories and evidence," said EFF Senior Staff Attorney Matt Zimmerman. "The Fourth Amendment flatly bars such fishing expeditions. Computer expertise is not a crime, and it was inappropriate for the commonwealth to employ such transparent scare tactics in an attempt to hide the fact that they had no case."

EFF had appealed the case to the Massachusetts Supreme Court with Fish & Richardson attorneys Adam Kessel, Lawrence Kolodney, and Tom Brown.

For the full order from Judge Botsford:
www.eff.org/files/SJCcalixteorder.pdf

Computer Expert Sues Leonard Street Law Firm for $775K

Sixty two terrabytes is maybe a hundred really big drives or 10K for the drives. Even if you double that, how do you charge $155k a month for data storage?

A computer expert claims in a lawsuit that Minneapolis law firm Leonard, Street and Deinard owes him $775,000 for storing digital evidence in a case involving the city’s two largest newspapers.

Mark Lanterman of Computer Forensic Services said he stored 62 terabytes of Star Tribune data, costing $155,000 a month, for five or six months before he deleted it, the Star Tribune reports. He claims the law firm still owes him $775,000 in unpaid bills.

The law firm’s reply to the suit says Lanterman has already been paid "handsomely" for every invoice he submitted on time, for a total of $854,000, the story says. The last invoice came in too late for the firm to bill the Star Tribune, ordered to pay expenses in the case, the court document said. The firm also says it didn’t have a signed contract with Lanterman.

Recording industry legal site...

Here is the link to a great resource about the recording industry lawsuits over IP.

http://yro.slashdot.org/article.pl?sid=09/05/07/1627201

Report: Computer of ex-Miamisburg city manager wasn't misused

MIAMISBURG — Miamisburg officials today, May 18, announced that the forensic examination of the laptop computer previously assigned to former city manager William H. Nelson found nothing inappropriate or out of the ordinary.

The Miami Valley Regional Computer Forensics Laboratory completed the examination following the March arrest of Nelson on the charge of importuning.

Just prior to his arrest, Nelson on March 16 resigned as city manager.

The Franklin County Sheriff’s office on Oct. 3 of last year nabbed Nelson in an Internet sting in which Nelson thought he was meeting up with a 14-year old girl who was willing to give him oral sex.

Nelson pleaded guilty in April to one felony count of importuning.

Franklin County Common Pleas Court Judge Charles Schneider on May 13 sentenced Nelson to three years probation, plus court costs. He also is required to register as a sex offender annually for the next 15 years.

Based on the forensic results, Miamisburg officials determined that no additional examination of the computer network servers is necessary and that the laptop will be returned to the city manager’s office for reassignment.

The city continues its national search for a new city manager and is accepting applications until June 17, with plans to have someone in place sometime this fall.

Assistant City Manager Dody Bruck is serving as acting city manager.

Police records reveal explicit details in Antioch child porn case

Apparently, the police gave the suspect enough notice that he was able to eliminate some evidence. The case might break down to prurient images of children versus actual CP. The suspect is a school teacher.

Green Bay (WFRV) – Green Bay police arrested a man for an alleged computer sex crime today.

Google reshoots Japan views after privacy complaints

Google is reshooting all of its Streetview footage after privacy complaints from the Japanese.

Computer forensics fighting recession-era data thieves

Click for link.

Asking a machine to spot threats human eyes miss

sweethearting n. the unauthorized giving away of merchandise without charge to a “sweetheart” customer (friend, family, fellow employee) by the fake scan or ring up of merchandise by the cashier.

Report: Hackers broke into FAA air traffic control systems

http://www.oig.dot.gov/StreamFile?file=/data/pdfdocs/ATC_Web_Report.pdf

The Lad Shed A Tear

A sad English forensics forecast.

Click for the link.

Purdue class treats hard drive as crime scene

Story about three day LE forensics class offered by Purdue. Has a funny picture of longhaired professor next to buzz job cop.

http://www.jconline.com/article/20090506/NEWS0501/905060341

Deaths on Caltrain.

Caltrain is the local train that runs from San Jose to San Francisco. After five months of no deaths, we had two in two days. When there is a death, it shuts the system down for hours. The police have to clear the crime scene, etc.

It was frustrating for me because I took the train to a client both days. I was stuck on the train that was not moving, while the client got madder and madder. The client went with another tech for the job, while I sat impotently on locked down train.

Just goes to show, you can have every tool in your kit, but get sidelined by the unexpected.

I wish peace to families of the train victims.

An inside look at security log management forensics investigations

An excellent article on logging tools, no not chainsaws.

Click for link to story.

Talk Forensics Welcomes this week's guest Harlan Carvey.

Click here for the link.

Harlan should be a great guest. This podcast snags the experts, but sometimes the interviewer fall flat. Not Larry, but his subs.

Trade in secondhand BlackBerries booming in Nigeria

Nigerian scammers are buying used BlackBerries for the data.

Google maps cause controversy in Japan

Google release maps that show the neighborhoods of former "death workers." These workers did meat slaughter, leather work, etc. Even after several generations, a descendant of a "death worker" is shunned.

Got Child Porn Stored in Your Xbox? New Forensic Tool Will Find It

XBox forensics

A forensics toolkit for the Xbox gaming console is described by US researchers in the latest issue of the International Journal of Electronic Security and Digital Forensics. The toolkit could allow law enforcement agencies to scour the inbuilt hard disk of such devices and find illicit hidden materials easily.

Terrorists used Hotmail, Gmail was too hard to get an account on...

FindLaw | al-Marri Guilty Plea

View more documents from LegalDocs.

Helix Pro 3 released, yay!

Helix Pro 3 released.

Arrest of suspected serial killer prompts new investigations in Pasadena

Montana forensics cop honored.

A Single Infected PC Spawns Spam by the Millions

A Single Infected PC Spawns Spam by the Millions

Posted using ShareThis

Cyberspeak Odie and Brett Go Fast

http://cyberspeak.libsyn.com/index.php?post_id=463624
Pretty good Podcast, more forensics stuff and let B&O interaction.

Mac's hacked makes bot net snacks.

To be honest, I am not much of a Mac person-when I have supported them, the end users were always fanatics. But I was always trying to right click..

So with some schadenfreude..
<>

RSA 2009 smaller, but still interesting.

For the forensics guys, not that much to see. Guidance was missing, but Access Data brought a boothful of folks. Mandiant had a half a dozen. Paraben had one guy-but he was from another company or something.

Most interesting stuff were the biometric access devices-one based on the vein pattern in your palm.

Groove on hippie chicks.

Craigslist Killer.

Craigslist Killer?

285 Million Records: A Great Year for Data Thieves

Here is a link to the Verizon report.

Looking for some "muscle" on Craigslist.

Sometimes you just need a thug.

Forensics User Group Meetup at the RSA Conference?

Looking for other folks in the SF Bay area who are interested in computer forensics. For the fifth year in a row, I am going to the outstanding RSA conference at Moscone Center in SF. Probably would like to meet up with others on Tuesday.

Cyber Security Bulletin SB09-103

Vulnerability Summary for the Week of April 6, 2009
Post link

Need a bookkeeper?

So what I like to do is try and guess which job ads published on Craigslists are scams. If I see something that is fishy, I will send a blank email with a header that matches the job ad. Usually, I will then get back a response about the old keep 10% scam.

Boston College Student's Computer Search.

http://www.eff.org/files/filenode/inresearchBC/EXHIBIT-A.pdf

Basketball coach accused of CP.

PLAISTOW, N.H. -- A middle school teacher and coach was placed on leave Monday, accused of possessing child pornography.

Scott Buatti, a teacher and girl's basketball coach at Timberlane Regional Middle School, faces 10 indictments on child pornography charges after authorities said they a uncovered pornographic video of underage girls on his home computer.

Link to story.

Typical Craigslist Scam..

Breaking into the data centers...

This is a great reason not to let just anyone into your data center. Seems that a tech guy showed up after hours to fix the servers...

Click here

Exclusive: U.S. Sailor Conducted Espionage on Behalf of al Qaeda

Story link

Cyberspies penetrate electrical grid: report

Story link from Reuters.

Sounds like infrastructure hacking.

News: FBI new regional lab accredited.

FBI lab

News: Arkansas lab overloaded by CP.

The Fort Smith, Arkansas police lab is overwhelmed with CP cases...

Story says that 85% of the cases involve potential CP. Which just points to the need for more certified examiners in the police field.

Fort Smith PD
TV link

http://www.4029tv.com/news/19121914/detail.html

Book Review:No Tech Hacking by Johnny Long

No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing

Read in a bookstore yesterday...

The book is an expansion of the DefCon video found on YouTube-http://www.youtube.com/watch?v=5CWrzVJYLWw

It is pretty good book, but probably not for buying. If you see the video, you get the general idea.

The book is probably better to scare IT managers and users with. The book goes into to good detail about physical security penetration. I liked how Johnny was able to grab great amounts of information about security from merely observing badges and parking stickers.

Worth a look.

CSI Stick off of Ebay for $75.

The other day, I got a CSI stick off of Ebay for $75. It seems to work fine, but I am waiting for the software from Paraben.

The Wiebetech Ultraduck.

This is another reason why Wiebetech is such a great company, none of the other forensics guys seem to have a sense of humor. They sent me an email to tell me about it.

Quack, quack, etc.

CyberSpeak March 22, 2009

Fun podcast from Bret and Ovie. They talked with Rob Lee from(Mandiant) and the SANS Forensics Summit.

Another expensive course I would like to take, but just too much money.

Talk Forensics Great Podcast!

This is a great podcast with a variety of real experts on forensics topics. The detection of deception one is very interesting.
http://www.blogtalkradio.com/TalkForensics

CyberSpeak March 15, 2009

Podcast link

CyberSpeak March 1 2009

This show we have an interview with the developers of Highlighter, a new log analysis tool, Jed Mitten - Senior Consultant and Jason Luttgens - Principal Consultant from Mandiant.

Link to podcast.

Tech Tip: Thermometers

When I get a gig to fix a computer which is running hot, I like to throw a thermometer in my tool bag. It is nice to have an objective measure to give the client or the end user. Sometimes the end user will only give the vague symptom that the laptop feels "hot." With a thermometer, I can give the user an exact number. With that temperature, I can also show the before and after effects of removing dust and dirt from systems.

I have two types-one is a cheap meat kind of thermometer and the other is digital probe. The cheap one was a buck from Home Depot and the other one was from Ebay.

There are a couple of kinds that might be helpful. One is a USB model that can email the temperature back to you-probably really helpful for server rooms. The other is a non-contact, gun type system.

Book Review: Windows Forensic Analysis-by Harlan Carvey

Windows Forensic Analysis Including DVD Toolkit (Paperback)
by Harlan Carvey (Author),
Key Phrases: registry analysis, collecting volatile data, memory challenge, Live Response, File Analysis, Event Log (more...)

This is a great book for both reference and instruction. Must have for every tech.

CyberSpeak January 4 2009

Podcast Link