Jump to content

Search the Community

Showing results for tags 'enforcement'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 4 results

  1. Snapchat, the social network known for its disappearing messages, released its first transparency report Thursday showing hundreds of requests from US and foreign law enforcement agencies. Between November 1 and February 28, Snapchat said it received 375 requests from US law enforcement officials, and produced at least some data in 92 percent of those cases. "While the vast majority of Snapchatters use Snapchat for fun, it's important that law enforcement is able to investigate illegal activity," Snapchat said in a blog post. "We want to be clear that we comply with valid legal requests." The requests were mostly in the form of subpoenas, warrants or court orders, along with a smaller number of emergency requests. Outside the US, Snapchat received 28 requests and produced data in six of those cases. The requests came from Britain, Belgium, France, Canada, Ireland, Hungary and Norway. Snapchat joins other major tech firms that have released similar data including Google, Yahoo, Facebook, Twitter and Microsoft. Like most of its peers, Snapchat said it opposed efforts to give law enforcement special access through "backdoors." "Privacy and security are core values here at Snapchat and we strongly oppose any initiative that would deliberately weaken the security of our systems," the blog posting said. "We're committed to keeping your data secure and we will update this report bi-annually." The report did not include data on US national security requests, which may only be released after a six-month delay. "Even though Snapchat has promoted user privacy and autonomy since its founding, we've only recently been able to systematically track and report requests for user information," the company said. It said it will publish more details in July on government requests and demands to remove content. Snapchat last year reportedly rejected a $3-billion takeover by Facebook and later was valued at some $10 billion following a private equity round of investment. Snapchat has not disclosed key financial information or numbers of users but some analysts say it is used by as many as 100 million people or more. Snapchat rocketed to popularity, especially among teens, after the initial app was released in September 2011. Created by then Stanford University students, the app allows the sending of messages that disappear shortly after being viewed. Sursa: Snapchat Shows Data Requests in Transparency Report | SecurityWeek.Com
  2. SACRAMENTO, Calif.—A California state bill that would require a warrant to access all kinds of digital data passed its first hurdle after being approved by the Senate Public Safety Committee on Tuesday. Among other sweeping new requirements to enhance digital privacy, the bill notably imposes a warrant requirement before police can access nearly any type of digital data produced by or contained within a device or service. In other words, that would include any use of a stingray, also known as a cell-site simulator, which can not only used to determine a phone’s location, but can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones—not just the target phone. According to the bill's summary: If the California Electronic Communications Privacy Act (CalECPA) passes the California State Senate and the State Assembly, and is signed by the governor, it would mark a notable change for law enforcement in America’s most populous state. However, passage is not a sure thing. Previous versions of the bill were vetoed by the governor twice in 2012 and again in 2013. The bill was introduced in February 2015 by State Senator Mark Leno (D-San Francisco). Texas and other states already have similar laws on the books, while revision to the federal Electronic Communications Privacy Act (ECPA) has stalled for years. California law enforcement agencies, like others nationwide, have been cagey as to how stingray use is requested and carried out. Last week, the Anaheim Police Department published a version of a letter that had been prewritten by the FBI in a poor attempt to provide further disclosure about how they use the surveillance devices. Only one opposed In June 2014, the Supreme Court of the United States ruled unanimously in a case known as Riley v. California that law enforcement officials must obtain a warrant before searching the contents of an arrestee’s phone. Among other changes, the new bill would put the Golden State in compliance with that decision. The Senate Committee on Public Safety approved Senate Bill 178 (SB 178) by a vote of 6-1, with little discussion from the assembled senators. It faced just a modicum of opposition at this stage. "California residents use technology every day to connect, communicate, work and learn," Nicole Ozer, an attorney with the American Civil Liberties Union of California, testified from a prepared statement in favor of the bill. "Our state’s leading technology companies rely on consumer confidence in these services to help power the California economy. "But consumers are increasingly concerned about warrantless government access to their digital information, and for good reason. While technology has advanced exponentially, California privacy law has remained largely unchanged. Law enforcement is increasingly taking advantage of outdated privacy laws to turn mobile phones into tracking devices and to access e-mails, digital documents, and text messages without proper judicial oversight." In the pre-cellphone era, a "pen register and trap and trace order" allowed law enforcement to obtain someone's calling metadata in near real-time from the telephone company. Now, that same data can also be gathered directly by the cops themselves through the use of a stingray. In some cases, police have gone to judges asking for such a device or have falsely claimed the existence of a confidential informant while in fact deploying this particularly sweeping and invasive surveillance tool. Most judges are likely to sign off on a pen register application not fully understanding that police are actually asking for permission to use a stingray. Under federal law, pen registers are granted under a very low standard: authorities must simply show that the information obtained from the pen register is "relevant to an ongoing criminal investigation." That is a far lower standard than being forced to show probable cause for a search warrant or wiretap order. A wiretap requires law enforcement to not only specifically describe the alleged crimes but also to demonstrate that all other means of investigation had been exhausted or would fail if they were attempted. California doesn’t actually have a specific pen register statute—a pen/trap application template that Ars recently obtained from the Oakland Police Department under a public records request cites the federal statute. However, that practice goes against a 2003 opinion from the California Attorney General. The AG concluded that because California affords its citizens more privacy under the state constitution than does federal law, a state law enforcement officer cannot use a federal statute for a pen/trap order. Cops don’t like it After more testimony, the committee members heard from Marty Vranicar of the California District Attorneys Association (CDAA) and Aaron McGuire, a lobbyist for the California Sheriff's Association (CSA). Vranicar told the committee that the bill would "undermine efforts to find child exploitation," specifically child pornography. "SB 178 threatens law enforcement’s ability to conduct undercover child porn investigation. the so-called peer-to-peer investigations," he said. "Officers, after creating online profiles—these e-mails provide metadata that is the key to providing information. This would effectively end online undercover investigations in California." Ars was unable to obtain the letters filed by Vranicar and McGuire to the committee that more fully outlined their opposition. However, no other members of the public nor other groups spoke up in favor of the law enforcement position. By contrast, SB 178 has notable support from a number of established organizations and tech companies, including the Council on American Islamic Relations, the California Newspaper Publishers Association, Twitter, Facebook, Microsoft, and Google, among others. After Vranicar and McGuire spoke, they faced just one question from Sen. Joel Anderson (R-San Diego County), who said that he wanted to see revision suggested by the law enforcement establishment. "One of the issues that I have is that people's cellphones are being abused," he said, holding up his iPhone. "It's clear that that's happening. I think you need to figure out how to be part of that solution. "While you want to stop criminal behavior, it can't be at the price of liberty. If you have the right to break into my house, with a warrant and take my computer, that should be the standard for phones as well." The committee seemed unmoved by law enforcement concerns, and passed the bill handily. It now moves to the Senate Appropriations Committee before eventually going on to the entire state Senate. Source
  3. Michigan-based provider of point-of-sale devices, NEXTEP SYSTEMS, is investigating a possible security compromise of customer systems, according to a statement emailed to SCMagazine.com on Monday by Tommy Woycik, president of NEXTEP SYSTEMS. “NEXTEP was recently notified by law enforcement that the security of the systems at some of our customer locations may have been compromised,” according to the statement, which goes on to add, “We do know that this is NOT affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed.” An investigation is ongoing with law enforcement and data security experts. On Monday, technology journalist Brian Krebs reported that financial industry sources identified a pattern of fraud on payment cards used recently at Zoup!, a restaurant chain and NEXTEP SYSTEMS customer. He wrote that Zoup! referred him to NEXTEP SYSTEMS. Source
  4. On May 30, 2014, law enforcement officials from the FBI and Europol seized a series of servers that were being used to help operate the GameOver Zeus botnet, an especially pernicious and troublesome piece of malware. The authorities also began an international manhunt for a Russian man they said was connected to operating the botnet, but the most significant piece of the operation was a side effect: the disruption of the infrastructure used to distribute the CryptoLocker ransomware. The takedown was the result of months of investigation by law enforcement and security researchers, many of whom were collaborating as part of a working group that had come together to dig into CryptoLocker’s inner workings. The cadre of researchers included reverse engineers, mathematicians and botnet experts, and the group quickly discovered that the gang behind CryptoLocker, which emerged in 2013, knew what it was doing. Not only was the crew piggybacking on the GameOver Zeus infections to reach a broader audience, but it also was using a sophisticated domain-generation algorithm to generate fresh command-and-control domains quickly. That kept the CryptoLocker crew ahead of researchers and law enforcement for a time. “The interesting thing is all the opsec involved in this. The architecture thought out with this was really clear. The people working on this really sat down and architected and then engineered something,” said Lance James of Deloitte & Touche, who spoke about the takedown effort at Black Hat last year. “It took a lot more people on our side to hit it harder.” CryptoLocker has become the poster child for a new wave of threats that are designed to relieve victims of their money through the threat of losing all of their files. The malware, like its descendants Cryptowall, Critroni, Crowti and many others, encrypt the contents of victims’ PCs and demands a payment, usually in Bitcoin, in order to get the decryption key. Millions of victims have been hit by these threats in the last couple of years, but putting a number on infections and a dollar value on how much money the crews are making is difficult. However, with ransom payments ranging from less than $100 to as much as $300 or more, the criminals behind these ransomware families are building multimillion dollar businesses on the fear and desperation of their victims. Despite the sudden appearance of CryptoLocker and the other more recent kinds of ransomware, the concept itself is not new. As far back as the late 1980s, early versions of crypto ransomware were showing up and security researchers began looking at the problem by the mid-1990s. By the mid-2000s, more and more crypto ransomware variants were popping up, but it wasn’t until CryptoLocker reared its head in 2013 that the scope and potential damage of the threat came into sharp focus. Victims, researchers and law enforcement soon realized that the game had changed. “Just imagine the scale of how many people are being held for ransom with these threats. It’s mind-boggling,” said Anup Ghosh, CEO of security vendor Invincea, which has done research on ransomware threats. “It’s someone else’s problem until your own personal information gets encrypted and you can’t access your work data and photos. The personal pain is so much more dramatic than any other intrusion.” For all the attention that CryptoLocker and Cryptowall and the other variants have gotten from the media and security researchers, enterprises haven’t yet totally caught on to the severity of the threat. Much of the infection activity by crypto ransomware has targeted consumers thus far, as they’re more likely to pay the ransom to get their data back. But Ghosh said that’s likely to change soon. “It’s not even on their radar. It’s similar to banking Trojans in terms of what IT guys think of it,” Ghosh said. “They treat it as an individual problem and as a reason to slap people on the wrist. ‘Oh, you must have done something bad’.” Ransomware gangs use a variety of methods to infect new victims, including riding shotgun on other malware infections and through drive-by downloads. But perhaps the most common infection method is through spam messages carrying infected attachments. These often look like FedEx shipping notifications or fake invoices. When a user opens the attachment, the malware infects the machine and encrypts the files. But the crypto ransomware gangs don’t operate on their own. They have support systems, developers and other systems in place to help them create their malware and cash out the profits. “CryptoLocker and GameOver Zeus were often installed alongside each other, and now you see these groups improving from there and specializing,” said John Miller, manager, ThreatScape cyber crime, at iSIGHT Partners. “There’s so much momentum behind ransomware operations and the black markets that support it, we expect it to be a problem for the foreseeable future. There are people selling ransomware, customization services for countries and distribution services for getting it onto machines or phones.” How much money is involved? Millions and millions of dollars. In just the first six months of operation, the Cryptowall malware generated more than a million dollars in revenue for its creators, according to research from Dell SecureWorks. That’s one group using one variant of crypto ransomware. And there are dozens, if not hundreds, of other groups running similar operations. Where CryptoLocker innovated with the use of strong encryption and demand for Bitcoin as ransom, other groups have taken the concept and run with it. The Critroni, or CTB-Locker, ransomware not only accepts Bitcoin, but it also uses elliptic curve cryptography and employs the Tor network for command-and-control. The group behind Cryptowall also goes to some lengths to ensure that the ransomware is on the right kind of machine before it runs. “They went through a lot of work to hide the executable in encryption, to check if it’s running in a virtual machine, and the ability to exploit multiple environments,” said Cisco Talos security research engineer Earl Carter. “So much was put into Cryptowall 2.0. Someone went to a lot of work on the front end to avoid detection.” The piles of money and growing complaints from victims has begun to draw the attention of law enforcement, as evidenced by the GameOver Zeus-CryptoLocker takedown and actions against the Reveton ransomware operation. Researchers expect the level of law enforcement interest to grow, especially as ransomware infects more enterprises and the profits for attackers continue to grow. “Now that it’s become apparent how much damage ransomware is causing, law enforcement is paying attention,” Miller said. “It’s gotten their attention in a big way. It’s in their scope. But it hasn’t been targeted very much by takedown activity. A lot of the criminals operating this feel that because what they’re doing is stealing virtual currency from individuals it’s less likely to see law enforcement attention. “The biggest reason this environment will change is sustained law enforcement action.” Source
×
×
  • Create New...