Archive for the ‘crime’ Category

Everyone is a Criminal: Lawn Crime

June 3, 2008

If you live in Canton Ohio, it may soon be illegal to let your lawn grow.  This story from the Canton Repository details the proposed legislation which expands Canton’s existing high-grass and weeds law by making a second offense a fourth-degree misdemeanor, which is punishable by a fine of up to $250 and up to 30 days in jail.  More than 8 inches constitutes high grass or weeds, according to Canton city law.   A vacant uncared for house can reduce the value of surrounding homes by thousands of dollars, and also increases the likelihood of health and crime risks in the area.

While the proposed expansion of the high grass law is actually intended to prevent crime and other issues related to unkept properties, this law is a great example of why the trend to make everyone a criminal is dangerous.  While Canton’s law might seem reasonable on its face, it is very likely going to end up vicitmizing the very people it seeks to protect. 

Canton’s Law Service Director Thomas Bernabei who initiated the review of the existing high grass law says that the expanded law would be pursued “with vigor” which one assumes incudes encouranging law enforcement and prosecutors to seek out and prosecute as many violaters as possible and to make examples out of some of the first violaters prosecuted. 

However, as stated in the article, its actually quite difficult to prosecute a corporation for a crime like this.  Director Joseph Martuccio admits as much in the Canton Repository article, describing the challenge of following a paper trail to the guilty party.  As a result individual law breakers are much more likely to be prosecuted under the proposed ordinance than the corporations that own foreclosed properties.  It is much more likely that an individual home owner in Canton would be the first jailed under the proposed law rather than a corprorate officer of a major bank which is neglecting its properties. 

Maybe you can’t imagine the Canton city fathers prosecuting and jailing little old ladies for not mowing their grass.  Certainly this is all some paranoid ACLU fantasy?  The fact is that something very similar to this scenario has already happened in Orem Utah.  Earlier this year 70 year old Betty Perry was arrested, handcuffed, and briefly jailed for resisting arrest when a police officer tried to cite her for failing to water her lawn.  She was released and settled the case recently after agreeing to a plea bargain in which she paid a $100 fine and received six months of probation. 

Perhaps Canton’s city council should consider the effect of criminalizing what is at worst a nuisance but might also be an aesthetic choice.  Finally, consider the tragic events in Batavia Ohio about a year ago, in which a 15 year old boy was shot and killed for walking on Charles Martin’s carefully manicured lawn.  “He stepped on it and he walked 40 feet through it,” Martin said. “I cared about it. I cut it every five days.”  A young boy is dead and Mr. Martin was sentenced to life in prison and is unlikely to ever be parolled.  All over a lawn.

Linkage: IBM and the Future of Crime

May 10, 2008

A podcast of an interview with Dr Charles Palmer of IBM on cybercrime.

From the IBM investor relations area.

In Brief: Woman Busts Laptop Thieves Remotely

May 9, 2008

According to WCBS, a woman in Westchester NY was not only able to locate her stolen laptop on the Internet but also was able to remotely photograph the thieves using the laptop’s internal web camera.  The perpetrators were caught as a result.  Apparently a friend of the laptop’s owner noticed that the stolen machine was online, and notified the true owner who was able to use Back to My Mac to take control of her Mac over the Internet to obtain the pictures.  Future criminals and crime fighters take note.

In Brief: CODIS DNA Database To Catch Horse Thieves

May 2, 2008

Horses are valuable and stealing horses is a big business. “EDNA Test” is now offering Equine CODIS, based upon the same process as the FBI’s human own CODIS system which is used for human DNA analysis. CODIS stands for Combined DNA Information Systems. The CODIS software enables State, local, and national law enforcement crime laboratories to compare DNA profiles electronically. Horses don’t have fingerprints and therefore DNA is the most accurate available method for horse identification. Implanted microchips have potential health risks, and along with tattoos or brands can be altered or removed. Reference http://www.pr-usa.net/index2.php?option=com_content&do_pdf=1&id=103090

Microsoft Ships Future Crime Fighting Tool and Fights Cybercrime

April 29, 2008

It has been revealed that Microsoft has developed a tool which will enable forensic investigators to easily gather digital evidence after a crime has been committed. The COFEE is a USB device that reportedly supports 150 commands that can dramatically cut the time it takes to gather digital evidence including decrypting passwords analyzing Internet activity, and all data stored in the computer. Apparently the device has been available to the law enforcement community since June 2007, although there have not to my knowledge been any previous public revelations of its use. Microsoft’s Tim Cranton describes COFEE as “a preconfigured, automated tool” that “fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button –completing the work in about 20 minutes.” Cranton states that more than 2,000 law enforcement officers have registered for COFEE and the tool is used in over 15 countries.

Tim Cranton demos COFEE at LE tech 2008

The IMO not very surprising revelation of COFEE hit the blogosphere today during Microsoft’s 2nd Annual Law Enforcement technology Conference an event especially for law enforcement officials which is being attended by 400 individuals from more than 80 agencies in 35 countries around the world.

COFEE is only one aspect of Microsoft’s anti-cybercrime efforts. Cranton also described the role of the Internet Safety Enforcement Team and organization founded in 2002 as making “the Internet safer and more secure for everyone. ” Although Cranton didn’t go into any further detail of what this organization actually does on a day to day basis, he does reveal that the ISET consists of “35 professionals around the globe including former prosecutors, investigators, software engineers and business professionals whose full-time job is to make the Internet a safer place.”

This seems to be somewhat at odds with Aaron Kornblum’s previous revelations about ISET which described the organization as “a worldwide group of 65 attorneys, investigators, and other professionals” but whatever the size of the organization it appears their primary work is to aid law enforcement with technical investigations. ISET aided the FBI in gathering evidence against convicted phisher Jayson Harris who was operating “a phishing scheme by creating a bogus MSN billing website and then sending e-mails to MSN customers requesting that they visit the website and update their accounts by providing credit card account numbers and other personal information. ”

The work of Peter Fifka, an ISET investigator was documented in an enjoyable 2003 article entitled Gumshoe chases Internet villains in Eastern Europe ISET also targets spammers and the creators of viruses and worms. Some are sure to question Microsoft’s motives and wonder about their influence over investigations conducted by the law enforcement community.

The Justice Department says the company doesn’t influence its investigations. Microsoft is not “driving law enforcement’s priorities,” according to Christopher Painter, deputy chief of the department’s Computer Crime Section, but given the fact that Microsoft appears to initiate at least some of the investigations conducted by ISET questions are likely to remain.

[Update: According to this article, COFEE was developed by Anthony Fung, a senior investigator on Microsoft’s Internet Safety Enforcement Team.  Some additional interesting speculation about COFEE here ]

More Silly ATM Tricks

July 20, 2007

WIRED reports on another ATM manufacturer that printed the default master passwords to their ATM machines directly in their user manuals.  Future Crime readers will recall that I previously reported on a similar issue with the Tranax ATM. 

 Of course the ATM users could change these passwords, but since the machine does not require them to do so, many simply don’t.  As is so often the case, good security starts with common sense, thinking about the problem from the user’s perspective, and a little bit of thoughful design.  It seems Triton could use some help in this area.

Using Google to Commit Crimes

July 18, 2007

This is a somewhat comical true story of some rather clueless criminals in Denver that used WD-40 to “obscure” surveillance cameras and couldn’t open a few safes even though they apparently had the combinations.  Getting a bit creative these obvious amateurs were able to use Google to search for “how to open a safe” and “how to crack a safe.”  With this information they were able to quickly figure out how to open the safes and got away with $12,000.

 It is not difficult to find information that might be useful in the commision of crimes using Google.  For example one can learn to escape from handcuffs or pick a lock, although obviously these skills still do require some practice.  I’ve previously written about the possibility of using Google Calendar to determine both a target and the timing of a crime.  A similar story recently was reported by the Washington Post and made its way around the blogosphere as well.

Future Crime Reader Interests

September 22, 2006

Some readers may not be aware that the search terms you use to find Future Crime are reported and recorded. Interestingly, yesterday 28.5% of Future Crime’s views resulted from searches on the terms:

“how to use” “stolen credit card numbers

I don’t know who you are, but unless you were very careful I expect your IP address was recorded as well your search terms. Not very smart for a supposed future criminal!

ATM Hacking

September 22, 2006

Bruce Schneier reports today on a great future crime story in which the culprit uses an unchanged administrative password to reprogram an ATM to think it holds $5 bills instead of $20 bills. There are a couple of interesting aspects to this story. First the attack exploits a well known security flaw which remains an unbelievably common practice in a variety of settings: failing to change default passwords. Second, the attack doesn’t require the system to be altered, but rather uses the correct operation of the system (the Tranax Mini-Bank 1500 series) as part of the attack.

Another interesting aspect of this story is that it illustrates the tension between competitive business practices and security. Tranax has been trying to use innovative business practices to become more competitive in the ATM business, and these very practices may have enabled or aided this attack. This article from ATM Marketplace describes how Tranax is trying to make it as easy to order an ATM as it is to get a laptop from Dell. In fact a quick visit to the Tranax support pages, tells you that the default passwords can be found in the printed manual which you can also order directly from their site. I note that although its probably a little harder today to get your hands on a Tranax manual, any legitimate owner of a machine has one. And therefore any legitimate owner or employee with access to a manual could easily try this exploit on any Tranax 1500 machine regardless of who owned that machine.

Finally, the role surveillance played in discovering the exploit is interesting. While the culprit might have disguised himself and used a nearly untraceable prepaid ATM card to access the machine, the exploit might have gone undiscovered for a long time without the surveillance video showing how it was accomplished.

What is Crime.net?

September 19, 2006

Crime.net is a term I use to describe the impact of network technologies such as the Internet and mobile phones on crime and criminal enterprises. Applications of Crime.net include the following:

  1. Commission of crimes – this is the one part of Crime.net that’s gotten mainstream press coverage so far. Phishing, hacking into computers for credit card numbers, and so on. Data thefts at major retailers such as BJ’s Wholesale Club and Lowe’s indicate that there is probably more of this going on than has been reported in the media. And smart criminals may target smaller retailers that can’t afford the security resources of large corporations. Although not strictly a network based attack, computers have also been used to steal cars and other items as reported here and here.
  2. Scouting targets – identifying people or places that are likely targets for crimes, and developing intelligence about targets. One blogger recently revealed how to use Google Calendar to scout potential victims for burglarly or worse. Sound far fetched? Criminals in South Africa have been observed using cell phones to photograph potential victims. Google maps provides detailed maps for locating possible escape routes, planning look out locations and so on. Satellite imagery can be used to examine roof tops for covert access points to buildings.
  3. Sharing criminal expertise – Criminals have used websites, blogs, etc. to share methods of operation, criminal techniques and strategies, an even information about specific targets. The notorious Shadowcrew site included instructions on how to commit identity theft and fraud. Some worry that these marketplaces will become a “bazaar of violence” facilitating murder and terrorism.
  4. Online markets for stolen goods – The Shadowcrew created an online market for stolen credit card numbers and eBay is used to “fence” stolen goods. More of these sorts of sites likely exist today.
  5. Avoiding capture – criminals can use surveillance technologies, cell phones, etc. to warn each other of the approach of law enforcement personnel. Usually we think of surveillance technologies being used to fight crime, but criminals can also use them to avoid capture. Picture phones and wireless IP based cameras can be used to warn of the approach of law enforcement. Drug dealers use cellphones and multiple operatives to avoid capture with large quantities of cash and drugs for example. Analysis of publicly reported crime statistics can be used to predict areas with less law enforcement coverage. Imagine a future web site where criminals could determine the locations of police cars in real-time accessible over a cellphone or by using a stolen or otherwise obtained police data terminal.