STE WILLIAMS

Thales will combine its digital assets with Gemalto’s as part of a new Global Business Unit.

Aerospace and defense firm Thales Group has agreed to buy chipmaker and digital security firm Gemalto in an all-cash transaction costing €51 per share, the companies announced Dec. 17. The bid value represents a total of 5.6 billion euro (6.6 billion USD), Thales reports.

Thales’ acquisition comes after three years of investing over €1B in digital tech, including cybersecurity, analytics, and artificial intelligence. It had previously acquired German software firm Sysgo, data security company Vormetric, and analytics/AI business Guavus.

Gemalto’s 15,000 employees will join Thales as part of the deal. Thales will combine its digital businesses into Gemalto, which will continue to run under its own name as one of Thales’ seven global business units. Gemalto CEO Philippe Vallée will manage the new Global Business Unit. Thales also plans to leverage Gemalto’s security tech to provide enterprise and government clients with data security.

Research and development will be the focus of the combined digital security business. Thales reports the combined group will have more than 28,000 engineers and 3,000 researchers, and invest more than €1B in self-funded RD.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/analytics/thales-acquires-gemalto-integrates-digital-business/d/d-id/1330733?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Romanian police last month arrested Mihai Isvanca, and Eveline Cismaru for allegedly breaking into 123 computers controlling surveillance cameras at DC’s police department in 2017.

Two Romanian nationals who were arrested recently for allegedly breaking into computers controlling police surveillance cameras in Washington, DC just ahead of President Trump’s inauguration last year appear to have left a trail of evidence that led authorities directly to them.

Romanian police last month arrested Mihai Isvanca, 25 and Eveline Cismaru, 28 at Bucharest’s Otopeni airport apparently as the pair was about to leave the country. They are currently waiting to be extradited to the US on wire fraud and other computer crime-related charges. Isvanca and Cismaru face up to 20 years in federal prison if convicted on all counts.

Documents related to their arrest released last week describe the pair as breaking into 123 computers associated with surveillance cameras used by DC’s Metropolitan Police Department (MPD) and using the compromised systems to distribute ransomware.

The intrusions occurred sometime between January 9 and January 12, 2017. It resulted in several critical police surveillance cameras becoming disabled just prior to Trump’s inauguration. The incident triggered the highest priority response by US law enforcement because of its potential impact on security plans for the event.

An affidavit in support of the criminal compliant against Isvanca and Cismaru shows that the MPD called in the US Secret Service to investigate the break-in on January 12, 2017. Secret Service agents from the Washington Field Office discovered that 123 of the MPDs 187 outdoor surveillance cameras had been illegally accessed and were being used to distribute spam emails containing the Cerber and Dharma ransomware samples. One of the infected systems contained a text file with over 179,600 email addresses belonging to targets of the ransomware scheme.

Somewhat curiously considering their choice of target, Isvanca and Cismaru did not appear to have been particularly careful about concealing their tracks. A forensic analysis of three of the MPD’s infected computers yielded a lot of information on the identity of the alleged perpetrators and their direct involvement in the malicious activity.

One of the infected devices showed that the attackers had accessed multiple fraudulently established email accounts while the computer was under their control. The email accounts were used to share IP addresses, usernames, passwords, and other details on the compromised surveillance camera computers. They were also used to download ransomware samples on the compromised MPD systems and to send and receive thousands of stolen credit card numbers.

Investigators were able to link at least two of the email addresses directly to Isvanca and Cismaru. Google records, for instance, showed that both Isvanca and Cismaru had used their actual Gmail address as recovery email addresses for some of the accounts associated with the malicious activity. Investigators also discovered that the IP addresses from which the malicious email accounts were established belonged separately to Isvanca and Cismaru.

Other evidence showed that the file containing the over 179,600, target email addresses for the ransomware campaign had been downloaded to the MPD computer directly from Cismaru’s system. Numerous, barely concealed email exchanges also showed the two had collaborated on the plot.

The arrests of Cismaru and Isvanca follow the detainment of two other individuals—a British man and Swedish woman—in London last year for the attacks on the MPD computers. However, the affidavit released last week shows that the two individuals were not connected to the attack. They were detained based on information pertaining to a tracking number for Hermes, a European packing shipping company that was found on one of the hacked computers. 

Investigation of the tracking number showed it to be associated with a delivery address in London belonging to the two individuals who were detained. But a forensic analysis of computers seized from their residence showed them to have no link to the MPD attack. Instead, the tracking number was associated with a purchase the two individuals had made through Amazon from a company that was registered in Cismaru’s name.

Related Content:

• Ransomware Attack On CCTV Cameras In Washington DC Ahead Of Trump Inauguration
• Two Arrested For CCTV Camera Hack On Washington, DC
• Guccifer Sent Back To Romanian Prison
• 10 Social Engineering Attacks Your End Users Need to Know About

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/hackers-who-disabled-police-cameras-prior-to-trump-inauguration-left-trail-of-clues/d/d-id/1330735?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Nigel Lang says his life was ruined by a typo.

Wrongly arrested in 2011 by South Yorkshire Police, in the UK, for allegedly sharing images of child abuse, the police refused to tell him how the error had been made. Lang spent 6 years fighting to find out how he’d been erroneously pushed into a nightmare. Police said too much time had passed to figure it out, but after Lang hired a solicitor, they managed to cough up the truth.

The truth being that a mistyped IP address had been traced to his partner. It was off by one digit. Lang filed a complaint of racism and sexism – he’s a black man, and his partner’s a white woman – but the complaint was dismissed.

As of March 2017, Lang was unemployed, frightened to return to his work as a drug recovery worker with troubled youth lest they accuse him of sexual advances, and said he was suffering from mental health problems. When this all went down, he left his children, moved in with his mother, and feared that any of them might be attacked by vigilantes.

Unfortunately, his is not a one-off horror story.

Police have been increasingly making errors in IP address resolution, according to a letter presented by the Interception of Communications Commissioner (IOCCO), Sir Stanley Burnton, to accompany his annual report to the prime minister.

Burton explains that while “errors and more general problems form a very small percentage of the total activity I inspect”, he is “concerned by the increasing number of errors that occur when public authorities try to resolve IP addresses” and that errors are “far more common than is acceptable”.

The errors mainly stem from manual entry of details into software that helps police work out the location at which a specific IP (internet protocol) address has been used. As it is, communication service providers (CSPs) can easily reassign IP addresses, for good reasons, Burnton explained, such as…

• Many CSPs have more customers than IP addresses, so they only assign IP addresses to active customers (those online). When you log off, the IP address you were using is reassigned to somebody else.
• When you log back in, you may well be assigned a different IP address.
• Security reasons: changing your IP address makes it harder for cybercrooks to find you.
• More recently, CSPs have been routing multiple users through the same IP address: a practice that saves on the number of IP addresses used but makes it hard to know which of those users is responsible for any activity coming through that address.

It all means that tracing an IP address to a specific location is increasingly tough. To do so, you need a specific time when the online activity occurred. But here, too, data entry gums things up because there are differing ways to record date stamps: 1am on the first of January 2017 could be represented as: 201701010100; 1.00 1-Jan-17; or 0100 1 January 2017. In addition, not all of these systems record the time zone, Burton explains.

The impact of these errors has in some cases been enormous, he says, citing Nigel Lang for “having had the courage to highlight this issue in the media.”

People have been arrested for crimes relating to child sexual exploitation. Their children have been taken into care, and they have had to tell their employers.

One of the errors outlined in Burnton’s report is that of an incorrect day and month being typed into an IP resolution request. It happened during an investigation into the blackmailing of children into performing sexual acts over social media. The consequence was a raid on the home of innocent people, forensic searches on their devices, interviews with four people, and the removal of children from their parents for a weekend.

It’s not just typos that result in errors tracing an IP number back to a residential address, though they’re the most common cause. Out of 29 cases classified as serious errors in 2016, 20 resulted from human error, seven were system/workflow errors, and two resulted when communications data was obtained without lawful authority.

Burnton noted that there’s a reason why such serious errors are “relatively more common” in relation to child sexual exploitation cases than other crimes – with the welfare of children at stake, police err on the side of getting children out of harm’s way quickly:

Public Authorities are understandably unwilling to take the risk of exposing children to paedophiles. As a result, where an IP address resolution shows a property at which children are living, some of the usual investigative work, which would corroborate the resolution but takes time, is not always done before executive action is taken.

He suggests that mindsets need to change: we just can’t assume that “technical intelligence” such as IP address resolution is infallible.

The commissioner made these recommendations in his earlier, July 2015 half-yearly report:

• Make it easier for applicants to be able to electronically transfer (i.e. copy/paste) communications addresses and timestamps into their applications.
• Resolve more than one IP address relating to the same activity and compare results.
• Make it easier for those processing applications to check the source information on which an application is based.
• Those receiving from CSPs the results of a resolution should double-check all disclosures against the original requirements prior to taking action.
• Investigators should undertake further research and intelligence checks to try to corroborate the result before executing warrants.

Since that report came out, his inspectors have heeded his recommendations, particularly with regards to working with staff who regularly resolve IP addresses using time stamps.

Errors are still occurring, though, and unfortunately, that means that there will likely be more stories like that of Mr. Lang:

Ultimately, there remains every likelihood that more innocent people will suffer a catastrophic event similar to Mr Lang’s experience.

Follow @LisaVaas
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/RHzYEhyIxN0/

“You are the password,” is the catchy marketing slogan Microsoft used to launch its Windows 10 Hello face authentication system in 2015.

Except, according to researchers at German company SySS, a more accurate description might be: “you are the password – and so is a photograph of you.”

As incredible as it sounds, the team found it could bypass Hello on multiple versions of Windows 10 simply be presenting a printed infrared (IR) photo of the system’s owner.

In the proof-of-concept demo, this was printed at 340 x 340 on a colour laser printer after adjusting the brightness and contrast, and simply held up to a Dell Latitude with a LilBit USB near-IR camera connected to it.

That’s the simple part of this vulnerability because the degree to which a specific Window PC is susceptible will depend on an interaction of three variables:

1. The version of Windows 10 being used
2. If Hello’s enhanced anti-spoofing is turned on
3. whether the IR camera supports enhanced anti-spoofing

The researchers also had to tweak the image, using colour or a higher resolution depending on the configuration they tried it against.

The attack reportedly works against all versions of Windows that don’t have Hello’s enhanced anti-spoofing technology turned on (turning this on, which must be done manually, only works if the IR camera supports it.)

In other words, spoof-proofing your PC against photographs means using the most recent version of Windows 10 (1709 or at least 1703 from April), having a PC or camera whose hardware supports enhanced anti-spoofing, and making sure this is enabled and has been reset after its most recent upgrade.

One system that meets those requirements is Microsoft’s own Surface Pro 4 laptop… as long as it’s running the Windows 10 Fall Creators Update (1709) and the user has re-enrolled on Windows Hello.

A bit more detail can be found in the advisory although how the end user works out whether their camera is compatible with enhanced anti-spoofing isn’t clear because SySS didn’t test them all.

In truth, the vulnerability here is probably small under real-world conditions because it still requires a frontal shot of the computer user’s face. What it serves as is a useful reminder not to take a biometric security system’s claims as read.

At least Microsoft isn’t the only big name struggling with the whys and wherefores of facial authentication, as Apple found out in November when another pen-testing company managed to fool the iPhone X’s Face ID with a painted mask.

I expect that facial biometrics will one day be a very secure and reliable way to authenticate yourself. Right now it seems that mainstream deployments like Hello and Face ID are driving increased scrutiny and software companies are still ironing out the kinks and discovering edge cases.

If your face really is your password then, like any password, it’s better as one part of a two-factor authentication.

Follow @NakedSecurity
Follow @JohnEDunn

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/czhcivy4D3Q/

Roundup British drone users will have to take a multiple-guess quiz before using their Christmas toys this year, while drone users appear to have, once again, got around pre-eminent drone maker DJI’s software-based flight restrictions.

These developments and others occurred over the busy Christmas and New Year period, being lost in the seasonal mountains of turkey and lakes of Baileys.

DJI’s multiple-guess Knowledge Quiz will be imposed on all UK drone operators. If you don’t get all of the eight questions right, fear not: you can “continue answering new questions until [you] successfully pass the DJI Knowledge Quiz”, according to a company statement.

The Civil Aviation Authority’s Tim Johnson, a policy director, chipped in to say: “We welcome any initiative that reinforces the importance of safe and responsible drone use.”

Last year the British government announced that it is Doing Something™ about the perceived threat of drones in the hands of amateurs. This amounts to mandatory registration and safety tests – in effect, licensing. It appears that DJI is hoping its multiple-guess quiz will be incorporated as the testing element of the British licensing scheme, which would put it at even more of a commercial advantage against its rivals.

GPL code, you say?

Meanwhile, security researcher Jon Sawyer has published a root exploit for DJI drones called DUMLRacer. It would appear to allow the technically competent dronie to completely ignore DJI’s height and location restrictions, which form a large part of its please-don’t-regulate-us-out-of-existence offering to governments around the world.

In his tweet announcing the release, Sawyer said: “Dear DJI, next time I ask for some GPL source code, maybe don’t tell me no.”

At the heart of DJI’s software is GNU General Public Licensed (open source) code. While the firm does publish some of its source code, as previously reported, the company is not exactly clear about what elements of its drones’ firmware are based on GPL-licensed code. The GPL contains a provision stating that anyone can modify GPL-licensed code provided that the source of any publicly available modded version is also made public, as the GPL FAQ makes clear. Sawyer suggested on Twitter that DJI had dragged its heels in responding to him:

it runs linux kernel, and uboot, both gpl. I got a solid no, followed by a maybe, then a “Sure if you agree to these terms” then a “soon” then nothing

— Jon Sawyer (@jcase) January 1, 2018

We’ve asked DJI for comment.

Drone-zapping gizmo is safe for humans

Finally, over Christmas and New Year, Aussie drone firm Droneshield told the world that its Dronegun product (no prizes for guessing what that does) has been certified Down Under as being safe for human exposure.

The anti-drone gadget is a rifle-shaped portable jammer. The Mark II Dronegun will possibly disrupt drone operations by jamming command, control and communication frequencies but it certainly won’t disrupt humans who get in its way, according to Australian certification house EMC Technologies (no relation to the big tech firm of similar name).

“The certification was obtained in response to the DroneGun product advancing through procurement processes with a number of major defence and other government agencies internationally,” said Droneshield in a statement. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/01/02/dji_multiple_guess_drone_quiz_uk/

Iranian authorities have blocked Instagram and other social media platforms in response to a wave of street protests across the country this week.

The clampdown has resulted in Tor users climbing from around 6k at the beginning of December to over 10,000 at the last count as citizens seek to circumvent the controls, according to official stats.

The Islamic Republic’s government has blocked Telegram and Instagram amid demonstrations, initially about economic conditions, in which at least 22 people have lost their lives.

In a possibly related development, a BGP routing protocol outage hit Iran yesterday (January 1).

Telegram’s “public channels” are an important source of news for many in Iran partly because competing services such as Twitter and Facebook have long since been blocked.

Iranian authorities have previously permitted Telegram because of the messaging service’s use of local (closed) content delivery networks, a technical decision that has attracted both concern and calls for greater transparency from human rights advocates.

Telegram has 25 million daily users in Iran, according to estimates cited by celeb whistleblower Edward Snowden.

Pavel Durov, Telegram’s founder, confirmed that Iran has “blocked access to Telegram for its citizens due to opposition activity in channels” clarifying that this was different from Telegram’s own decision to block a particular channel that was advocating violence against the Iranian police.

A presentation by tech expert and human rights activist Mahsa Alimardani at last week’s 34C3 conference on internet censorship in Iran and related topics can be found below. ®

Youtube Video

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/01/02/iran_net_censorship/

A scanner can identify a vulnerability, but only a deep understanding of cyber exposure will tell you about the seriousness of that risk. Here’s how and why.

There’s a strange paradox about business today. Technology, which has long been its most powerful enabler and accelerant, has emerged as business’s biggest, but largely invisible, threat.

I’m not talking about the latest apocalyptic fantasy about artificial intelligence, but rather the exploding by-product of business in the age of cloud computing and the Internet of Things (IoT): data. As IBM CEO Ginni Rometty recently declared, “Data is the world’s new natural resource. It’s the new basis of competitive advantage and it’s transforming every profession and industry.” Yet if all that is true, she argued, “then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

It’s a rational argument. Global cybercrime is predicted to cost $6 trillion annually by 2021, but it’s not as existentially scary as Rometty makes it seem. Because almost every function of business has been digitized, today’s cloud-powered companies are operating at incredible speed — and will only keep accelerating. What’s more, billions of new IoT-enabled devices are baked into just about every facet of industrial technology, from power grids and wind turbines to break-room snack machines — all slinging data around the clock. We have unprecedented levels of security risk thanks to a rapidly expanding attack surface that now faces virtually every company. No wonder it takes over six months today for most companies to even detect a data breach. And, as we’ve seen with the latest Uber breach, businesses may take months to a year to disclose a breach to the public even after it is detected.

What companies lack today is accurate, real-time visibility of the dynamic attack surface. Traditional security tools were built for long-gone fixtures such as client-server technology, on-premises data centers, and linear software development cycles. Modern IT thinks in terms of minutes when it comes to release cycles. (In just two years, according to a recent study by Cisco, the number of third-party cloud applications in business has grown by a factor of 10 and more than 25% were deemed to be high risk.)

Additionally, a worst-case mindset tends to cloud more pragmatic executive decision-making. Companies often fixate on macro events like nation-state attacks when they are far more likely to be breached by a random malware attack like WannaCry. Companies too often don’t take the simple measures to protect themselves as much as they should against the more likely threats.

How can executives shift into smarter, more holistic management of cyber-risk? It starts with focusing on the widening gap between threats and risks that are currently known (and thus under-represented) and true cyber exposure. Scanning the network for vulnerabilities or deploying multiple tools against the “threat of the week” is a one-size-fits-all approach that no longer aligns with reality. Mobile and IoT devices often operate under the radar for such security tools, as do public cloud resources, software-as-a-service applications, and industrial control systems.

In order for businesses to effectively manage their cyber exposure, here’s what I recommend:

• Determine, then focus on, your most critical needs. You can’t afford to protect or respond to everything equally. What is most important to your organization? The old CIA standard (confidentiality, integrity, and availability) is still a good rule of thumb.
• Double down on secure application design. The only way to make applications secure is to design them securely from the start. Careful attention needs to be given to the design process to ensure it takes everything into account on safety; it can’t be “sprinkled” on later using a Web app firewall.
• Hire for soft skills, not just technical aptitude. When it comes to security, most roles are cross-functional and require you to exert influence on other stakeholders. This is because the most vulnerable or exposed systems are often not ones you own. Soft skills are essential to build alignment and consensus with a persuasive argument.
• Get a better view of your external exposure. Points of connectivity and access between companies, partners, and customers get more complex every year. Getting a handle on the full extent of these exposures should be the foundation of understanding your true risks, and that requires benchmarking and establishing a strategic baseline.

Every aspect of business has risks that can be managed — and managed well. Cyber exposure is no different. Emerging technologies that provide a specific focus on a targeted piece of the attack surface (for example, operational technology or open source software), advanced security analytics, and enhanced, cross-functional operational workflow can help companies reduce their exposure and give business leaders greater confidence in managing risk based on quantitative and actionable measurements. A scanner can identify a vulnerability, but a true understanding of cyber exposure will analyze the seriousness of that risk, what might happen if you choose to accept it, and how severe the various possible outcomes of a breach might be.

Related Content:

• Why Network Visibility Is Critical To Removing Security Blind Spots
• Security Worries? Let Policies Automate the Right Thing
• Security Compliance: The Less You Spend the More You Pay

Renaud Deraison is chief technology officer of Tenable. Prior to co-founding Tenable, Renaud redefined the vulnerability management market by authoring Nessus, the world’s most widely deployed vulnerability scanner, with over one million downloads. Nessus has received … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/the-argument-for-risk-based-security/a/d-id/1330687?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The retailer found signs of unauthorized access and malware installed on point-of-sale devices during an investigation into last year’s data breach.

Forever 21’s investigation into a data breach first reported in November 2017 has revealed malware planted on the retailer’s point-of-sale systems (PoS) as well as encryption disabled on some of the devices.

The retailer, which had been using encryption on its payment system since 2015, received a report in mid-October indicating unauthorized access to payment card data at certain stores.

Following an investigation with payment technology and security firms, Forever 21 said in an update posted late last week that encryption technology on some point-of-sale (PoS) devices was not always on, and that it had found signs of unauthorized network access and malware installed on PoS devices to search for payment card data.

The malware searched for track data from payment cards as they were processed through the PoS system. In most cases this data was limited to card number, expiration date, and internal verification code. Occasionally, the cardholder name was also found.

Encryption had been disabled and malware installed on some devices at varying times in US stores from April 3, 2017 through November 18, 2017. Some locations only experienced a breach for a few days or weeks; others were hit for most or all of the timeframe. In most cases, only one or a few of PoS devices were affected at each outlet.

Forever 21 stores also each have a device to keep track of completed payment card transaction authorizations. Payment card data was stored in these devices while encryption was off. Investigators found malware installed on log devices in certain stores. At these locations, if encryption was disabled on a PoS device prior to April 3, 2017 and data was still recorded on the log file, the malware could have discovered the unencrypted data.

The company reports it’s working with payment processors, its PoS device provider, and third-party experts to address encryption on PoS devices at all of its retail outlets. It’s also investigating whether this incident affected stores outside the US, which use different payment systems. Payment cards used on Forever21.com were not affected.

Retail is a hot target for cybercriminals who know they can make decent money swiping credit card numbers and selling them on the Dark Web. Bigger targets with millions of customers are the hardest hit, says Mark Cline, vice president at Netsurion. Indeed, Whole Foods and Nissan Canada are two more examples of massive retailers with large customer bases and recently reported security breaches.

“If retail businesses haven’t hardened their IT and POS security, they should start now to protect themselves from PoS malware, ransomware, and other threats,” he says. They may be running anti-virus software and managed firewalls, but they may or may not be running a strong offense with active monitoring and threat detection.”

Forever 21 urges customers to review card statements for unauthorized activity and report unauthorized activity to their card issuer.

Related Content:

• 21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
• 17 Things We Should Have Learned in 2017, but Probably Didn’t
• Mozilla Issues Critical Security Patch for Thunderbird Flaw
• The Financial Impact of Cyber Threats

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Article source: https://www.darkreading.com/endpoint/forever-21-found-malware-and-encryption-disabled-on-its-pos-devices/d/d-id/1330730?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Get yourself up to date with everything we’ve written over the festive period – it’s weekly roundup time.

Tuesday 26 December 2017

• Weird and wacky security stories from 2017 – each in a single tweet!

Wednesday 27 December 2017

• Holiday Fun #1: Try an unusual operating system…
• We all need IT! (Happy holidays from Sophos)

Thursday 28 December 2017

• Holiday Fun #2: Relove some old software…

Friday 29 December 2017

• Fancy a T-shirt? Try our New Year’s #sophospuzzle crossword…
• Holiday Fun #3: It’s (never) too late to learn long multiplication!

Saturday 30 December 2017

• Browser data leakage bug – Mozilla to delete info just in case

Sunday 31 December 2017

• Alleged “Call of Duty” swatter arrested in LA after fatal shooting

News, straight to your inbox

above
Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it.

Follow @NakedSecurity

Image of days of week courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/K4go3mlgEq8/

A 25-year-old man has been arrested in Los Angeles in connection with a recent swatting incident in Wichita, Kansas.

According to investigative cybersecurity journalist Brian Krebs, who has been the victim of swatting attacks himself from crooks he has outed on his blog, this incident “reportedly originated over a $1.50 wagered match in the online game Call of Duty.”

“Swatting” involves calling the emergency services and quite deliberately making a false report of a violent incident at someone else’s address so that armed police turn up and storm the place, believing that a serious crime is in progress.

The word comes from the abbreviation SWAT, short for Special Weapons And Tactics, the name given to law enforcement teams that are dispatched to respond to this sort of incident.

At the very best, the outcome of a hoax “swat” call is that the victim suffers a traumatic experience from being confronted by armed police.

Sadly, however, the result was much worse in the recent Kansas incident: a man at the property was shot and killed by mistake in the course of the raid.

As Krebs explains it:

It appears that the dispute and subsequent taunting originated on Twitter. One of the parties to that dispute — allegedly using the Twitter handle “SWauTistic” — threatened to swat another user who goes by the nickname “7aLeNT“. @7aLeNT dared someone to swat him, but then tweeted an address that was not his own.

Swautistic responded by falsely reporting to the Kansas police a domestic dispute at the address 7aLenT posted, telling the authorities that one person had already been murdered there and that several family members were being held hostage.

Police in Wichita, Kansas, have published the audio of the swatting call, during which a male voice can be heard saying:

(Caller) There was an argument with my mom and dad [. . .] They were arguing and I shot him in the head and he’s not breathing any more [. . .] (Dispatcher) Do you have any weapons on you? […] (Caller) Yeah, I do […] a handgun.

Later on, the caller claims to be pointing the gun at his mother and his little brother “to make sure they stay in the closet.”

When the dispatcher asks if he’ll give up the gun, he replies that “if you guys are going to send someone round here, I’m definitely not going to put it away,” and warns the dispatcher that he’s doused the house with gasoline (petrol) and might set it on fire.

Krebs goes on to describe how someone claiming to be the perpetrator made online contact with him shortly after the incident; Krebs ascertained that his anonymous contact semed to have a history of making fake bomb threats and falsely calling armed police to other people’s houses.

According to Krebs, this person told him that “bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that.”

If the suspect arrested in LA, turns out to be the guilty party in this tragic escalation of a Twitter argument, he may have cause to change his mind about how “cool” such behaviour really is.

Our thoughts go out to the family of the innocent victim in this sordid saga.

Follow @NakedSecurity
Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/m0m_m0KV-3g/