Government agencies pushing for longer mandatory metadata retention

Home affairs says agencies are pushing for data to be held for more than two years for complex investigations

Government agencies are pushing for telecommunications companies to be forced to retain customer data for law enforcement agencies for longer than the current two-year requirement.

Under the mandatory data retention legislation that passed in 2015, companies such as Telstra, Optus and Vodafone are required to store customer metadata, like number dialled, time of call and call location for two years.

Related: Australian federal police accessed journalists’ metadata 58 times in a year

Related: New encryption powers used at least five times by federal and NSW police

Continue reading…

Read More

MySpace Case: Woman Who Posed as Boy Testifies in Case That Ended in Suicide of 13-Year-Old

New York Times, 20 November 2008

LOS ANGELES — Slumping forward miserably in the witness box, in barely audible tones, a young woman told a federal jury here on Thursday that she had posed as a teenage boy in a series of e-mail messages to a 13-year-old girl that ended in the girl’s expressing suicidal thoughts and hanging herself.

“You’re the kind of boy a girl would kill herself over,” the woman, Ashley Grills, said the 13-year-old girl, Megan Meier, wrote before taking her own life.

Testifying under an immunity agreement with federal prosecutors, Ms. Grills, 20, described how she came up with the idea to create a fake MySpace account with the identity of a cute teenage boy. The goal, she said, was to draw in Megan and learn about her and things she might have been saying about the teenage daughter of Ms. Grills’s friend and employer, Lori Drew.

Ms. Drew, who lives in a suburb of St. Louis and was a neighbor of the Meiers, is charged with conspiracy and three counts of accessing a computer without authorization via interstate commerce to obtain information to inflict emotional distress.

Legal experts believe the trial is an unprecedented use of computer fraud statutes to prosecute a case involving how people use a social networking site. Thomas O’Brien, the United States attorney here, asserted jurisdiction over a matter that local prosecutors in Missouri chose not to pursue — successfully arguing that he had jurisdiction because MySpace is based in Los Angeles, where its servers are housed.

In her testimony on the second day of Ms. Drew’s trial, Ms. Grills described how Ms. Drew had become angry with Megan for “spreading lies” about Ms. Drew’s daughter Sarah, and was eager to “expose” her. Ms. Grills, who worked at the Drew home, said she hatched the idea of creating a phony MySpace account, under the name Josh Evans, to communicate with Megan.

The original idea, Ms. Grills said, was to lure Megan to make nasty remarks about Sarah, which she and Ms. Drew would then present to Megan’s mother. But the idea morphed into other methods of humiliating the girl — devised by Ms. Drew, she said.

Ms. Grills said that she had expressed trepidation about creating a fake account, but that Ms. Drew had told her “that it was fine and that people do it all the time.” She added, “She was like a second mother to me, and I didn’t think she would do anything to get me in trouble.”

Things went awry, Ms. Grills said, after she sent an e-mail message with Ms. Drew’s blessing that said, “The world would be a better place without you.” It was an attempt, she said, to get Megan to stop communicating with the made-up Josh so the ruse could end.

Megan’s response, the message about suicide, had never been revealed by Ms. Grills until this week. Shortly after sending the message, Megan hanged herself on Oct. 16, 2006.

“It was something I didn’t want to remember,” said Ms. Grills, who said she had been hospitalized for depression after the suicide. “I pushed it out of my mind.”

As Ms. Grills told her story, Megan’s father, Ronald Meier, listened from the front row of the courtroom, rocking slightly and furiously dabbing at his eyes.

Ms. Drew’s defense lawyer, Dean Steward, carefully tried to unravel the credibility of Ms. Grills and others witnesses, including Megan’s mother, Christina Meier, whose testimony continued from Wednesday.

“Don’t you kind of have to say stuff they want to hear?” he said to Ms. Grills, motioning to prosecutors in a reference to her immunity agreement.

Mr. Steward suggested that Ms. Meier ought to have known better than to leave her daughter alone in her room after a nasty exchange of e-mail banter left the girl distraught. He said the antidepressant drugs her daughter had been taking were known to cause suicidal thoughts in teenagers.

“You let her run upstairs to the room alone,” Mr. Steward said to Ms. Meier.

The trial has also included testimony about the fallout for Ms. Drew after the case became public. A hairdresser testified about the irate phone calls her salon received for continuing to tend to the hair care of Ms. Drew, and an interior designer detailed both how she sold Ms. Drew blinds to block the hostile approaches of neighbors, while being hectored herself for continuing to advertise her business in a coupon book distributed by Ms. Drew.

Mr. O’Brien, the United States attorney, made the highly unusual choice to prosecute the case himself, punctuating his personal interest in the matter.

Should he succeed in convicting Ms. Drew, the case, while derided by critics as an overreach, would almost certainly be a game changer in the still-evolving world of social networking.

By essentially equating the violation of usage agreements with computer hacking into a computer, a guilty verdict in this case could have widespread implications for future prosecutions under the Computer Fraud and Abuse Act, said Matthew Levine, a former federal prosecutor. Each of the three counts against Ms. Drew carries a maximum sentence of five years in prison.

Read More

Dissect Cyber wins major DHS S&T Award for their BEC Work

Congratulations to our great friends at Dissect Cyber for receiving the DHS S&T Global Award for their work on BEC scams!

The FBI has been warning companies for several years now of the growing prominence of Business Email Compromise (BEC) scams as being one of the top forms of cyber crime based on the volume of dollars stolen.  A single BEC scam can often lead to six-figure and even seven-figure losses!  According to a June 2018 BEC report from the Internet Crimes Complaint Center, so far the FBI has documented $12,536,948,299 in losses stolen from 78,617 businesses.

Dissect Cyber decided that the best way to attack these scams and help protect those at-risk companies was to create an early warning system called Cyber Notify, based on their analysis of the vulnerable (and detectable) points of a BEC scam that is ABOUT TO HAPPEN!  To understand why their solution is so powerful, let’s look at how a BEC fraud group is structured.

BEC Org Charts

Some of the leading experts in Business Email Compromise have documented the significant role in these scams played by West African cyber criminals.  Experts such as John Wilson, Crane Hassold, and Ronnie Tokazowski at Agari are doing some great work Investigating BEC Scams actors to learn more about how they commit their crimes.  The SecureWorks experts are documenting the role of malware in BEC crimes, and produced a great chart explaining the roles of the various actors, reproduced here from their report “Golden Galleon: How A Nigerian Cybercrime Crew Plunders the Shipping Industry.”

SecureWorks BEC Org Chart

In that document, American researchers assigned names to each of the roles that make up a BEC scam.  One of those roles in the SecureWorks report is “Cloner” which is described as the person who “Registers domain names for impersonating email addresses.”

The West African fraud experts at AA419 (Artists Against 419) provide a similar chart, but label their content based on the names the fraudsters use themselves.  In their diagram, the “Cloner” role is called within the West African fraudster community, a “Faker Maker.”  While they do create domain names that closely imitate real organization names to be used in email, they often are also responsible for creating entire fraudulent organizations, complete with corresponding web sites, in order to facilitate their fraud, including fake travel agencies, fake government organizations, fake shipping companies, fake job websites, and fake lotteries.

AA419 BEC Org Chart

The AA419 staff did an excellent blog post explaining the critical role of The Faker Maker in December 2017.

Enter Dissect Cyber and Cyber Notify

I’ve known and worked with April Lorenzen, the founder of Dissect Cyber and Zetalytics, and her staff and products for many years.  She has been passionate about building tools for law enforcement and investigators to quickly understand the relationships between domain names, their name servers, and the IP addresses which host them.  She’s also been generous enough to share her tools with researchers in my lab, including sharing them with our UAB Cyber Detective Camp last summer!  Whether we are doing phishing investigations, malware investigations, or illicit pharmaceutical investigations, Dissect Cyber has been a great partner!
Based on the organizational charts above, what Dissect Cyber realized was that part of the PRECURSOR events to having a new BEC attack often involve the creation of a “look-alike domain” that will imitate the company being targeted.  We’ve blogged many times about how BEC attacks work, such as our article “Business Email Compromise: Putting a Wisconsin Case Under the Microsope.” Often, such as in two of the victim cases described in the Wisconsin case, the criminals are monitoring the emails of key executives, having already planted email-stealing malware on their computers, watching for an opportunity when they are traveling or otherwise unavailable.  During that scheduled outage, an employee will receive an “urgent command” that they must quickly pay an invoice, wire some funds for a merger, or some other large financial transaction.  By having the email come from a domain that is VERY SIMILAR to the true email domain, the employee often does not realize that this is not really The Big Boss, and they will comply with the financial transfer order they receive.
This is where Dissect Cyber comes in.  Because they have full visibility of EVERY NEWLY CREATED DOMAIN ON THE INTERNET, they created the Cyber Notify system to check each new domain to see if it might be a counterfeit look-alike domain. If so, their team of highly trained and vetted professionals (at the moment, all members of the alert team are military veterans), reach out to the imitated organization to help them understand that they may be about to be targeted with a BEC attack.
According to the press release from Dissect Cyber, this work has helped 1,500 companies prevent themselves from losing $407 million dollars which was requested to be wire transferred by the scammers who had created these fake domains!  Priority notifications are given to those companies that are part of the nation’s Critical Infrastructure as defined by DHS.  Why?  While the techniques that have been broadly been used to steal money by West African scammers are the majority of the financial losses as reported by the IC3.gov team, the scarier fake domain attacks may be foreign nation state actors who are using the techniques refined by the West Africans to send dangerous emails that could have an impact on anything from our power grids to our water supply to employees of those critical infrastructure companies!
Congratulations, Dissect Cyber!  I hope that Cyber Notify (cybernotify.org) will grow, expand, and continue to innovate in ways to help us all protect our vulnerable small and medium-sized businesses from fraud, while also protecting our Critical Infrastructure businesses from nation state espionage hackers!

Read More

Dissect Cyber wins major DHS S&T Award for their BEC Work

Congratulations to our great friends at Dissect Cyber for receiving the DHS S&T Global Award for their work on BEC scams!

The FBI has been warning companies for several years now of the growing prominence of Business Email Compromise (BEC) scams as being one of the top forms of cyber crime based on the volume of dollars stolen.  A single BEC scam can often lead to six-figure and even seven-figure losses!  According to a June 2018 BEC report from the Internet Crimes Complaint Center, so far the FBI has documented $12,536,948,299 in losses stolen from 78,617 businesses.

Dissect Cyber decided that the best way to attack these scams and help protect those at-risk companies was to create an early warning system called Cyber Notify, based on their analysis of the vulnerable (and detectable) points of a BEC scam that is ABOUT TO HAPPEN!  To understand why their solution is so powerful, let’s look at how a BEC fraud group is structured.

BEC Org Charts

Some of the leading experts in Business Email Compromise have documented the significant role in these scams played by West African cyber criminals.  Experts such as John Wilson, Crane Hassold, and Ronnie Tokazowski at Agari are doing some great work Investigating BEC Scams actors to learn more about how they commit their crimes.  The SecureWorks experts are documenting the role of malware in BEC crimes, and produced a great chart explaining the roles of the various actors, reproduced here from their report “Golden Galleon: How A Nigerian Cybercrime Crew Plunders the Shipping Industry.”

SecureWorks BEC Org Chart

In that document, American researchers assigned names to each of the roles that make up a BEC scam.  One of those roles in the SecureWorks report is “Cloner” which is described as the person who “Registers domain names for impersonating email addresses.”

The West African fraud experts at AA419 (Artists Against 419) provide a similar chart, but label their content based on the names the fraudsters use themselves.  In their diagram, the “Cloner” role is called within the West African fraudster community, a “Faker Maker.”  While they do create domain names that closely imitate real organization names to be used in email, they often are also responsible for creating entire fraudulent organizations, complete with corresponding web sites, in order to facilitate their fraud, including fake travel agencies, fake government organizations, fake shipping companies, fake job websites, and fake lotteries.

AA419 BEC Org Chart

The AA419 staff did an excellent blog post explaining the critical role of The Faker Maker in December 2017.

Enter Dissect Cyber and Cyber Notify

I’ve known and worked with April Lorenzen, the founder of Dissect Cyber and Zetalytics, and her staff and products for many years.  She has been passionate about building tools for law enforcement and investigators to quickly understand the relationships between domain names, their name servers, and the IP addresses which host them.  She’s also been generous enough to share her tools with researchers in my lab, including sharing them with our UAB Cyber Detective Camp last summer!  Whether we are doing phishing investigations, malware investigations, or illicit pharmaceutical investigations, Dissect Cyber has been a great partner!
Based on the organizational charts above, what Dissect Cyber realized was that part of the PRECURSOR events to having a new BEC attack often involve the creation of a “look-alike domain” that will imitate the company being targeted.  We’ve blogged many times about how BEC attacks work, such as our article “Business Email Compromise: Putting a Wisconsin Case Under the Microsope.” Often, such as in two of the victim cases described in the Wisconsin case, the criminals are monitoring the emails of key executives, having already planted email-stealing malware on their computers, watching for an opportunity when they are traveling or otherwise unavailable.  During that scheduled outage, an employee will receive an “urgent command” that they must quickly pay an invoice, wire some funds for a merger, or some other large financial transaction.  By having the email come from a domain that is VERY SIMILAR to the true email domain, the employee often does not realize that this is not really The Big Boss, and they will comply with the financial transfer order they receive.
This is where Dissect Cyber comes in.  Because they have full visibility of EVERY NEWLY CREATED DOMAIN ON THE INTERNET, they created the Cyber Notify system to check each new domain to see if it might be a counterfeit look-alike domain. If so, their team of highly trained and vetted professionals (at the moment, all members of the alert team are military veterans), reach out to the imitated organization to help them understand that they may be about to be targeted with a BEC attack.
According to the press release from Dissect Cyber, this work has helped 1,500 companies prevent themselves from losing $407 million dollars which was requested to be wire transferred by the scammers who had created these fake domains!  Priority notifications are given to those companies that are part of the nation’s Critical Infrastructure as defined by DHS.  Why?  While the techniques that have been broadly been used to steal money by West African scammers are the majority of the financial losses as reported by the IC3.gov team, the scarier fake domain attacks may be foreign nation state actors who are using the techniques refined by the West Africans to send dangerous emails that could have an impact on anything from our power grids to our water supply to employees of those critical infrastructure companies!
Congratulations, Dissect Cyber!  I hope that Cyber Notify (cybernotify.org) will grow, expand, and continue to innovate in ways to help us all protect our vulnerable small and medium-sized businesses from fraud, while also protecting our Critical Infrastructure businesses from nation state espionage hackers!

Read More

Internet Crime [Video]

Internet Crime

. Table of Contents Internet CrimeDefinition – What does Internet Crime mean?Techopedia explains Internet CrimeTypes of Internet crime include:Related TermsCybercrimeDefinition – What does Cybercrime mean?Techopedia explains CybercrimeRelated TermsInterner Crime – Bitcoin and the DarknetThe dirty secret about Bitcoin: It’s amplifying ransomware, cybercrime, and moreFor a deeper look at cryptocurrency internet crime, read the full infographic below.Thanks for Reading Internet Crime, Bitcoin and the DarknetDr. Don Yates Sr Ph.D., FounderThe Internet Crime Fighters Org (ICFO)Serving Our Members and Readers Since 2004Click to Like Us on FacebookICFO Fund RaisingICFO ServicesPlease Like Share and Comment to Expand…

Read More