TJX Hacking Conspirator Gets 4 Years: Via Threat Level.

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.

Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers. [ Read more ... ]

Record 13-Year Sentence for Hacker Max Vision: Via Threat Level.

PITTSBURGH — A skilled San Francisco-based computer intruder was sentenced to 13 years in federal prison Friday for stealing nearly two million credit card numbers from banks, businesses and other hackers — receiving the longest hacking sentence in U.S. history.

Max Ray Vision, 37, was also ordered to pay $27.5 million in restitution, and to serve five years under court supervision following his release, during which time he’ll be allowed to use computers only for legitimate employment or education.

Vision, who changed his name from Max Butler shortly before his arrest, ran an online forum for thousands of identity thieves called CardersMarket, where he sold credit card magstripe data to the underground for about $20 a card. He was caught with 1.8 million stolen credit card numbers belonging to 1,000 different banks, who tallied the fraudulent charges on the cards at $86.4 million. [ Read more ... ]

Katie’s Law May Change New York’s Approach to DNA Sample Collection: Via PogoWasRight.org » Legislation.

If you are convicted of a violent crime in the state of New York, you are required to provide a DNA sample to authorities. This is kept on file and used by law enforcement to help identify the perpetrators of future crimes. Key to this practice is the idea that a DNA sample is taken after an individual has been found guilty.

This could soon change, however, if New York lawmakers pass Katie’s Law. The law would give law enforcement the right to take DNA samples from anyone arrested for a violent crime.

Arrest vs. Conviction

It is important to note the difference: DNA samples would be taken from suspects following arrest, rather than conviction. This means that someone who is wrongly accused and arrested would be required to submit a DNA sample and, even if acquitted, would have his or her most personal information listed next to convicted criminals’ information. [ Read more ... ]

Ohio Justices - Cell Phone Searches Require Warrant: Via NYTimes.com .

COLUMBUS, Ohio (AP) -- The Ohio Supreme Court said Tuesday police officers must obtain a search warrant before scouring the contents of a suspect's cell phone, unless their safety is in danger.

The American Civil Liberties Union of Ohio described the ruling as a landmark case. The issue appears never to have reached another state high court or the U.S. Supreme Court.

The Ohio high court ruled 5-4 in favor of Antwaun Smith, who was arrested on drug charges after he answered a cell phone call from a crack cocaine user acting as a police informant.

Officers took Smith's cell phone when he was arrested and, acting without a warrant and without his consent, searched it. They found a call history and stored numbers that showed Smith had previously been in contact with the drug user. [ Read more ... ]

Madoff’s Coders Charged With Aiding Massive Ponzi Scheme: Via Threat Level.

Two programmers who worked for convicted fraudster Bernard Madoff have been arrested and charged with providing technical support for the massive Ponzi scheme that bilked investors out of an estimated $65 billion.

Jerome O’Hara, 46, and George Perez, 43, were arrested Friday morning and charged with conspiracy for falsifying books and records for Madoff’s broker-dealer and investment businesses.

“The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff’s crimes,” federal prosecutor Preet Bharara said in a statement.

The two, who began working for Madoff in the early 90s, are accused of writing software in 2003 and 2004 that produced fraudulent records that were fed to U.S. regulators and a European accounting firm reviewing the firms’ work. They allegedly repeatedly revised the programs through 2006 to produce reports designed to deceive investigators. [ Read more ... ]

TSA nominee questioned over FBI censure: Via washingtonpost.com .

Sen. Susan Collins (R-Maine) questioned President Obama's nominee to lead the nation's airport security agency Tuesday about a censure he received from the FBI in 1988.

Erroll Southers, who was serving as an FBI special agent at the time of the censure, asked a co-worker's husband who worked for the San Diego Police Department to run a background check on his ex-wife's boyfriend.

Under questioning by Collins, Southers said that he has not misused government databases to receive personal information on anyone since the incident and that he would not do so in the future.

Collins did not describe the incident during Tuesday's hearing, instead referring only to an "issue" that led to the censure. [ Read more ... ]

4 Hackers Indicted in $9.5 Million Bank Card Attack: Via Threat Level.

Four men have been indicted in Georgia on charges that they hacked into the Atlanta-based bank card processing company RBS WorldPay. They allegedly used an army of flunkies to steal $9.5 million in cash from ATM machines around the world in a span of hours.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth person identified only as “Hacker 3″ were indicted by a federal grand jury in what’s being described as “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

The hack involved reverse-engineering PINs for payroll debit card accounts — the holy grail of bank card hacking. Another four people based in Estonia were also indicted on access-device fraud charges in connection with the hack. [ Read more ... ]

ACLU Says Extracting DNA From Suspects Unconstitutional: Via Threat Level.

California’s law requiring the authorities to take a DNA sample from every person arrested on felony accusations was challenged in federal court Wednesday as an unconstitutional privacy breach.

A lawsuit (.pdf), filed by the American Civil Liberties Union on behalf of two Californians who were arrested and released, seeks to overturn a voter-approved law that became effective this year. Proposition 69 requires detainees to provide a saliva or sometimes a blood sample upon felony arrest. The sample is stored in state and FBI databases, even if the arrested person is never charged or convicted of a crime.

The challenge, if successful, threatens to derail similar laws in other states. According to DNAResource.com, 10 other states have such statutes. They are Alabama, Alaska, Colorado, Florida, Kansas, Louisiana, North Dakota, South Carolina, South Dakota and Vermont. [ Read more ... ]

Major ruling against Ashcroft highlights evils of preventive detention: Via Salon: Glenn Greenwald.

Yesterday -- in a very significant decision (.pdf) written by Bush-43-appointed federal judge Milan Smith and joined by a Reagan-appointed judge -- the Ninth Circuit Court of Appeals allowed a lawsuit to proceed that was brought against John Ashcroft for the illegal and unconstitutional detention of American Muslims.  The suit was brought by Abdullah al-Kidd, an American citizen of African-American descent who converted to Islam.  Al-Kidd was arrested, detained under abusive conditions, and then had his movements and freedoms severely restricted for sixteen months despite no evidence that he had done anything wrong. 

The suit arises out of a policy established by Ashcroft of abusing the "material witness" statute, which authorizes the detention of key witnesses [ Read more ... ]

‘The Analyzer’ Pleads Guilty in $10 Million Bank-Hacking Case: Via Threat Level.

Ehud Tenenbaum, aka “The Analyzer,” quietly pleaded guilty in New York last week to a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.

The Israeli hacker was arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks. But before Canadian authorities could prosecute him, U.S. officials filed an extradition request to bring him to the States.

Prosecutors alleged in an extradition affidavit that Tenenbaum hacked into two U.S. banks, a credit- and debit-card distribution company and a payment processor, in what they called a global “cash-out” conspiracy. But he was only charged with one count of conspiracy to commit access-device fraud and one count of access-device fraud. [ Read more ... ]

Chinese Spying Claimed in Purchases of NSA Crypto Gear: Via Threat Level.

A Chinese national was indicted this week for conspiring to violate U.S. export law, following a nearly three-year investigation into his alleged efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources.

Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuok indicated he and PRC officials sought the items to figure out ways to listen to or monitor U.S. government and military communications.” [ Read more ... ]

Suspect named in TJX credit card probe - The Boston Globe: Authorities have zeroed in on a Ukrainian man they suspect played a key role in the sale of many credit card numbers stolen from TJX Cos. in what is considered the biggest corporate data breach to date.

Officials hope the recent arrest of Maksym Yastremskiy will be a breakthrough in the investigation of who hacked into systems at TJX and other companies, said Greg Crabb, a program manager in the global investigations division of the US Postal Inspection Service. The service is among various law enforcement agencies trying to track down hackers who made off with more than 45 million credit and debit card numbers from TJX starting in 2005.

Crabb said Yastremskiy allegedly sold card numbers through online forums hosted overseas, sometimes in Cyrillic or that were password protected. He is likely the largest seller of stolen TJX numbers, Crabb said. [ Read more ... ]

Spying Program May Be Tested by Terror Case: The case of two men convicted of supporting terrorism is central in a push to challenge an eavesdropping program.

[...]

But their case seems far from over, and it has become a centerpiece in the effort to challenge one of the Bush administration’s signature espionage programs.

Lawyers for Mr. Aref say they have proof that he was subjected to illegal surveillance by the National Security Agency, pointing to a classified order from the trial judge, unusual testimony from an F.B.I. agent and court documents concerning the calls to Syria.

If they are right, the case may represent the best chance for an appellate ruling about the legality of the N.S.A. program, which monitored the international communications of people in the United States without court approval. Unlike earlier and pending appeals disputing the program, all of them in civil cases, Mr. Aref’s challenge can draw on the constitutional protections available to criminal defendants. [ Read more ... ]

World's Largest Theater Chain Pressured Prosecutor to Charge Teen for Filming 20 Seconds of Transformers:

Arlington County's top prosecutor, Richard E. Trodden, tells THREAT LEVEL he was pressured by Regal Entertainment Group, the world's largest movie exhibitor, to prosecute a 19-year-old Virginia woman for filming 20 seconds of Transformers.

'What they were saying, 'Could you get her to admit that it wasn't right.' They wanted to make sure the message gets out,' Trodden said in a telephone interview Wednesday. 'This was kind of trying to address the concerns of the theater people, and the fact that it was not an outrageous crime.' [ Read more ... ]

NBC Dateline's "Catch a Predator" Series Pays Cops and Undercover "Victims": Apropos to my earlier DefCon story about the NBC Dateline producer who was caught at the hacker conference with a hidden camera in her purse trying to 'Catch a Hacker,' Esquire magazine has an exposé in its September issue that looks at ethical issues around Dateline's ratings-magnet series, 'To Catch a Predator.' (You can also read a transcript of the Esquire writer's contentious interview with 'Catch a Predator' host, Christ Hansen.)

If you don't have time to read the whole article, the San Francisco Chronicle also has a story out today listing some of those ethical issues. [ Read more ... ]

Virginia Theater Throws the Book at Teenage Filmgoer: "

Use a digital camera in a movie theater — even for only a few seconds — and you may be dragged from the theater, arrested, and charged with a serious criminal offense. That’s what happened to Jhannet Sejas on her 19th birthday, when two police officers interrupted the showing of Transformers she was enjoying and placed her under arrest.

Sejas says she had no intention of selling or distributing a pirated copy of the film. Her aim was simply to share a few seconds of the Transformers movie with her younger brother to get him excited about seeing the film. (Her camera had recorded a miniscule 20 seconds of the film when she was arrested.) Like any fan, Sejas was a paying customer who only wanted to share her enthusiasm. [ Read more ... ]

Yahoo Outed Chinese Dissident Knowing Investigation Was Political, Documents Show :

Following on yesterday's post about a newly unearthed document that contradicts Yahoo's statement to Congress about its involvement in China's jailing of a dissident, the same human rights group has translated emails in another case, showing that Yahoo turned over emails about a democratic political movement that led to political persecution by China.

Wang Xiaoning, whose poignant story Luke O'Brien told for Wired several months ago, is now serving a 10-year sentence for 'subversion,' following an investigation that involved subpoenas to Yahoo's China office. [ Read more ... ]

Gothamist: Reverend Billy Locked Up: "Reverend Billy was arrested and detained last night while reciting the First Amendment in Union Square. The police claimed his preaching it at this month's Critical Mass constituted 'Harassment of a Public Official'. The NYPD has a history of some controversial arrests at the Critical Mass events, and at last night's the number of police practically outnumbered the riders. [ Read more ... ]

ACLU Sues Former White House Staffer: "The American Civil Liberties Union on Thursday filed a lawsuit against Gregory Jenkins, a former White House staffer who planned public eventsfor President Bush and came up with a policy to stop anti-Bush demonstrators from getting close to the president. The ACLU contends that Jenkins 'unlawfully excluded individuals perceived to be critical of the administration,' thereby 'cleansing' public forums of dissent. [ Read more ... ]

BBC NEWS | Technology | US arrests internet 'spam king': "A man nicknamed the 'spam king' for allegedly sending out millions of junk e-mails has been arrested in the US.

Robert Soloway, 27, was arrested in Seattle, Washington, after being indicted on charges of mail fraud, identity theft and money laundering. [ Read more ... ]

Spammer Robert Soloway Arrested: "Mike writes 'Yahoo is reporting that US prosecutors captured Robert Soloway, a prolific Internet marketer responsible so much junk e-mail they called him 'Spam King.' Soloway was arrested in Seattle, Washington, a week after being indicted by a federal grand jury on charges of identity theft, money laundering, and mail, wire, and e-mail fraud. [ Read more ... ]

Phone Taps in Italy Spur Rush Toward Encryption - New York Times: "ROME, April 29 -- Drumming up business would seem to be an easy task for those who sell encrypted cellphones in Italy. All they have to do is browse the major newspapers for likely customers. [ Read more ... ]

The Germs' Drummer Arrested For Carrying Soap: "dwrugh writes 'The drummer for the seminal punk band The Germs, Don Bolles, was arrested in Orange County because a field-test kit indicated his bottle of Dr. Bronner's soap contained GHB, the date-rape drug. (Here is an interview with Bolles.) Using the same test kit, available on the web for $20 for a pack of 10, according to Bolles' attorney on NBC this morning, other soaps tested positive for GHB. [ Read more ... ]

Officials vow security probe at Palo Verde: "State and federal officials plan inquiries into operations at Palo Verde Nuclear Generating Station in the wake of accusations that a former plant employee illegally downloaded software with details of the plant while he was in Iran.

Arizona Congressmen Harry Mitchell and John Shadegg on Saturday termed the allegations 'troubling' and promised a detailed review.

'It is very troubling to learn that a Palo Verde employee may have smuggled secrets about the nuclear plant to a dangerous regime dead-set on developing a nuclear weapon,' said Mitchell, a freshman Democrat. 'This requires an internal review of all security procedures in the plant and requires us to look closely at what can be done to prevent this from happening again.' [ Read more ... ]

Nevada police say identity theft suspect had Maine seal - Boston.com: "HENDERSON, Nev. --A sharp-eyed store clerk was credited with helping police nab a man on identity theft charges after authorities say he was found with stacks of blank drivers licenses, state seals from three states including Maine and blank credit cards. [ Read more ... ]