FBI
Latest
DNSchanger standby servers will go dark Monday 7/9
It's pretty unlikely that your computer is among the 277,000 worldwide still affected by the DNSchanger malware (63,000 of them in the US, per the FBI and CIO Daily), but just in case you find yourself mysteriously knocked offline Monday morning, here's why. From 2007 until the law knocked on their door in early 2011, an Estonian hacker ring maintained a scam system where infected computers had their DNS settings changed to point to compromised, rogue servers controlled by the criminals. Over the course of their activity, about four million computers were affected worldwide; AV software and system updates cleared most of the malware, but not all of it. The good news is that these particular bad dudes are now in jail. The bad news is that for the infected computers that were pointing at the rogue DNS servers, simply taking the servers offline would have in turn caused the client computers to freak out. To prevent this, the FBI and other law enforcement took over the IP addresses for the rogue servers and have been running legitimate, well-behaved DNS servers there ever since. All good things must end, however, and the FBI isn't going to bear the costs of running those boxes any longer; they're getting turned off tomorrow. You can check your machine using McAfee's free online DNSchanger check, or use Macfixit's rundown to confirm that you're not pointed at the bogus DNS servers. Either way, you can use this opportunity to verify that you're using the optimal DNS settings for your network -- most likely your ISP's recommended settings, or nationwide DNS providers such as Google (8.8.8.8) or OpenDNS (208.67.222.222).
Subpoenas issued over 38 Studios deal, Citizens Bank sues Schilling [Updated]
While the fallout from 38 Studios' collapse carries with it a human toll, it also has triggered a legal one as well. State and federal law enforcement agencies have issued subpoenas to both Bank Rhode Island and the Rhode Island Economic Development Corporation over the loans that enticed the game studio to the state. Currently, the RI state police, the state attorney general's office, the FBI, and the US attorney's office are jointly looking into the situation. Police are investigating the specifics of the deals in an attempt to figure out what exactly happened. The subpoenas requested records of the financial contracts and loans. Both the RIEDC's $75M in taxpayer bonds and Bank Rhode Island's $8.5M loan are unlikely to be repaid following the studio's bankruptcy. [Update: Massively reader Zaken tipped us off to the fact that Citizens Bank has announced it is suing 38 Studios' Curt Schilling to the tune of $2.4 million "in an attempt to recoup its money from the ex-ballplayer's personal assets."]
Report: FBI forming new cyber intelligence research unit, focus on digital surveillance
According to a report filed by technology site CNET, the US Federal Bureau of Investigation (FBI) is forming a new cyber intelligence and research unit dubbed the Domestic Communications Assistance Center (DCAC). The briefing states that the DCAC's purpose will be "to invent technology that will let police more readily eavesdrop on Internet and wireless communications" (initially focusing on VoIP services, social networks, and wireless communication mediums) . Via a prepared statement, the FBI explained that the unit's modus operandi will be to "assist federal, state and local law enforcement with electronic surveillance capabilities." Congress has appropriated over $54 million for "lawful electronic surveillance" in fiscal year 2012; the DCAC has been earmarked just north of $8 million from that pie. The Bureau's full statement is after the break.
New DVD anti-piracy warning now packs double the nag
Starting this week, you'll find any newly-minted DVDs and Blu-ray discs will now include a similarly fresh anti-piracy message. Homeland Security's special agent badge now partners up with the FBI's own emblem on the new warning played before DVDs -- and it looks like it'll still be unskippable. If this dynamic duo isn't enough to scare into legitimate media consumption, how about another warning screen to really bring it on home? This one features the National Intellectual Property Center, which follows the same "piracy is bad" message, offering a helpful link as to why -- one we're sure you're going to investigate in the middle of movie night. Interestingly, these new screens themselves are still not in the public domain and only the major US movie studios are authorized to use them. No news yet on whether the authorities plan to include another screen explaining this, but you can check that second warning that you'll soon be yelling at right after the break.
Screen Grabs: Are agents on Fringe flashing their Google Wallet?
Screen Grabs chronicles the uses (and misuses) of real-world gadgets in today's movies and TV. Send in your sightings (with screen grab!) to screengrabs at engadget dot com. We're not sure exactly what the FBI's standard issue kit consists of, but we imagine it has more than a few bits of secret tech. These screen grabs from this week's Fringe, however, would have us believe that the rogue agents like to pick up their tabs with what looks like Google Wallet. We can clearly see a Sprint-branded Galaxy Nexus being used to for a not-so-undercover financial transaction. At least it looks like the agents might have had an upgrade since we last saw them around these parts. Update: As many of you have pointed out, there was something wrong with our own intel on this case, and it wasn't one of the agents using the service. Perhaps the bureau isn't comfortable with e-wallets just yet. [Thanks, Te-je]
FBI reportedly pressing for backdoor access to Facebook, Google
Investigators at the FBI supposedly aren't happy that social networks like Facebook or Google+ don't have the same kind of facility for wiretaps that phones have had for decades. If claimed industry contacts for CNET are right, senior staff at the bureau have floated a proposed amendment to the 1994-era Communications Assistance for Law Enforcement Act (CALEA) that would require that communication-based websites with large user bases include a backdoor for federal agents to snoop on suspects. It would still include the same requirement for a court order as for phone calls, even if US carriers currently enjoy immunity for cooperating with any warrantless wiretapping. As might be expected, technology firms and civil liberties advocates like the Electronic Frontier Foundation object to deepening CALEA's reach any further, and Apple is thought to be preemptively lobbying against another definition of the law that might require a government back channel for audiovisual chat services like FaceTime or Skype. The FBI didn't explicitly confirm the proposal when asked, but it did say it was worried it might be "going dark" and couldn't enforce wiretaps. [Image credit: David Drexler, Flickr]
Top LulzSec members arrested, group leader reportedly acted as informant
The LulzSec hacking group may have officially called it quits last June, but that doesn't mean it was able to escape the eye of law enforcement. As Fox News reports, today saw three group members arrested and two more charged with conspiracy -- a move that one FBI official described as "chopping off the head of LulzSec." What's more, it's reported that group leader "Sabu," now identified as 28-year-old Hector Xavier Monsegur, was acting as an informant for the FBI since he was first caught and secretly arrested in June of last year (around the time the group disbanded). Court documents unsealed today also show that Monsegur has pleaded guilty to carrying out attacks on companies like MasterCard and PayPal, and that he's been charged with 12 criminal counts of conspiracy. The full indictments against the group's members can be found at the Gizmodo link below, and the FBI's press release can be found after the break.
FBI deactivates about 3,000 GPS tracking devices, loses sight of your car
Following a January ruling by the US Supreme Court, the FBI has deactivated some 3,000 GPS units that were potentially infringing on the Fourth Amendment. The decision seems to be making waves in the U.S. Justice Department. Andrew Weissmann, FBI General Counsel, says some of the devices have been difficult to retrieve, as the vehicles they were once tracking now move undetected. The FBI has sought temporary permission to reactivate some of the devices to locate and retrieve the hardware. Weissmann says the FBI is also developing new guidelines regarding the legality of its agent's actions -- from the application and use of tracking devices, to the extent a suspect's garbage can be searched before the agent is committing trespass. In short, the FBI is working really hard not to violate your legal right to privacy. If you happen to find something weird under you car, give 'em a call. They'd probably like it back.
Steve Jobs' 1991 FBI file has been released
Have a bit of time? Want to learn more about Steve Jobs' life than you were able to dredge up reading the Walter Isaacson biography? All you have to do is read the 191-page 1991 FBI background investigation of Jobs that was done when he was being considered for an appointment to the President's Export Council. The file also include records of a 1985 bomb threat made against Jobs. John Cook at Gawker noted that "I've read the files from a lot of background FBI investigations; it's pretty rare in my experience that this much derogatory information gets dredged up." What kind of derogatory comments? Some of them are classic: "He characterized Mr. Jobs as an honest and trustworthy individual; however, his moral character is questionable" and "They further stated that Mr. Jobs has integrity as long as he gets his way." But wait, there's more! "Several individuals questioned Mr. Jobs' honesty stating that Mr. Jobs will twist the truth and distort reality in order to achieve his goals." Yes, the famous Jobs Reality Distortion Field has been investigated by the FBI, but there's no word on whether it was the X-Files team or Fringe Division that was doing the investigation. And finally, there's this gem: "He characterized Mr. Jobs as a deceptive individual who who (sic) is not completely forthright and honest." While the names of his friends and associates have been redacted from the report, it's apparent that they -- at least back in the 1990s -- didn't have a lot of trust in the late Apple CEO.
Carrier IQ issues lengthy report on data collection practices, sticks to its guns
After having already tried to explain itself with metaphor, Carrier IQ is now taking its floundering PR campaign back to basics, with an ostensibly thorough primer on its practices and a slightly less convoluted defense of its privacy standards. This morning, the controversial analytics firm released a lengthy, 19-page document that attempts to explain "what Carrier IQ does and does not do." In the report, titled "Understanding Carrier IQ Technology," the company explains the benefit it offers to its clientele of network operators, many of whom rely upon Carrier IQ's diagnostic data to make sure their infrastructure is up to snuff. It also provides a breakdown of how it collects data, as well as a defense against Trevor Eckhart's findings, though, as you'll see, these arguments likely won't put this saga to bed anytime soon. Read more, after the break.
Man on vacation confused for a Russian spy, almost restarts cold war
Threats of Russian espionage can come from the unlikeliest of sources, as Jim Mimlitz, owner of Navionics Research, a small integrator firm, knows only too well. Curran Gardner Public Water District, just outside of Springfield, Illinois, employed Mimlitz's firm to set up its Supervisory Control and Data Acquisition system (SCADA), and the spy games began when Mimlitz went on vacation in Russia. While there, he logged into the SCADA system to check some data, then logged off and went back to enjoying Red Square and the finest vodka mother Russia has to offer. However, five months later a Curran Gardner water pump fails, and an IT contractor eyeballing the logs spots the Russian-based IP address. Fearing stolen credentials, he passes the info up the chain of command to the Environmental Protection Agency (as it governs the water district) without bothering to contact Mimlitz, whose name was in the logs next to the IP address. The EPA then passed along the paranoia to a joint state and federal terrorism intelligence center, which issued a report stating that SCADA had been hacked. Oh boy. A media frenzy followed bringing all the brouhaha to Mimlitz's attention. After speaking with the FBI, the massive oversight was identified, papers were shuffled, and everyone went about their day. So, next time you delete all your company's e-mail, or restart the wrong server, remember: at least you didn't almost start World War III. Tap the source link for the full story. [Image courtesy Northackton]
The MMO Report: Giving it away for free edition
Today on The MMO Report, Casey chronicles DC Universe Online's F2P growing pains ("It's almost like they're giving it away for free," he says cheekily) before moving on to the Total Recall MMO, Star Wars: The Old Republic's server types, Guild Wars 2's pet system, and the bizarre addition of Second Life to the FBI's watch list for criminal gangs and drug traffickers. "Way to give criminal organizations a wonderful idea, FBI," jokes The Beard. This episode also sees the return of Uncle Casey's mailbag and a new contest to devise an MMO Report-themed drinking game. Winners will receive (what else?) World of Warcraft-themed MEGA Bloks. Casey ends the show on a Skyrim note: "For some reason, I am always drawn to the most useless skills and end up creating a character that's only good at talking to people and getting lower prices on things but not so great at killing things." Sounds like some of my toons! Hit the break for the full episode!
DoJ: Stingray cellphone tracking device falls under Fourth Amendment, but don't ask about it
In 2008, federal authorities arrested David Daniel Rigmaiden on charges of spearheading a massive identity theft ring in Arizona. Rigmaiden allegedly led this operation from January 2005 to April 2008, harvesting some $4 million off of more than 1,900 fraudulent tax returns. He was ultimately nabbed, however, thanks in part to controversial, and somewhat mysterious tool known as a "stingray" -- a device that effectively acts as a fake cell tower, allowing authorities to locate and track a cellphone even when it's not being used to place a call. Since his arrest, the 30-year-old Rigmaiden has been battling the feds in the U.S. District Court of Arizona, on allegations that their tracking tactics constituted an unlawful search and seizure, thereby violating his Fourth Amendment rights. For more than a year, the Department of Justice has maintained that the use of stingrays does not violate the Fourth Amendment. When it comes to sending data from a mobile device, the DoJ has argued, users should not have a "reasonable expectation" of privacy. Recently, though, the judge overseeing the case has indicated that he will press the feds for more information on how stingrays actually work -- something the government clearly has no desire to disclose. Prosecutors are so reluctant, in fact, that they may be willing to sacrifice their case against Rigmaiden in order to safeguard the stingray's secrecy. Read more about the latest developments, after the break.
FBI's Child ID app helps iPhone users find their missing children
The FBI has just released its very first mobile app, aimed at helping parents deal with their worst nightmare -- a missing child. Known as Child ID, the application allows users to store their kid's photos and identifying information directly on their handsets, making it easier to provide authorities with vital data whenever the little one disappears. Parents can also use the tool to dial 911 or the National Center for Missing and Exploited Children with the tap of a button, and can instantly e-mail their child's details to law enforcement officials, thanks to a dedicated tab. Of course, some may feel uncomfortable with keeping such personal information stored on a smartphone, but the Bureau insists that none of the data will be collected or shared without authorization -- and they're pretty good at keeping secrets. For now, Child ID is available only for iPhone, though the FBI plans to expand it to other mobile devices in the near future. Interested iOS users can download it for themselves, at the iTunes link below.
FBI releases its first iPhone app: Child ID
The FBI has released it first iPhone app called Child ID. As the name suggests, Child ID works as a kind of digital passport for information about your children. With it you can store their photos along with physical identifiers such as height and weight. The app has several intended uses, the first a which is as something you can quickly show a security official to help identify your child if they go missing, say at an airport or a theme park. The app also has allows you to call 911 with the tap of a button and also call the National Center for Missing and Exploited Children. You can also choose to email your child's information to authorities. For those of you worried over privacy concerns, the FBI states on its website that the app does not collect or store any photos or information you enter into the phone. Everything resides locally on your iPhone until you choose to send that information to the authorities. Child ID is a great start, but one issue I had with the app is that there is no way to set a passcode on it. If you're storing information that could identify your children, it would be nice to lock the app should it fall into the wrong hands. Child ID is a free download for the iPhone, and the FBI says it will be coming to other mobile devices in the future.
Fifty days of 'lulz' over: LulzSec disbands
The secretive hacking group known as LulzSec has announced that it is formally disbanding with the completion of its planned 50 days of mayhem. Among its many targets that it has hacked, including government sites, LulzSec struck at The Escapist, Bethesda Game Studios, League of Legends, and EVE Online. LulzSec sent out a final statement, which said the group was a band of six hackers who had planned 50 days of attacks from the beginning. Now that the time is up, the group plans to fade into the shadows. The group hopes that others will continue with these illegal activities: "Behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us." While a suspected member of LulzSec was arrested a few days ago, the organization denied that he was part of the collective.
Homeland Security, FBI looking into PSN breach
The situation surrounding the PSN outage and data breach just got real. How real? The US government is now involved. The "Computer Emergency Readiness Team, "under the Department of Homeland Security, " is working with law enforcement, international partners and Sony to assess the situation," DHS spokesperson Chris Ortman told NextGov. Did you know we had a Computer Emergency Readiness Team? That team's role is to work with affected companies to improve security and restore service, and share information with other security-related organizations to prevent future breaches. Another federal agency is also looking into it, with a more punitive mindset. "The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter," FBI Special Agent Darrell Foxworth told Kotaku. "We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity."
FBI raids University of Michigan apartment over possible WoW fraud
A University of Michigan student apartment became the focus of a recent investigation by the FBI, which conducted a raid on March 30th over "potentially fraudulent sales or purchases of virtual currency that people use to advance in the popular online role-playing game World of Warcraft." While the FBI did not make any arrests, it did confiscate several items, including computers, video game equipment, and credit cards. The Bureau is checking out whether one or both of the students were involved in a fraudulent scheme to buy or sell virtual gold, and the agency is looking for online transaction records with various online banks and websites. The two students who share the apartment claim that they do not play WoW and are confident that they are innocent. One of the unnamed students commented: "They thought we were involved in some kind of fraud. I'm pretty sure they have the wrong people, but they took all my stuff."
Two arrested for iPad security breach
Two arrests have been made connected to the security breach that exposed thousands of iPad users' email addresses and other info last year. Daniel Spitler and Andrew Auernheimer (yeah, that guy again) have been taken into custody and charged with conspiracy to access a computer without authorization and fraud, for allegedly using a custom script (built by Spitler) called iPad 3G Account Slurper to access AT&T's servers, mimic an iPad 3G, and try out random ICC identifiers. Once a valid ICC was found, one could harvest the user's name and email address. Of course, the hackers maintain that this was all done to force AT&T to close a major security flaw, and we'll be interested to see what exactly the company does to make things right.
FBI charges 23-year old Russian in Mega-D spambot investigation
If you recall, last year it was revealed that up to 35 percent of the world's spam could spring from one source: a bot known as Mega-D. According to FBI files acquired by The Smoking Gun, the bot infected over half a million computers and could sent ten billion pieces of spam per day. According to the files, an ongoing investigation targets a 23-year old Russian man named Oleg Nikolaenko, who is suspected of violating the anti-spam law. Two people have previously been charged with felony conspiracy for the spam assault -- which sold fake Rolexes and herbal stimulants -- both of whom seemingly pointed the finger at Nikolaenko as the actual transmitter. The Mega-D bot was shut down last year by FireEye network security after identifying it as a mega-source of spam. While it's back up and running today, it is only a shadow of its former self. Nikolaenko appeared in federal court in Wisconsin on Friday, was formally charged and entered a 'not guilty' plea. [Image credit: M86 Security Labs]
