Iphone

iPhone X Purchase Leads To Police, Battering Ram, and Handcuffs (cbslocal.com) 204

An anonymous reader quotes CBS SFBayArea: On one recent morning, Rick Garcia and his wife Shannon Knuth woke up to a posse of San Francisco police officers at their front door. "I peered through the peephole and I saw a police officer and a battering ram," Garcia said. "We heard 'SFPD' and 'warrant,' and I was like 'what's going on?'" Knuth remembers. It felt like a nightmare yet it was real. Garcia says that within seconds he was dragged into the hallway of his apartment complex, handcuffed, then whisked away to the Taraval Station.... Meanwhile Knuth, who had just got out of the shower, was ordered to sit on the couch... After rifling through the apartment Knuth says the officers finally told her what they were looking for: Her husband's iPhone X.

According to the warrant, it was stolen but Knuth showed them the receipt which proved her husband bought it. Once the officers realized their mistake they called the police station and a squad car brought Garcia home. "They gathered their pry bar and their battering ram and they left," he said. So how could a mistake like that happen? It's still unclear but it turns out Garcia and Knuth bought the iPhone at an Apple store at Stonestown Galleria just a few weeks after 300 iPhone Xs were stolen from a UPS truck in the mall parking lot.

One former police chief says the way it was handled "kind of boggles the mind...

"This was clearly an incident that should have just been a knock and talk, a couple detectives come to the door, knock on the door and they would have gathered the same info that they gathered after they put him in handcuffs and hauled him off to jail."
United States

Apple and Google Are Rerouting Their Employee Buses as Attacks Resume (mashable.com) 213

Slashdot reader sqorbit writes: Apple runs shuttle buses for it's employees in San Francisco. It seems someone who is not happy with Apple has decided to take out their anger on these buses. In an email obtained by Mashable, Apple states "Due to recent incidents of broken windows along the commute route, specifically on highway 280, we're re-routing coaches for the time being. This change in routes could mean an additional 30-45 minutes of commute time in each direction for some riders." It has been reported that at least four buses have had windows broken, some speculating that it might caused by rubber bullets.
"Around four years ago, people started attacking the shuttle buses that took Google employees to and from work, as a way of protesting the tech-company-driven gentrification taking place around San Francisco," remembers Fortune, adding "it seems to be happening again."

At least one Google bus was also attacked, according to the San Francisco Chronicle, which adds that the buses "were not marked with company logos, and the perpetrators are suspected of broadly targeting technology shuttle buses rather than a specific company."
Businesses

China's Smartphone Maker OnePlus Says Up To 40,000 Customers Were Affected by Credit Card Security Breach (theverge.com) 8

sqorbit writes: OnePlus, a manufacturer of an inexpensive smartphone meant to compete with the iPhone, states that data from 40,000 customers credit card information was stolen while purchasing phones from its website. Even as the company has just confirmed the breach, it says the the script stealing information had been running since November. It is not clear whether this was a remote attack or the attack happened from within the company. Credit purchases on the OnePlus site have been suspended and will remain that way while an investigation takes place. [...] Earlier this week, OnePlus had temporarily shut down credit card payments on its website following reports that customers' payment details were stolen after they bought goods through its online store. The company says it's disabling credit card payments "as a precaution," but will still be accepting purchases through PayPal. The investigation began after a poll posted by users on OnePlus' forums found that many customers had experienced the same problem.
Businesses

Instant Messaging Company Snap Threatens Jail Time for Leakers (cheddar.com) 92

An anonymous reader shares a report: Snap has a simple message to its employees: leak information and you could be sued or even jailed. The chief lawyer and general counsel of Snapchat's parent company, Michael O'Sullivan, sent a threatening memo to all employees last week just before The Daily Beast published an explosive story with confidential user metrics about how certain Snapchat features are used. "We have a zero-tolerance policy for those who leak Snap Inc. confidential information," O'Sullivan said in the memo, a copy of which was obtained by Cheddar. "This applies to outright leaks and any informal 'off the record' conversations with reporters, as well as any confidential information you let slip to people who are not authorized to know that information."
Bitcoin

Bitcoin's Fluctuations Are Too Much For Even Ransomware Cybercriminals (theguardian.com) 81

Bitcoin's price swings are so huge that even ransomware developers are dialling back their reliance on the currency, according to researchers at cybersecurity firm Proofpoint. From a report: Over the last quarter of 2017, researchers saw a fall of 73% in payment demands denominated in bitcoin. When demanding money to unlock a victim's data, cybercriminals are now more likely to simply ask for a figure in US dollars, or a local currency, than specify a sum of bitcoin. Just like conventional salespeople, ransomware developers pay careful attention to the prices they charge. Some criminals offer discounts depending on the region the victim is in, offering cheaper unlocking to residents of developing nations, while others use an escalating price to encourage users to pay quickly and without overthinking things. But a rapidly oscillating bitcoin price plays havoc with those goals, Proofpoint says.
Crime

Software 'No More Accurate Than Untrained Humans' At Predicting Recidivism (theguardian.com) 162

An anonymous reader quotes a report from The Guardian: The credibility of a computer program used for bail and sentencing decisions has been called into question after it was found to be no more accurate at predicting the risk of reoffending than people with no criminal justice experience provided with only the defendant's age, sex and criminal history. The algorithm, called Compas (Correctional Offender Management Profiling for Alternative Sanctions), is used throughout the U.S. to weigh up whether defendants awaiting trial or sentencing are at too much risk of reoffending to be released on bail. Since being developed in 1998, the tool is reported to have been used to assess more than one million defendants. But a new paper has cast doubt on whether the software's predictions are sufficiently accurate to justify its use in potentially life-changing decisions.

The academics used a database of more than 7,000 pretrial defendants from Broward County, Florida, which included individual demographic information, age, sex, criminal history and arrest record in the two year period following the Compas scoring. The online workers were given short descriptions that included a defendant's sex, age, and previous criminal history and asked whether they thought they would reoffend. Using far less information than Compas (seven variables versus 137), when the results were pooled the humans were accurate in 67% of cases, compared to the 65% accuracy of Compas. In a second analysis, the paper found that Compas's accuracy at predicting recidivism could also be matched using a simple calculation involving only an offender's age and the number of prior convictions.

Crime

Facebook Is a 'Living, Breathing Crime Scene,' Says Former Tech Insider (nbcnews.com) 143

An anonymous reader quotes a report from NBC News: With more than 2 billion users, Facebook's reach now rivals that of Christianity and exceeds that of Islam. However, the network's laser focus on profits and user growth has come at the expense of its users, according to one former Facebook manager who is now speaking out against the social platform. "One of the things that I saw consistently as part of my job was the company just continuously prioritized user growth and making money over protecting users," the ex-manager, Sandy Parakilas, who worked at Facebook for 16 months, starting in 2011, told NBC News. During his tenure at Facebook, Parakilas led third-party advertising, privacy and policy compliance on Facebook's app platform. "Facebook is a living, breathing crime scene for what happened in the 2016 election -- and only they have full access to what happened," said Tristan Harris, a former design ethicist at Google. His work centers on how technology can ethically steer the thoughts and actions of the masses on social media and he's been called "the closest thing Silicon Valley has to a conscience" by The Atlantic magazine.

In response to the comments, Facebook issued a statement saying it is a "vastly different company" from when it was founded. "We are taking many steps to protect and improve people's experience on the platform," the statement said. "In the past year, we've worked to destroy the business model for false news and reduce its spread, stop bad actors from meddling in elections, and bring a new level of transparency to advertising. Last week, we started prioritizing meaningful posts from friends and family in News Feed to help bring people closer together. We have more work to do and we're heads down on getting it done."

The Almighty Buck

OnePlus Customers Report Credit Card Fraud After Buying From the Company's Website (androidpolice.com) 62

If you purchased a OnePlus smartphone recently from the official OnePlus website, you might want to check your transactions to make sure there aren't any you don't recognize. "A poll was posted on the OnePlus forum on Thursday asking users if they had noticed fraudulent charges on their credit cards since purchasing items on the OnePlus site," reports Android Police. "More than 70 respondents confirmed that they had been affected, with the majority saying they had bought from the site within the past 2 months." From the report: A number of FAQs and answers follow, in which OnePlus confirms that only customers who made credit card payments are affected, not those who used PayPal. Apparently, card info isn't stored on the site but is instead sent directly to a "PCI-DSS-compliant payment processing partner" over an encrypted connection. [...] OnePlus goes on to say that intercepting information should be extremely difficult as the site is HTTPS encrypted, but that it is nevertheless carrying out a complete audit. In the meantime, affected customers are advised to contact their credit card companies immediately to get the payments canceled/reversed (called a chargeback). OnePlus will continue to investigate alongside its third-party service providers, and promises to update with its findings as soon as possible.

According to infosec firm Fidus, there is actually a brief window in which data could be intercepted. Between entering your card details into the form and hitting 'submit,' the details are apparently hosted on-site, which could give attackers all the time they need to steal those precious digits and head off on a spending spree. Fidus also notes that the company doesn't appear to be PCI-compliant, but that directly contradicts OnePlus' own statement. We'll have to wait until more details emerge before we pass judgment.
Here's OnePlus' official statement on the matter: "At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated. This FAQ document will be updated to address questions raised."
Cellphones

Text Message Scammer Gets Five Years in Prison (reuters.com) 69

36-year-old Fraser Thompson is going to prison, according to Reuters, after receiving a five-year sentence for "defrauding" cellphone customers out of millions of dollars. An anonymous reader quotes Reuters: Prosecutors said Thompson engaged in a scheme to sign up hundreds of thousands of cellphone customers for paid text messaging services without their consent. The customers were subsequently forced to pay more than $100 million for unsolicited text messages that included trivia, horoscopes and celebrity gossip, according to the prosecutors. They said the scheme was headed by Darcy Wedd, Mobile Messenger's former chief executive, who was found guilty by a jury in December but has not yet been sentenced. "They ripped off everyday cellphone users, $10 a month, netting over $100 million in illegal profits, of which Thompson personally received over $1.5 million," Manhattan U.S. Attorney Geoffrey S. Berman said in a statement.
Thompson was ordered to forfeit $1.5 million in "fraud proceeds," according to the article, and was convicted of conspiracy, wire fraud, identity theft and money laundering.

Seven other people also pleaded guilty to participating in the scam -- and one has already been sentenced to 33 months in prison.
Crime

Kansas 'Swat' Perpetrator Charged; Faces 11 More Years in Prison (latimes.com) 424

Jail time looms for 25-year-old Tyler Barriss, whose fake call to Kansas police led to a fatal shooting:
  • Barriss was charged with involuntary manslaughter, and if convicted "could face up to 11 years and three months in prison." He was also charged with making a false alarm, which is considered a felony. The District Attorney adds that others have also been identified as "potential suspects" in the case, but they're still deciding whether to charge them.
  • Friday Barriss gave his first interview to a local news outlet -- from jail. "Of course, you know, I feel a little of remorse for what happened," he tells KWCH. "I never intended for anyone to get shot and killed. I don't think during any attempted swatting anyone's intentions are for someone to get shot and killed..."

    Asked about the call, Barriss acknowledged that "It hasn't just affected my life, it's affected someone's family too. Someone lost their life. I understand the magnitude of what happened. It's not just affecting me because I'm sitting in jail. I know who it has affected. I understand all of that."
  • Barriss has also been charged in Calgary with public mischief, fraud and mischief for another false phone call, police said, though it's unlikely he'll ever be arrested unless he enters the country. Just six days before the fatal shooting, Barriss had made a nearly identical call to police officers in Canada, this time supplying the address of a well-known video gamer who livestreams on Twitch, and according to one eyewitness more than 20 police cars surrounded her apartment building for at least half an hour.

Crime

Apple Health Data Is Being Used As Evidence In a Rape and Murder Investigation (vice.com) 185

An anonymous reader quotes a report from Motherboard: Hussein K., an Afghan refugee in Freiburg, has been on trial since September for allegedly raping and murdering a student in Freiburg, and disposing of her body in a river. But many of the details of the trial have been hazy -- no one can agree on his real age, and most notably, there's a mysterious chunk of time missing from the geodata and surveillance video analysis of his whereabouts at the time of the crime. He refused to give authorities the passcode to his iPhone, but investigators hired a Munich company (which one is not publicly known) to gain access to his device, according to German news outlet Welt. They searched through Apple's Health app, which was added to all iPhones with the release of iOS 8 in 2014, and were able to gain more data about what he was doing that day. The app records how many steps he took and what kind of activity he was doing throughout that day. The app recorded a portion of his activity as "climbing stairs," which authorities were able to correlate with the time he would have dragged his victim down the river embankment, and then climbed back up. Freiburg police sent an investigator to the scene to replicate his movements, and sure enough, his Health app activity correlated with what was recorded on the defendant's phone.
Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org) 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.
Crime

Apple Investigated By France For 'Planned Obsolescence' (bbc.com) 313

AmiMoJo shares a report from the BBC: French prosecutors have launched a probe over allegations of "planned obsolescence" in Apple's iPhone. Under French law it is a crime to intentionally shorten the lifespan of a product with the aim of making customers replace it. In December, Apple admitted that older iPhone models were deliberately slowed down through software updates. It follows a legal complaint filed in December by pro-consumer group Stop Planned Obsolescence (Hop). Hop said France was the third country to investigate Apple after Israel and the U.S., but the only one in which the alleged offense was a crime. Penalties could include up to 5% of annual turnover or even a jail term.
Crime

Kansas 'Swat' Perpetrator Had Already Been To Prison For Fake Bomb Threats (go.com) 315

More details are emerging about an online gamer whose fake call to Kansas police led to a fatal shooting:
  • "After phoning in a false bomb threat to a Glendale, California TV station in 2015, Tyler Barriss threatened to kill his grandmother if she reported him, according to local reports and court documents." -- The Wichita Eagle
  • "The Glendale Police Department confirmed to ABC News that Tyler Barriss made about 20 calls to universities and media outlets throughout the country around the time he was arrested for a bomb threat to Los Angeles ABC station KABC in 2015... He was sentenced to two years and eight months in jail, court records show." -- ABC News
  • "Within months of his release in August, he had already become the target of a Los Angeles Police Department investigation into similar hoax calls... LAPD detectives were planning to meet with federal prosecutors to discuss their investigation..." -- The Los Angeles Times
  • The Wichita Eagle reports that even after the police had fatally shot the person SWauTistic was pretending to be, he continued his phone call with the 911 operator for another 16 minutes -- on a call which lasted over half an hour.
  • Brian Krebs reports that police may have been aided in their investigation by another reformed SWAT perpetrator -- adding that SWauTistic privately claimed to have already called in fake emergencies at approximately 100 schools and 10 homes.

Just last month SWauTistic's Twitter account showed him bragging about a bomb threat which caused the evacuation of a Dallas convention center, according to the Daily Beast -- after which SWauTistic encouraged his Twitter followers to also follow him on a second account, "just in case twitter suspends me for being a god." Later the 25-year-old tweeted that "if you can't pull off a swat without getting busted you're not a leet hacking God its that simple."

Barriss remains in jail in Los Angeles with no bond, though within three weeks he's expected to be extradited to Kansas for his next trial.


Medicine

Some Hopeful Predictions for 2018 (nbcnews.com) 75

NBC asked 15 "top science and tech leaders" for their predictions for 2018. Despite arguments that technology has "created a monster," one anonymous reader sees their answers as a reason for hope: NBC notes the detection of gravitational waves in 2017 (predicted almost a century ago by Einstein) and the creation of genetically modified human embryos. And a professor of molecular medicine at The Scripps Research Institute points out that in 2018, more than 10 different medical conditions are now also moving forward in gene-editing clinical trials, including rare eye diseases, hemophilia, and sickle cell anemia. He predicts that in 2018, deep machine learning "will start to take hold in the clinic, first in ways to improve diagnostic accuracy and efficiency of doctors' workflow."

Former ICANN head Esther Dyson predicts we'll also begin using big data not only to reduce healthcare costs, but also social problems like unemployment, depression, and crime. "With big data, and more data available through everything from health records and fitness apps to public data such as high school graduation rates and population demographics, we are increasingly able to compare what happens with what would have happened without a particular intervention...with luck, some communities will lead by example, and policy-makers will take note."

The head of the atmospheric science program at the University of Georgia notes that already, "We now have technology in place to provide significant lead time for landfalling hurricanes, potentially tornadic storms, and multi-day flood events." And Dr. Seth Shostak, the senior astronomer at the SETI Institute, predicts that in 2018 "it's possible that a replacement for Pluto will be found," while an astrophysicist at the American Museum of Natural History adds that in 2018 the European Space Agency's Gaia Mission will determine "distances to over a billion stars and velocities for several million," creating "an exquisitely detailed 3D map of our home galaxy."

IT

Ask Slashdot: Has Technology Created A Monster? (codinghorror.com) 244

Stack Overflow co-founder Jeff Atwood posted a worried blog post on New Year's Eve. Remember in 2011 when Marc Andreeseen said that "Software is eating the world?" That used to sound all hip and cool and inspirational, like "Wow! We software developers really are making a difference in the world!" and now for the life of me I can't read it as anything other than an ominous warning that we just weren't smart enough to translate properly at the time... What do you do when you wake up one day and software has kind of eaten the world, and it is no longer clear if software is in fact an unambiguously good thing, like we thought, like everyone told us... like we wanted it to be?
Slashdot reader theodp adds: "The year 2018 is the 200th anniversary of Mary Shelley's Frankenstein," provocatively notes Dr. Ainissa Ramirez, "in which a scientist neglects to ask about the consequences of his creation. I suspect (and hope) that there will be much debate on the impact of technology on our lives in the numerous lectures and events scheduled this year. It is a long-overdue discussion because scientists sometimes get so excited about their innovations that they forget to ask, 'Am I building a monster?' This anniversary offers a pause to see if society likes where it is headed."
That quote is from a "predictions for 2018" article on the Mach technology site (hosted by NBC News) in which Dr. Moshe Y. Vardi, a Professor of Computer Science at Rice University, also sees a looming debate. He remembers how Wall Street Journal columnist Peggy Noonan referred to tech's CEO's as "our country's real overlords" and described them as "moral Martians who operate on some weird new postmodern ethical wavelength."

Keep reading for some even more dire predictions...
Crime

Kansas Swatting Perpetrator 'SWauTistic' Interviewed on Twitter (krebsonsecurity.com) 434

"That kids house that I swatted is on the news," tweeted "SWauTistic" -- before he realized he'd gotten somebody killed. Security researcher Brian Krebs reveals what happened next. When it became apparent that a man had been killed as a result of the swatting, Swautistic tweeted that he didn't get anyone killed because he didn't pull the trigger. Swautistic soon changed his Twitter handle to @GoredTutor36, but KrebsOnSecurity managed to obtain several weeks' worth of tweets from Swautistic before his account was renamed. Those tweets indicate that Swautistic is a serial swatter -- meaning he has claimed responsibility for a number of other recent false reports to the police. Among the recent hoaxes he's taken credit for include a false report of a bomb threat at the U.S. Federal Communications Commission (FCC) that disrupted a high-profile public meeting on the net neutrality debate. Swautistic also has claimed responsibility for a hoax bomb threat that forced the evacuation of the Dallas Convention Center, and another bomb threat at a high school in Panama City, Fla, among others.

After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests."

Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats."

But he also argues that filing a false police report should be reclassified as a felony in all states.
Crime

Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails (newsweek.com) 321

An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office.

"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."

Crime

Louisana Police Bust an Infamous Nigerian Email Spam Scammer (hothardware.com) 66

MojoKid writes: You have probably at some point been contacted via email spam by someone claiming you are the beneficiary in a will of a Nigerian prince. As the scam goes, all you have to do is submit your personal information and Western Union some funds to process the necessary paperwork, and in return you will receive millions of dollars. One of the people behind the popular scam, Michael Neu, has been arrested by police in Slidell, Louisiana.

This may come as a shocker, but Neu is not a prince, nor is he Nigerian. He is a 67-year-old male possibly of German descent (based on his last name) who is facing 269 counts of wire fraud and money laundering for his alleged role as a middle man in the scheme. According to Slidell police, some of the money obtained by Neu was wired to co-conspirators who do actually live in Nigera.

Crime

Call of Duty Gaming Community Points To 'Swatting' In Wichita Police Shooting (dailydot.com) 681

schwit1 shares a report from The Daily Dot: A man was killed by police Thursday night in Wichita, Kansas, when officers responded to a false report of a hostage situation. The online gaming community is saying the dead man was the victim of a swatting prank, where trolls call in a fake emergency and force SWAT teams to descend on a target's house. If that's true, this would be the first reported swatting-related death. Wichita deputy police chief Troy Livingston told the Wichita Eagle that police were responding to a report that a man fighting with his parents had accidentally shot his dad in the head and was holding his mom, brother and sister hostage. When police arrived, "A male came to the front door," Livingston told the Eagle. "As he came to the front door, one of our officers discharged his weapon." The man at the door was identified by the Eagle as 28-year-old Andrew Finch. Finch's mother told reporters "he was not a gamer," but the online Call of Duty community claims his death was the result of a gamer feud which Finch may not have even been a part of.
UPDATE: The New York Daily News reports police in Los Angeles have now arrested 25-year-old gamer Tyler Barriss, who the paper describes as "an alleged serial 'prankster'..."

"Barriss gave cops Finch's address, mistakenly believing it belonged to a person he had feuded with over a $1 or $2 Call of Duty wager."

Slashdot Top Deals