Tag Archives: hacker

Hacker checks open government data: Do police officers have quotas for traffic tickets?


Hacker checks open government data: Do police officers have quotas for traffic tickets?

John Koetsier

We’ve likely all wondered, sometimes sourly as the officer is writing us up for yet another speeding violation, whether police officers have quotas for how many traffic tickets they issue. After all, tickets are revenue, and local governments are often cash-strapped.

“Big data” to the rescue.

Now that at least some cities have open public data, anyone with a little programming skill, the inclination to use it, and the burning desire to know, can check. For instance, if the distribution of when tickets are issued is heavy at the end of the month, that could be a sign of quotas that need to be filled.

That’s exactly what Robert Picard, a university student and intern at alternative search engine DuckDuckGo, did, grabbing a public dataset of tickets issued from 2009 to 2011 in Baltimore. I talked to him this afternoon.

“The original dataset is about two million tickets,” he told me. “I live in Jacksonville, but used data from Baltimore because it was the only place I found any.”

After removing traffic camera tickets (which wouldn’t be affected by quotas, theoretically) as well as correcting for more frequent dates and the fact that only eight months have 31 days, Picard graphed the remaining tickets in a normalized view. The normalized view shows positive (above the line) when more tickets are issued than an expected average, and negative (below the line) when fewer tickets are issued than expected.
Source: Robert Picard

Above the line is more tickets issued than a straight average, below the line is fewer tickets issued.

The data certainly shows a lumpiness. It doesn’t show an average number of tickets issued on each day or in each week. In fact, the date shows more tickets issued near the end of the month — and the beginning of the month.

A possible explanation:

Departments have quotas, and officers do rush to fill it, and that enthusiasm or emphasis carries over into the first week or so of the next month, at which point officers forget about tickets for a while until they are reminded again in the last week of the month.

That’s conceivable, Picard told me, but it’s just one hypothesis. Based on the data alone, he couldn’t really say with certainty why more tickets were being issued on those dates.

Ultimately, I guess, big data can’t answer all questions, and a full explanation has to go beyond the data to the rationale behind behavior.
Read more at SOURCE

FBI ‘Stingray’ Phone Tracker Stokes Constitutional Crisis

By JENNIFER VALENTINO-DEVRIES

For more than a year, federal authorities pursued a man they called simply “the Hacker.” Only after using a little known cellphone-tracking device—a stingray—were they able to zero in on a California home and make the arrest.

Stingrays are designed to locate a mobile phone even when it’s not being used to make a call. The Federal Bureau of Investigation considers the devices to be so critical that it has a policy of deleting the data gathered in their use, mainly to keep suspects in the dark about their capabilities, an FBI official told The Wall Street Journal in response to inquiries.

A stingray’s role in nabbing the alleged “Hacker”—Daniel David Rigmaiden—is shaping up as a possible test of the legal standards for using these devices in investigations. The FBI says it obtains appropriate court approval to use the device.

Stingrays are one of several new technologies used by law enforcement to track people’s locations, often without a search warrant. These techniques are driving a constitutional debate about whether the Fourth Amendment, which prohibits unreasonable searches and seizures, but which was written before the digital age, is keeping pace with the times.

On Nov. 8, the Supreme Court will hear arguments over whether or not police need a warrant before secretly installing a GPS device on a suspect’s car and tracking him for an extended period. In both the Senate and House, new bills would require a warrant before tracking a cellphone’s location.

And on Thursday in U.S. District Court of Arizona, Judge David G. Campbell is set to hear a request by Mr. Rigmaiden, who is facing fraud charges, to have information about the government’s secret techniques disclosed to him so he can use it in his defense. Mr. Rigmaiden maintains his innocence and says that using stingrays to locate devices in homes without a valid warrant “disregards the United States Constitution” and is illegal.

His argument has caught the judge’s attention. In a February hearing, according to a transcript, Judge Campbell asked the prosecutor, “Were there warrants obtained in connection with the use of this device?”

The prosecutor, Frederick A. Battista, said the government obtained a “court order that satisfied [the] language” in the federal law on warrants. The judge then asked how an order or warrant could have been obtained without telling the judge what technology was being used. Mr. Battista said: “It was a standard practice, your honor.”

Judge Campbell responded that it “can be litigated whether those orders were appropriate.”

On Thursday the government will argue it should be able to withhold details about the tool used to locate Mr. Rigmaiden, according to documents filed by the prosecution. In a statement to the Journal, Sherry Sabol, Chief of the Science & Technology Office for the FBI’s Office of General Counsel, says that information about stingrays and related technology is “considered Law Enforcement Sensitive, since its public release could harm law enforcement efforts by compromising future use of the equipment.”

The prosecutor, Mr. Battista, told the judge that the government worries that disclosure would make the gear “subject to being defeated or avoided or detected.”

A stingray works by mimicking a cellphone tower, getting a phone to connect to it and measuring signals from the phone. It lets the stingray operator “ping,” or send a signal to, a phone and locate it as long as it is powered on, according to documents reviewed by the Journal. The device has various uses, including helping police locate suspects and aiding search-and-rescue teams in finding people lost in remote areas or buried in rubble after an accident.

The government says “stingray” is a generic term. In Mr. Rigmaiden’s case it remains unclear which device or devices were actually used.

The best known stingray maker is Florida-based defense contractor Harris Corp. A spokesman for Harris declined to comment.

Harris holds trademarks registered between 2002 and 2008 on several devices, including the StingRay, StingRay II, AmberJack, KingFish, TriggerFish and LoggerHead. Similar devices are available from other manufacturers. According to a Harris document, its devices are sold only to law-enforcement and government agencies.

Some of the gadgets look surprisingly old-fashioned, with a smattering of switches and lights scattered across a panel roughly the size of a shoebox, according to photos of a Harris-made StingRay reviewed by the Journal. The devices can be carried by hand or mounted in cars, allowing investigators to move around quickly.

A rare public reference to this type of technology appeared this summer in the television crime drama “The Closer.” In the episode, law-enforcement officers use a gadget they called a “catfish” to track cellphones without a court order.

The U.S. armed forces also use stingrays or similar devices, according to public contract notices. Local law enforcement in Minnesota, Arizona, Miami and Durham, N.C., also either possess the devices or have considered buying them, according to interviews and published requests for funding.

The sheriff’s department in Maricopa County, Ariz., uses the equipment “about on a monthly basis,” says Sgt. Jesse Spurgin. “This is for location only. We can’t listen in on conversations,” he says.

Sgt. Spurgin says officers often obtain court orders, but not necessarily search warrants, when using the device. To obtain a search warrant from a court, officers as a rule need to show “probable cause,” which is generally defined as a reasonable belief, based on factual evidence, that a crime was committed. Lesser standards apply to other court orders.

A spokeswoman with the Bureau of Criminal Apprehension in Minnesota says officers don’t need to seek search warrants in that state to use a mobile tracking device because it “does not intercept communication, so no wiretap laws would apply.”

FBI and Department of Justice officials have also said that investigators don’t need search warrants. Associate Deputy Attorney General James A. Baker and FBI General Counsel Valerie E. Caproni both said at a panel at the Brookings Institution in May that devices like these fall into a category of tools called “pen registers,” which require a lesser order than a warrant. Pen registers gather signals from phones, such as phone numbers dialed, but don’t receive the content of the communications.

To get a pen-register order, investigators don’t have to show probable cause. The Supreme Court has ruled that use of a pen register doesn’t require a search warrant because it doesn’t involve interception of conversations.

But with cellphones, data sent includes location information, making the situation more complicated because some judges have found that location information is more intrusive than details about phone numbers dialed. Some courts have required a slightly higher standard for location information, but not a warrant, while others have held that a search warrant is necessary.

The prosecution in the Rigmaiden case says in court documents that the “decisions are made on a case-by-case basis” by magistrate and district judges. Court records in other cases indicate that decisions are mixed, and cases are only now moving through appellate courts.

The FBI advises agents to work with federal prosecutors locally to meet the requirements of their particular district or judge, the FBI’s Ms. Sabol says. She also says it is FBI policy to obtain a search warrant if the FBI believes the technology “may provide information on an individual while that person is in a location where he or she would have a reasonable expectation of privacy.”

Experts say lawmakers and the courts haven’t yet settled under what circumstances locating a person or device constitutes a search requiring a warrant. Tracking people when they are home is particularly sensitive because the Fourth Amendment specifies that people have a right to be secure against unreasonable searches in their “houses.”

The law is uncertain,” says Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Department of Justice. Mr. Kerr, who has argued that warrants should be required for some, but not all, types of location data, says that the legality “should depend on the technology.”

In the case of Mr. Rigmaiden, the government alleges that as early as 2005, he began filing fraudulent tax returns online. Overall, investigators say, Mr. Rigmaiden electronically filed more than 1,900 fraudulent tax returns as part of a $4 million plot.

Federal investigators say they pursued Mr. Rigmaiden “through a virtual labyrinth of twists and turns.” Eventually, they say they linked Mr. Rigmaiden to use of a mobile-broadband card, a device that lets a computer connect to the Internet through a cellphone network.

Investigators obtained court orders to track the broadband card. Both orders remain sealed, but portions of them have been quoted by the defense and the prosecution.

These two documents are central to the clash in the Arizona courtroom. One authorizes a “pen register” and clearly isn’t a search warrant. The other document is more complex. The prosecution says it is a type of search warrant and that a finding of probable cause was made.

But the defense argues that it can’t be a proper search warrant, because among other things it allowed investigators to delete all the tracking data collected, rather than reporting back to the judge.

Legal experts who spoke with the Journal say it is difficult to evaluate the order, since it remains sealed. In general, for purposes of the Fourth Amendment, the finding of probable cause is most important in determining whether a search is reasonable because that requirement is specified in the Constitution itself, rather than in legal statutes, says Mr. Kerr.

But it is “odd” for a search warrant to allow deletion of evidence before a case goes to trial, says Paul Ohm, a professor at the University of Colorado Law School and a former computer-crime attorney at the Department of Justice. The law governing search warrants specifies how the warrants are to be executed and generally requires information to be returned to the judge.

Even if the court finds the government’s actions acceptable under the Fourth Amendment, deleting the data is “still something we might not want the FBI doing,” Mr. Ohm says.

The government says the data from the use of the stingray has been deleted and isn’t available to the defendant. In a statement, the FBI told the Journal that “our policy since the 1990s has been to purge or ‘expunge’ all information obtained during a location operation” when using stingray-type gear.

As a general matter, Ms. Sabol says, court orders related to stingray technology “will include a directive to expunge information at the end of the location operation.”

Ms. Sabol says the FBI follows this policy because its intent isn’t to use the data as evidence in court, but rather to simply find the “general location of their subject” in order to start collecting other information that can be used to justify a physical search of the premises.

In the Rigmaiden example, investigators used the stingray to narrow down the location of the broadband card. Then they went to the apartment complex’s office and learned that one resident had used a false ID and a fake tax return on the renter’s application, according to court documents.

Based on that evidence, they obtained a search warrant for the apartment. They found the broadband card connected to a computer.

Mr. Rigmaiden, who doesn’t confirm or deny ownership of the broadband card, is arguing he should be given information about the device and about other aspects of the mission that located him.

In the February hearing, Judge Campbell said he might need to weigh the government’s claim of privilege against the defendant’s Fourth Amendment rights, and asked the prosecution, “How can we litigate in this case whether this technology that was used in this case violates the Fourth Amendment without knowing precisely what it can do?”

Read more:SOURCE

The top 10 Chinese cyber attacks (that we know of)

The top 10 Chinese cyber attacks (that we know of)

Custom Search

Posted By Josh Rogin

With all about the chatter about China’s hacking of Google and Secretary of State Hillary Clinton’s drive to deliver “consequences” to bad actors in cyberspace, it’s worth noting that the problem of cyber attacks either promulgated or supported by the Chinese government is far from new.

In a previous life, your Cable guy broke a story that revealed senior military officials believe the Chinese government is supporting hackers that attack “anything and everything” in the U.S. national security infrastructure on a constant basis. And while it’s difficult to prove guilt, the scale, organization, and intent of the attacks leads experts and officials alike to one sponsor: the Chinese government.

The Defense Department has said that the Chinese government, in addition to employing thousands of its own hackers, manages massive teams of experts from academia and industry in “cyber militias” that act in Chinese national interests with unclear amounts of support and direction from China’s People’s Liberation Army (PLA).

According to SANS Institute research director Alan Paller, “The problem is 1,000 times worse than what we see.” But the tip of the iceberg is still large. Here are some of the most damaging attacks on the U.S. government that have been attributed to Chinese government sponsorship or endorsement over the past few years:

1) Titan Rain

In 2004, an analyst named Shawn Carpenter at Sandia National Laboratories traced the origins of a massive cyber espionage ring back to a team of government sponsored researchers in Guangdong Province in China. The hackers, code named by the FBI “Titan Rain,” stole massive amounts of information from military labs, NASA, the World Bank, and others. Rather than being rewarded, Carpenter was fired and investigated after revealing his findings to the FBI, because hacking foreign computers is illegal under U.S. law. He later sued and was awarded more than $3 million. The FBI renamed Titan Rain and classified the new name. The group is still assumed to be operating.

2) State Department’s East Asia Bureau

In July 2006, the State Department admitted it had become a victim of cyber hacking after an official in “East Asia” accidentally opened an email he shouldn’t have. The attackers worked their way around the system, breaking into computers at U.S. embassies all over the region and then eventually penetrating systems in Washington as well.

3) Offices of Rep. Frank Wolf

Wolf has been one of the most outspoken lawmakers on Chinese human rights issues, so it was of little surprise when he announced that in August 2006 that his office computers had been compromised and that he suspected the Chinese government. Wolf also reported that similar attacks had compromised the systems of several other congressmen and the office of the House Foreign Affairs Committee.

4) Commerce Department

The Commerce Department’s Bureau of Industry and Security had to throw away all of its computers in October 2006, paralyzing the bureau for more than a month due to targeted attacks originating from China. BIS is where export licenses for technology items to countries like China are issued.

5) Naval War College

In December 2006, the Naval War College in Rhode Island had to take all of its computer systems offline for weeks following a major cyber attack. One professor at the school told his students that the Chinese had brought down the system. The Naval War College is where much military strategy against China is developed.

6) Commerce Secretary Carlos Gutierrez and the 2003 blackout?

A National Journal article revealed that spying software meant to clandestinely steal personal data was found on the devices of then Commerce Secretary Carlos Gutierrez and several other officials following a trade mission to China in December 2007. That same article reported that intelligence officials traced the causes of the massive 2003 northeast blackout back to the PLA, but some analysts question the connection.

7) McCain and Obama presidential campaigns

That’s right, both the campaigns of then Senators Barack Obama and John McCain were completely invaded by cyber spies in August 2008. The Secret Service forced all campaign senior staff to replace their Blackberries and laptops. The hackers were looking for policy data as a way to predict the positions of the future winner. Senior campaign staffers have acknowledged that the Chinese government contacted one campaign and referred to information that could only have been gained from the theft.

8) Office of Sen. Bill Nelson, D-FL

At a March 2009 hearing, Nelson revealed that his office computers had been hacked three separate times and his aide confirmed that the attacks had been traced back to China. The targets of the attacks were Nelson’s foreign-policy aide, his legislative director, and a former NASA advisor.

9) Ghostnet

In March, 2009, researchers inToronto concluded a 10-month investigation that revealed a massive cyber espionage ring they called Ghostnet that had penetrated more than 1,200 systems in 103 countries. The victims were foreign embassies, NGOs, news media institutions, foreign affairs ministries, and international organizations. Almost all Tibet-related organizations had been compromised, including the offices of the Dalai Lama. The attacks used Chinese malware and came from Beijing.

10) Lockheed Martin’s F-35 program

In April, 2009, the Wall Street Journal reported that China was suspected of being behind a major theft of data from Lockheed Martin’s F-35 fighter program, the most advanced airplane ever designed. Multiple infiltrations of the F-35 program apparently went on for years.

SOURCE