Archive for the ‘Uncategorized’ Category

Virtual Police Line Up

May 14, 2008

Check out this interesting video of a virtual reality police line up. the system was developed at Stanford’s Virtual Human Interaction Lab and depicts several interesting concepts employing virtual reality to improve the line up process. The VHIL’s research was performed in collaboration with the Research Center for Virtual Environments and Behavior, the National Science Foundation, and the Federal Judicial Center. the goal of the work is to apply virtual environments to deepend understanding of how witnesses of crimes identify suspects.

The eyewitness observes the suspects through viewing a virtual environment delivered to a head mounted display, although I can see no reason why a similar set of functionality could not be delivered to a screen based system. This allows the eyewitness to potentially be at a remote or distant location from the suspects, who need not even all be present at one location themselves.

The use of a 3D interactive environment also makes it is possible for an eyewitness to not only to see the individuals in the line up from the front, but also to “fly around” them and view them from different angles or even from just inches away.

This also makes it possible to place the line up in a different virtual location, perhaps into a scene similar to where the crime was committed.

Unfortunately, the virtual line up as implemented suffers from several weaknesses. First, the current implementation uses digital “busts” glued onto representative bodies. While this approach allows for the creation of digital “foils”, simulated persons similar in appearance to a true suspect, it also means that facial motion can not be presented. This representation can be misleading also because the body shape, stature, and clothing may not be accurate representations of the suspects’ true appearance. It also limits the ability to employ realistic representations of distinguishing marks not found on the face, i.e. tattoos and scars.

Second, as implemented, the virtual busts have no ability to be animated in real-time. Facial motion is known to be an important cue in facial recognition and this work ignores some of the well known results in the study of human face and person recognition abilities here. Finally, the avatar body motions are completely fake eliminating the use of any cues related to body motion, gait, etc. which have also been shown to aid recognition.

Unfortunately these limitations of the head mounted virtual reality based line up are likely to prevent its use in any real world line ups. A better approach would seem to be using blue/green screen video based capture of real suspect images possibly from multiple cameras, and image based rendering to generate the virtual face views. See for example this research and the research at the Fraunhofer Institute into image based rendering of faces for virtual conferencing.

In Brief: CODIS DNA Database To Catch Horse Thieves

May 2, 2008

Horses are valuable and stealing horses is a big business. “EDNA Test” is now offering Equine CODIS, based upon the same process as the FBI’s human own CODIS system which is used for human DNA analysis. CODIS stands for Combined DNA Information Systems. The CODIS software enables State, local, and national law enforcement crime laboratories to compare DNA profiles electronically. Horses don’t have fingerprints and therefore DNA is the most accurate available method for horse identification. Implanted microchips have potential health risks, and along with tattoos or brands can be altered or removed. Reference

I’m back…

April 29, 2008

I’ve been so busy fighting crime that I haven’t had much time to post. But I’m back and ready to start posting again!

FBI Spyware Capabilities

July 18, 2007

WIRED has a very detailed and interesting article today detailing the use of spyware by the FBI to catch a teen “prankster” that was behind bomb threats at a Washington High School.

 In the sidebar, the article includes a somewhat terse description of the systems capabilities:

 The full capabilities of the FBI’s “computer and internet protocol address verifier” are closely guarded secrets, but here’s some of the data the malware collects from a computer immediately after infiltrating it, according to a bureau affidavit acquired by Wired News.

• IP address
• MAC address of ethernet cards
• A list of open TCP and UDP ports
• A list of running programs
• The operating system type, version and serial number
• The default internet browser and version
• The registered user of the operating system, and registered company name, if any
• The current logged-in user name
• The last visited URL

Once that data is gathered, the CIPAV begins secretly monitoring the computer’s internet use, logging every IP address to which the machine connects.

All that information is sent over the internet to an FBI computer in Virginia, likely located at the FBI’s technical laboratory in Quantico.

ATM Hacking

September 22, 2006

Bruce Schneier reports today on a great future crime story in which the culprit uses an unchanged administrative password to reprogram an ATM to think it holds $5 bills instead of $20 bills. There are a couple of interesting aspects to this story. First the attack exploits a well known security flaw which remains an unbelievably common practice in a variety of settings: failing to change default passwords. Second, the attack doesn’t require the system to be altered, but rather uses the correct operation of the system (the Tranax Mini-Bank 1500 series) as part of the attack.

Another interesting aspect of this story is that it illustrates the tension between competitive business practices and security. Tranax has been trying to use innovative business practices to become more competitive in the ATM business, and these very practices may have enabled or aided this attack. This article from ATM Marketplace describes how Tranax is trying to make it as easy to order an ATM as it is to get a laptop from Dell. In fact a quick visit to the Tranax support pages, tells you that the default passwords can be found in the printed manual which you can also order directly from their site. I note that although its probably a little harder today to get your hands on a Tranax manual, any legitimate owner of a machine has one. And therefore any legitimate owner or employee with access to a manual could easily try this exploit on any Tranax 1500 machine regardless of who owned that machine.

Finally, the role surveillance played in discovering the exploit is interesting. While the culprit might have disguised himself and used a nearly untraceable prepaid ATM card to access the machine, the exploit might have gone undiscovered for a long time without the surveillance video showing how it was accomplished.