DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Crime

Indiana's Inmates Could Soon Have Access To Tablets (abc57.com) 115

An anonymous reader quotes a report from ABC57 News in South Bend, Indiana: Indiana is looking to help offenders who are behind bars. Soon, each inmate in the Hoosier state could have their own tablet. The Indiana Department of Correction says the tablet will help inmates stay connected with their families and improve their education. Offenders will be able to use the tablets to access any classwork, self-help materials or entertainment. Officials expect to use entertainment, like music or movies, to reward good behavior. The proposal was first filed in January. Apple iPad's or kindles won't be used. Instead, a company that makes tablets specifically for prisons or jails will be hired. One San Francisco based-company they may consider, Telmate, has a device that is used in more than 20 states, including some jails in Marshall County. INDOC is hoping a vendor will front the costs of the entertainment apps so taxpayers won't have to. INDOC also says it wants to avoid charging inmate fees because charging fees that they can't afford would defeat the purpose of the system. If the company selected pays, the vendor would be reimbursed and still earn a profit.
Privacy

Some Of Hacker Group's Claims Of Having Access To 250M iCloud Accounts Aren't False (zdnet.com) 44

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, "the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site's password reset function. These accounts include "icloud.com," dating back to 2011, and legacy "me.com" and "mac.com" domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data "could be aggregated from various sources." We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.
Cellphones

Feds: We're Pulling Data From 100 Phones Seized During Trump Inauguration (arstechnica.com) 226

An anonymous reader quotes a report from Ars Technica: In new filings, prosecutors told a court in Washington, DC that within the coming weeks, they expect to extract all data from the seized cellphones of more than 100 allegedly violent protesters arrested during the inauguration of President Donald Trump. Prosecutors also said that this search is validated by recently issued warrants. The court filing, which was first reported Wednesday by BuzzFeed News, states that approximately half of the protestors prosecuted with rioting or inciting a riot had their phones taken by authorities. Prosecutors hope to uncover any evidence relevant to the case. Under normal judicial procedures, the feds have vowed to share such data with defense attorneys and to delete all irrelevant data. "All of the Rioter Cell Phones were locked, which requires more time-sensitive efforts to try to obtain the data," Jennifer Kerkhoff, an assistant United States attorney, wrote. Such phone extraction is common by law enforcement nationwide using hardware and software created by Cellebrite and other similar firms. Pulling data off phones is likely more difficult under fully updated iPhones and Android devices.
DRM

W3C Erects DRM As Web Standard (theregister.co.uk) 240

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
Privacy

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data (vice.com) 122

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.
Crime

Your Hotel Room Photos Could Help Catch Sex Traffickers (cnn.com) 151

100,000 people people have already downloaded an app that helps fight human trafficking. dryriver summarizes a report from CNN: Police find an ad for paid sex online. It's an illegally trafficked underage girl posing provocatively in a hotel room. But police don't know where this hotel room is -- what city, what neighborhood, what hotel or hotel room. This is where the TraffickCam phone app comes in. When you're staying at a hotel, you take pictures of your room... The app logs the GPS data (location of the hotel) and also analyzes what's in the picture -- the furniture, bed sheets, carpet and other visual features. This makes the hotel room identifiable. Now when police come across a sex trafficking picture online, there is a database of images that may reveal which hotel room the picture was taken in.
"Technology drives everything we do nowadays, and this is just one more tool that law enforcement can use to make our job a little safer and a little bit easier," says Sergeant Adam Kavanaugh, supervisor of the St. Louis County Multi-Jurisdictional Human Trafficking Task Force. "Right now we're just beta testing the St. Louis area, and we're getting positive hits," he says (meaning ads that match hotel-room photos in the database). But the app's creators hope to make it available to all U.S. law enforcement within the next few months, and eventually globally, so their app is already collecting photographs from hotel rooms around the world to be stored for future use.
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
Communications

Could We Eliminate Spam With DMARC? (zdnet.com) 124

An anonymous reader writes: "The spam problem would not only be significantly reduced, it'd probably almost go away," argues Paul Edmunds, the head of technology from the cybercrimes division of the U.K.'s National Crime Agency -- suggesting that more businesses should be using DMARC, an email validation system that uses both the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). "Edmunds argued, if DMARC was rolled out everywhere in order to verify if messages come from legitimate domains, it would be a major blow to spam distributors and take a big step towards protecting organizations from this type of crime..." reports ZDNet. "However, according to a recent survey by the Global Cyber Alliance, DMARC isn't widely used and only 15% of cybersecurity vendors themselves are using DMARC to prevent email spoofing.
Earlier this month America's FTC also reported that 86% of major online businesses used SPF to help ISPs authenticate their emails -- but fewer than 10% have implemented DMARC.
Crime

Judge Grants Search Warrant For Everyone Who Searched a Crime Victim's Name On Google (startribune.com) 101

Hennepin County District Judge Gary Larson has issued a search warrant to Edina, Minnesota police to collect information on people who searched for variations of a crime victim's name on Google from Dec. 1 through Jan. 7. Google would be required to provide Edina police with basic contact information for people targeted by the warrant, as well as Social Security numbers, account and payment information, and IP and MAC addresses. StarTribune reports: Information on the warrant first emerged through a blog post by public records researcher Tony Webster. Edina police declined to comment Thursday on the warrant, saying it is part of an ongoing investigation. Detective David Lindman outlined the case in his application for the search warrant: In early January, two account holders with SPIRE Credit Union reported to police that $28,500 had been stolen from a line of credit associated with one of their accounts, according to court documents. Edina investigators learned that the suspect or suspects provided the credit union with the account holder's name, date of birth and Social Security number. In addition, the suspect faxed a forged U.S. passport with a photo of someone who looked like the account holder but wasn't. Investigators ran an image search of the account holder's name on Google and found the photo used on the forged passport. Other search engines did not turn up the photo. According to the warrant application, Lindman said he had reason to believe the suspect used Google to find a picture of the person they believed to be the account holder. Larson signed off on the search warrant on Feb. 1. According to court documents, Lindman served it about 20 minutes later.
Crime

FBI Arrests Alleged Attacker Who Tweeted Seizure-Inducing Strobe at a Writer (theverge.com) 151

From a report on The Verge: An arrest has been made three months after someone tweeted a seizure-inducing strobe at writer and Vanity Fair contributing editor Kurt Eichenwald. The Dallas FBI confirmed the arrest to The Verge today, and noted that a press release with more details is coming. Eichenwald, who has epilepsy, tweeted details of the arrest and said that more than 40 other people also sent him strobes after he publicized the first attack. Their information is now with the FBI, he says. It isn't clear whether these "different charges" relate to similar online harassment incidents or something else entirely.
Social Networks

Facebook Admits Flaw in Image Moderation After BBC Report (bbc.com) 57

From a report on BBC: A Facebook executive has admitted to MPs its moderating process "was not working" following a BBC investigation. BBC News reported 100 posts featuring sexualised images and comments about children, but 82 were deemed not to "breach community standards." Facebook UK director Simon Milner told MPs the problem was now fixed. He was speaking to the Commons Home Affairs committee alongside bosses from Twitter and Google as part of an investigation into online hate crime. The BBC investigation reported dozens of posts through the website tool, including images from groups where users were discussing swapping what appeared to be child abuse material. When journalists went back to Facebook with the images that had not been taken down, the company reported them to the police and cancelled an interview, saying in a statement: "It is against the law for anyone to distribute images of child exploitation."
Crime

Typo In IP Address Led To an Innocent Father's Arrest For Paedophilia (buzzfeed.com) 227

An anonymous reader has shared a shocking story about the arrest of Nigel Lang by the British police for a crime he didn't commit. It all happened because of a typo, according to a report. From the report: On a Saturday morning in July 2011, Nigel Lang, then aged 44, was at home in Sheffield with his partner and their 2-year-old son when there was a knock at the door. He opened it to find a man and two women standing there, one of whom asked if he lived at the address. When he said he did, the three strangers pushed past him and one of the women, who identified herself as a police officer, told Lang and his partner he was going to be arrested on suspicion of possessing indecent images of children. [...] He was told that when police requested details about an IP address connected to the sharing of indecent images of children, one extra keystroke was made by mistake, sending police to entirely the wrong physical location. But it would take years, and drawn-out legal processes, to get answers about why this had happened to him, to force police to admit their mistake, and even longer to begin to get his and his family's lives back on track. Police paid Lang 60,000 British Pound ($73,500) in compensation last autumn after settling out of court, two years after they finally said sorry and removed the wrongful arrest from his record.
Privacy

How The FBI Used Geek Squad To Increase Secret Public Surveillance (ocweekly.com) 164

In 2011 a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. But the repair technician was a paid FBI informant -- one of several working at Geek Squad -- and the doctor was ultimately charged with possessing child pornography, according to OC Weekly. An anonymous reader quotes their new report: Recently unsealed records reveal a much more extensive secret relationship than previously known between the FBI and Best Buy's Geek Squad, including evidence the agency trained company technicians on law-enforcement operational tactics, shared lists of targeted citizens and, to covertly increase surveillance of the public, encouraged searches of computers even when unrelated to a customer's request for repairs. Assistant United States Attorney M. Anthony Brown last year labeled allegations of a hidden partnership as "wild speculation." But more than a dozen summaries of FBI memoranda filed inside Orange County's Ronald Reagan Federal Courthouse this month in USA v. Mark Rettenmaier contradict the official line...

Other records show how [Geek Squad supervisor Justin] Meade's job gave him "excellent and frequent" access for "several years" to computers belonging to unwitting Best Buy customers, though agents considered him "underutilized" and wanted him "tasked" to search devices "on a more consistent basis"... evidence demonstrates company employees routinely snooped for the agency, contemplated "writing a software program" specifically to aid the FBI in rifling through its customers' computers without probable cause for any crime that had been committed, and were "under the direction and control of the FBI."
The doctor's lawyer argues Best Buy became an unofficial wing of the FBI by offering $500 for every time they found evidence leading to criminal charges.
Piracy

A Prenda Copyright Troll Finally Pleaded Guilty (popehat.com) 46

"One of the attorneys behind the Prenda Law 'copyright trolling' scheme has pleaded guilty to federal charges of fraud and money laundering," reports Ars Technica. Long-time Slashdot reader Freshly Exhumed shares this article from the law blog Popehat: The factual basis section -- which Steele admits is true (as to facts he knows) or that the government can prove (as to facts he doesn't know directly) -- is a startling 16 pages long [PDF] and lavishly documents the entire scheme, complete with many details that accusers have been pointing out for years. In short, Steele admits that he and Hansmeier used sham entities to obtain the copyright to (or in some cases film) porn, uploaded it to file-sharing websites, and then filed "false and deceptive" copyright suits against downloaders designed to conceal their role in distributing the films and their stake in the outcomes. They lied to courts themselves, sent others to court to lie, lied at depositions, lied in sworn affidavits, created sham entities as plaintiffs, created fraudulent hacking allegations to try to obtain discovery into the identity of downloaders, used "ruse defendants" (strawmen, in effect) to get courts to approve broad discovery into IP addresses.
Facing a maximum of 40 years in prison, Steele could get his sentence reduced if he testifies against Hansmeier, according to the article, and "Steele appears to have pinned all of his hopes on that option... I've seen a lot of plea agreements in a lot of federal cases, and I don't recall another one that so clearly conveyed the defendant utterly surrendering and accepting everything the government demanded, all in hopes of talking his sentence down later."
Google

Alphabet's Waymo Asks Judge To Block Uber From Using Self-Driving Car Secrets (theverge.com) 82

Waymo, Alphabet's self-driving spinoff from Google, is formally asking a judge to block Uber from operating its autonomous vehicles, according to new documents filed in Waymo's lawsuit against Uber. From a report on The Verge: The lawsuit, which was filed last month, alleges that Uber stole key elements of its self-driving car technology from Google. Uber has called the accusations "baseless." Today in federal court, Waymo filed the sworn testimony of Gary Brown, a forensic security engineer with Google since 2013. Citing logs from Google's secure network, Brown claims that Anthony Levandowski, a former Google engineer who now runs Uber's self-driving car program, downloaded 14,000 files from a Google repository that contain design files, schematics, and other confidential information pertaining to its self-driving car project. Levandowski used his personal laptop to download the files, a fact that Brown says made it easy to track.
Government

How Wiretaps Actually Work (washingtonpost.com) 519

David Kris, assistant attorney general for national security from 2009 to 2011, has responded to the recent accusations made by president Donald Trump. On Saturday, Trump accused former president Obama of orchestrating a "Nixon/Watergate" plot to tap the phones at his Trump Tower headquarters in the run-up to last fall's election. He writes in an opinion piece for The Washington Post: First, the U.S. government needs probable cause, signatures from government officials and advance approval from a federal court before engaging in wiretapping in the United States. There are some narrow exceptions, for things such as short-term emergencies, which are then reviewed by a judge promptly after the fact. This is not something that the president simply orders. Under the law governing foreign intelligence wiretaps, the government has to show probable cause that a "facility" is being used or about to be used by a "foreign power" -- e.g., a foreign government or an international terrorist group -- or by an "agent of a foreign power." A facility is something like a telephone number or an email address. Second, there is no requirement that the facility being wiretapped be owned, leased or listed in the name of the person who is committing the offense or is the agent of a foreign power. [...] Third, government officials, including the president, don't normally speak publicly about wiretaps. Indeed, it is in some cases a federal crime to disclose a wiretap without authorization, including not only the information obtained from the wiretap, but also the mere existence of a wiretap with an intent to obstruct it. With respect to intelligence wiretaps, there is an additional issue: They are always classified, and disclosure of classified information is also generally a crime. The president enjoys authority over classified information, of course, but at a minimum it would be highly irregular to disclose an intelligence wiretap via Twitter.
Businesses

Samsung Group Chief Denies All Charges as 'Trial of the Century' Begins (fortune.com) 32

An anonymous reader shares a Fortune report: The head of South Korea's Samsung Group, Jay Y. Lee, denies all charges against him, his lawyer said on Thursday, at the start of what the special prosecutor said could be the "trial of the century" amid a political scandal that has rocked the country. Lee has been charged with bribery, embezzlement and other offenses in a corruption scandal that has already led to the impeachment of President Park Geun-hye. Lee, who is being detained at Seoul Detention Centre, did not attend court. A defendant does not have to turn up during a preparatory hearing, held to organize evidence and set dates for witness testimony. The date of the next hearing will be decided next week. Lee's defense denied all charges against him on his behalf, saying that the special prosecution's indictment cites conversations, evidence or witnesses the prosecution did not actually hear, investigate or interview according to the rules -- or states opinions that are not facts.
Crime

Federal Criminal Probe Being Opened Into WikiLeaks' Publication of CIA Documents (cnn.com) 236

A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.
Crime

Amazon Shares Data With Arkansas Prosecutor In Murder Case (ap.org) 54

An anonymous reader quotes a report from Associated Press: Amazon dropped its fight against a subpoena issued in an Arkansas murder case after the defendant said he wouldn't mind if the technology giant shared information that may have been gathered by an Amazon Echo smart speaker. James Andrew Bates has pleaded not guilty to first-degree murder in the death of Victor Collins, who was found dead in a hot tub at Bates' home. In paperwork filed Monday, Bates said Amazon could share the information and Amazon said it handed over material on Friday. The Echo "listens" for key words and may have recorded what went on before Collins was found dead in November 2015. Amazon had fought a subpoena, citing its customers' privacy rights. A hearing had been set for Wednesday on whether any information gathered was even pertinent.
Government

FBI Dismisses Child Porn Case Rather Than Reveal Their Tor Browser Exploit (arstechnica.com) 244

An anonymous reader writes: Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.

Slashdot Top Deals