Saturday, September 15, 2018

Social Mapper


Social Mapper is an open source tool that automates the process of discovering individuals’ social media accounts. The tool takes advantage of facial recognition technology and searches for targets’ accounts on LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.

The tool creates a list of targets based on the provided input, then it performs the online search. But it doesn’t rely on APIs to do that – instead, it opens a Firefox browser window, logs into the aforementioned social media sites, then begins searching for the targets by name.

“It pulls out the top results from this search (usually between 10 and 20) and starts downloading the profile pictures and performing facial recognition checks to try and find a match.”

Social Mapper is primarily aimed at Penetration Testers and Red Teamers, who will use it to expand their target lists and find their social media profiles. From here what you do is only limited by your imagination, but here are a few ideas to get started:
  • Create fake social media profiles to 'friend' the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
  • Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
  • Create custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
  • View target photos looking for employee access card badges and familiarize yourself with building interiors.
--


Oregon's Suspension of Driver's Licenses for Traffic Fines 'Punishes the Poor'



From 2007 to 2017, the Oregon DMV issued 334,338 license suspensions arising solely from minor traffic violation fines that went unpaid. "The DMV's practice amounts to the criminalization of poverty.'' A class-action lawsuit is now challenging this.

Suspending a driver's license because of unpaid traffic fines unfairly targets poor people and is unconstitutional, a class-action lawsuit alleges.

The Oregon Law Center is representing five plaintiffs from Portland, Baker City, Pendleton and Mission who have had their driver's licenses suspended for years or decades because they can't afford to pay their spiraling debt from traffic violations.

They want a federal judge to order the state to halt license suspensions for traffic fines until the Oregon DMV gives drivers a chance to demonstrate their inability to pay. If a driver can't pay the fines, they say the state should exempt that motorist from losing a license. The plaintiffs argue the state's current suspensions violate the due process rights of low-income people and are discriminatory.

"The DMV's practice amounts to the criminalization of poverty,'' Oregon Law Center attorney Emily Teplin Fox wrote in a motion for a preliminary injunction filed in federal court in Portland Friday. The center provides legal services to low-income clients across the state.

The suit is the latest in a national movement to curb the suspensions of driver's licenses based on unpaid traffic fines. (Oregon Live, September 8, 2018)
--

A traffic fine is the penalty for a traffic infraction. That penalty is issued by a court, and collected through a process set up by the courts. When the DMV takes additional administrative action - suspending a license - it is in effect a double punishment (although a double punishment accepted by the law).

When a person cannot pay a fine, suspending a driver's license so that person cannot not legally drive, unduly and unfairly targets those individuals in our communities that have the least money. Nobody is happy about having to pay a couple hundred dollars in traffic fines, but if your income is only $990 per month (the maximum to qualify for SNAP/Food Stamps) it may simply not be possible for you to pay the traffic fine, and the increasing penalties for non-payment.

Now there will no doubt be some who say if you can't afford a traffic fine, don't break the traffic laws... OK fair enough, but as a police officer who works traffic once told me "everyone breaks traffic laws, if I follow you long enough you will commit a violation that I can stop you for." So, we come back to the question of how do we keep a simple traffic violation from destroying the lives of the poorest in our communities because they don't have the money to pay the fine?




Friday, September 14, 2018

Don't Fall Prey to the Latest 'Sextortion' E-mail Threat


The email addresses you by name and knows one of your online passwords – and even may include the last three digits of your phone number.

Assured it has your attention, it then proceeds to claim that malware placed on a porn site you've visited will expose you. Unless you pay up.

Count yourself lucky if you haven’t received this email or a similar one in the past few months.
These so-called sextortion scams are on the rise, fueled by the past years' data breaches that have released personal information into the wild.

The fraud banks on the chance that one of its potential marks – you, perhaps – has been visiting porn sites or has been cheating on a partner, and so believes the letter's sender really has secret information.

One such email claims that "while you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account and email account."

What's more, it says you were recorded as you were viewing the porn. (“Yep! It’s you doing nasty things!” reads the scam letter.)  If that weren’t enough, the email claims all of your personal contacts — family, friends, co-workers — have been stolen. Now the blackmailer is giving you 24 hours to make a payment, often several thousand dollars, via Bitcoin.

According to Steven D’Antuono, chief of the FBI’s financial crime section, it’s what they call “a scare scam.” The FBI is seeing a rise in reported cases this summer, so much so that the Bureau issued an alert on the matter in August. (King 5 News, September 11, 2018




Thursday, September 13, 2018

Portland Protester Files Tort Claim After Being Hit By A Flash-Bang Grenade Fired By Police At August 4 Protest


According to Willamette Week (September 13, 2018) a protester who went to the hospital after being hit directly with a flash-bang grenade shot into a crowd by police on Aug. 4 filed notice today of her intent to sue the City of Portland. (A tort claim must be filed before a civil suit can be brought against the city.)

Michelle Fawcett suffered third-degree chemical burns from the impact of an explosive device that is meant to be detonated at least 20 feet in the air. Portland police have since suspended use of the explosives pending an internal review.

"At approximately 1:45 pm, Ms. Fawcett was standing peacefully chatting with a friend, surrounded by other peaceful demonstrators, on SW Columbia St. and First Ave," the tort claim says. "Without announcement or warning, PPB members started shooting into the crowd, with what we understand now to be flash bang devices."

Observers voiced concerns that police had fired explosives and chemical weapons at a peaceful crowd. Police chief Danielle Outlaw said officers had seen protesters throwing objects just before deploying the first flash bang, but published video footage of the moments leading up to the clash do not support her claim.

--
 
 
 
 



Ideal Conceal .380 Double Barrel Pistol Looks Like A Cell-Phone

 
The ground breaking Ideal Conceal is a carefully engineered double barreled .380 caliber people can safely carry in their purse or clipped to their side. Ingeniously designed to resemble a smartphone, yet with one click of the safety it opens and is ready to fire.
  • Lightweight One-Piece Frame
  • Simple Design and Trouble-Free Operation
  • High Velocity, Increased accuracy
  • Hammerless construction for maximum safety.


 
 
 
If you need a self-defense gun that doesn't have the immediate appearance of a gun, then the Ideal Conceal Double-Barrel .380 Pistol may be an option.
 
If you are a law enforcement or security officer, be aware that not all firearms have the traditional firearm appearance.
 
The Ideal Conceal Pistol is available now and can be shipped to your local firearms dealer. 
 
  

 
 

Add a Free Security Freeze to Your Consumer Credit Report



A security freeze on your consumer credit report is one of the most vital steps you can take toward protecting yourself from identity theft. Previously, the cost was $10 per credit bureau for every freeze/unfreeze. The Economic Growth, Regulatory Relief and Consumer Protection Act states that beginning September 21, Equifax, Experian and TransUnion must each set up a webpage for requesting fraud alerts and credit freezes at no cost (those pages are available now); Innovis and NCTUE have also provided free security freeze sites.

Equifax: https://www.freeze.equifax.com

Experian: https://www.experian.com/freeze/center.html

TransUnion: https://service.transunion.com/dss/orderStep1_form.page

Innovis: https://www.innovis.com/personal/securityFreeze

NCTUE: https://www.nctue.com/Consumers


I previously discussed the importance of a Credit Freeze for Privacy and Security in February 2018.


Wednesday, September 12, 2018

Government Emergency Telecommunications Service (GETS) and Wireless Priority Service (WPS)


The Department of Homeland Security (DHS) Office of Emergency Communications (OEC) offers a suite of Priority Telecommunications Services designed to support national security and public safety communications availability for government officials, emergency responders, and critical infrastructure owners and operators.

GETS is designed to provide priority landline and some cellular calling capabilities when communications networks are congested.

WPS is designed to provide priority cellular calling capabilities when communications networks are congested.

The national security and emergency preparedness (NS/EP) community spans the federal, state, local, tribal and territorial governments; public safety and emergency responders; industry partners who are responsible for maintaining the Nation’s critical infrastructure; and other authorized users. Organizations that rely on telecommunications on a daily basis to protect public health, maintain law and order, ensure public safety, and/or provide financial or utility service should enroll in these vital priority services. Typical GETS, WPS, and TSP users are responsible for the command and control functions critical to management of, and response to, national security and civil emergencies.

Download this guide to using GETS / WPS.

Additional information and documents about GETS / WPS can be found here.

If you are in the path of Hurricane Florence the GETS / WPS services may be essential to maintaining emergency communications in the aftermath of the storm. - Stay Safe!






No, The Police Can't Arrest a Whole Bunch of 7th Grade Girls to Prove A Point

 
Scott v. County of San Bernardino (Filed September 10, 2018)

The panel affirmed the district court’s summary judgment in an action brought by three middle school girls who alleged that a Sheriff’s deputy arrested them on campus without probable cause, in violation of their Fourth Amendment rights and state law.

9th Cir.: No, the police can't arrest a whole bunch of 7th grade girls without evidence of a crime to "prove a point."

9th Cir.: "The arrest of a middle schooler ... cannot be justified as a scare tactic, a lesson in maturity, or a chastisement for perceived disrespect."

9th Cir.: A group of middle school girls being "disrespectful" and "whispering among themselves" does not constitute probable cause that they have committed a crime.




Tuesday, September 11, 2018

WE WILL NEVER FORGET 9/11


Where were you on that fateful morning of September 11, 2001? Do you remember how the world seemingly stopped as the world and our country watched in disbelief and then horror as the twin World Trade Center towers were hit, then came down, the loss of life, unimaginable.

Further horrors and uncertainties were unveiled as we also saw that the Pentagon had been hit by American Airlines Flight 77, and United flight 93 had come down in Pennsylvania. Let's also remember how as Americans, we came together in our grief, comforting those who lost their loved ones, or who were hurt and injured in the attacks, and remembering those who lost their lives.

September 11, 2018 - 17 years to the day when our lives were changed forever, let us stand together in reflection, and remember, and never, ever forget.


 

 

 
 


 
 
 
 

Monday, September 10, 2018

World Suicide Prevention Awareness Day


September 10th is World Suicide Prevention Awareness Day and September as a whole is Suicide Prevention Month.

Numbers out from the CDC show that suicide has risen 25 percent across the U.S. in the last 20 years.

If you need help, or if you're worried about a friend or loved one, call the National Suicide Prevention Hotline at 1-800-273-8255.


VA Releases National Suicide Data Report (June 18, 2018)

This report yields several important insights:

Suicide rates increased for both Veterans and non-Veterans, underscoring the fact that suicide is a national public health concern that affects people everywhere.

The average number of Veterans who died by suicide each day remained unchanged at 20.

The suicide rate increased faster among Veterans who had not recently used Veterans Health Administration health care than among those who had.

 
#WorldSuicidePreventionDay
#ВсемирныйДеньПредотвращенияСамоубийств
#Weltsuizidpräventionstag
#WereldSuïcidePreventiedag
 
 


Social Security Numbers Exposed on US Government FOIA Web-site


The US government exposed dozens of people’s personal details, including social security numbers, due to an online mishap on a public transparency portal, it emerged this week.

FOIA.gov, a site that centrally administers freedom of information act requests, had been serving up the information for weeks, CNN reported on Monday.

Those requesting information may enter sensitive personal data and are even encouraged to do so by government agencies to help service their requests – information such as status on an immigration application or information about criminal cases.

The problem stemmed from a software bug in the site’s search facility. This allows people to search existing FOIA requests and find out who has requested information about what. These records include personal details that the site normally withholds until the originating agency gives permission to reveal it.

That masking stopped working. Instead, the site began displaying all of the information by default, including sensitive data, effectively rendering it publicly available.

The software glitch meant that sensitive information about individuals, including birthdates, immigrant identification numbers, addresses and contact details were available online. CNN identified at least 80 full or partial Social Security numbers during its research.

According to the news site, the masking feature had been working properly until 9 July, when the website upgraded from version 2.0 to version 3.0. This means information would have been publicly available until shortly after reporters from CNN, tipped off by a source, alerted the government.

At that point, FOIA.gov attempted to re-mask sensitive information, but some data needed to remain publicly viewable. Last Thursday, it sent a notice to the relevant originating agencies asking them to review the publicly viewable information on the site to ensure that FOIA.gov was authorized to disclose it.  (CNN, September 3, 2018)
--

Database compromises are a common problem, both for government information and for businesses that maintain information about their customers.  Making data accessible to those who have an authorized and legitimate need for it, while at the same time keeping that data protected from all other access is a significant problem.

Errors exists in databases, or are created when systems and software are upgraded. Criminals may find ways to exploit weaknesses in security, and insiders may compromise information through intent, negligence, or error.

Before providing any of your personal information to a government agency, or to a business, ask yourself what will be the effect if (when) this information is compromised?



Your Smart Electricity Meter Can Easily Spy On You



Modern meters can track not only when you’re not home, but what you’re up to when you're there.

Modern electricity usage meters provide innumerable benefits to utility companies, including a variety of remote access and monitoring tools to better manage the power grid. They also dramatically reduce the cost of technician visits for on-location meter readings.

But these devices also collect an ocean of private customer data, including detailed information that can be used to infer when you wake, when you sleep, and when you’re at home or away. In the past, electricity meters delivered a lump monthly figure to utilities, but smart meters transmit data in granular detail, often in increments ranging from fifteen minutes to every few hours.

This week, the Seventh Circuit Court of Appeals ruled that the Fourth Amendment does in fact protect energy-consumption data collected by smart meters. The ruling leans heavily on the Kyllo v. United States precedent that declared the use of thermal imaging tech to monitor citizens without a warrant also violates the Fourth Amendment.

The court was quick to point out smart meter data collection often provides much deeper insight than could be obtained via the thermal imaging tech that was at issue in the Kyllo ruling. In large part because modern appliances often have distinct energy-consumption patterns or “load signatures” that not only tell the utility when you’re home, but precisely what you’re doing.

“A refrigerator, for instance, draws power differently than a television, respirator, or indoor grow light,” the ruling notes. “By comparing longitudinal energy-consumption data against a growing library of appliance load signatures, researchers can predict the appliances that are present in a home and when those appliances are used.”

“The Seventh Circuit recognized that smart meters pose serious risks to the privacy of all of our homes, and that rotely applying analog-era case law to the digital age simply doesn’t work,” Jamie Williams, staff attorney at the Electronic Frontier Foundation, told Motherboard. (Motherboard, August 24, 2018)
--

While the court's ruling that the Fourth Amendment protects smart-meter data may limit access to that data by law enforcement, it doesn't prevent it from being accessed by business organizations, stolen by hackers, or used by some out of control government employee in a basement office keeping illegal files about you hidden away on a government computer network.


Sunday, September 9, 2018

$12.5 Million Settlement for Unarmed Man Killed by Lakewood Police Sniper



The city of Lakewood, its police chief and two officers have dropped an appeal of a record $15.1 million jury verdict in the 2013 SWAT-team sniper-death of Leonard Thomas, an unarmed black man who was killed as he clutched his 4-year-old son following a four-hour standoff, and have agreed to pay Thomas’ family $12.5 million to settle the wrongful-death and civil-rights lawsuit.

The settlement in the racially charged case leaves in place the July 2017 unanimous verdict by a jury in U.S. District Court in Seattle finding Lakewood, Fife and members of the Pierce County Metro SWAT team committed 14 separate civil-rights violations that night, including illegal seizure and use of excessive force.

The verdict came after a three-week trial and four days of deliberations. The panel had singled out Lakewood Police Chief Mike Zaro — then an assistant chief — and Lakewood officers Sgt. Brian Markert and Mike Wiley for punitive damages totaling $6.5 million, finding their actions were particularly egregious and led to Thomas’ unnecessary death.

Metro Pierce County SWAT, responded to a 911 call as part of a multi-agency operation that included more than 20 heavily armed officers and an armored vehicle, which they drove onto Thomas’ front yard. Over the next four hours, Thomas repeatedly told police to go away and officers agreed he had committed a misdemeanor assault on his mother at best. Thomas never displayed a firearm — there were no guns in the house — and he never threatened police or his son, according to testimony at trial. SWAT breached the back door of the home just as Thomas had agreed with a hostage negotiator to let the boy go. The defense said that Thomas, who was on the front porch with the boy when the team used explosives to blow down his back door and then shot his dog, reached for the boy.

A SWAT Sniper, hidden across the street with a .308-caliber precision rifle, shot Thomas in the belly when he reached for the boy. Officers testify they had to pry the child out of his dying father’s arms as Thomas, who was bleeding to death, begged them not to hurt his boy.

The city of Lakewood has said it would indemnify the officers in this lawsuit. (The Olympian, September 7, 2018)