Dr. Frank Kardasz (Ed.D)

NBC's "Perverted" Justice?

Axed "Dateline" producer slams popular "Predator" series as unethical

05/29/07 -  In a scathing broadside at NBC's popular "To Catch a Predator" series, a former producer charges that she was canned last year after complaining that the show violated "numerous journalistic ethical standards" and many of the network's own "policies and guidelines." In a breach of contract lawsuit, Marsha Bartel, 49, alleges that her 21-year career at NBC ended months after her August 2006 appointment as "sole producer" of "To Catch a Predator," which conducts sting operations targeting men seeking illicit liaisons with children they've met online.

According to her complaint, which was filed last week in U.S. District Court in Chicago, Bartel charges that many of the program's ethical lapses stem from its relationship with Perverted Justice, a shadowy vigilante group that the show uses to "troll for and lure targets into its sting." A copy of Bartel's lawsuit can be found below. According to Bartel, by paying Perverted Justice, NBC has given the group a "financial incentive to lie to trick targets of its sting." The identities of the group's 50-plus volunteers were kept secret from her, Bartel says, adding that Perverted Justice does not provide "complete transcripts from its trolling operations," so network officials "cannot independently verify the accuracy" of the group's transcripts.

In some instances, Bartel claims, sting targets are "led into additional acts of humiliation (such as being encouraged to remove their clothes) in order to enhance the comedic effect of the public exposure of these persons." She also charges that NBC has unethically covered up the fact that law enforcement officials have acted improperly while working in conjunction with the "To Catch a Predator" crew, such as "goofing off by waving rubber chickens in the faces of sting targets while forcing them to the ground and handcuffing them." Bartel says that when she "raised concerns" about controversial comments made by Perverted Justice's founder, David Corvo, executive producer of the newsmagazine "Dateline," responded, "We all know they're nuts."

Bartel, who signed a four-year contract in March 2006, contends that soon after reporting her concerns about "To Catch a Predator" to NBC management, she was terminated effective December 24, 2006. While NBC told her she was part of a "mass layoff precipitated by general business factors," Bartel alleges that she was canned in retaliation for insistence on "ethical and accurate reporting on the Predator series." NBC, she adds, was "more interested in sensationalizing and dramatizing the Predator series for profit than news reporting." Bartel is seeking at least $1 million in damages from NBC. In a statement, NBC said it has been "transparent about our reporting" on the Predator series, for which audience reaction has been "overwhelmingly positive. NBC News is proud of its reporting and we believe this lawsuit is without merit."

To read the lawsuit visit: http://www.thesmokinggun.com/archive/years/2007/0529071nbc1.html?link=rssfeed

Retrieved May 31, 2007 from http://www.thesmokinggun.com/archive/years/2007/0529071nbc1.html?link=rssfeed

Posted by Dr. Kardasz at 03:26 PM | Permalink

Inadequately protecting sensitive information can invite intruders.
By Alana Semuels, L.A. Times Staff Writer, 05/22/07

COMBING through the guts of the website for the Los Angeles County Community Development Commission, an information technology worker for the agency came across an intruder. Someone with an Internet provider address in Germany had broken in and looked at private information normally accessible only to commission employees.

The worker immediately shut the system down.

"The intruder was poking around and came in through the outside of our network," said Richard Peters, the agency's information technology manager. "They were probably looking for confidential data."

Small organizations often think they are less of a target for hacking than large companies. But small businesses are often targeted by hackers who know that their security procedures might not be as technologically advanced as those of a bigger business with more resources.

"It can happen to anyone who has or collects people's information," said Melanie Bedwell, information officer for the California Office of Privacy Protection. "You don't have to be a major corporation to have issues come up."

After shutting down its website, the commission launched a probe to see what was compromised. It determined that the hacker had not reached confidential information, such as the names, Social Security numbers and dates of birth of 4,800 public-housing residents.

A systems upgrade recommended by a security consultant in 2005, a year before the hacking incident, increased security just enough to foil the intruder, Peters said.

The security update had separated the servers, preventing the hacker from accessing the next level of the network, he said. The agency, which has 650 employees and a tech staff of 30, had learned an important lesson: "The most important thing is to have a security review by an outside auditor," Peters said.

The commission is one of many U.S. organizations whose security has been breached in the last year. Most businesses, however, have not emerged as unscathed as the agency.

Big organizations including Bank of America Corp., UCLA and TJX Cos., the parent of the T.J. Maxx and Marshalls clothing chains, have fallen victim to hackers in recent months, according to the Privacy Rights Clearinghouse. More than 150 million records containing sensitive personal information have been involved in security breaches nationwide since 2005.

Smart security practices are not just important to protect customers' information; they are required by California law, Bedwell said.

The state requires that any business that collects and stores personally identifiable information, which includes a combination of a name and another data set such as a Social Security number, address or driver's license number, put "reasonable" security practices into place, she said. This might include having the latest security software, such as anti-spyware and anti-virus products, and making sure the information is encrypted.

There are several steps companies should take to protect information from outside hackers and unauthorized employees, said Barry Mozian, president of Fountain Valley security company Talon Executive Services Inc.

Business owners should create passwords made up of words not in the dictionary and change them frequently, even if it is a hassle to do so, Mozian said.

They should also install anti-virus and anti-spam software and intrusion detection systems that alert companies to any changes to a network.

Many small businesses skip these steps because they think they won't be targeted, said Ira Winkler, author of the book "Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day" (Wiley, 2005). But information is often stolen in surprising ways — such as an employee or friend who "borrows" a company's client list and uses it to start a business.

Businesses of any size — including a lawn-mowing company that uses a computer sporadically and a healthcare provider that has thousands of private medical records online — can benefit from hiring an outside security consultant.

Vendors such as Santa Clara, Calif.-based McAfee Inc. can help provide security services around the clock to businesses that are too small to have their own technology security staff, said Lillian Wai, McAfee's senior product marketing manager for small businesses.

Even with the latest technology and protection from outside hackers, small businesses often fall victim to hacking from the inside. More than 70% of all acts of malfeasance that affect small businesses can be attributed to an internal problem, Talon's Mozian said. Small-business owners should restrict internal access to important information, he said, and do background checks before hiring any employee.

Carey Boyarsky learned this the hard way. The Modesto resident ran a beverage supply company called Classic Beverage Inc. Overburdened with work, he hired an extra employee who he hoped would one day become a business partner. The man, who used to sell Boyarsky paper products, took control of processing payments.

Boyarsky later suspected that the employee had been issuing checks to himself and his family, allegedly making false computer entries that the money went to a vendor while channeling the funds to his own bank account. Boyarsky was forced to declare bankruptcy and still has not recouped any of the $60,000 allegedly stolen from him.

Boyarsky says he should have paid closer attention to business matters and potential discrepancies between the computer entries and his checkbook.

"I should have personally overlooked things, but I was tired and I wanted some help," he said. "Besides, I trust people."

Good management plays a large role in preventing security breaches, said Stan Stahl, president of Citadel Information Group Inc. and the Los Angeles chapter of the Information Systems Security Assn. Often, company leaders don't know what security steps are needed and ignore system needs.

"Management must be proactive and work to change the culture so that people are aware," he said. This includes outlining procedures so that employees won't damage the system inadvertently. It also includes protecting the network from malicious insiders.

"We didn't use to have to lock our doors at night, and now we have to," Stahl said. "It's the same thing when it comes to protecting our sensitive information."

alana.semuels@latimes.com

Retrieved May 29,2007 from http://www.latimes.com/technology/la-fi-smallbiztech22may22,1,821195.story?coll=la-headlines-technology&ctrack=2&cset=true

Posted by Dr. Kardasz at 01:53 PM | Permalink

Released on personal bond, president of police union is accused of stealing from group and trust fund.

Iveory Perkins. The Detroit News. 05/24/07.

RIVER ROUGE -- The Police Department will investigate one of its own after charges were brought against an officer who is accused of stealing from the police union and a trust fund set up for the family of a deceased officer.

Cpl. Todd Taylor, 37, of Flat Rock, who is president of the police union, was charged with two counts of embezzlement and two counts of larceny by conversion for allegedly taking $750 from a union account. He is accused of trying to cover that action up by taking the same amount from the trust fund.

He faces up to one year in jail and/or a $1,000 fine for each misdemeanor count.

Taylor, who has served 12 years on the force, was suspended without pay.

Despite the charges, Police Chief Robert Alderman praised Taylor.

"He was a very good officer and a hard worker," Alderman said. "This was only a one-time thing and was an isolated incident."

"I am not sticking up for him, but I really can't say anything bad about him as a person."

Alderman said Taylor turned himself into the Michigan State Police on Monday after learning there was a warrant for his arrest. Taylor allegedly deposited a $750 check from the union into his personal account. When another officer noticed the money missing, Taylor allegedly transferred the same amount from a trust fund named for deceased officer Greg Lada, Alderman said.

Union representatives declined to comment on the matter because the case is under investigation.

Alderman said the department will conduct an internal investigation once the judicial process is complete.

The police chief said Taylor eventually paid back the money to the trust fund.

Taylor was released on a personal bond after being arraigned Tuesday in 26th District Court before Judge Raymond Charron. Charron recused himself from hearing the case, saying Taylor has appeared before him as an officer in other cases.

As of Wednesday, Taylor hadn't retained an attorney for his defense.

You can reach Iveory Perkins at (734) 462-2672 or iveory.perkins@detnews.com.

Retrieved May 29, 2007 from http://www.detnews.com/apps/pbcs.dll/article?AID=/20070524/METRO01/705240334

Posted by Dr. Kardasz at 04:09 AM | Permalink

Officer calls case retaliation for his refusal to help FBI investigate his doctor; job status hearing is today.

Paul Egan. The Detroit News. 05/27/07

A Flat Rock police officer was arraigned in federal court Tuesday on charges he illegally trafficked in prescription drugs and used a firearm in committing a drug offense.

David Wayne Dewitt, 37, said outside court he is innocent of the charges and alleged the FBI and the U.S. Attorney's Office are retaliating against him for refusing to cooperate in a criminal investigation of his doctor.

Dewitt is on medical leave and an internal hearing will be held today to determine his future on the force, said Flat Rock Police Chief Stephen Tallman.

According to an FBI affidavit attached to the criminal complaint, Dewitt between 2003 and 2005 received prescriptions for large quantities of painkillers and muscle relaxants from Paul H. Emerson, an osteopath who has been under investigation by the FBI and the Drug Enforcement Administration.

Yet Dewitt, a 14-year veteran of the Flat Rock force, tested negative for some of the same drugs he was being prescribed during annual police physicals, the affidavit alleges.

"It appears based on the amount of drugs involved that Dewitt either had a very serious drug addiction to prescription drugs, he was illegally distributing the prescription drugs, or a combination of both," the affidavit said.

Emerson, who has addresses in Monroe and Taylor, has not been charged but his offices have been searched twice by agents with search warrants, the affidavit alleges. He could not be reached for comment.

The charges against Dewitt are the latest in a string of recent charges against police officers in southeast Michigan, including charges for attempted murder, drunken driving, sex-related felonies, and using the Internet to solicit a child to have sex.

In 2004, Dewitt received prescriptions for nearly 2,800 tablets of various prescription drugs, mostly the painkiller Oxycontin and the anxiety drug alprazolam, the complaint alleges.

Dewitt said outside court the allegations are false. Federal authorities have pressured him for three years to be "the star witness" against Emerson, but "I will not go against my doctor," he said.

U.S. Magistrate Judge Virginia Morgan released Dewitt on a $10,000 unsecured bond and ordered him to return for a preliminary examination June 11. Morgan ordered Dewitt to possess no drugs or firearms.

Dewitt is represented by Detroit lawyer Juan Mateo, who declined comment.

You can reach Paul Egan at (313) 222-2069 or pegan@detnews.com.

Retrieved May 28, 2007 from http://www.detnews.com/apps/pbcs.dll/article?AID=/20070523/METRO01/705230364

Posted by Dr. Kardasz at 04:07 AM | Permalink

Court ponders if ex-Detroit officer, who says he was illegally fired after Kilpatrick probe, is covered by law.

Charlie Cain. Detroit News Lansing Bureau. 05/11/07

Two former Detroit cops say their lives were turned upside down after they investigated allegations of wrongdoing by Detroit Mayor Kwame Kilpatrick and members of his security detail four years ago.

Neither has been able to find a job, money is tight, and fears of physical reprisal won't go away.

"It's been very difficult. I have a daughter in college and financially it's been a burden," said Gary Brown, 53, a deputy chief when Kilpatrick fired him in 2003.

"I have applied for jobs and certainly anybody who does business with the city doesn't want to jeopardize that business by hiring me," he said Thursday outside the Michigan Supreme Court.

The high court is being asked to decide if Brown -- who claims he was illegally fired -- is covered by the state's Whistleblower Protection Act.

Brown had been told by another ex-Detroit cop, Harold Nelthrope, that members of the security detail submitted phony claims for overtime pay, drank on duty and covered up accidents involving police vehicles.

Nelthrope, who left the department a short time later, also reported a rumored party in the mayor's city-owned mansion that featured nude dancers.

The administration made public that it was Nelthrope behind the allegations. He said that subjected him and his family to potential retaliation from cops and those fears still linger.

"Most definitely. I had to move out of the city," said Nelthrope, 51.

Kilpatrick denied he had engaged in any misconduct. Michigan Attorney General Mike Cox looked into it and found no evidence of a tawdry party.

The Court of Appeals ruled last July the two men's multimillion-dollar suit against the mayor and city could continue. The city appealed to the Supreme Court, and its attorney, Morley Witus, Thursday argued Brown is not covered by the whistleblowers law because "he was simply doing his job."

The Supreme Court is under no deadline to act.

You can reach Charlie Cain at (517) 371-3660 or ccain@detnews.com.

Retrieved May 29, 2007 from http://www.detnews.com/apps/pbcs.dll/article?AID=/20070511/METRO01/705110384

Posted by Dr. Kardasz at 04:04 AM | Permalink

05/25/07. By David Doerr. Tribune-Herald staff writer

Sean Erickson, a 17-year-old high school student under investigation by Waco school officials for accessing sensitive information on a district computer system, says he’s not the malicious hacker some might assume. To paraphrase the tag line from the movie Hackers, the poster for which hangs in his bedroom: His crime was curiosity, he says. nd he disputes Waco Independent School District officials’ claim that he “acquired unauthorized access” to one of the district’s servers, saying they left it wide-open for anyone to enter. “The door was unlocked, it was open and you had your giant plasma screen TV sitting there for anybody,” he said.

In this case, the potential loot for any would-be criminals was confidential information such as Social Security numbers, which can be misused to conduct financial misdeeds.

On Wednesday, Waco ISD officials disclosed that they were investigating whether sensitive student and staff personal information was compromised when two high school seniors allegedly used software on their personal computers to gain unauthorized access to a portion of one of the district’s servers. On Thursday, officials said the students attended A.J. Moore Academy, the district’s magnet school specializing in career and technology education.

Erickson, a senior set to graduate on Saturday, says he was simply pursuing the hobby he hopes to turn into a career — testing computer network security. “I was just looking at some of the servers they had,” Erickson told the Tribune-Herald. “I thought they would have it pretty well secure. It never hurts to try something. I just came across one that didn’t have a password or user name (protection). It didn’t ask me for anything.” Once inside the server, Erickson said he found names, addresses and Social Security numbers for students and district employees. He said he looked up his information, that of his younger brother and of his friend, a fellow computer-savvy A.J. Moore senior also caught up in the investigation.

Erickson said his friend, who he declined to name, “freaked out” when he told him about the unprotected information on the district’s server. He said his friend, who he has known since elementary school, told him he should probably tell school officials about the problem but worried that Erickson would be kicked out of school if he did.

Sgt. Ryan Holt of the Waco Police Department, which is not involved in the investigation, said knowingly accessing a computer network without the owner’s permission would constitute “breach of computer security,” a Class B misdemeanor. However, it was unclear Thursday night if the charge applied to servers that are left unsecured.

Erickson said he did not download any information from the Waco ISD server.

The event in question occurred in December, Erickson said, but Waco ISD officials were not made aware until two weeks ago, when Erickson found himself in the middle of another controversy at school involving other students testing their network wizardry. Erickson said he had shown his friends an “exploit” on the computer network at A.J. Moore Academy that allowed them to install software enabling them to take control over computers remotely. When one of his classmates tried the trick on a computer where a teacher was updating her digital grade book, the students found themselves in trouble, he said. Erickson said he intended to tell school officials about the unprotected server after he graduated, so they couldn’t punish him. But when school officials began investigating the remote-controlled computers incident, he knew their attention would turn to him because he had shown his friends how to do it. ‘I might as well tell them’ “I figured if they were going to kick me out about that, I might as well tell them about the unprotected site so they could fix it,” he said.

Erickson said he told A.J. Moore principal Debra Bishop about the computer server with the unprotected Social Security numbers on May 11, when he was called in for questioning about the other incident. Since then he says he has cooperated with the investigation by handing over the laptop he used to access the server to district officials and answering their questions.

The friend he told about the unprotected server back in December refused to hand over his personal computer and district officials seized it with a search warrant, Erickson said.

Erickson said his friend is a “good kid” and doubted he was involved in any malicious activity. He said he didn’t know whether his friend had downloaded any sensitive information.

Since the investigation began two weeks ago, Erickson and his friend were suspended for three days, had their final exam exemptions revoked and their technology privileges removed. He and the “six or seven” kids involved in the remote-controlled computers incident had to take their finals under supervision, apart from the rest of the student body.

District officials plan to let Erickson and his friend participate in graduation activities on Saturday. No charges have been filed against the two, though they are still being investigated by Waco ISD police. Erickson said he “probably shouldn’t have messed with their network in the first place.” However, Waco ISD should have done more to protect its sensitive data, he said. In a statement issued Thursday, Waco ISD officials said they take the incident “very seriously” and are looking for ways to aggressively tighten network security.

The WISD statement blamed the security breach on “software that had been misconfigured by an outside vendor for use by child nutrition services.” Once the breach was discovered, Waco ISD computer technicians changed the software to prevent further “unauthorized access.”

The district is notifying parents about the security breach and informing them of ways to prevent the unauthorized use of personal information, according to the statement.

Erickson’s parents were present when he was interviewed by the Tribune-Herald Thursday evening. They declined to be identified for this article but vouched for their son’s integrity. His mother says he has been interested in computers since his grandfather gave him his first Packard Bell computer when he was in the fifth grade. Three days after he received it he took it apart so he could see how it worked, she said.

Erickson, who said he has earned the distinction as A.J. Moore’s Information Technology Student of the Year for the last three years, said he hopes the incident doesn’t get in the way of his college ambitions. He wants to pursue a degree in network security from Texas State Technical College.

ddoerr@wacotrib.com

RetrievedMay, 26, 2007 from http://www.wacotrib.com/news/content/news/stories/2007/05/25/05252007wacwisdhack.html

Posted by Dr. Kardasz at 12:15 AM | Permalink

By Celina Alvarado, Laredo Morning Times. 05/26/2007

A Laredo Police officer and his wife were arrested Friday, accused of stealing a neighbor's identity to obtain credit for purchasing tires and a tune-up. Police said the two turned themselves in Friday afternoon after learning they both had outstanding warrants for their arrest.

The 39-year-old Officer Ruben Nuñez, a 15-year-veteran of the Laredo Police Department, and his wife, identified as 29-year-old Monica Melissa Nuñez, were taken into police custody just before 3 p.m., and served with an outstanding warrant each for fraudulent use of identifying information, a state jail felony. The two were booked at the Laredo Police Department main station and later taken to Webb County Jail.

Justice of the Peace Oscar Liendo set their bond at $50,000 each. Nuñez and Nuñez, who share five children, bonded out of jail two hours later, at 5 p.m., jail officials said.

Officer Nuñez was immediately placed on administrative leave without pay, pending a court hearing.

Laredo Police spokeswoman Officer Lisa Ruiz said details surrounding the investigation could not be disclosed Friday.She added that "generally speaking" people who get arrested for fraudulent use of identifying information are people who forge signatures or use somebody's personal information - such as Social Security numbers, date of birth, driver's license numbers or any other identifying information assigned to someone by the federal government - for the purpose of obtaining credit.

A complaint made Tuesday by Nuñez's neighbor, Maria E. Moore, named Nuñez and his wife as primary suspects in a plot to use her personal information to obtain a credit card.

The complaint sparked both a criminal and administrative investigation, which was conducted by the Laredo Police Department's Crimes Against Property White Collar Crime Unit and the Office of Public Integrity.

The investigation found that Nuñez had obtained a Firestone credit card under Moore's name and had charged a tune-up, an oil change, brake service and four tires to the card, police said.

"The criminal investigation was presented to the Webb County's District Attorney's Office for review and was granted warrant approval," Ruiz said.
Both Nuñez and his wife turned themselves in to police. If convicted, each faces up to two years in prison and a $10,000 fine.

(Celina Alvarado may be reached at 728-2566 or celina@lmtonline.com)
Retrieved May 26, 2007 from http://www.zwire.com/site/news.cfm?newsid=18391369&BRD=2290&PAG=461&dept_id=569392&rfi=6

Posted by Dr. Kardasz at 11:02 PM | Permalink

Gun qualifications may be issue

Asbury Park Press on 05/26/07. By Nick Clunn

The Monmouth County Prosecutor's Office has seized control of the borough Police Department after an investigation appeared to have found that some of its officers were not qualified to carry firearms.

The takeover means that the Prosecutor's Office is in charge of the department's day-to-day operations, including personnel. Authority changed hands Thursday, and was expected to last indefinitely, according to a Prosecutor's Office press release.

Borough officials have promised to cooperate, the release stated.

Monmouth County Prosecutor Luis A. Valentin said he was "confident that the public will be protected and served in a professional fashion" under the temporary arrangement.

The Police Department, which had five full-time officers and a chief as of October, keeps the peace in a Monmouth County borough that encompasses less than a half-square-mile and has a population of about 900.

Interlaken also employs Class II special officers, who are allowed to carry firearms but are not given all the responsibilities of a regular officer.

The investigation by the Professional Responsibility Unit of the Prosecutor's Office probed the "reliability, accuracy and integrity of the firearms qualifications" held by some Interlaken officers, according to the release.

It appeared that those officers were taken off patrol.

"We are working with those officers who are qualified to be in the department," Valentin said.

Prosecutor's Office Lt. Jason Clark was designated as the department's supervisor.

Notice of the takeover — referred to as a "supersession" in the release — was given to the mayor, the police chief and the borough administrator on Thursday.

The mayor several months ago was attempting to convince the adjacent village of Loch Arbour, which is even smaller than Interlaken in size and population, to use its police force instead of the one in Ocean Township.

Nick Clunn: (732) 643-4072 or nclunn@app.com

Posted by Dr. Kardasz at 10:28 PM | Permalink

By Rick Pearson. Tribune political reporter. 05/23/07

Illinois State Police officials say they are targeting Internet crimes in a new radio spot, but the mention of Gov. Rod Blagojevich in the ad appears to violate the state's landmark ethics law promoted by the governor.

The 30-second ad touts Blagojevich and the work of a special state police unit to combat credit-card fraud and other unspecified crimes on the Internet that result in the "victimization of innocent citizens."

"Thanks to Gov. Rod Blagojevich and the Illinois State Police Internet crime unit, e-criminals will no longer be able to victimize Illinois citizens," the ad's narrator says.

Under the State Officials and Employees Ethics Act, approved by lawmakers in 2003, broadcast ads and public service announcements on behalf of any state-administered program cannot contain the name, image or voice of a statewide elected official or state legislator.

The ad was sponsored and paid for by the state police, an agency spokesman said.

An intentional violation of the provision is a business offense punishable by a fine ranging from $1,001 to $5,000. It would be up to a local state's attorney or the state's inspector general's office to move forward with a complaint, the Illinois attorney general's office said.

The provision was included in the state's ethics law to curb politicians' efforts for taxpayer-financed self-promotion.

"It seems to me to be directly in violation of the state's ethics law," said Cindi Canary, executive director of the Illinois Campaign for Political Reform, which was a leading advocate for the ethics act. "There is a certain irony to the state police in violating this law. Though the ad seems laden with good intent, I don't think it really gained anything by mentioning Gov. Blagojevich's name."

As governor, Blagojevich has found numerous ways to use taxpayer resources to promote himself and his programs. In the year leading up to his 2006 re-election campaign, state agencies under his control sent hundreds of thousands of "Dear Friend" letters and e-mails to constituency groups promoting Blagojevich's efforts on issues ranging from women's health to teen driving.

He also has come under fire for signs placed on the tollways' electronic toll-collection lanes during his re-election campaign. The 32 signs, reading "Open Road Tolling. Rod R. Blagojevich, Governor," cost $480,000. The signs do not violate the ethics act, but some lawmakers want to amend the law to prevent it from happening again.

Blagojevich said he was forming the Internet crime unit in October, a month before the election, and state police officials said the unit was activated in February.

Retrieved May 25, 2007 from http://www.chicagotribune.com/news/local/nearnorthwest/chi-radio23may23,1,2520580.story?coll=chi-newslocalnearnorthwest-hed

Posted by Dr. Kardasz at 09:36 PM | Permalink

Six dirty tricks to be aware of

Link to an interesting article by Tim Wilson about dirty computer tricks that business owners should be aware of. From www.darkreading.com

http://www.darkreading.com/document.asp?doc_id=113460

Posted by Dr. Kardasz at 09:05 PM | Permalink

05/25/07

The Bay County Sheriff's Office arrested three suspects on separate, unrelated sex abuse charges this week. Richard Rosenfeld, 53, of 3124 Nottaway Ct., Chamblee, Ga., was arrested when he turned himself into investigators at the Sheriff's Office May 22. Rosenfeld was the target of a three month North Florida Internet Crimes Against Children (ICAC) Task Force investigation after he solicited what he thought was a 13-year-old female during online conversations. The "girl" was actually a investigator with the sheriff's Office. Rosenfeld was booked into the Bay County Jail on one count of Lewd or Lascivious Conduct and is awaiting his first appearance.

Also arrested were:
Francisco Emilio Negron, 18, of 3307 East Baldwin Road, Panama City. Negron was arrested after the victim went to a parent and disclosed information about the incident. Negron, according to sheriff's reports, claimed he and the victim engaged in a consensual sexual encounter. Negron was arrested and charged with one count of Lewd and Lascivious Battery.

Tyler James Clary, 18, of 4007 Silver Sands Road, Panama City Beach. Clary was charged in a separate case involving two victim. He faces two counts of Lewd and Lascivious Battery with a child under the age of 12, and one count of Lewd and Lascivious Molestation with a child under the age of 12.

The two victims went to their parents about their encounters with Clary. According to reports, Clary provided investigators with a statement outlining the lewd and lascivious acts involving the children.
Both Clary and Negron were taken to the Bay County Jail and booked.

Posted by Dr. Kardasz at 08:58 PM | Permalink

An action plan for protecting corporate data. Link to a nice article by Patricia Keefe

Action plan: Don't be a a victim company

May, 24, 2007 

From  www.darkreading.com

See: 

http://www.darkreading.com/document.asp?doc_id=124872 

Posted by Dr. Kardasz at 08:36 PM | Permalink

AP WorldStream. 05/24/07. By Doug Gross,  Associated Press Writer

Atlanta, Georgia - A federal jury on Thursday found a Georgia doctor guilty of six counts downloading child pornography and taking sexually explicit pictures of boys under 18.

Gregory Kapordelis, 46, faced seven counts of child pornography in U.S. District Court for acts, including downloading child pornography, that allegedly happened between 2001 and 2004.

Kapordelis was found not guilty of making a video of himself having sex with a person under 18 while on a visit overseas. A sentencing hearing will be held Aug. 8. Federal prosecutors say they will seek the maximum penalty for Kapordelis.

"This is a defendant who committed heinous crimes against children," said assistant U.S. Attorney Aaron Danzig. "We're going to seek the sentence he deserves." Kapordelis's attorney, Don Samuel, had argued the pornography, found on computers in the doctor's home, could have been downloaded by any number of people who visited or lived in the home -- including teenage boys and another doctor who lived there when Kapordelis was overseas.

Kapordelis acknowledged traveling to the Czech Republic -- where the age of sexual consent is 15 -- to have sex with teenage boys and spending time with teenagers both overseas and at his home.    But his lawyer argued that photos allegedly taken by Kapordelis of the genitals of at least two teen boys were a "bad joke" that prosecutors never proved were taken for sexual purposes. He was charged with taking the pictures both in the U.S. and during a trip to Greece.

When he was arrested after landing at a New York airport in 2004, Kapordelis originally was charged with traveling to Russia to have sex with boys. Those sex tourism charges were eventually dropped -- with his lawyers saying the Russia case was an attempt to extort money from Kapordelis. The current charges stemmed from images the government says were found during a search of his home after the arrest. Prosecutors showed jurors what they said was a private file on Kapordelis's
computer that contained images of young-looking males in sexual positions and activity on an online newsgroup called "Pretty Boys."

He also had been charged with videotaping himself having sex with a teen boy in Prague and bringing that tape back into the U.S., where it is illegal. The jury acquitted him on that charge. Prosecutors never produced the boy or any witness to verify his age. Each of the seven counts against Kapordelis carries a maximum penalty of 20 years in prison, but sentencing guidelines would likely not call for that strict a punishment if he is convicted.

Posted by Dr. Kardasz at 05:54 PM | Permalink

By Adam Crowley. 05/24/07

May has been a rough month for embattled former Madison police officer Joseph Gambardella. Six months after he was arrested on larceny charges, the Madison Police Commission fired the 15-year department veteran on May 15.

Gambardella's termination came only a week after a Superior Court judge rejected his petition for a probation program that would have allowed him to avoid jail time.

During its hearings, the Police Commission found Gambardella guilty of 15 charges including lack of truthfulness, conduct unbecoming an officer, and falsifying records.

Police Commission Chairman Emile Geisenheimer said measures were taken to ensure fairness to Gambardella.

“In conducting this process, the Police Commission was mindful of the rights of Officer Gambardella to due process,” Geisenheimer said in a statement. “Officer Gambardella was provided a full opportunity to answer the charges against him and present evidence and witnesses on is behalf. While the need to terminate Officer Gambardella is unfortunate, the need of the citizens of Madison to rely upon the integrity and honesty of its police officers is of paramount importance.”

Gambardella declined to comment on the commission's decision.

Gambardella still faces three felony charges of third degree larceny and two misdemeanor counts of fifth degree larceny stemming from incidents at Lenny & Joe's Fish Tale and Beebe Marine. He was arrested in December after video footage at the restaurant allegedly showed him stealing $900 worth of seafood. No additional information is available on the charges from Beebe Marine.

Gambardella applied for accelerated rehabilitation, a special program for first time offenders that allows for charges to be dropped if no violations occur during a probationary period. Madison Police Chief Paul Jakubson objected to the request and it was denied by Superior Court Judge Philip Scarpellino in early May.

Posted by Dr. Kardasz at 09:16 PM | Permalink

05/23/07

HELSINKI (Reuters) - Computer specialist Didier Stevens put up a simple text advertisement on the Internet offering downloads of a computer virus for people who did not have any.

Surprisingly, he found as many as 409 people clicking on the ad saying "Is your PC virus-free? Get it infected here!" during a 6-month advertising campaign on Google's Adword, said the IT security expert.

"Some of them must have clicked on it by mistake. Some must have been curious or stupid," said Mikko Hypponen, head of research at data security firm F-Secure.

There was no virus involved, it was an experiment aiming to show these kind of advertising systems can be used for malicious intent, Stevens told Reuters.

Retrieved May 24, 2007 from http://news.yahoo.com/s/nm/computers_virus1_dc;_ylt=AuUyaUdPeIB77eoBTbJeIfoE1vAI

Posted by Dr. Kardasz at 07:25 PM | Permalink

05/22/07. By Patrick Center. From www.woodtv.com, Grand Rapids, MI.

Sparta, MI - It's a lunch hour ritual at the Re-Union Street Café. Customers regularly log onto the internet using the café's wireless network to check their e-mail and surf the web while they enjoy the coffee and ambience.

Sam Peterson II did the same thing. "I knew that the Union Street had WiFi," he told 24 Hour News 8. "I just went down and checked my e-mail and didn't see a problem with that."

But Peterson did it everyday, and from his car. He drove up, parked, and piggybacked onto the Union Street network.

Piggybacking - using someone else's WiFi without their permission - isn't legal. Sparta Police Chief Andrew Milanowski was suspicious of what Peterson was doing in his car every day and talked with him.

He didn't issue a ticket, but he did hit the books. "I had a feeling a law was being broken," the chief said, "but I didn't know exactly what." He found a relatively new and rarely used law. "Unauthorized use of computer access," he said.

Michigan lawmakers put it on the books in 1979 to protect the public from computer hackers. It was revised in 2000 to include the protection of WiFi systems. Under Michigan law, access a computer system without authorization and you're committing a crime.

A warrant was sworn for Peterson's arrest on a "five year felony, $10,000 fine," he said. "I would have never guessed."

Milanowski doesn't believe Peterson knew he was breaking the law. "In my opinion, probably not. Most people probably don't."

Neither did the coffee shop owner Donna May. "I didn't know it was really illegal, either," she told 24 Hour News 8. "If he would have come in (to the coffee shop) it would have been fine."

Kent County Assistant Prosecutor Lynn Hopkins said, "This is the first time that we've actually charged it," and it could be the only case of its kind in the state. "Oh, we'd been hoping to dodge this bullet for a while. We had not been looking for this," she said. "We knew it would come up eventually and we'd have to make a decision as to how to deal with it."

24 Hour News 8 investigated the number of prosecutions - and found only a handful of WiFi freeloaders prosecuted worldwide.

But it was inevitable with all the hotspots and businesses providing WiFi access. In the US alone, an estimated 16 million homes are now equipped.

The only way to catch a piggybacker is to catch someone, like Peterson, in the act "because 90 percent of the time we wouldn't know, frankly, that it's going on," Hopkins said.

New York's Westchester County is trying a different tack. Their local government said it's up to WiFi subscribers to protect themselves against piggybackers. Businesses were told to secure their networks or pay a fine.

Hopkins doesn't agree with that tactic. "It's the same attitude of somehow the victim's responsible for preventing the crime, and that's not the approach that our justice system takes."

Increasing security awareness isn't a bad idea, though. Some argue WiFi is a broadcast and the airwaves are open to the public.           

In a February 2007 Target 8 Investigation, a drive through city streets exposed vulnerable WiFi hookups, available to anyone looking to surf the web or check their e-mail.

As a first-time offender without a prior record, the Kent County prosecutor's office decided not to charge Peterson with a felony. Instead, he'll be enrolled in the county's diversion program.

He'll pay a $400 fine and do 40 hours of community service, but it will not go on his record.

The prosecutor's offices said not everyone who gets caught breaking the law will be given this option. Offenders will be judged on a case-by-case basis.

The next time you're tempted, though, think of Sam Peterson. "People need to know that this isn't legal and if you get caught there are some pretty serious consequences."somewhat unique computer crime law, and in particular on its definition of the meaning of "authorization." Like every state — and like the federal government — Michigan has an unauthorized access statute that serves as the basic computer crime law. (For my take on these statutes, see this article.) Here's Michigan's law, Section 752.795(a):

Retrieved May 24, 2007 from http://www.woodtv.com/Global/story.asp?S=6546307

Posted by Dr. Kardasz at 01:26 PM | Permalink

Will new narcotics unit rebuild public's trust?

By Bill Torpy, The Atlanta Journal-Constitution, 05/23/07

Atlanta Police Chief Richard Pennington will replace the embattled narcotics squad, aiming to regain public trust a month after two squad members pleaded guilty to killing 92-year-old Kathryn Johnston in a botched raid.

"With new initiatives on the way to help restore confidence in the unit, we felt it important to start anew," Pennington said at an afternoon news conference, reading from a prepared statement.

He's put 14 new investigators and three sergeants in the narcotics unit, with plans to have a staff of 30 by year's end. The current members of the unit are being reassigned to unspecified jobs.

The changes are part of wide-ranging staffing shifts within the department involving 140 officers. Lt. William Trivelpiece, who has worked in the Office of Professional Standards and in the Major Crimes Unit, takes over narcotics from Lt. Stacie Gibbs, whose reassignment was not disclosed. Trivelpiece will be tasked with bettering the unit's training to include standards from the U.S. Drug Enforcement Agency and the FBI.

The chief said the changes in the unit "should in no way reflect upon the unit members who did their jobs with integrity and dedication."

But he added that a federal investigation is ongoing "and we don't know if anyone else in the unit is targeted."

The federal investigation, which started shortly after the fatal Nov. 21 drug raid in northwest Atlanta, found that some narcotics officers routinely lied to get warrants to search homes and make drug cases. In the Johnston case, the officers had planted drugs on an alleged street dealer, who then told them that a kilo of cocaine was in her home. They, however, skipped the step of sending an informant to the home to verify the information.

Officers Gregg Junnier and Jason R. Smith pleaded guilty to voluntary manslaughter and federal counts of violating Johnston's civil rights.

Federal investigators later said some drug cops told them they cut corners to meet performance standards on making arrests, set for them by top brass. Critics have long said the department employs arrest and warrant quotas to motivate officers.

Asked about any performance standards Tuesday, Pennington said, "We want them to go out and enforce narcotics laws."

The chief said the new narcotics officers will be rotated off the unit in two or three years. This is in addition to a stiffer supervisory review of search warrants, which was announced two months ago.

Police union president Scott Kreher criticized the wholesale change in the narcotics unit.He said the unit will now be filled with officers not necessarily experienced in the often volatile world of street dealers. "It'll take years to get that unit up to speed."

The Rev. Markel Hutchins, who has represented Johnston's family, said Pennington's moves were a "step in the right direction, but a baby step."

Pennington said Tuesday that about two-thirds of the force had less than five years' experience.

Another notable change is the shift of Maj. Welcome Harris from overseeing the Office of Professional Standards, which investigates complaints about officers, to the major-crimes unit.

While operating the office charged with enforcing the ethical standards of police officers, Harris and three of his officers were found to have submitted nearly identical reports to justify their perk of getting city-paid, take-home cars.

Deputy Chief Carlos Banda said he saw a pattern in the reporting of what days the cars were needed when he was reviewing the take-home policy. "I got a list of take-home cars and noticed there was a problem where all were the same."

Banda said he discussed the issue with Harris, and he also alerted Pennington's top aide. Banda said he doesn't know whether the chief was informed.No other action was taken, though Pennington has vowed to fire any officer caught lying. "For the most part, we don't know if it was intentional or unintentional, " Banda said. "But we put them on notice these forms have to be done correctly. Bottom line was, a lot of times these forms had been done [this way] year after year and people got into the habit."
 
Retrieved May 23, 2007 from http://www.ajc.com/services/content/metro/stories/2007/05/23/metapd0523a.html

Posted by Dr. Kardasz at 09:54 PM | Permalink

Reports problems down overall, but dollar amounts are climbing

By Robert McMillan, 05/16/07. IDG News Service.

Internet auction fraud remains the most frequently reported online crime, but complaints over online purchases that are never delivered are on the rise, according to data released Friday by the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3).

Auction fraud complaints made up about 45 percent of the 207,492 complaints received by the IC3 last year, but that number is down significantly from 2005, when auction fraud was cited 63 percent of the time.

Overall, the number of complaints received by IC3 was down 10 percent from the previous year, when the IC3 logged 231,493 complaints. But the total dollar losses reported were up in 2006, totalling $198 million for the year. In 2005 that number was $183 million.

Complaints for non-delivery of merchandise represented 19 percent of complaints. They made up 16 percent in 2005.

The median dollar loss reported per complaint was $724, according to the FBI.

Retrieved May 23, 2007 from http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9013480&source=rss_news50

Posted by Dr. Kardasz at 11:58 AM | Permalink

Matthew Higbee, mhigbee@ctpost.com. 05/21/2007

Supervisory Assistant State's Attorney Paul Gaetano was suspended 60 days without pay Monday for ethical misconduct over the transfer of a drunken-driving case for the son of a Derby Superior Court judge. Chief State's Attorney Kevin T. Kane and Kevin Lawlor, state's attorney for the Ansonia/Milford judicial district, announced the suspension, ordered under an agreement entered into by Gaetano, the Division of Criminal Justice and the Connecticut Association of Prosecutors, the state prosecutors' union.

"Mr. Gaetano acknowledges misconduct based on the impropriety of his actions in obtaining a transfer of a case from the Bridgeport Judicial District to the Ansonia/Milford Judicial District," the agreement stated, according to a prepared release from the state criminal justice division. In addition to the suspension, which runs 60 consecutive calendar days, the agreement also requires Gaetano to pay for and complete an ethics course designated by the Division of Criminal Justice. When he returns to work, Gaetano will be on probation for one year. His continued role as the supervisory prosecutor is "pending the outcome of the probationary period," said Mark Dupuis, spokesman for the office of the chief state's attorney. Gaetano was cited for misconduct in his handling of the case of Joseph Sylvester Jr., the son of longtime Derby Superior Court Judge Joseph H. Sylvester. On Dec. 11, the younger Sylvester, 49, of Meadow Street, Ansonia, was arrested by State Police on the Route 8-25 connector in Bridgeport and charged with driving under the influence and reckless driving. According to police, Sylvester was speeding in a yellow Ford Mustang when he struck a van, and later failed a field sobriety test. Sylvester took a breath test, which revealed a blood-alcohol level of 0.085, police said. The legal blood-alcohol level is 0.08.

Sylvester's case was pending in Bridgeport Superior Court when Gaetano requested that it be transferred to Derby Superior Court, according to the release by the state criminal justice division. Gaetano had asked for the transfer at the request of the elder Sylvester, the release stated.

Judge Sylvester was suspended in February after Kane launched an administrative investigation. On April 28, before the investigation was complete, the father died after a long illness. He was 77.

Dupuis said the investigation is now closed. Gaetano, who was promoted to supervisory assistant state's attorney in June 2003, is paid an annual salary of $112,452.

Matthew Higbee, Naugatuck Valley bureau chief, can be reached at 736-5440.
Retrieved May 23, 2007 from http://www.connpost.com/localnews/ci_5952536

Posted by Dr. Kardasz at 11:57 AM | Permalink

By Elsie Hodnett, 05/22/07

A former Hobson City police chief was sentenced last week to 46 months in federal prison, according to a U.S. Department of Justice press release.

Daryl Parker, 54, of Lincoln pleaded guilty to selling firearms to a convicted felon and extorting money under color of official right to release an impounded vehicle.

Parker was indicted in October 2006. He cooperated in the investigation after being confronted with the allegations.

U.S. District Court Judge Lynwood Smith said a police chief is in a position of trust and the punishment should reflect the seriousness of the crime.

Parker was sentenced to 46 months for each count to which he pleaded guilty, but sentences will run concurrently because of his health and cooperation, Smith said.

Parker will report to prison on June 27, 2007.

“A corrupt cop cannot hide behind a badge,” U.S. attorney Alice H. Martin said. “Integrity will be restored through quick investigation and strong prosecution. I commend local law enforcement.”

The case was investigated by the Calhoun/Cleburne County Drug and Violent Crime Task Force, along with special agents of the Bureau of Alcohol, Tobacco, Firearms and Explosives, and the FBI. Assistant United States attorney Pat Meadows prosecuted the case.

http://www.dailyhome.com/dh-index.htm

Posted by Dr. Kardasz at 09:08 PM | Permalink

By Sharon Gaudin,  InformationWeek, 05/08/07

The government agency that protects the nation's airports reported that it can't find a hard drive, and it's unclear if it's lost or stolen.

The federal agency charged with safeguarding the country's airports has lost an external hard drive containing the personal and financial information of 100,000 current and former employees.

The Transportation Security Administration announced that the hard drive was found missing from a controlled area at the TSA Headquarters Office of Human Capital on Thursday, May 3. Agents of the U.S. Secret Service have been called in and have been investigating the incident since last Friday. The Department of Homeland Security's Inspector General also is following the investigation, according to an advisory from the TSA.

"It is unclear at this stage whether the device is still within headquarters or was stolen," said Kip Hawley, TSA Administrator, in a letter to employees. "We are notifying you out of an abundance of caution at this early stage of the investigation, given the significance of the information contained on the device."

The TSA reported that the hard drive holds archived employment records of people employed by the agency from January 2002 until August 2005. The records include names, Social Security numbers, dates of birth, and payroll information, along with bank account and routing information.

The TSA advisory noted that there are measures in place to alert government officials if someone attempts to use the hard drive, but it didn't say how they would be notified.

The agency informed employees affected by the missing hard drive that the TSA will offer them free credit monitoring for up to one year, along with fraud alerts and ID theft insurance up to $25,000. The agency also is offering the services of identity restoration specialists who will complete paperwork and assist employees in the event they are the victims of identity theft.

Current and former employees can register via phone, mail, or online through a secure Web site. More information is available at this Web site.

"In response to incidents like this one and the increasing number of data breaches in the public and private sectors, the agency is continually monitoring its systems and practices to enhance the security of personal and sensitive information," said Hawley.

Last month, the U.S. Department of Agriculture announced that the Social Security numbers of about 150,000 people may be at risk for identity theft after it was discovered that the agency had exposed the personal identifying information on farmers and others for the last 26 years. The USDA had inadvertently exposed online sensitive information in a publicly available database that has existed since 1981. The data had been exposed ever since it was put online.

CMP Media LLC
Retrieved May 22, 2007 from http://www.informationweek.com/story/showArticle.jhtml?articleID=199400143

Posted by Dr. Kardasz at 05:01 PM | Permalink

By Margaret Lillard, Associated Press 05/21/07

Raleigh, N.C. - Faced with legal demands from state attorneys general, MySpace.com said Monday it will release data on registered sex offenders it has identified and removed from the popular social networking Web site.

The company, citing federal privacy laws, initially rebuffed a demand from North Carolina Attorney General Roy Cooper and colleagues in seven other states who last week asked for data on how many registered sex offenders are using the site and where they live.

MySpace agreed Monday to provide the information to all states after some members of the group filed subpoenas or took other legal actions to demand it. The company said last week such efforts were required under the federal Electronic Communications Privacy Act before it could legally release the data.

"Different states are going about it different ways," said Noelle Talley, spokeswoman for Cooper, who filed a "civil investigative demand" for the information.

Connecticut Attorney General Richard Blumenthal used a subpoena that "compels this information right away — within hours, not weeks, without delay — because it is vital to protecting children," he said.

"Many of these sex offenders may have violated their parole or probation by contacting or soliciting children on MySpace," Blumenthal said.

MySpace obtained the data from Sentinel Tech Holding Corp., which the company partnered with in December to build a database with information on sex offenders in the United States.

"We developed 'Sentinel Safe' from scratch because there was no means to weed them out and get them off of our site," said Mike Angus, MySpace's executive vice president and general counsel.

Angus said the company, owned by media conglomerate News Corp., had always planned to share information on sex offenders it identified and has already removed about 7,000 profiles, out of a total of about 180 million.

"This is no different than an offline community," he said. "We're trying to keep it safe."

Angus said the company had also made arrangements to allow law enforcement to use the Sentinel software directly.

Cooper, Blumenthal and attorneys general in Georgia, Idaho, Mississippi, New Hampshire, Ohio and Pennsylvania asked for the Sentinel data last week.

Social networking sites such as MySpace allow users to create online profiles with photos, music and personal information, and lets them send messages to one another and, in many cases, browse other profiles.

Cooper said the information from Sentinel could potentially be used to look for parole violations or help in investigations. He said lawmakers in North Carolina are considering legislation that would further restrict access to social networking Web sites, including one that would require parents' permission for minors to set up a profile.

Ohio Attorney General Marc Dann said sharing the information is a good first step toward enacting those kinds of protections.

"MySpace needs to do more, including implementing an effective age verification system that will make the site considerably safer," he said.

Mississippi Attorney General Jim Hood said his office will subpoena the records as well.

"I think once we find out the content of the messages — of course, it will depend on how long they retain that information — we may very well find that some of the messages included illegal enticement of a child," he said.

Associated Press writer Pat Eaton-Robb in Hartford, Conn., contributed to this report.

Retrieved May 21, 2007 from http://news.yahoo.com/s/ap/20070521/ap_on_hi_te/myspace_sex_offenders_8

Posted by Dr. Kardasz at 10:53 AM | Permalink

05/11/07, WXYZ Channel 7 (on line)

Police say a Livonia man who's been trolling the Internet for at least two years in search of underage girls has been arrested on sex charges involving a 12-year-old. Cops say he found her in an online gaming website.

Yesterday in Livonia, officers from the Michigan State Police, Livonia Police, Monroe County Sheriff and the New Baltimore Police departments* arrested Adam Glenn Schroeder, 19, of Livonia, for Criminal Sexual Conduct (CSC) in both the first and second degrees.

The Wayne County Prosecutor's Office charged Adam Schroeder with five counts of CSC 1st degree and two counts of CSC 2nd degree after the investigation revealed he had met a 12-year-old female from Wayne County and had sex with her.

Adam Schroeder was arraigned in front of Judge Parrott of the 34th District Cout on 5/10/07 on the charges and was given a bond of $200,000 10% cash or surety. The CSC 1st degree charges have a penalty of up to life in prison, and the CSC 2nd degree charges have a penalty of up to 15 years in prison, if convicted.

A Livonia detective assigned to the Michigan State Police Internet Crimes Against Children (ICAC) Task Force, received a telephone tip reporting that the 12-year-old was having sexual relations with a person who claimed to be 19 years old, that she had met online.

The Livonia detective recognized the suspect from a previous investigation two years ago where Adam Schroeder had tried to arrange to meet the detective's undercover 14 year old persona for the purpose of having sex. Although the screen names were different, the detective developed evidence that they were in fact the same person.

Retrieved May 21, 2007 from http://www.wxyz.com/mostpopular/story.aspx?content_id=82777f5f-ec9b-4dee-a6b3-a2b156824c9e

Posted by Dr. Kardasz at 04:36 PM | Permalink

Four held in alleged MySpace scheme
Boston.com, The Boston Globe, By Brian R. Ballou, Globe Staff, May 19, 2007

Using a popular Internet social networking site and a picture of an attractive young woman, they allegedly lured men into a wooded area in Dunn State Park in Gardner to rob them. Two men showed up there at different times last Saturday, but drove away after becoming suspicious. Later that night, another man drove up and parked his car, according to court records.

Instead of meeting the woman he saw on his computer screen, the man found himself face down on the ground, two men standing over him and pushing what he believed was a handgun into his back. The victim, after being robbed of $87 and other items, emerged from the woods with tattered clothes and bruises and knocked on the first door he saw and called police.

Yesterday in Gardner District Court, prosecutors alleged that siblings Amanda Lafrennie, 18, Thomas Lafrennie, 19, and Lawrence Lafrennie, 24, all of Gardner, and Bryan Bowers, 19, of Orange, used MySpace.com to commit robbery, burglary, and identity fraud.

"We have seen an uptick in the number of Internet crimes, and we are beefing up investigators in that area," said Tim Connolly, spokesman for Worcester District Attorney Joseph D. Early Jr.

Connolly said Early's office has a white-collar crime unit that focuses on Internet crime.

The computer trail left by websites and chatrooms is being used more frequently by law enforcement to find criminals. In this case, the robbery victim was able to direct police to the MySpace page set up by the foursome, accord ing to court records. In their investigation, police became aware that a burglary five days earlier was probably tied to the robbery, and through Internet evidence, telephone records, and witnesses, focused on the Lafrennies' Gardner home. All four suspects confessed, according to court records.

The three male suspects were each ordered held yesterday on $10,000 cash bail. They were all charged with armed robbery, burglary, and conspiracy.

Amanda Lafrennie was held on $2,500 bail, after being charged with conspiracy and identity fraud. All four are due back in court June 8 .

Brian R. Ballou can be reached at bballou@globe.com.  
The New York Times Company
Retrieved May 21, 2007 from http://www.boston.com/news/local/articles/2007/05/19/four_held_in_alleged_myspace_scheme?mode=PF
 

Posted by Dr. Kardasz at 04:23 PM | Permalink

Link to an interesting D.O.J. summary chart of some recently prosecuted computer cases under the computer crime statute, 18 U.S.C. §1030.

http://www.cybercrime.gov/cccases.html

An interesting analysis of the cases is provided by Harold E. Davies and Robert L. Braun in The CPA Journal (online).

http://www.nysscpa.org/cpajournal/2004/704/essentials/p56.htm

Posted by Dr. Kardasz at 04:33 PM | Permalink

Weekly Playboy (5/28)

Far from going away, Japan's perennial school bullying problem has refined itself, shifting from the classrooms and schoolyards to more subtle attacks through the Internet, according to Weekly Playboy (5/28).

"Last year alone, the National Police Agency received 8,037 reported cases of online slander or defamation, a 39 percent increase over the previous year. Of these, 57 developed into criminal defamation cases where arrests were made. Both the number of reports and the number of arrests hit record highs," a police beat reporter for a national daily tells the weekly.

Bullies use their knowledge about their victims to set up fake sites to slur them, or hurl abuse at them on sites originally set up for information sharing between students.

"High school students have recognized for a while that there are plenty of problems with the sites set up for information exchanges between students. These sites, called 'underground school sites,' are set up separately to school's official home pages. They were supposed to be places where kids could swap information about all sorts of things, like exams and stuff, but instead they've become hotbeds of abuse, with some kids using them to post offensive material about other students," Internet crime expert Satoru Fujita tells Weekly Playboy. "I've received a number of complaints from young people saying that their personal details, like their name, address, phone number, mobile number and the like have been posted on a school's underground site and they don't know what to do about it. Once this information, or any sort of nasty story about someone, has been posted online, it opens up the victim to bullying from others in a wider group."

Psychological counselor Masako Fujii says that online bullying has arisen because it is such an easy place to play on people's anxieties.

"Places like bulletin boards that easily allow a sense of association to develop also permit the simple development of a feeling that you're going to be forgotten," she says. "If you don't agree with posts that everybody else in the online community has written, it sparks anxiety that you may be about to be cut out of the group. Bullies can pick up on that anxiety and exploit it by making nasty, personal posts that in turn make the anxiety even deeper."

Mobile phone expert K says there's a simple way for kids to handle online bullying.

"Don't pay too much attention to it. Most of the time the online bullies are only posting nasty messages because they want to the reaction of the person they've written about," he says. "The more you react or respond to nasty posts, the more intense the posts are going to become and the more depressed that's going to make you. The best way to deal with this stuff is just to ignore it."

Ignoring the problem may not be easy for the kids being slandered, but at least one group of people has apparently chosen to act on that advice.

"There's not a school teacher in the country who specializes in information technology education," Net crime expert Fujita tells Weekly Playboy. "IT in schools is being taught by teachers who know a bit about computers, but the vast majority of teachers don't know anything about computers and are petrified of the day they're ordered to teach information technology classes." (By Ryann Connell)

Retrieved May 18, 2007 from http://mdn.mainichi-msn.co.jp/waiwai/news/20070517p2g00m0dm027000c.html

Posted by Dr. Kardasz at 02:13 PM | Permalink

From K.C. Jones,  Information Week, 05/14/07
 
Hackers have broken into the Pirate Bay's database and stolen information on the file-sharing Web site's registered users, according to a message posted on the site.

The Pirate Bay urged users not to be alarmed, assuring that user names and passwords obtained by hackers were "very encrypted."

"It's not a big deal, but it's still very sad that it's out there," site operators wrote in a blog posted on Friday. "All e-mails are, for instance, encrypted as well. They will most likely not be able to decrypt them either."

Nevertheless, site operators advised users to change passwords as soon as possible, not only on the Pirate Bay site, but on other sites where they use the same passwords.

"Sorry for the mess, but we are all human and we miss something sometimes," the Swedish site operators explained.

The Pirate Bay claims its operators know who discovered a security hole, but the site didn't reveal the identity of the perpetrators.

The Web site, which is popular among those who share files of music and movies over the Internet, was accused last year of hacking into Swedish government Web sites, causing them to crash, in retaliation after authorities seized the Pirate Bay's server farm, raided its offices, arrested three people, and shut down the site. The site later reopened.

Those who run the Pirate Bay have maintained their innocence, claiming the site doesn't hold copyrighted materials and acts only as a search index.

Still, the site operators seem to delight in an irreverent attitude as they've battled with Hollywood, recording artists, government authorities, and Internet service providers.

— K.C. Jones, Information Week

Retrieved May 11, 2007 from  http://www.darkreading.com/document.asp?doc_id=123942

Posted by Dr. Kardasz at 11:57 PM | Permalink

To ensure DoD networks are available for combat operations and critical support activities, the Department issued a directive May 14 that prohibits DoD computers from accessing specific recreational web sites. The measure preserves military bandwidth for operational missions and enhances DoD computer network security.
 
The selection of these particular sites was based on the volume of traffic moving from official DoD networks to the Internet.  The sites include: YouTube; 1.fm; Pandora; MySpace; PhotoBucket; Live365; hi5; Metacafe; MTV; ifilm.com; Blackplanet; stupidvideos; and filecabi.    Additional sites may be added in the future as part of ongoing efforts to ensure DoD networks have sufficient throughput available to conduct operational and supporting missions as well as enhance DoD network security.
 
This directive does not prohibit any individual, including DoD personnel or their families, from posting to or accessing these sites from personal or commercial network providers; it only restricts the use of DoD computer network resources to access these sites.
 
In Iraq and Afghanistan, many of these sites as well as others have been blocked by DoD for more than two years, some for as long as four years. Consequently, this directive does not prevent deployed DoD personnel from communicating with family members or loved ones. There are a wide variety of commercial communication services such as e-mail, telephone calls and video teleconferencing at many locations in Southwest Asia. In addition, the Army Knowledge Online/Defense Knowledge Online network is available to military members and their families providing a rich information sharing environment, including email, file sharing (pictures, videos, and documents), discussion forums (blogging), instant messaging chatrooms, and video messaging.
 
Commercial Internet services are also provided by DoD Morale, Welfare, and Recreation (MWR) facilities, which are widely available throughout Iraq and Afghanistan and are not affected by this directive. Deployed personnel can access recreational Internet web sites from Internet cafes and other facilities in many locations around the world. These alternative sites do not rely on military bandwidth.

Retrieved May 17, 2007 from http://www.defenselink.mil/releases/release.aspx?releaseid=10887

Posted by Dr. Kardasz at 03:03 PM | Permalink

By Khuong Phan, 05/17/07

A three-week investigation led to the arrest of a Homosassa man Tuesday who authorities believe dealt in child pornography.

According to a Citrus County Sheriff’s Office arrest report, on April 27, 2007, an agent with the Florida Department of Law Enforcement’s Computer Crime Center in Tallahassee began an investigation of child pornography on the Internet.

Agents determined that 6710 West Linden Drive in Homosassa was one place of many where the material was actively being traded. On Tuesday, a search warrant was executed on the residence and Roger William “Billy” Jenkins, 58, was arrested.

Initially, Jenkins denied the allegations, but he reportedly later said he had downloaded various files of child pornography during the last five years and admitted to using file-sharing software.

A search of Jenkins’ computer yielded three videos, which all contained “young female children engaged in various sex acts,” the report notes. There was also a computer disc, titled “Pedo Queeny,” found in Jenkins’ bedroom, which contained five videos of girls under the age of 18 engaged in sexual acts.

Jenkins was charged with eight counts of possession of photographs of sexual performance by a child. Bond was set at $16,000.

Additional charges are anticipated once a complete forensic analysis is done on Jenkins’ computers and DVDs.

FDLE and CCSO conducted the joint investigation and both agencies are members of the North Florida Internet Crimes Against Children Task Force.
 
Retrieved May 17, 2007 from http://www.chronicleonline.com/articles/2007/05/16/news/news50.prt

Posted by Dr. Kardasz at 02:57 PM | Permalink

Police describe university graduate as having 'dazzling' computer skills

A Thai man whose previous hacking crime earned him an entry in a book on the world's wittiest thefts has been accused of causing damage totaling more than Bt100 million to two local telecom firms.

Advanced Info Service Plc (AIS) lodged a complaint with police last month that it suffered losses of Bt8 million after an unidentified hacker got into its computer system and manipulated airtime allowances granted to AIS pre-paid cell phone users.

Two years ago, True Corp Plc, which operates Orange cell phone services, lost more than Bt105 million in a similar sting. Police investigations have pinpointed the same hacker: Taweesap Lalitsasiwimon, 34, who is also known as Phumipat.

At the time he allegedly broke into AIS's system, Taweesap was on bail pending a review by public prosecutors on his alleged hacking into the Orange network.

The suspect, a graduate from Ramkhamhaeng University's Faculty of Political Science, denied any wrongdoing. "After his graduation, he had no permanent job," Crime Suppression Division deputy commander Colonel Kowit Wongrungroj said yesterday.

Armed with an arrest warrant, the Crime Suppression Division (CSD) yesterday raided Taweesap's apartment. He was found to have two computer notebooks, hard disks, three cellphones, phone cards, bank passbooks, ATM cards, SIM cards and a book titled "Plon Yiab Mek" - a compilation of the world's wittiest thefts, including Taweesap's hacking into the Orange network.

The book was a Thai translation of an English edition. Other crimes featured in this book included a 2005 bank robbery in Brazil, in which robbers dug a 200-metre tunnel into the bank and made off with a huge amount of cash.

Taweesap faces charges of faking documents and using those documents in the AIS case. Kowit said Taweesap had dazzling computer skills and managed to hack into the telecom giant's network in less than 10 minutes.

"Other telecom operators can come forward if they have faced problems likely to have been caused by this suspect," the police colonel said. Pol Lt Col Wiwat Kamcham-narn, a deputy superintendent at the CSD and chief investigator for the AIS case, said his team had traced Taweesap after locating the owner of a SIM card suspected of earning airtime allowances through manipulation. "The owner bought the SIM card from Taweesap," Wiwat said. He said after getting this clue, his team tried to check Taweesap's IP address."At first, it seemed like he had hacked into the system via Internet cafes because he used various SIM cards and Internet connections by many service providers. However, we used advanced technology and finally nailed him," he said.

Wiwat declined to disclose the technology used in the investigation. According to an informed source, Taweesap and his accomplices broke into the Orange computer network together. But he allegedly operated alone when he hacked into the AIS system.

The source said after Taweesap broke into the AIS system, he illegally modified information on the pre-paid call cards and airtime allowances. For example, an airtime allowance worth Bt100 was changed to Bt1,000. The number of pre-paid call cards was also modified.

Taweesap announced the sale of cheap airtime allowances via pop-up ads on the Internet.  Interested customers were asked to transfer money to a bank account before they got passwords for the cheap airtime via SMS.

One computer expert said it was not too difficult for an expert to hack into a network system. "There are hacking guidelines and even hacking programmes available on the Internet," he said on condition of anonymity. He said he would be able to hack into computer systems too, but he never thought about doing it.

He said system administrators should keep checking their systems to prevent hacking and to improve anti-hacking measures all the time.

Retreived May 16, 2007 from http://nationmultimedia.com/2007/05/16/headlines/headlines_30034340.php

Posted by Dr. Kardasz at 09:39 PM | Permalink

Link to a good article by Tony Bradley with ten tips to prevent identity theft:

http://netsecurity.about.com/od/newsandeditorial1/a/aaidenttheft.htm 

Posted by Dr. Kardasz at 04:58 PM | Permalink

Link to informative articles about Internet and computer security from About.com

http://netsecurity.about.com/od/security101/Security_101.htm 

Posted by Dr. Kardasz at 04:49 PM | Permalink

(AP) - A state panel on judicial conduct on Friday filed an ethics complaint
against New Jersey Supreme Court Justice Roberto Rivera-Soto, charging that he improperly allowed the "power and prestige" of his position to help his son in a dispute with another teen on their high school football team.

If the six other justices on the state's highest court substantiate the complaint, they
could remove Rivera-Soto from the bench or impose a lesser penalty, including a public reprimand, censure or suspension.

Rivera-Soto, the first Hispanic on the state Supreme Court, denies any wrongdoing, said his lawyer, Bruce P. McMoran.

"He acted as a father would act, and we don't think he did anything wrong," McMoran said.

The complaint charged that Rivera-Soto violated a court rule barring conduct "that brings the judicial office into disrepute," and three aspects of the Canons of the Code of Judicial Conduct, including one that "requires judges to avoid lending the prestige of their office to advance the private interests of others."

McMoran said Rivera-Soto plans to file a response to the complaint after receiving
evidence from the Advisory Committee on Judicial Conduct, which issued the complaint.

That committee could then hold a hearing before sending its findings to the Supreme Court, which could also decide to hear oral arguments.

The alleged misconduct stemmed from a series of incidents last fall between Rivera-Soto's son, a sophomore, and a senior who was the captain of the Haddonfield Memorial High School team. The justice's son said the other teen harassed or struck him, according to the complaint.

The school warned the other teen but took no other action. Rivera-Soto spoke several times to school officials, once telling the team coach that in his field "he is called upon to make 'critical assessments' based upon 'who has more to lose,' "the complaint said.

On Sept. 28, Rivera-Soto's son had his mouth hurt during practice when he and the other teen butted heads. The vice principal determined the incident was an accident. Rivera-Soto told the vice principal he was dissatisfied with how the official handled the matter and if no action were taken he would get state police involved and file a complaint.

That evening, Rivera-Soto called Haddonfield Police Chief Richard Tsonis on the chief's cell phone and said no one at the school was doing anything about an assault on his son. When a detective came to Rivera-Soto's home that night, the justice gave him his business card that named his office. The justice signed an assault complaint against the senior at police headquarters, the complaint said.

The next morning, Rivera-Soto alluded to his post during a call to School Superintendent Joseph O'Brien. The justice also spoke to the ranking judge at the Camden County Courthouse, Superior Court Judge Francis J. Orlando, and asked that the matter be treated no differently than any other, the complaint said.

Rivera-Soto made the same request of Camden County Acting Prosecutor James P. Lynch that day, but also "asked the prosecutor to make certain that his complaint received attention," the complaint said.

In November, the justice complained to several court officials when he and his son arrived for a hearing but found it had been postponed. The matter was settled after a hearing Dec. 15, with agreement that the complaint would be dismissed if the teens had no further exchanges until June 19. The school agreed to prevent future "verbal and physical interactions," the complaint said.

By alluding to his judicial position, Rivera-Soto "used or allowed the power and prestige of his office ... to influence or advance the private interests of his family and his son," the judicial conduct panel found.

The complaint does not specify who brought the matter to the attention of the judicial conduct panel.

Retrieved May 13, 2007 from  http://www.c-n.com/apps/pbcs.dll/article?AID=/20070511/FRONT01/70511022

Posted by Dr. Kardasz at 04:23 PM | Permalink

Dr. Kardasz: I found this free Anti-virus software advertised but I have not installed nor personally tested it.

http://www.pctools.com/free-antivirus/download/ 

Posted by Dr. Kardasz at 04:18 PM | Permalink

Dr. Kardasz: For wireless networking, WPA encryption is superior to WEP encryption. Read a full explanation by Barb Bowman at:

http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx

 

Posted by Dr. Kardasz at 04:00 PM | Permalink

Link to the Crimes Against Children Research Center of the University of New Hampshire. The site contains some very useful information about crimes against children.

http://www.unh.edu/ccrc/

 

Posted by Dr. Kardasz at 08:35 PM | Permalink

05/10/07, By Jennifer Dixon, Detroit Free Press Staff Writer

Dearborn police declined to pursue criminal charges against an officer last year, even after the cop admitted to taking marijuana from criminal suspects and, with his wife, cooking it up in brownies. Then-Cpl. Edward Sanchez was allowed to resign from the department, but he was not charged with a crime. He declined to comment Wednesday.

His wife, Stacy Sanchez, admitted to police investigators that on another occasion she removed cocaine from her husband's police cruiser -- drugs purportedly earmarked to train police dogs -- and used it during a three-week binge. She, too, has not been charged criminally. Dearborn Police Cmdr. Jeff Geisinger left a phone message with Free Press reporting partner WDIV-TV Local 4 saying Sanchez resigned during an internal investigation. Geisinger did not return subsequent calls asking why Sanchez was not prosecuted.

The decision not to charge Sanchez upset Dearborn Councilman Doug Thomas, who said the department's inaction sends the wrong message to the public."If you're a cop and you're arresting people and you're confiscating the marijuana and keeping it yourself, that's bad. That's real bad. That's like apprehending a bank robber and keeping some of the money for yourself."He promised to investigate. "It doesn't add up here," Thomas said. "If he was allowed to resign with no action, he can apply for another police position. There's all kinds of ramifications."

The department's investigation began with a bizarre 911 call from Sanchez's home in Dearborn Heights. On the night of April 21, 2006, a panicky Sanchez told an emergency dispatcher he thought he and his wife were overdosing on marijuana. "I think we're dying," he said in the 5-minute tape, obtained under the Michigan Freedom of Information Act. "We made brownies and I think we're dead, I really do," Sanchez continued. He told the dispatcher he had never made marijuana brownies before, but had previously used marijuana. Then, he asked the score of the Red Wings game on television that night, explaining, "I just want to make sure this isn't some type of, like, hallucination that I'm having."

When later questioned by police investigators, Sanchez said his wife took the marijuana out of his police vehicle while he was sleeping, and she told investigators she tricked him into eating a pot-laced brownie. "Cpl. Sanchez was insistent that he would never ingest marijuana or any narcotics intentionally," an investigator wrote.

But in a subsequent interview, Sanchez acknowledged he fetched the marijuana from his car, put it in the brownie batter, and ate the brownies.Sanchez also said he took the marijuana "off the street from unknown persons," investigators wrote. "I questioned him in detail about how many times and what types of narcotics he seized without arrest," the report said. "He was adamant that he only seized marijuana, and it was on a few occasions. Cpl. Sanchez stated that it had been over a year since he seized this marijuana and that the marijuana was taken to train his K-9," or drug-sniffing dog.

Wayne State University criminal law professor David A. Moran said Sanchez's behavior was problematic -- as was the Police Department's decision not to charge him. "An officer has a duty to enforce the law and if an officer finds someone in possession of illegal narcotics, he has a duty to seize the narcotics, arrest the persons ... and properly dispose of the contraband if no charges end up being filed," Moran said.Moran said it is a criminal offense in Michigan for officers to fail to perform their duties. "It is not as unusual as it should be for the police to look the other way when an officer commits an infraction, but this is a lot worse than the average police officer speeding a little bit," Moran said.

Contact JENNIFER DIXON at 313-223-4410 or jbdixon@freepress.com.
Retrieved May 10, 2007 from http://www.freep.com/apps/pbcs.dll/article?AID=/20070510/NEWS02/705100450/1004&template=printart

Posted by Dr. Kardasz at 08:22 PM | Permalink

Link to the National Vulnerability Database - Sponsored by the Department of Homeland Security

http://nvd.nist.gov/

Posted by Dr. Kardasz at 12:33 AM | Permalink

Link to a nice article by Gary Miliefsky about detecting system vulnerabilities.
http://www.cio.com/article/107158/How_to_Detect_Security_Vulnerabilities_in_Your_Systems

Posted by Dr. Kardasz at 11:36 PM | Permalink

The blogspot -

http://gonzosgarage.blogspot.com/2007/05/federal-information-systems-information.html

has a nice listing of guidebooks and handbooks from several federal agenics that might be useful to those who have an interest in the certification and accreditation process for federal information systems.

Posted by Dr. Kardasz at 08:47 PM | Permalink

05/03/07 in issue 0618 of the HooK.

By Courteney Stuart. STUART@READTHEHOOK.COM

Former Albemarle girl's soccer coach Raja Charles Jabbour, a Lebanese citizen, was sentenced to nine years in prison for soliciting sex with a minor online and for possessing hundreds of sexually explicit images of children, some involving bestiality.

Charlottesville has lots of history, lots of restaurants, and, it seems, lots of something else you won't find in any travel brochures: pedophiles. As many as 1,800 of them, according to an ongoing investigation conducted by a statewide task force run out of the Bedford County sheriff's office.

Investigators for the group, the Southern Virginia Internet Crimes Against Children task force, say that in the past two years they've tracked 1,800 separate Charlottesville-area IP addresses-- the number that links an Internet user to a physical location-- where people are downloading child pornography from various online sites.

The number isn't so surprising when combined with other data that's been released in past years-- in particular that one of every five children who use the Internet will be solicited for sex.

Critics of that research point out that some of those "solicitations" come from other teens, not from grizzled predators, but one local law enforcement officer says even taking that into account, following a visit to the Bedford ICAC, his "eyes have been opened" to the extent of the problem.

 "I think that abuse of the Internet is much more serious than the average person realizes," says Charlottesville Police Captain Chip Harding, who likens the online child porn problem to the drug problem in the late 1970s and '80s when law enforcement officials hadn't realized how ubiquitous drugs had become. (Harding was the city's first full-time officer dedicated to fighting drugs in the early 1980s; now there are a dozen officers assigned to the Jefferson Area Drug Enforcement task force.) Harding says he knows of several families in Charlottesville who have had children actually go to meet adults they've met online. To his knowledge, none of those local children have been victimized, but other children have not been so lucky.

In 2002, Christina Long, a 13-year-old Catholic school student in Connecticut, went to meet Saul Dos Reis, a 25-year-old man she'd met and had been having sexual chats with online. Her strangled body was found in a ravine in Greenwich, Connecticut, and Dos Reis was sentenced to 25 years in prison for his role in her death. That case sparked a national debate over how best to protect children from such online danger.

For the past several years, the televised newsmagazine Dateline NBC has aired a popular episode called "To Catch A Predator." Dateline sets up bait-- an adult posing as a young teen who agrees to meet with the men-- and in each episode, dozens of men arrive for the liaison, most bringing alcohol, some unzipping their pants before realizing they've been caught.

Stopping predators before they act is the goal, says Harding, who says a lack of police manpower makes that difficult. He says Charlottesville's police force is understaffed, which puts officers in the position of having to respond to typical crimes but unable to be proactive about emerging problems. The strain on local departments is why, in 1998, the federal government began offering grants to fund ICACs like the one in Bedford, one of the first 10 such forces in the nation.

Lieutenant Mike Harmony with the Bedford sheriff's office works full time for the ICAC and says tracking pedophiles online is a full-time job and then some. "I have probably the ultimate job security," he says. "If the Commonwealth gave us unlimited manpower and resources, we still could not investigate every lead that comes in."

In the month between January 1 and February 1, 2007, Harmony says, he tracked 143 leads coming from Charlottesville area IP addresses. He declines to publicize the exact method of investigation, but says, "We're not like Big Brother" monitoring everyone's computer. His force backtracks from known sites containing child porn, investigating anyone who downloads images or videos from those sites. "Anybody in the world could do the same thing," he says. "It's just we receive expert training on a proper sequence of events for a successful prosecution."

Harding says he hopes that Charlottesville and Albemarle will receive funding in the near future for their own ICAC, which would allow several officers to work full time to catch local predators. But in the meantime, Harmony hopes there will be fewer left for local enforcement to catch. "As the investigative leads come to fruition in the Charlottesville area," he says, "there could be multiple arrests." Harmony says when that happens, the arrests will likely come as a shock to people who know the perpetrators. "The stereotypical idea of what a sexual predator looks like and acts like is a myth," he says. "Just look at people around you and realize one of them could be a sexual predator. You'd never know until they're caught.

Retrieved May 3, 2007 from http://www.readthehook.com/stories/2007/05/03/news-sexualpredators-b.rtf.aspx

Posted by Dr. Kardasz at 06:06 PM | Permalink

Dr. Kardasz - Here is a link to a useful site that discusses the various process that run in the background on a Windows operating system. If you press Ctrl-Alt-delete then Task Manager then Processes you will see a list of programs running on your system. The site below will help to identify what each program does and will also help identify problematic programs.

http://www.liutilities.com/products/wintaskspro/processlibrary/

 

Posted by Dr. Kardasz at 04:11 PM | Permalink

CQ Today. 05/02/07

The House Judiciary Committee approved a bill today that would make it a crime to install malicious “spyware” software on someone’s computer. The bill (HR 1525) — approved by voice vote with little discussion — is targeted at software that aids in fraudulent activities, damages a computer or alters its security settings. Bill sponsor Robert W. Goodlatte, R-Va., said the legislation would punish computer criminals without overregulating industry or stifling innovation. Zoe Lofgren, D-Calif., is the lead sponsor. The measure is almost identical to those that passed the House overwhelmingly in the past two Congresses but did not see action in the Senate, Goodlatte said. Some, particularly online advertisers, say portions of the bill could prohibit legitimate information-gathering, such as the use of “cookies.” Cookies are used to track user preferences or other information that needs to be saved, such as items in an electronic shopping cart. According to the National CyberSecurity Alliance, about 90 percent of Americans have some sort of spyware on their computers. Lofgren has said attempts to block or remove spyware cost the economy $2.6 billion annually. Spyware programs, which are usually installed from the Internet, surreptitiously access a computer’s hard drive to collect personal data for third parties.

Source: CQ Today Midday Update. Political Clippings compiled from BNN Frontrunner and CQ Politics.com.
© 2007 Congressional Quarterly Inc. All Rights Reserved.

Retrieved May 3, 2007 from http://public.cq.com/docs/cqm/cqmidday110-000002502785.html

Posted by Dr. Kardasz at 03:47 PM | Permalink

By Maria Cramer. The Boston Globe Staff. 05/30/06

She was lonely and looking for someone to talk to. He was the kind voice on the other end of the line who said he wanted to be her friend. But when they met at his house in New Hampshire after weeks of phone conversations, he raped her.

She was 13. He was Philip Longeway , 32, a convicted sex offender from Manchester. Now, two years after their meeting, authorities are warning parents and teens about phone chat lines that put people such as Longeway in touch with victims like the young Boston girl.

Police have long been aware of the perils of online chat rooms. But recently, the Suffolk district attorney's office has taken a hard look at phone chat lines after 15 girls, ages 12 to 16, came forward over the last two years, saying they were raped or molested by older men they met through the phone lines. The service advertises a free, fun way to meet people, but officials fear that phone chat lines also provide a way for pedophiles and sexual predators to find victims.

Assistant district attorneys have begun to address the chat lines in presentations to students at area schools. Educational brochures police hand out about Internet chat rooms will soon include warnings about phone lines. Suffolk District Attorney Daniel F. Conley said his office is also investigating half a dozen other cases of sexual assaults that followed meetings over the phone.

``Many parents don't know [phone chat lines] exist, let alone that they're dangerous," he said.
Longeway, now about 34, pleaded guilty in December to charges of indecent assault and battery on a child under 14 and traveling with the intent to engage in illicit sexual conduct with a minor. He was sentenced to 17 1/2 years in state prison.

His victim, who is almost 15, is seeing a therapist. Her mother jumps every time she hears the phone ring. ``At one point, she had numbers in her bedroom from all kinds of guys," said the girl's mother. ``One of them was a teacher from Rhode Island. Another was an EMT from Connecticut. It's amazing. . . . It's disgusting."

The family's name is being withheld because the Globe does not reveal the identity of sexual assault victims without their consent.

Representatives from Ripple Communications , a Nevada-based company that runs chat lines, have cooperated with Suffolk prosecutors trying to track down predators, according to Conley's office.
A spokeswoman for the company said today that Ripple Communications cooperates with authorities in these kinds of investigations.

Officials from Middlesex and Essex counties and the Cape and Islands said they had not received reports of predators finding sexual assault victims on chat lines. But the increase of such cases around Boston is not surprising, said Gina Scaramella, executive director of the Boston Area Rape Crisis Center.``People can use any method of gaining trust to make someone feel like they're safe with them," she said. ``A voice is a really compelling way to do that."

For the youths who use the chat lines, the appeal is obvious, said RaShaun Nalls , a youth worker at Project RIGHT, a community organization located in the Grove Hall section of Dorchester.
``If your self-esteem is low, it's easier to flirt on the phone," said Nalls, who over the years has counseled girls who said they were assaulted by older men they met on chat lines.
``They're not seeing the risks that are associated with it," he said.

Teens also like the chat lines because they are private. Many youths now have cell phones, so they can call from any location without worrying that their parents will catch them, Conley said. And the service is usually free, so parents are less likely to pay attention to the phone numbers on their bills.

Those advantages also benefit the predator, who uses the phone to gain the child's trust, Conley said. ``Then eventually, this guy suggests that he loves the young child, that he wants to be a confidant and loving friend," he said.

While most chat lines caution callers that they must be at least 18 years of age to use the service, no caller is screened, and the company is not liable for what happens to people if they meet in person.

The Boston girl joined the chat line in the summer of 2004. She created a personal voice mail, describing herself as a petite, young girl with dark hair. Immediately, her message box was flooded with voice mails from men requesting phone sex. She ignored them.
But then Longeway called. He described himself as a bored guy looking to meet someone friendly. He even sounded a little pitiful.

``I think I felt bad for him," the teenager said. When a police officer found them together in October 2004, as the pair was driving around Dorchester, the teenager said she was only worried she would get in trouble with her mother.

After months of therapy, she said she is finally realizing she was a victim and she has advice for any youngster tempted to call the chat line. ``Don't even do it," she said.

Matt Carroll of the Globe staff contributed to this report. Maria Cramer can be reached at mcramer@globe.com.© Copyright 2006 Globe Newspaper Company.

Posted by Dr. Kardasz at 07:16 PM | Permalink

05/01/07. By Gabrielle Banks, Pittsburgh Post-Gazette

Jeffrey Habay will soon serve jail time for violating an ethics law he backed as a state legislator. "He was hoisted by his own petard," said Common Pleas Judge Lester G. Nauhaus, who sentenced the Shaler Republican yesterday to four to eight months behind bars, followed by 14 months' house arrest and two years' probation.

After prosecutors declined to plea bargain, Mr. Habay signed a waiver pleading no contest to 21 criminal counts, including threatening witnesses and forcing several legislative staffers to spend government time digging up dirt on his political rivals.

He will lose his government benefits and pension for counts of theft of services, said Assistant District Attorney Lawrence N. Claus. In pleading no contest, Mr. Habay, 40, acknowledged that the Allegheny County district attorney had overwhelming evidence of criminal misconduct.

Mr. Claus gave a lengthy recitation of the facts and evidence he would have presented at trial. The judge then reviewed the penalties and fines for violating the laws the former legislator was charged with breaking. "I think one or two of these statutes were passed by Mr. Habay," the judge said. "He broke the laws and he passed the laws, so the question becomes, what do I do with Mr. Habay?"

In fact, the six-term lawmaker voted to amend the State Ethics Act with regard to conflict of interest in 1998, prosecutors said. Then, in 2004, Mr. Habay requested that three of his staffers do campaign work and opposition research on government time, all felony counts in violation of the ethics act he supported.

The criminal behavior began in January 2004, after several political foes, including father and son Raymond and Robert Anderson, filed a civil suit against Mr. Habay in Harrisburg, requesting a review of his expenditures.
He began harassing and attempting to retaliate against the Andersons, and also pressured Robert's brother Daniel Anderson to withdraw the civil case. He asked his staff members to "act as a hit squad" looking for inflammatory material on the plaintiffs which he might use to threaten them to back down, Mr. Claus said.

In May 2004, another foe, George Radich, mailed Mr. Habay a self-adhesive envelope containing notice of a civil action against the legislator. Mr. Habay triggered a costly federal investigation when he notified police that this envelope contained a mysterious white powder that may have been anthrax.

It turned out to be Arm & Hammer baking soda, according to lab tests done by investigators. Postal workers said it would have been impossible for the letter to pass through processing with the quantity of powder in the envelope that Shaler police recovered when they responded to his home. Mr. Habay was convicted of filing false reports to police and lying about the white powder that he feared might be anthrax, considered by law to be a weapon of mass destruction.

After an ethics investigation began into Mr. Habay's dealings in May 2004, he continued to ask three staff members to work on government time, scouring government files for information that could be harmful to the men suing him. In December 2005, a Common Pleas jury convicted Mr. Habay of an ethics violation in a case brought by the state attorney general. Judge Jeffrey A. Manning sentenced Mr. Habay to six to 12 months in jail and four years' probation in that case.

However, the second case, brought by the county district attorney, addressed the bulk of Mr. Habay's alleged criminal behavior. Mr. Habay was subdued as he listened to the recitation of facts in court yesterday.

Judge Nauhaus said he was "fascinated on many levels with the case," calling himself "a cynic when it comes to politics." "I lived through Richard Nixon," he said. "Mr. Habay, what should I do with you? I'm sure if the positions were reversed, I'd be going to jail."

In a rare lighthearted moment for the beleaguered defendant, Mr. Habay flashed a grin and said, "Your honor, I've been there. I don't think you'd want to be there." Defense attorney Patrick Thomassey said he thought Judge Nauhaus' ruling was appropriate. "Politics is a dirty business. Things like this occur," said Mr. Thomassey, who also represents Democratic City Councilwoman Twanda Carlisle in a separate matter, on criminal charges of inappropriate use of government resources.

Mr. Habay owes U.S. postal investigators $8,650.84 restitution for resources expended investigating the anthrax claim. The judge also approved another $2,052.28 restitution to the state, money that will be withdrawn from Mr. Habay's pension fund.

(Gabrielle Banks can be reached at gbanks@post-gazette.com or 412-263-1370. )

Retrieved May 2, 2007 from http://www.post-gazette.com/pg/pp/07121/782409.stm

Posted by Dr. Kardasz at 02:51 PM | Permalink

Dr. Kardasz - The following link goes to an 87 page PDF entitled: Glossary of Key Information Security Terms. The document was produced by the National Institute of Standards and Technology. (April 25, 2006). Richard Kissel, editor.

http://csrc.nist.gov/publications/nistir/NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf

Posted by Dr. Kardasz at 10:31 PM | Permalink

Dr. Kardasz - The story below from the Smoking Gun website describes a computer-repair company that removed a damaged hard drive from a customers computer and then sold the hard drive to another customer. The problem was that the hard drive still contained valuable personal information from the first owner.

http://www.thesmokinggun.com/archive/years/2007/0501071bowen1.html?link=rssfeed

 

Posted by Dr. Kardasz at 09:12 PM | Permalink

Dr. Kardasz - Here is a link to a useful document by the Carnegie Mellon University Cylab titled: Common Sense Guide to Prevention & Detection of Insider Threats. (July 2006). 2nd edition. Version 2.1. The authors are Cappelli D., Moore A., Shimeall T.J., and Trzeciak R.

http://www.cert.org/archive/pdf/CommonSenseInsiderThreatsV2.1-1-070118.pdf

 

Posted by Dr. Kardasz at 08:58 PM | Permalink

Dr. Kardasz - The following story demonstrates the conflict between a student's alleged inquisitive exploration of a subject and the system administator's need to protect infrastructure.

Student suspended for bypassing network security

By Cole Vonder Haar. From The Beacon.net. 04/05/07

The University of Portland handed a one-year suspension to engineering major and Air Force ROTC member Michael Maass after he wrote a computer program designed to replace and improve Cisco Clean Access (CCA).

Maass noticed flaws in CCA that would allow it to be bypassed in "antivirus and operating system check." Essentially, a program could be written that fooled CCA into thinking it was receiving correct information identifying a computer's operating system and antivirus as current and up to date.

According to Information Services Director Bryon Fessler, a fundamental purpose of CCA is that it "evaluates whether computers are compliant with security policies (i.e., specific antivirus software, operating system updates, patches, etc.)."

In the design of his computer program, Maass looked at the functions CCA provides and identified vulnerabilities where it could be bypassed. He wrote a program that emulated the same functions as CCA and eliminated some security issues. He says that the method he chose is "one of six that I came up with." Maass says his intent was not malicious. Rather, the sophomore says he was examining vulnerabilities so that they could be fixed. "I was planning on going to Cisco with the vulnerability this summer," Maass says. Maass' program was in use for approximately seven months before the University froze his UP account.

Additionally, he gave the program to several friends and one professor. As a result, they suffered judicial consequences including having their account frozen, residence hall probation, writing a 3-4 page reflection paper and having their computers inspected by IS to get network access back, according to Maass. Many of these students declined an interview with The Beacon for fear of more sanctions from the University.

"They (University judicial officials) said they would most likely get in contact with the people (who has Maass's program) and ask them to delete the software," Maass said. "They weren't definitive, but I can tell you I was surprised (when the University punished them), and I thought it was hurtful." Residence Hall probation is "a serious warning. Any further misconduct for any reason may result in removal from the residential system," according to this year's student handbook.

Maass believes his computer program finally came to the attention of the Judicial Board because of a facebook.com group he created in order to publicize the security research he was doing. "There was nothing in [the policies] that stood out to me that I would be in violation of," Maass said of his thinking at the time he authored the program. Maass was charged with "violations of the Acceptable Use Policy, the Network Security Policy, disrespect for authority, disrespect for property, disorderly conduct and fraud," according to a letter he received from the University Judicial Board.

Originally Maass was suspended for the rest of this academic year and the fall 2007 semester. He would be eligible to reapply for the fall 2009 semester after going through counseling for "internal integrity, ethics and identity issues." But following an appeal process in which he was supported by many friends and faculty, the University ruled that Maass will be allowed to finish out the rest of this semester, but will be suspended through next semester

Natalie Shank, University Judicial Coordinator, was unavailable to make any comment concerning the case, and John Goldrick, vice president of student services, declined to interview due to legal confidentiality. Some students think the University was too harsh. "In this case, nobody was hurt; there is no concrete evidence of any kind that University policy was broken, and there was no state or federal regulation that was broken," said one of a handful of students sanctioned by the University for having and running the program on their computers. The student asked that his name not be revealed.

Some members of the School of Engineering faculty also wrote letters on behalf of Maass to persuade UP not to act too harshly in sentencing.Other UP groups have spoken out about Maass's case as well.

One facebook.com group - I'm Never Giving UP One Cent - has added a situation to with details similar to the Maass case to their list of grievances, making it number two on their list. Junior Robert Vandermeulen believes Maass's actions did not warrant his punishment. "No one was damaged, really. Nothing bad happened," Vandermeulen said.

The judicial actions taken against Maass could impact his college career in multiple ways. "This (suspension) puts my (ROTC) scholarship in jeopardy � I'll owe anything the Air Force has ever given me," Maass said.

Vandermeulen, an electrical engineering major, said Maass's actions shouldn't be that big of a deal because he was merely testing out something he had learned in class. "We have classes where they teach you how to do that kind of stuff," Vandermeulen said. Moreover, Vandermeulen said, many people are frustrated with CCA. CCA has sometimes taken up to 20 minutes to load on Vandermeulen's computer, he said. "I hear so many complaints (that) I'm not surprised that someone would go ahead and try to write something that would completely bypass it," he added.

Although this case raises questions about the effectiveness of CCA, Bryon Fessler assures, "The?network security appliances and applications utilized by Information Services are updated and audited on a regular basis."

Maass hopes that some good will come out of his case. He does not know if the incident will change UP's security, but he would at least like to warn students that there are many policies at UP and "people need to find these and read them." "A lot of these policies are written to be very vague and flexible so that they can be � [used] in whatever situation they (the University) need to use them in," he says.

Goldrick declined to comment on issues concerning policies. Student policies can be found in handbooks available in the Office of Residence Life, the Office of Student Activities, and Information Services.

Caitlin Moran contributed to this report.

Retrieved May 1, 2007 from http://media.www.the-beacon.net/media/storage/paper1193/news/2007/04/05/News/Student.Suspended.For.Bypassing.Network.Security-2826021.shtml

Posted by Dr. Kardasz at 06:00 PM | Permalink

Dr. Kardasz - It is questionable tabloid-policing when cybervigilantes are used to conduct undercover police operations. The latest publicity-stunt incarnation of a cyber-sting operation used celebrity-cybervigilante Miss America to chat on-line for the titillated audience of Fox Televisions Americas Most Wanted. The Associated Press report below indicates that Miss America will not assist the prosecution by testifying in the cases that she helped developed. This is another example of a situation where a private citizen should not have been used to conduct police operations.

For more information on this subject see: http://www.kardasz.org/Cybervigilantes.html

-------------------------------------------------------------------------------------- 

Sex stings imperiled by Miss America

Tue May 1, 7:50 AM ET, From The Associated Press

An undercover sex sting that used Miss America as bait may be in trouble after the beauty queen told prosecutors that she does not plan to testify against the men she helped arrest.

Lauren Nelson, 20, of Lawton, Okla., worked with police in Suffolk County to target would-be Internet sexual predators, taped for an episode of the TV show "America's Most Wanted."

She posed as a teenager and lured men into chatting online and meeting her at a home, where police and crews were waiting. Eleven men were arrested in the sting.

But one or all of the cases against the men could be in jeopardy after Nelson told prosecutors she did not plan on returning to Long Island to testify, said Suffolk District Attorney Thomas Spota in Newsday's Tuesday edition.

"Her agents have told us that she's not coming back to testify," Spota said. The Miss America Organization did not return calls for comment Monday from a Newsday reporter.

Given that Nelson actually spoke with at least one of the men arrested during the operation, Spota said he had instructed prosecutors not to present any more cases to the grand jury until they can "determine her involvement." One case already presented may falter, he said.

Attorney Michael Brown, who represents one of the 11 men swept up in the sting, said he had the right to cross-examine the beauty queen if she contends that she spoke with his client.

"You've now made Miss America a witness," he said.

2007 The Associated Press.

Retrieved May 1, 2007 from http://news.yahoo.com/s/ap/20070501/ap_on_re_us/undercover_beauty&printer=1;_ylt=AuLJb4eJ6aZy6sdqMMze0RpH2ocA

Posted by Dr. Kardasz at 05:12 PM | Permalink