FBI Hoaxes Boost Online Fraud: Via Threat Level.

Online fraud in the United States doubled to a reported $560 million in losses last year as illicit phishing expeditions by thieves posing as the Federal Bureau of Investigation represented the biggest consumer complaint, according to a Friday government survey.

The e-mail phishing scams represented 16.6 percent of all complaints. The next closest category, at 12 percent, concerned consumer unhappiness about being billed for products never ordered or received, according to FBI data unveiled Friday.

Overall, the number of reported dollar losses stemming from online fraud doubled in 2009 from the year prior. [ Read more ... ]

Congress Drops the Ball on Upgrading Patriot Protections: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

We're sorry to say, but is anyone surprised that Congress has capitulated to post-underpants bomber fear-mongering and passed the three expiring provisions of the Patriot Act without so much as a debate?

Oh, you didn't hear about that?

Wednesday night, the Senate passed a straight one-year extension by voice vote, and last night, the House followed suit.

That’s right. No changes. Nothing. Nada. Zip, zilch, zero. (You get the picture.)

That leaves ordinary Americans like you and me without the civil liberties safeguards proposed by several bills last year. Both the House and Senate had bills that would have improved the Patriot Act. The Senate bill even had the support of the White House. But instead of passing the much-needed reforms, Congress: [ Read more ... ]

FBI Tracks Suspects' Cell Phones Without a Warrant: Via Newsweek.com .

Law enforcement is tracking Americans' cell phones in real time—without the benefit of a warrant.

But many federal magistrates—whose job is to sign off on search warrants and handle other routine court duties—were spooked by the requests. Some in New York, Pennsylvania, and Texas balked. Prosecutors "were using the cell phone as a surreptitious tracking device," said Stephen W. Smith, a federal magistrate in Houston. "And I started asking the U.S. Attorney's Office, 'What is the legal authority for this? What is the legal standard for getting this information?' "

Those questions are now at the core of a constitutional clash between President Obama's Justice Department and civil libertarians alarmed by what they see as the government's relentless intrusion into the private lives of citizens. [ Read more ... ]

F.B.I. Queries Webcam Use by Schools: Via NYT > Privacy.

PHILADELPHIA (AP) — A Pennsylvania school district accused of secretly switching on laptop computer cameras inside students’ homes is under investigation by federal authorities, a law enforcement official with knowledge of the case said.

The F.B.I. will look into whether any federal wiretap or computer-intrusion laws were violated by Lower Merion School District, said the official, who spoke on the condition of anonymity. [ Read more ... ]

FBI wants records kept of Web sites visited: Via Politics and Law - CNET News.

WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting. [ Read more ... ]

ACLU Opposes Proposed Legislation Making Constitution Optional In Terrorism Cases: Via American Civil Liberties Union.

Criticizing the Obama administration's decision to charge accused Christmas Day attacker Umar Farouk Abdulmutallab in the criminal court system, members of Congress are calling for legislation requiring intelligence officials to be consulted about how to handle terrorism suspects after their capture, arguing that options other than the criminal justice system should be considered. The Washington Post, in an editorial on January 23, supported this approach. [ Read more ... ]

Report Confirms FBI Misuse of Authority to Obtain Phone Records: Via EFF.org Updates.

The Washington Post reported today that the "FBI illegally collected more than 2,000 U.S. telephone call records," using methods that FBI general counsel Valerie Caproni admitted "technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records."

This issue first came to light in a March 2007 report by the DOJ's Office of the Inspector General, which revealed that the FBI's Communications Analysis Unit (CAU) had routinely been using “exigent letters” to obtain customer information from telecommunications companies, including Verizon and AT&T. [ Read more ... ]

FBI Illegally Gathered Phone Records And Misused National Security Letters: Via American Civil Liberties Union.

Congress Must Curb NSL Abuse Through Patriot Act Revisions

FOR IMMEDIATE RELEASE
CONTACT: (202) 675-2312 or media@dcaclu.org 
               (212) 519-7829 or 549-2666 or media@aclu.org
 
WASHINGTON – According to a report in the Washington Post today, the FBI routinely claimed false terrorism emergencies to illegally collect the phone records of Americans for four years of the Bush administration by abusing an already expansive Patriot Act power. Using “exigent letters,” or emergency letters, to gain private records for investigations when no emergency existed, the FBI seemingly violated the Electronic Communications Privacy Act. The FBI also routinely issued National Security Letters (NSLs) after the fact in an attempt to legitimize the use of exigent letters. [ Read more ... ]

FBI, Telecoms Teamed to Breach Wiretap Laws: Via Threat Level.

The FBI and telecom companies collaborated to routinely violate federal wiretapping laws for four years, as agents got access to reporters’ and citizens’ phone records using fake emergency declarations or by simply asking for them.

The Justice Department’s Inspector General’s internal audit released Wednesday harshly criticized how the Federal Bureau of Investigation’s Communications Analysis Unit — a counterterrorism section founded after 9/11 — relied on so-called “exigent” letters to get carriers to turn over phone records immediately. The letters were a hangover from the investigation into the 9/11 attacks in New York and promised telecoms, falsely, that subpoenas would follow shortly.

“The FBI’s use of exigent letters and other informal requests for telephone toll billing records circumvented, and in many cases violated, the requirements of the Electronic Communications Protection Act statute,” according to the report, which was referencing a leading federal wiretap law. [ Read more ... ]

FBI Broke Law Spying on Americans’ Phone Records, Post Reports: Via Threat Level.

An internal audit found the FBI broke the law thousands of times when requesting Americans’ phone records using fake emergency letters that were never followed up on with true subpoenas — even though top officials knew the practice was illegal, according to The Washington Post.

The inspector general’s follow-up report on the so-called “exigent” letters — an investigation that started in 2007 — is due in a few months. E-mails obtained by the Post showed that responsible agency officials informed superiors in 2005, but the practice continued for two more years.

While it looks as if the nation’s top law enforcement agency routinely violated the nation’s wiretapping laws for years, it seems no one will actually be prosecuted since the violations are being judged as merely “technical.” [ Read more ... ]

FBI investigating online New York school district theft: Via Computerworld Cybercrime/Hacking News.

A New York school district has reverted to using paper checks after cybercriminals tried to steal about $3.8 million from its online accounts just before Christmas, prompting an FBI investigation.

For three days starting Dec. 18, cybercriminals started transferring money overseas from the accounts of the Duanesburg Central School District, which has two schools with about 950 students about 20 miles west of Albany, New York. [ Read more ... ]

TSA nominee misled Congress about accessing confidential records: Via washingtonpost.com .

The White House nominee to lead the Transportation Security Administration gave Congress misleading information about incidents in which he inappropriately accessed a federal database, possibly in violation of privacy laws, documents obtained by The Washington Post show.

The disclosure comes as pressure builds from Democrats on Capitol Hill for quick January confirmation of Erroll Southers, whose nomination has been held up by GOP opponents. In the aftermath of an attempted airline bombing on Christmas Day, calls have intensified for lawmakers to install permanent leadership at the TSA, a critical agency in enforcing airline security.

Southers, a former FBI agent, has described inconsistencies in his accounts to Congress as "inadvertent" and the result of poor memory of an incident that dates back 20 years. He said in a Nov. 20 letter to key senators obtained by The Post that he had accepted full responsibility long ago for a "grave error in judgment" in accessing confidential criminal records about his then-estranged wife's new boyfriend. [ Read more ... ]

Feds Warn Small Businesses to Use Dedicated PC for Online Banking: Via Threat Level.

In the wake of a rash of hacks on computers owned by small businesses, the FBI and the American Banking Association have issued an alert advising businesses to use only a dedicated PC for online banking, according to USA Today.

The alert was issued after numerous small businesses, universities and local governments have been targeted by hackers who installed keystroke loggers on their machines to steal banking credentials and siphon millions of dollars from their bank accounts.

The alert advises businesses to dedicate a single computer for online banking activity that is never used for reading e-mail or surfing anywhere else on the web. Using a dedicated computer would lessen the chance of the computer being infected with malware that can help crooks drain a bank account through wire transfers and automated clearinghouse transfers. [ Read more ... ]

7-Eleven Hack From Russia Led to ATM Looting in New York: Via Threat Level.

Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days.  After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards. A lucky traffic stop catches two more plunderers who’d driven in from Michigan. Another pair are arrested after trying to mug an undercover FBI agent on the street for a magstripe encoder. In the end, there are 10 arrests and at least $2 million dollars stolen.

The wellspring of the dramatic megaheist turns out to be more prosaic than imagined: It started with a breach of the public website of America’s most famous convenience store chain: 7-Eleven.com. [ Read more ... ]

Citigroup, law enforcement refute cyber heist report: Via Computerworld Cybercrime/Hacking News.

Citigroup says no system breach, no losses of customer or bank data, funds

Citigroup and a federal law enforcement source on Tuesday refuted a claim that the bank's customers lost millions of dollars in an advanced cyber heist over the summer, leaving lingering questions over details of the alleged attack.

According to a report in Tuesday's Wall Street Journal, the FBI is investigating the theft of tens of millions of dollars from Citibank using malicious software created in Russia.

A source within federal law enforcement who declined to be identified said the Wall Street Journal story was inaccurate and appears to have confused a known 2007 hack of Citigroup-branded automated teller machines with a long-running criminal effort to hack online banking customers and move money out of their accounts.

"They've screwed up so many different things," he said. The FBI had no comment. [ Read more ... ]

Report: Russian gang linked to big Citibank hack: Via Computerworld Cybercrime/Hacking News.

U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.

The security breach at the major U.S. bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, The Wall Street Journal said Tuesday, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography and spam. The Federal Bureau of Investigation is probing the case, the report said.

It was not known whether the money had been recovered and a Citibank representative said the company had not had any system breach or losses, according to the report. [ Read more ... ]

FBI Linguist Guilty of Leaking Classified Documents to Blog: Via Threat Level.

An Israeli-American lawyer who worked as an FBI linguist pleaded guilty Thursday to providing an unidentified blogger with classified documents derived from U.S. communications intelligence.

Shamai Kedem Leibowitz, 39, of Silver Spring, Maryland, pleaded to one felony count of disclosing to an unauthorized party five documents that were classified “secret” that he obtained through his work with the FBI.

Leibowitz leaked the documents to the unnamed blogger in April 2009. The blogger — identified as “Recipient A in court filings — then wrote a post based on the classified documents.

“As a trusted member of the FBI ranks, Leibowitz abused the trust of the FBI and the American public by using his access to classified information for his own purposes,” said FBI Special Agent in Charge Richard A. McFeely in a press release. [ Read more ... ]

House Delays Patriot Act Spy Vote: Via Threat Level.

The House on Wednesday tabled for two months legislation reforming U.S. surveillance law, a move that delays a collision with a competing Senate version. [ Read more ... ]

FBI: 19,000 Matches to Terrorist Screening List in 2009: Via Threat Level.

United States law enforcement agents and partners reported “encounters” with suspected terrorists 55,000 times in the last year; a check against the terrorist watchlist found a match 19,000 times, according to testimony presented to the Senate on Wednesday.

The figure includes multiple hits on the same people, according to an FBI spokesman, who didn’t know how many unique individuals were counted in the 19,000 hits.

The statistics appeared in testimony by the FBI’s Timothy Healy, director of the Terrorist Screening Center, or TSC, to the Senate Homeland Security and Government Affairs Committee.

Established in 2003, the TSC is a multi-agency clearinghouse for tips and other information about known and suspected terrorists that is shared with federal, state and local law enforcement agencies, as well as intelligence agencies and 17 foreign partners.

The center maintains the terrorist watchlist, which currently has about 400,000 individuals on it, most of them non-U.S. citizens, and includes those suspected of providing financial assistance or aid to terrorists. A subset of this list, the No Fly list, includes people considered a threat to aviation or national security and contains about 3,400 names, of which about 170 are U.S. persons. [ Read more ... ]

Obama Wants Computer Privacy Ruling Overturned: Via Threat Level.

The Obama administration is seeking to reverse a federal appeals court decision that dramatically narrows the government’s search-and-seizure powers in the digital age.

Solicitor General Elena Kagan and Justice Department officials are asking the 9th U.S. Circuit Court of Appeals to reconsider its August ruling that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10.

The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches.

Kagan, appointed solicitor general by President Barack Obama, joined several U.S. attorneys in telling the San Francisco-based court Monday that the guidelines are complicating federal prosecutions in the West. [ Read more ... ]

Copying as Search and Seizure: Via CYB3RCRIM3 blog.

In other posts, I’ve argued that copying data is a “seizure” under the 4th Amendment.

As I explained in those posts, if copying is a 4th Amendment seizure, law enforcement officers must either get a warrant authorizing the seizure or be able to use one of the exceptions to the warrant requirement to justify copying the data. As I noted, if copying data is neither a search nor a seizure, law enforcement officers can copy data without satisfying any of the 4th Amendment’s requirements. [ Read more ... ]

Handy Chart Tracks Proposed Amendments to Patriot Act: Via Threat Level.

Confused by all the proposed changes to the Patriot Act ricocheting through the Capitol? The Center for Democracy and Technology (CDT) has put together a handy chart comparing the current law with the various amendments in the House and Senate.

The chart compares proposed amendments (.pdf) to National Security Letters (NSLs) and the so-called “lone wolf” provisions of the Patriot Act. The proposals have only been passed by the judiciary committees, and face further amendments before they hit the full House and Senate for votes.

According to Gregory Nojeim, CDT’s director of project on freedom, security and technology, although neither of the current proposals goes far enough in fixing all of the problems that civil libertarians find in the Patriot Act, they do show improvements. [ Read more ... ]

TSA nominee questioned over FBI censure: Via washingtonpost.com .

Sen. Susan Collins (R-Maine) questioned President Obama's nominee to lead the nation's airport security agency Tuesday about a censure he received from the FBI in 1988.

Erroll Southers, who was serving as an FBI special agent at the time of the censure, asked a co-worker's husband who worked for the San Diego Police Department to run a background check on his ex-wife's boyfriend.

Under questioning by Collins, Southers said that he has not misused government databases to receive personal information on anyone since the incident and that he would not do so in the future.

Collins did not describe the incident during Tuesday's hearing, instead referring only to an "issue" that led to the censure. [ Read more ... ]

House Considers Limiting Patriot Act Spy Powers: Via Threat Level.

Powerful House members are proposing sweeping reforms to U.S. surveillance law that puts them on a collision course with pro-domestic spying legislation in the Senate.

The proposals (.pdf) come as key provisions of the Patriot Act are set to expire at year’s end. The act, hastily adopted six weeks after the 2001 terror attacks, greatly expanded the government’s ability to spy on Americans in the name of national security.

Lawmakers are taking the expiration as an opportunity to revisit a number of surveillance provisions, including elements of the Patriot Act that aren’t set to expire, including a 2008 law that granted legal immunity to phone companies that cooperated with the Bush administration’s warrantless wiretapping of Americans. [ Read more ... ]

Judge Refuses to Lift 5-Year-Old Patriot Act Gag Order: Via Threat Level.

A federal judge on Tuesday declined to remove a gag order imposed on the president of a small ISP who wants to reveal the contents of a national security letter he received from the FBI.

The NSL demanded the president of the New York company provide the government with e-mails from a customer the government deemed a threat. An NSL, a type of self-issued subpoena fortified by the Patriot Act, allows the FBI to obtain telecommunication, financial and credit records relevant to a government investigation without a court warrant.

The case last hit the courts in December, when the 2nd U.S. Circuit Court of Appeals, in a decision with Sonia Sotomayor in the majority, narrowed the standard by which recipients of NSLs must keep mum.

Those supplying the requested data to the government are forbidden from disclosing their mandatory cooperation, and face up to five years in prison for breaching the gag. The government issues about 50,000 NSLs each year, and an internal audit showed widespread government abuse in connection to them. [ Read more ... ]