Continue reading »]]> On July 25th the National Security Staff of the White House issued a new Strategy to Combat Transnational Organized Crime. In addition to the numerous recommendations for taking action at a national level, the report had some startling statistics about international crime – much of which is funded by money either stolen or laundered online.

Below is the exact text from the report:

Transnational organized crime (TOC) poses a significant and growing threat to national and international security, with dire implications for public safety, public health, democratic institutions, and economic stability across the globe. Not only are criminal networks expanding, but they also are diversifying their activities, resulting in the convergence of threats that were once distinct and today have explosive and destabilizing effects. This Strategy organizes the United States to combat TOC networks that pose a strategic threat to Americans and to U.S. interests in key regions.

Penetration of State Institutions, Corruption, and Threats to Governance. Developing countries with weak rule of law can be particularly susceptible to TOC penetration. TOC penetration of states is deepening, leading to co-option in a few cases and further weakening of governance in many others. The apparent growing nexus in some states among TOC groups and elements of government—includ­ing intelligence services—and high-level business figures represents a significant threat to economic growth and democratic institutions. In countries with weak governance, there are corrupt officials who turn a blind eye to TOC activity. TOC networks insinuate themselves into the political process in a variety of ways. This is often accomplished through direct bribery (but also by having members run for office); setting up shadow economies; infiltrating financial and security sectors through coercion or corruption; and positioning themselves as alternate providers of governance, security, services, and livelihoods. As they expand, TOC networks may threaten stability and undermine free markets as they build alliances with political leaders, financial institutions, law enforcement, foreign intelligence, and security agen­cies. TOC penetration of governments is exacerbating corruption and undermining governance, rule of law, judicial systems, free press, democratic institution-building, and transparency. Further, events in Somalia have shown how criminal control of territory and piracy ransoms generate significant sums of illicit revenue and promote the spread of government instability.

Threats to the Economy, U.S. Competitiveness, and Strategic Markets. TOC threatens U.S. economic interests and can cause significant damage to the world financial system through its subversion, exploi­tation, and distortion of legitimate markets and economic activity. U.S. business leaders worry that U.S. firms are being put at a competitive disadvantage by TOC and corruption, particularly in emerging markets where many perceive that rule of law is less reliable. The World Bank estimates about $1 trillion is spent each year to bribe public officials, causing an array of economic distortions and damage to legitimate economic activity. The price of doing business in countries affected by TOC is also rising as companies budget for additional security costs, adversely impacting foreign direct investment in many parts of the world. TOC activities can lead to disruption of the global supply chain, which in turn dimin­ishes economic competitiveness and impacts the ability of U.S. industry and transportation sectors to be resilient in the face of such disruption. Further, transnational criminal organizations, leveraging their relationships with state-owned entities, industries, or state-allied actors, could gain influence over key commodities markets such as gas, oil, aluminum, and precious metals, along with potential exploitation of the transportation sector.

Crime-Terror-Insurgency Nexus. Terrorists and insurgents increasingly are turning to TOC to gener­ate funding and acquire logistical support to carry out their violent acts. The Department of Justice reports that 29 of the 63 organizations on its FY 2010 Consolidated Priority Organization Targets list, which includes the most significant international drug trafficking organizations (DTOs) threatening the United States, were associated with terrorist groups. Involvement in the drug trade by the Taliban and the Revolutionary Armed Forces of Colombia (FARC) is critical to the ability of these groups to fund terrorist activity. We are concerned about Hizballah’s drug and criminal activities, as well as indications of links between al-Qa`ida in the Lands of the Islamic Maghreb and the drug trade. Further, the terrorist organization al-Shabaab has engaged in criminal activities such as kidnapping for ransom and extortion, and may derive limited fees from extortion or protection of pirates to generate funding for its operations. While the crime-terror nexus is still mostly opportunistic, this nexus is critical nonetheless, especially if it were to involve the successful criminal transfer of WMD material to terrorists or their penetration of human smuggling networks as a means for terrorists to enter the United States.

Expansion of Drug Trafficking. Despite demonstrable counterdrug successes in recent years, particu­larly against the cocaine trade, illicit drugs remain a serious threat to the health, safety, security, and financial well-being of Americans. The demand for illicit drugs, both in the United States and abroad, fuels the power, impunity, and violence of criminal organizations around the globe. Mexican DTOs are escalating their violence to consolidate their market share within the Western Hemisphere, protect their operations in Mexico, and expand their reach into the United States. In West Africa, Latin American cartels are exploiting local criminal organizations to move cocaine to Western Europe and the Middle East. There have also been instances of Afghan DTOs operating with those in West Africa to smuggle heroin to Europe and the United States. Many of the well-established organized criminal groups that had not been involved in drug trafficking—including those in Russia, China, Italy, and the Balkans—are now establishing ties to drug producers to develop their own distribution networks and markets. The expansion of drug trafficking is often accompanied by dramatic increases in local crime and corruption, as the United Nations has detected in regions such as West Africa and Central America.

Human Smuggling. Human smuggling is the facilitation, transportation, attempted transportation, or illegal entry of a person or persons across an international border, in violation of one or more coun­tries’ laws, either clandestinely or through deception, whether with the use of fraudulent documents or through the evasion of legitimate border controls. It is a criminal commercial transaction between willing parties who go their separate ways once they have procured illegal entry into a country. The vast majority of people who are assisted in illegally entering the United States and other countries are smuggled, rather than trafficked. International human smuggling networks are linked to other trans­national crimes including drug trafficking and the corruption of government officials. They can move criminals, fugitives, terrorists, and trafficking victims, as well as economic migrants. They undermine the sovereignty of nations and often endanger the lives of those being smuggled. In its 2010 report The Globalization of Crime: A Transnational Organized Crime Threat Assessment, the United Nations Office on Drugs and Crime (UNODC) estimated that the smuggling of persons from Latin America to the United States generated approximately $6.6 billion annually in illicit proceeds for human smuggling networks.

Trafficking in Persons. Trafficking in Persons (TIP), or human trafficking, refers to activities involved when one person obtains or holds another person in compelled service, such as involuntary servitude, slavery, debt bondage, and forced labor. TIP specifically targets the trafficked person as an object of criminal exploitation—often for labor exploitation or sexual exploitation purposes—and trafficking victims are frequently physically and emotionally abused. Although TIP is generally thought of as an international crime that involves the crossing of borders, TIP victims can also be trafficked within their own countries. Traffickers can move victims between locations within the same country and often sell them to other trafficking organizations.

Weapons Trafficking. Criminal networks and illicit arms dealers also play important roles in the black markets from which terrorists and drug traffickers procure some of their weapons. As detailed in the 2010 UNODC report The Globalization of Crime, “The value of the documented global authorized trade in firearms has been estimated at approximately $1.58 billion in 2006, with unrecorded but licit transac­tions making up another $100 million or so. The most commonly cited estimate for the size of the illicit market is 10% – 20% of the licit market.” According to the head of UNODC, these “illicit arms fuel the violence that undermines security, development and justice” worldwide. U.S. Federal law enforcement agencies have intercepted large numbers of weapons or related items being smuggled to China, Russia, Mexico, the Philippines, Somalia, Turkmenistan, and Yemen in the last year alone.

Intellectual Property Theft. TOC networks are engaged in the theft of critical U.S. intellectual property, including through intrusions into corporate and proprietary computer networks. Theft of intellectual property ranges from movies, music, and video games to imitations of popular and trusted brand names, to proprietary designs of high-tech devices and manufacturing processes. This intellectual property theft causes significant business losses, erodes U.S. competitiveness in the world marketplace, and in many cases threatens public health and safety. Between FY 2003 and FY 2010, the yearly domestic value of customs seizures at U.S. port and mail facilities related to intellectual property right (IPR) violations leaped from $94 million to $188 million. Products originating in China accounted for 66% of these IPR seizures in FY 2010.

Cybercrime. TOC networks are increasingly involved in cybercrime, which costs consumers billions of dollars annually, threatens sensitive corporate and government computer networks, and under­mines worldwide confidence in the international financial system. Through cybercrime, transnational criminal organizations pose a significant threat to financial and trust systems—banking, stock markets, e-currency, and value and credit card services—on which the world economy depends. For example, some estimates indicate that online frauds perpetrated by Central European cybercrime networks have defrauded U.S. citizens or entities of approximately $1 billion in a single year. According to the U.S. Secret Service, which investigates cybercrimes through its 31 Electronic Crimes Task Forces, financial crimes facilitated by anonymous online criminal fora result in billions of dollars in losses to the Nation’s financial infrastructure. The National Cyber Investigative Joint Task Force, led by the Federal Bureau of Investigation (FBI), functions as a domestic focal point for 18 federal departments or agencies to coordinate, integrate, and share information related to cyber threat investigations, as well as make the Internet safer by pursuing terrorists, spies, and criminals who seek to exploit U.S. systems. Pervasive criminal activity in cyberspace not only directly affects its victims, but can imperil citizens’ and businesses’ faith in these digital systems, which are critical to our society and economy. Computers and the Internet play a role in most transnational crimes today, either as the target or the weapon used in the crime. The use of the Internet, personal computers, and mobile devices all create a trail of digital evidence. Often the proper investigation of this evidence trail requires highly trained personnel. Crimes can occur more quickly, but investigations proceed more slowly due to the critical shortage of investigators with the knowledge and expertise to analyze ever increasing amounts of potential digital evidence.

(The full text of the report is available on the White House web site.)

Continue reading »]]> Most people have no idea that when they take a picture with their mobile phone, it can be automatically tagged with the location that the picture was taken.  Simple software can then be used to discover this information on ANY picture posted on the web or social networks like Facebook or twitter.  This poses an incredible privacy risk to people who take pictures of their family and then post them online.  Watch this video from NBC News on how it works and how to stop it.

Security Tip: Make sure you disable  location features on your phones camera before you post online!

Continue reading »]]> Our cars have become pretty powerful over the last few years. But the horsepower is not going into the engine, but the on-board CPU! As each new model provides more computerized options, we basically have a portable computer in our car. It is computer with a wireless bluetooth interface and the ability to monitor and control functions of our car. So this begs the question: Could our cars actually be hijacked my computer hackers?

Apparently so. Researchers at the University of California, San Diego and the University of Washington have published a paper in which they claim to have found ways to break into newer-model cars’ computer systems through Bluetooth and cellular network systems and through the diagnostic tools used by auto mechanics. While the researchers admit that the attacks are difficult, that should not give us much comfort. The use of technology by criminals and cyber-thieves is always one step ahead of the good guys.

There has been much buzz in the car industry about making cars “smart” – where each car is broadcasting its location and can tap into a variety of value added services from a collective network.  (Boy that sounds familiar.)

The lesson is that NO computing device with an interface is immune to some type of attack. In fact, we hope the automobile manufacturers take computer security more seriously than say, the mobile phone industry. I can see it now: The car salesman is about to close the paperwork and asks – “Would you also like anti-virus with that? It is only $29/month and comes installed!”

Continue reading »]]> Rule:  Don’t download any software from the internet and install it on your PC, laptop or PDA.

When you are at work, your company should supply all the software you need to do your job.  As internet junkies, we all love to download the latest cool gismos to make our work life more enjoyable.  After all, what can be harmful about a search bar for my web browser, or a little ticker for monitoring my stocks?   The problem is that all of this is uncontrolled software, and chances are that sooner or later you are going to get infected with some form of “spyware” or other malicious code.

Spyware is quickly becoming the biggest problem on corporate networks.  Spyware, in general, means any software that collects information from your PC, without you knowing it, and then relays it back out over the internet to another location.  At home, a spyware program can bring your PC to a near stand-still.  In a corporation, it can generate a serious security problem for your network, transmitting all kinds of private data about your computer and the network it is on.  This is bountiful information for hackers to get access to your corporate network.

Real World: In July 2005 Israeli police cracked a major industrial espionage crime ring that used spyware to collect confidential files from hundreds of organizations.  Users within the various corporations had downloaded a free productivity tool from a vendor that imbedded the spyware within legitimate code.  Thousands of files were downloaded before the spyware was discovered.

Continue reading »]]> Rule:  Don’t store data on your C drive that you want saved.

Many people assume that the IT department will take care of their system back-ups. And yet many people still save important data on their local computer hard drives.  What they don’t understand is that the IT department only backs up what is on your network drives.  (These are the ones that are mapped to the funny middle letters of the alphabet and usually have your name or userid attached.  H:/dline). Conversely, if you have any information that you don’t want to be the subject of the corporate archives – Funny poems, those obscene movies that your friend Jessie emails to you, a certain love-letter to your co-worker in the accounting department – don’t store it on the network drives.  Knowing where and how data is stored and recovered is key to protecting it.

Real World:  During the legal proceedings of the Enron litigation, thousands of data files were used as evidence.  During and after the discovery process, many of these files were posted on the internet.  Suddenly, the most personal email between former Enron employees and their friends and lovers was available for everyone to see.

Continue reading »]]> Rule:  Don’t leave sensitive information lying on your desk.

The idea here is not about cleanliness, it is about information security.  If you are a stacker, you are probably in the habit of creating separate piles of information on your desk.  In fact, you may put the most important documents right on top.  What this does is make it easy for someone who walks by your desk to easily get at this information.  This is true for any type of information that might be sensitive, including your personal bank statements or bills and passwords you can’t remember so you wrote on a sticky note.

Continue reading »]]> Rule:  Don’t connect a PDA or cell phone to your computer without approval.

Many people are now using Personal Digital Assistants (PDAs) and “smart” phones that provide wireless access to the internet and other devices.  While these are great for personal use, they can create a security threat for your organization.  There are two important rules to follow:

1. See if your organization has a standard on which devices are acceptable to use.
2. Don’t hook them up to your PC without approval from someone in IT or information security.

Once you connect your personal computing device to the network, you have exposed the rest of the corporation to any malicious code that may be on that device.

Real World:  Beware of the cell phone virus!

Some of the newest and most possibly dangerous threats to portable devices are new cell phone “viruses” that can transmit over wireless and telephone networks from device to device.  These viruses look for open communication channels with nearby devices and automatically copy themselves to the new location.  Since there is no practical way for organizations to record or “log” what happens on cell phones, these viruses could travel quickly with little ability to trace or stop them.

Continue reading »]]> The California Supreme Court has ruled that police can, without a warrant, search the cell phones of people who have been arrested and use the information they find as evidence. The case involves a man who bought drugs from a police informant. Following his arrest, police searched Gregory Diaz’s cell phone and found text messages implicating him in another deal. Diaz and his legal team maintained his Fourth Amendment rights had been violated, but the court said his cell phone was part of his personal effects, like clothing.

Continue reading »]]> A Michigan man could face up to five years in prison for reading his wife’s email. Leon Walker found his wife’s gmail password in a notebook and used it to access her account, from which he learned that she was having an affair. Leon Walker is Clara Walker’s third husband. The email disclosed that she was having an affair with her second husband, who has a history of domestic violence against her.  Walker is facing a felony charge under a law that is aimed at prosecuting people who have committed identity theft or have stolen trade secrets.  The results of this trial could have a dramatic impact on those who spy on their spouses using a variety of online and mobile phone spying tools.

Continue reading »]]> People who download free games on their Google Android phone may have a surprise.  Malicious software known as Geinimi appears to have been bundled with legitimate games, both paid and free.  According to reports, even the developers were unaware that the malware was piggybacking on their products. The malware targets Chinese-speaking users. The software communicates with another internet server (called a command-and-control server) that can tell infected devices to perform certain tasks, such as downloading or uninstalling software. Android users receive prompts and must approve the actions before they occur.