As end-of-year crime statistics are tallied, newspapers in recent weeks have been running headlines comparing their local crime rates with other cities and with prior years.
"L.A. County homicides decrease by 6%," the Los Angeles Times reported. The Dallas Morning News headlined its report, "Murders fall, rapes rise in '06," while noting that Dallas was likely to retain its reputation as the most crime-ridden city with a population of one million or more. According to the Minneapolis Star Tribune, violent crime "rose sharply" in 2006, but the rate of increase declined during the year. But while murder stats make for good headlines, they may not be the best gauge of violent crime, or a city's safety. I took a look at two compelling theories from criminologists that call into question the way the numbers are used.
The first theory, proposed by the federally funded Improving Crime Data project run by researchers from Georgia State University and the University of Missouri-St. Louis, holds that a city's stats should be adjusted for underlying demographic characteristics. The idea is to figure out if a city's murder rate is higher or lower than you would expect it to be. To do that, researchers examined factors that appeared to contribute to a higher murder rate, including the number of people living in poverty, the city's racial makeup and the divorce rate. (They also identified factors that didn't appear to have an impact on murder rates, including population density. More detail on the calculations can be found here.)
The thinking is that those underlying factors can't be controlled, so when you take them out, you can more clearly evaluate how well police and city policies are preventing homicides. "It helps you direct the police forces in a way that is data-driven rather than either political or serendipitous," said Robert Friedmann, professor of criminal justice at Georgia State University and principal investigator on the ICD project. He added, "When you're ranking a city on raw rates, it doesn't take into account the nature of the city."
Think of a comparison between two hospitals' death rates (a topic I wrote about last year). If Hospital A has a higher proportion of patients suffering from life-threatening diseases, it wouldn't be fair to compare its death rate to Hospital B, which tends to treat patients with milder complaints. Prof. Friedmann's team believes that certain cities (Atlanta, Detroit) have higher underlying risk of murder than others (Denver, San Francisco).
The group relies on stats from the federal government, so its most recent ranking is for 2004. According to that ranking, San Francisco was No. 1 among 67 cities in adjusted homicide rates, despite ranking 30th in the raw rates. Atlanta, conversely, fell to No. 46 from No. 7 after the adjustments. And Detroit dropped to No. 37 on the list from No. 3 -- suggesting that the city's demographic profile helps explain what the Detroit News earlier this month called an "abysmal" crime picture for the city.
The project's underlying premise, that a city's economic and demographic makeup forecasts crime rates, has controversial implications. I asked Prof. Friedmann whether his model is suggesting that African Americans are more likely to commit murder than whites living in similar circumstances. "On the face of it, it looks troubling," he replied. But he offered another explanation: Blacks are disproportionately the victims of homicide. Also, his model shows only that a city's black population correlates with homicide rates, not that it causes them -- some other underlying factor may be influencing the numbers. "It seems to me that if you take the racial attributes out of a politically correct discussion and just look at the facts, it is something that makes sense to analyze," Prof. Friedmann said.
Meanwhile, Anthony Harris, professor emeritus of criminal justice at the University of Massachusetts at Amherst, is behind another theory getting a lot of attention. He has for several years argued that murder numbers are not a good measuring stick because they can be heavily influenced by the emergency medical care someone receives. The difference between life and death on the operating table can determine whether a murder rate rises.
Prof. Harris was the lead author of a study in 2002 examining the decline in the murder rate between 1960 and 1999. Prof. Harris focused on the role improved medical care had on "lethality," which is the proportion of violent crimes that result in death. Even though the number of potentially deadly attacks surged in that time period, and the proportion of attacks involving guns also rose, lethality actually decreased by 70% -- to under 2% from nearly 6%. He concluded that improved medical-response times and trauma surgery were responsible for turning many would-be murders into assaults.
To demonstrate the effect of medical care, the researchers compared counties nationwide by various medical criteria, and found, for instance, that counties with at least one hospital were associated with 24% lower lethality than those without a hospital. Prof. Harris also found other medical factors that contributed to a drop in lethality of violent crimes, including the addition of physicians to a county's population and the presence of a facility for performing open-heart surgery.
The Harris study was, by necessity, indirect: The researchers lacked the data to track individual cases and determine whether the same injury was more likely to cause death in 1960 than in 1999. Instead, they tracked broad trends in crime and health care.
Prof. Harris told me that looking at all violent crime, rather than homicide, would better serve lawmakers and police. "If people were looking at aggravated assault and the use of guns in producing serious injury, I think the debate would be totally different," he says. "The big social indicator is injury by gun, and its long-term medical effects."
Derral Cheatwood, professor of sociology at the University of Texas at San Antonio, who has studied the relationship of medical resources to homicide rates in Maryland and Pennsylvania, told me that one of the biggest changes is the approach to treatment at the scene of a crime. "It has shifted from the 1960s, where you put someone in an ambulance, rush them to the hospital and treat them there, to an emergency medical vehicle, where you start to treat them right away and stabilize them," he said. (Bill Doerner, professor of criminology and criminal justice at Florida State University, offered up an interesting anecdote: As recently as 50 years ago, ambulances in Leon County, Fla., were run out of funeral parlors, presenting something of a conflict of interest.)
Lethality has actually edged up since Prof. Harris completed his study. One possible reason for the increase, he said: Several large cities, including Los Angeles and Las Vegas, have closed trauma centers, which can be particularly expensive to operate. "Homicide rates are where trauma centers really have an impact," Connie Potter, executive director of the National Foundation for Trauma Care, told me. A May 2004 report from her group declared a "crisis" in U.S. trauma centers, with 30 closed since 2001.
Thanks to The Numbers Guy, Carl Bialik
Sunday, January 21, 2007
Author Comments on Thief!
Friends of ours: Lucky Luciano, Carlo Gambino, John Gotti
Friends of mine: William "Slick" Hanner
It's strange that our fascination with the mob centers so on top bananas like Lucky Luciano, Carlo Gambino and John Gotti when, as any crime beat reporter will tell you, the most incredible stories always involve madcap misfires by the lowliest flunkies, the truly clueless nostra.
Fort Myers author Cherie Rohn ran into just such a lovable screwball more than a decade ago in Albuquerque, New Mexico, when, after losing her job as a TV station manager, she enrolled in casino dealer's school. One of her instructors was a well-traveled man of action named William "Slick" Hanner. "He was walking around with his notebook of 20 hand-scrawled pages in his third-grade-educated hand of his life story, looking for somebody to write it," Rohn recalls. "No money, of course, but I looked at it and it was like an electric shock went through my body. Something about this guy grabbed me and I vowed to write his story."
A decade in the writing, "Thief: The Gutsy, True Story of an Ex-Con Artist" is the laugh-out-loud misadventures of a savvy Chicago street kid who managed to partake in the profitable mob trifecta of booze, gambling and prostitution without ever actually becoming a made guy.
Like some street-smart version of Forrest Gump, Slick went from rags to riches while drifting through America's hottest post-war entertainment scenes. Whether he was fleecing poker players aboard his yacht, the Knot Guilty, in Miami Beach, driving a limo for Nevada's infamous Chicken Ranch, serving as Jerry Lewis' bodyguard or managing the poker room at the Landmark casino in Las Vegas, Slick was where the action was for the last half of the 20th century. "He was an interesting kind of a screw-up adrenaline junkie con artist who goes through life like a speeding freight train about to derail at any minute," Rohn says of her colorful collaborator.
The project was no mere samba down memory lane. Hanner's third-grade education was one obstacle, but Rohn had her challenges as well. "Aside from a couple lurid love letters, I hadn't written anything," she says. "So I had three tasks: I had to learn to write, I had to learn to write as a guy, and I had to learn to write as a guy who hung with the mob."
Rohn does a wonderful job at all three, telling Slick's first-person tale with all the swagger and latter-day slang of a high-rolling con artist of the day. "We filled it out very slowly," she says. "I actually had to put words into his mouth."
She also found that time was of the essence if she hoped to interview Slick's running mates. "Through the nine agonizing years of writing this story, a lot of people died, mostly from unnatural causes," he quips.
At 74, Slick is still doing what he does best, playing poker and consulting with Las Vegas casinos on how to thwart card sharks.
Does the guy who knows where the bodies are buried fear that some associates may take offense at his candid biography? What are you, nuts?
"We had a few death threats," Rohn admits. "I'm not going to tell you where they came from but they were real. Slick isn't one to worry. His attitude is, 'Hey, if that happens, we can sell a few more books!'"
Thanks to Jay McDonald
Friends of mine: William "Slick" Hanner
It's strange that our fascination with the mob centers so on top bananas like Lucky Luciano, Carlo Gambino and John Gotti when, as any crime beat reporter will tell you, the most incredible stories always involve madcap misfires by the lowliest flunkies, the truly clueless nostra.
Fort Myers author Cherie Rohn ran into just such a lovable screwball more than a decade ago in Albuquerque, New Mexico, when, after losing her job as a TV station manager, she enrolled in casino dealer's school. One of her instructors was a well-traveled man of action named William "Slick" Hanner. "He was walking around with his notebook of 20 hand-scrawled pages in his third-grade-educated hand of his life story, looking for somebody to write it," Rohn recalls. "No money, of course, but I looked at it and it was like an electric shock went through my body. Something about this guy grabbed me and I vowed to write his story."
A decade in the writing, "Thief: The Gutsy, True Story of an Ex-Con Artist" is the laugh-out-loud misadventures of a savvy Chicago street kid who managed to partake in the profitable mob trifecta of booze, gambling and prostitution without ever actually becoming a made guy.
Like some street-smart version of Forrest Gump, Slick went from rags to riches while drifting through America's hottest post-war entertainment scenes. Whether he was fleecing poker players aboard his yacht, the Knot Guilty, in Miami Beach, driving a limo for Nevada's infamous Chicken Ranch, serving as Jerry Lewis' bodyguard or managing the poker room at the Landmark casino in Las Vegas, Slick was where the action was for the last half of the 20th century. "He was an interesting kind of a screw-up adrenaline junkie con artist who goes through life like a speeding freight train about to derail at any minute," Rohn says of her colorful collaborator.
The project was no mere samba down memory lane. Hanner's third-grade education was one obstacle, but Rohn had her challenges as well. "Aside from a couple lurid love letters, I hadn't written anything," she says. "So I had three tasks: I had to learn to write, I had to learn to write as a guy, and I had to learn to write as a guy who hung with the mob."
Rohn does a wonderful job at all three, telling Slick's first-person tale with all the swagger and latter-day slang of a high-rolling con artist of the day. "We filled it out very slowly," she says. "I actually had to put words into his mouth."
She also found that time was of the essence if she hoped to interview Slick's running mates. "Through the nine agonizing years of writing this story, a lot of people died, mostly from unnatural causes," he quips.
At 74, Slick is still doing what he does best, playing poker and consulting with Las Vegas casinos on how to thwart card sharks.
Does the guy who knows where the bodies are buried fear that some associates may take offense at his candid biography? What are you, nuts?
"We had a few death threats," Rohn admits. "I'm not going to tell you where they came from but they were real. Slick isn't one to worry. His attitude is, 'Hey, if that happens, we can sell a few more books!'"
Thanks to Jay McDonald
Mafia 2.0 - Is the Mob Married to Your Computer?
Organized crime has had its fingers in criminal activity on the internet for some time, but until about two years ago most of its activity was limited to obvious scams, pornography and gambling. But in the past two years the rapid growth in organized crime in Eastern Europe and a huge increase in sophistication has jumped organized crime on the internet from an irritation to a serious problem.
How is this happening? The basic reason is that almost half all computer users connected to the internet have no or ineffective security protecting themselves and their systems while they web browse or even when using email. That doesn't even take into account new threats spreading into instant messaging, VoIP and even cell phones.
Estimates of losses from internet and other computer-related fraud in the UK alone are over $4 billion annually. And the losses come in all forms – from small sums scammed out of people via email up to blackmail, extortion and outright theft of very large sums from large corporations. Some of these attacks come with collusion or inadvertant access inside organizations to secure systems, but most come from some form of trickery that exploits naïve and insecure practices in all kinds of ways. And because of the embarassment, many of these frauds go unreported.
First up, WHAT criminals are up to - the top types of internet, telephony, email and credit card scams.
Top Scams
1: Credit card and telephony billing fraud. Example: The Gambino family telephony scam – a couple of telephony company executives organized a billing fraud for credit card and telephony services and a related internet pornography ring on behalf of the Gambino family – that netted over $500 million over a five year period.
2: Nigerian (and Eastern European and Indonesian and...) scams – if you never received a Nigerian scam email you have probably never received email at all – that's how much of it there is – now also known as a 419 scam after the Nigerian anti-fraud law code.
3: Phishing – typically an email supposedly from a bank or credit card company or anyone that has an online financial account that tries to tempt you to log into a site that LOOKS like the real site but is really just a way to watch and capture your account information. These have gotten much more sophisticated and just this past week a kit was made available online to help criminals automatically build sites that transparently pass the data on to the real site and that report that they are the real site – making it even harder to detect the fraud. More recently VoIP and IP Phishing scams have become more prevalent.
4: Zombies – these can be a really subtle scam – you may never even know that you were involved. In this scam your PC is taken over subtly to help run almost every other form of scam. A piece of code gets run on your computer – and it sets itself up as one of a big network of computers (aka a botnet) that hackers have taken over. Once it gets activated, the zombie computer gets used to deliver spam or to infect other computers or to install keyloggers or other malware or even distributed denial of service attacks – then at some later date it just gets turned off again until another time.
5: Extortion – this is one of the big time mob moneyspinners. They infect computers with zombies – often paying unscrupulous hackers something like 20 cents per infected PC – until they have many thousands of infected computers – and then they block access to a major site by having all those zombie PCs access it simultaneously. Depending on circumstances they deliver an extortion demand before or after the attack. This technique has been used successfully against offshore gambling sites and with mixed success against all kinds of other sites. Demands are typically kept in the $50,000 range to make it easy for companies to pay rather than lose business.
6: Wifi Spying and Packet Sniffing – sure it's fun to kick back and surf the web at Starbucks or the local library. But as David Pogue of the New York Times has illustrated, it is incredibly easy for any hacker to watch everything you do and to also install software onto your laptop without you knowing. And packet sniffing techniques can be combined with devices that read data right off a wire to rebuild network traffic and capture data on the fly.
7: Buddying Up – cyber criminals are also making friends online – on MySpace, Facebook and even business-oriented LinkedIn – it is easy to fake an attractive identity and then suck in new online friends and harvest personal information – many social network posters are willing to give up information that reveals enough to aid in identity theft.
8: Insider Trading – organized crime is starting to hire and train employees to get inside target companies and then steal information and access codes. There is also evidence that some hackers are getting sponsored through college courses to improve their knowledge of IT and security systems purely in order to make them more effective at creating and running attacks.
9: Event Piggybacks – whether it is the World Cup, the Superbowl or a hot celebrity scandal, current events are now part of the social engineering attacks used by malicious hackers. An example is online games or downloadable screensavers associated with an event – prior to the 2006 World Cup, German hackers created downloadable screensavers for many of the teams that enticed fans to download them. Along with the screensaver came a pile of trojan malware.
10: Dumpster Diving – not really a scam – just taking advantage of people disposing of (or losing) storage devices without taking security precautions. Take your pick of the scare stories – either the US military USB drive with highly confidential data that was for sale at an Afghani bazaar or the German police computer hard drive that was full of criminal data that was sold on eBay.
11: Invisible Links – the latest trick – borrowing techniques from the latest web practices – is to run a piece of javascript code when the user simply hovers over a link – that code looks for holes in browser security and downloads a trojan like a keylogger to your PC – all without you even knowing. Plus lots of other Ajax and javascript nastiness is possible.
12: Feed spam – Feed spam is basically a way of feeding real sites that use aggregated RSS feeds with bogus information and malware links.
13: Up And Coming – video and multimedia trojans – the next big target is going to be online media – streaming audio, streaming video, flash movies, animations and games and more. It is quite feasible that someone will find a way to have a YouTube link trigger a method of loading malware onto your computer. How well do you really know that person sending you the latest awesome online video?
Now lets look at WHY hackers are exploiting technology and human nature to get access to your PC.
Billions Of Dollars
Here's the bottom line – money and lots and lots of it. Industry estimates for the US are that at minimum several billion dollars were made in the US in computer and internet fraud last year. Some estimates go as high as over $20 billion. So how do they make that kind of money?
1: Identity theft – most people know about this by now – get access to enough data about someone and you can pretend to be them to get money or false documents. The simplest purpose is to get enough information to access credit cards and use them to get money. But it can go as far as usurping and destroying a whole life by running major criminal enterprises under an assumed identity and then walking away and leaving the real person to be held accountable. This is now a serious problem and probably the number one individual concern in online crime. Any one crime may not be all that big, but multiply it by millions and the potential damage is huge.
2: Data theft – stealing valuable information and reselling it – this is pretty rare and never publicized – businesses are too embarrassed to reveal that their intellectual property has been stolen – but this modern equivalent of industrial espionage is believed to be big business.
3: Extortion and blackmail – amazingly enough this now happens on a personal level as well as being directed at companies. On the personal level, imagine turning on your computer to see a blank screen with one message – 'click here to read about how to get access to this computer' only to be told how to pay money to an offshore account to get an unlock code to get into your own computer! All it takes to activate this is something as simple as technique #11 above. On the corporate side is where the big mafia money and attention. It has gotten to the stage where offshore gambling websites now expect extortion demands around big business days for them like Superbowl Sunday. The demand is simple – pay us $1 million or we will take your site down for the Superbowl using a distributed denial of service attack. The threat is to activate a botnet of hundreds of thousands of PCs to bombard the site with spurious access and download requests, effectively blocking real visitors from getting to the site. And organized crime is now known to be prepared to pay hackers to install these bots on computers worldwide – as much as 20 cents per installation. This may seem like a joke but it is estimated that as many as 5 million PCs are online at any moment that are infected with a malware bot of some kind.
4: Investment and drug scams – the most recent wave of spam is so-called image spam – where the spam text is actually a picture. This is purely to avoid spam detectors and the goal is still the same – one version is to get people to invest in penny stocks to drive the price up so the spammer scammers can sell high after buying low – leaving the victims to pay the price after the stock drops back down again to below the price they paid. The other is to buy pharmaceuticals for cheap on the internet – usually Viagra or a derivative. The reason the drugs are so cheap – they are basically talcum powder if they even exist – but by the time you find that out the 'merchant' is long gone.
There are many, many more but they are essentially all variations on these basic themes.
In order to make sure you are safe your best bet is to take the time to understand the HOW – how your information gets stolen, how your computer gets hijacked.
Exploiting Gaps
There are two parts to this – one is general life activity. For example, if you give your credit card to someone in a store or a restaurant and it gets taken away to somewhere you can't see it, then you have already opened yourself up to credit card fraud. If you sign up for an in store membership at the same time, you just opened yourself up to big time identity theft. Obviously, 99% of the time nothing is going to happen, but that does not mean it never will. Your objective should be to minimise your risk in a sensible way.
The other part is technological – some technologies are more of a target than others. For example, if you run a Windows system and use Internet Explorer as your browser you are automatically at higher risk than a Linux user running Opera or Firefox. While many people would tell you that is because Microsoft's software is full of flaws and buggy to boot and you are just asking for trouble by using it, that is only part of the reason. The other part is just a numbers game – over two thirds of all internet users browse using the combination of Windows and Internet Explorer – that makes a tempting target for the criminal. And if Linux and the Mac get more market share, they too will be targeted for these attacks. Complex software has bugs and sometimes these bugs show up as holes and vulnerabilities. There are Mac and Linux specific viruses and trojans out there – just not many of them – yet.
So how does this all happen? Basically someone somewhere finds a bug in a piece of software that allows an external piece of software to slip inside and gain control of some aspect of your computer or its software. These flaws can be in almost anything. There is even a current attack that uses a flaw in an older version of Symantec's enterprise anti-spyware software – a particular version of malware was written to exploit this flaw and take over computers it attacked and turn them into remotely controllable 'bots'.
HOW to know you've been targeted.
Danger Will Robinson
You want to know that you've been targeted by the mob as soon as possible – well before you turn on your computer to see a ransom demand and a password prompt – pay up or watch your hard drive get trashed. The problem is that many of these attacks aren't even aimed at you – all they want from you is as much processing time and bandwidth as possible over a certain period of time. You may not even know you've been targeted and infected. The botnet attack could run without you ever knowing. Of course, since the hackers have opened a free pathway into your computer, they are going to go back and take advantage of it in any way they can.
Here are a few of the basic signs that you might have a problem. In every case you should move to address the problem immediately.
1: Way too many pop-ups. It is practically impossible to eliminate pop-ups altogether if you ever browse the web. But they should be manageable. If you can hardly even use your computer because of the frequency of pop-ups then it is already too late – you've been infected.
2: Your computer slows down and the hard drive runs all the time – and this happens all the time. If you get worried, shut down your programs one at a time in case there is a big data transfer or backup or copy or virus scan running that is responsible. Then restart. If the problem comes back within a few minutes and you can't tell why, then you could be infected.
3: A HUGE increase in spam. This may or may not be a targeted attack. It might just be a new wave of spam that your anti-spam filters haven't learned to cope with. Or it could be a concerted effort to get you to click something that'll install a trojan. Or it could be a sign that you are infected and your email has been harvested and passed on to hundreds of other spam networks.
4: You start having data and program execution errors. This is a big problem. It can mean your hardware is failing. But it also means you could have a malicious virus or piece of malware.
5: Your friends start to complain about getting spam from you. Again, too late. You are already in trouble.
6: Your computer locks up and keeps locking up. Even worse if it does it with a password and demand for cash. If the latter happens do not do ANYTHING to the computer. Do not touch the keyboard, do not turn it off. Instead, call a computer security expert and the police. Your computer and data can be recovered by someone who knows what they are doing.
We will be posting a follow up piece on what you can do to protect your computer and your network next week. In the meantime, here is some background and some suggestions from McAfee and from the Justice Department.
Thanks to Owen Linderholm
How is this happening? The basic reason is that almost half all computer users connected to the internet have no or ineffective security protecting themselves and their systems while they web browse or even when using email. That doesn't even take into account new threats spreading into instant messaging, VoIP and even cell phones.
Estimates of losses from internet and other computer-related fraud in the UK alone are over $4 billion annually. And the losses come in all forms – from small sums scammed out of people via email up to blackmail, extortion and outright theft of very large sums from large corporations. Some of these attacks come with collusion or inadvertant access inside organizations to secure systems, but most come from some form of trickery that exploits naïve and insecure practices in all kinds of ways. And because of the embarassment, many of these frauds go unreported.
First up, WHAT criminals are up to - the top types of internet, telephony, email and credit card scams.
Top Scams
1: Credit card and telephony billing fraud. Example: The Gambino family telephony scam – a couple of telephony company executives organized a billing fraud for credit card and telephony services and a related internet pornography ring on behalf of the Gambino family – that netted over $500 million over a five year period.
2: Nigerian (and Eastern European and Indonesian and...) scams – if you never received a Nigerian scam email you have probably never received email at all – that's how much of it there is – now also known as a 419 scam after the Nigerian anti-fraud law code.
3: Phishing – typically an email supposedly from a bank or credit card company or anyone that has an online financial account that tries to tempt you to log into a site that LOOKS like the real site but is really just a way to watch and capture your account information. These have gotten much more sophisticated and just this past week a kit was made available online to help criminals automatically build sites that transparently pass the data on to the real site and that report that they are the real site – making it even harder to detect the fraud. More recently VoIP and IP Phishing scams have become more prevalent.
4: Zombies – these can be a really subtle scam – you may never even know that you were involved. In this scam your PC is taken over subtly to help run almost every other form of scam. A piece of code gets run on your computer – and it sets itself up as one of a big network of computers (aka a botnet) that hackers have taken over. Once it gets activated, the zombie computer gets used to deliver spam or to infect other computers or to install keyloggers or other malware or even distributed denial of service attacks – then at some later date it just gets turned off again until another time.
5: Extortion – this is one of the big time mob moneyspinners. They infect computers with zombies – often paying unscrupulous hackers something like 20 cents per infected PC – until they have many thousands of infected computers – and then they block access to a major site by having all those zombie PCs access it simultaneously. Depending on circumstances they deliver an extortion demand before or after the attack. This technique has been used successfully against offshore gambling sites and with mixed success against all kinds of other sites. Demands are typically kept in the $50,000 range to make it easy for companies to pay rather than lose business.
6: Wifi Spying and Packet Sniffing – sure it's fun to kick back and surf the web at Starbucks or the local library. But as David Pogue of the New York Times has illustrated, it is incredibly easy for any hacker to watch everything you do and to also install software onto your laptop without you knowing. And packet sniffing techniques can be combined with devices that read data right off a wire to rebuild network traffic and capture data on the fly.
7: Buddying Up – cyber criminals are also making friends online – on MySpace, Facebook and even business-oriented LinkedIn – it is easy to fake an attractive identity and then suck in new online friends and harvest personal information – many social network posters are willing to give up information that reveals enough to aid in identity theft.
8: Insider Trading – organized crime is starting to hire and train employees to get inside target companies and then steal information and access codes. There is also evidence that some hackers are getting sponsored through college courses to improve their knowledge of IT and security systems purely in order to make them more effective at creating and running attacks.
9: Event Piggybacks – whether it is the World Cup, the Superbowl or a hot celebrity scandal, current events are now part of the social engineering attacks used by malicious hackers. An example is online games or downloadable screensavers associated with an event – prior to the 2006 World Cup, German hackers created downloadable screensavers for many of the teams that enticed fans to download them. Along with the screensaver came a pile of trojan malware.
10: Dumpster Diving – not really a scam – just taking advantage of people disposing of (or losing) storage devices without taking security precautions. Take your pick of the scare stories – either the US military USB drive with highly confidential data that was for sale at an Afghani bazaar or the German police computer hard drive that was full of criminal data that was sold on eBay.
11: Invisible Links – the latest trick – borrowing techniques from the latest web practices – is to run a piece of javascript code when the user simply hovers over a link – that code looks for holes in browser security and downloads a trojan like a keylogger to your PC – all without you even knowing. Plus lots of other Ajax and javascript nastiness is possible.
12: Feed spam – Feed spam is basically a way of feeding real sites that use aggregated RSS feeds with bogus information and malware links.
13: Up And Coming – video and multimedia trojans – the next big target is going to be online media – streaming audio, streaming video, flash movies, animations and games and more. It is quite feasible that someone will find a way to have a YouTube link trigger a method of loading malware onto your computer. How well do you really know that person sending you the latest awesome online video?
Now lets look at WHY hackers are exploiting technology and human nature to get access to your PC.
Billions Of Dollars
Here's the bottom line – money and lots and lots of it. Industry estimates for the US are that at minimum several billion dollars were made in the US in computer and internet fraud last year. Some estimates go as high as over $20 billion. So how do they make that kind of money?
1: Identity theft – most people know about this by now – get access to enough data about someone and you can pretend to be them to get money or false documents. The simplest purpose is to get enough information to access credit cards and use them to get money. But it can go as far as usurping and destroying a whole life by running major criminal enterprises under an assumed identity and then walking away and leaving the real person to be held accountable. This is now a serious problem and probably the number one individual concern in online crime. Any one crime may not be all that big, but multiply it by millions and the potential damage is huge.
2: Data theft – stealing valuable information and reselling it – this is pretty rare and never publicized – businesses are too embarrassed to reveal that their intellectual property has been stolen – but this modern equivalent of industrial espionage is believed to be big business.
3: Extortion and blackmail – amazingly enough this now happens on a personal level as well as being directed at companies. On the personal level, imagine turning on your computer to see a blank screen with one message – 'click here to read about how to get access to this computer' only to be told how to pay money to an offshore account to get an unlock code to get into your own computer! All it takes to activate this is something as simple as technique #11 above. On the corporate side is where the big mafia money and attention. It has gotten to the stage where offshore gambling websites now expect extortion demands around big business days for them like Superbowl Sunday. The demand is simple – pay us $1 million or we will take your site down for the Superbowl using a distributed denial of service attack. The threat is to activate a botnet of hundreds of thousands of PCs to bombard the site with spurious access and download requests, effectively blocking real visitors from getting to the site. And organized crime is now known to be prepared to pay hackers to install these bots on computers worldwide – as much as 20 cents per installation. This may seem like a joke but it is estimated that as many as 5 million PCs are online at any moment that are infected with a malware bot of some kind.
4: Investment and drug scams – the most recent wave of spam is so-called image spam – where the spam text is actually a picture. This is purely to avoid spam detectors and the goal is still the same – one version is to get people to invest in penny stocks to drive the price up so the spammer scammers can sell high after buying low – leaving the victims to pay the price after the stock drops back down again to below the price they paid. The other is to buy pharmaceuticals for cheap on the internet – usually Viagra or a derivative. The reason the drugs are so cheap – they are basically talcum powder if they even exist – but by the time you find that out the 'merchant' is long gone.
There are many, many more but they are essentially all variations on these basic themes.
In order to make sure you are safe your best bet is to take the time to understand the HOW – how your information gets stolen, how your computer gets hijacked.
Exploiting Gaps
There are two parts to this – one is general life activity. For example, if you give your credit card to someone in a store or a restaurant and it gets taken away to somewhere you can't see it, then you have already opened yourself up to credit card fraud. If you sign up for an in store membership at the same time, you just opened yourself up to big time identity theft. Obviously, 99% of the time nothing is going to happen, but that does not mean it never will. Your objective should be to minimise your risk in a sensible way.
The other part is technological – some technologies are more of a target than others. For example, if you run a Windows system and use Internet Explorer as your browser you are automatically at higher risk than a Linux user running Opera or Firefox. While many people would tell you that is because Microsoft's software is full of flaws and buggy to boot and you are just asking for trouble by using it, that is only part of the reason. The other part is just a numbers game – over two thirds of all internet users browse using the combination of Windows and Internet Explorer – that makes a tempting target for the criminal. And if Linux and the Mac get more market share, they too will be targeted for these attacks. Complex software has bugs and sometimes these bugs show up as holes and vulnerabilities. There are Mac and Linux specific viruses and trojans out there – just not many of them – yet.
So how does this all happen? Basically someone somewhere finds a bug in a piece of software that allows an external piece of software to slip inside and gain control of some aspect of your computer or its software. These flaws can be in almost anything. There is even a current attack that uses a flaw in an older version of Symantec's enterprise anti-spyware software – a particular version of malware was written to exploit this flaw and take over computers it attacked and turn them into remotely controllable 'bots'.
HOW to know you've been targeted.
Danger Will Robinson
You want to know that you've been targeted by the mob as soon as possible – well before you turn on your computer to see a ransom demand and a password prompt – pay up or watch your hard drive get trashed. The problem is that many of these attacks aren't even aimed at you – all they want from you is as much processing time and bandwidth as possible over a certain period of time. You may not even know you've been targeted and infected. The botnet attack could run without you ever knowing. Of course, since the hackers have opened a free pathway into your computer, they are going to go back and take advantage of it in any way they can.
Here are a few of the basic signs that you might have a problem. In every case you should move to address the problem immediately.
1: Way too many pop-ups. It is practically impossible to eliminate pop-ups altogether if you ever browse the web. But they should be manageable. If you can hardly even use your computer because of the frequency of pop-ups then it is already too late – you've been infected.
2: Your computer slows down and the hard drive runs all the time – and this happens all the time. If you get worried, shut down your programs one at a time in case there is a big data transfer or backup or copy or virus scan running that is responsible. Then restart. If the problem comes back within a few minutes and you can't tell why, then you could be infected.
3: A HUGE increase in spam. This may or may not be a targeted attack. It might just be a new wave of spam that your anti-spam filters haven't learned to cope with. Or it could be a concerted effort to get you to click something that'll install a trojan. Or it could be a sign that you are infected and your email has been harvested and passed on to hundreds of other spam networks.
4: You start having data and program execution errors. This is a big problem. It can mean your hardware is failing. But it also means you could have a malicious virus or piece of malware.
5: Your friends start to complain about getting spam from you. Again, too late. You are already in trouble.
6: Your computer locks up and keeps locking up. Even worse if it does it with a password and demand for cash. If the latter happens do not do ANYTHING to the computer. Do not touch the keyboard, do not turn it off. Instead, call a computer security expert and the police. Your computer and data can be recovered by someone who knows what they are doing.
We will be posting a follow up piece on what you can do to protect your computer and your network next week. In the meantime, here is some background and some suggestions from McAfee and from the Justice Department.
Thanks to Owen Linderholm
Saturday, January 20, 2007
JIM POWERS (1928-2007)
When Jim Powers took over the Las Vegas FBI office in 1977, he inherited a department in disarray and a town of well-entrenched mobsters. He vowed to address both problems.
One of his primary targets was Gold Rush Ltd., a jewelry store/fencing operation near the Strip. The FBI's raid of the place set the table for the demise of its owner, mobster Tony Spilotro, and his Hole-in-the-Wall Gang.
James M. Powers, who later served as security chief for Steve Wynn's Golden Nugget and helped bring to justice the kidnappers of Wynn's daughter Kevyn in 1993, died Thursday in Las Vegas. He was 78.
"Jim was the best of what you would call Old Bureau FBI agents, those who had worked under J. Edgar Hoover," said former federal prosecutor Stan Hunterton, who is a local defense attorney. "He was disciplined and hardworking. Jim treated everyone with decency, and his integrity was above reproach."
Although Powers served just two years as special agent-in-charge of the Las Vegas FBI office, it was a pivotal time in Southern Nevada history - the beginning of the end of the mob's great influence on the region.
A year before Powers took the job, Spilotro had formed the Hole-in-the-Wall Gang with younger brother Michael Spilotro, boyhood chum Frank Culotta, Joey Cusumano, "Fat Herbie" Blitzstein, former Metro Police Detective Joe Blasko and others. The gang got its nickname by drilling through the walls of the buildings that it burglarized. Its headquarters was the Gold Rush - a block from the Strip - which also had opened in 1976.
Powers targeted the Gold Rush for a massive raid in which a large amount of evidence was gathered that helped lead to Spilotro's 1981 indictment on federal racketeering charges that eventually were dismissed. Spilotro was killed, presumably by mob associates, in 1986.
Born Oct. 4, 1928, in Springfield, Mass., Powers joined the Marine Corps in 1946 and served for two years. In 1953, he earned a bachelor of laws degree from Boston University School of Law. Powers joined the FBI in 1954, working in New York and Chicago before retiring in Las Vegas in 1979 and becoming vice president of corporate security for the Golden Nugget. He worked for Wynn until his retirement in the late 1990s.
Thanks to Ed Koch
One of his primary targets was Gold Rush Ltd., a jewelry store/fencing operation near the Strip. The FBI's raid of the place set the table for the demise of its owner, mobster Tony Spilotro, and his Hole-in-the-Wall Gang.
James M. Powers, who later served as security chief for Steve Wynn's Golden Nugget and helped bring to justice the kidnappers of Wynn's daughter Kevyn in 1993, died Thursday in Las Vegas. He was 78.
"Jim was the best of what you would call Old Bureau FBI agents, those who had worked under J. Edgar Hoover," said former federal prosecutor Stan Hunterton, who is a local defense attorney. "He was disciplined and hardworking. Jim treated everyone with decency, and his integrity was above reproach."
Although Powers served just two years as special agent-in-charge of the Las Vegas FBI office, it was a pivotal time in Southern Nevada history - the beginning of the end of the mob's great influence on the region.
A year before Powers took the job, Spilotro had formed the Hole-in-the-Wall Gang with younger brother Michael Spilotro, boyhood chum Frank Culotta, Joey Cusumano, "Fat Herbie" Blitzstein, former Metro Police Detective Joe Blasko and others. The gang got its nickname by drilling through the walls of the buildings that it burglarized. Its headquarters was the Gold Rush - a block from the Strip - which also had opened in 1976.
Powers targeted the Gold Rush for a massive raid in which a large amount of evidence was gathered that helped lead to Spilotro's 1981 indictment on federal racketeering charges that eventually were dismissed. Spilotro was killed, presumably by mob associates, in 1986.
Born Oct. 4, 1928, in Springfield, Mass., Powers joined the Marine Corps in 1946 and served for two years. In 1953, he earned a bachelor of laws degree from Boston University School of Law. Powers joined the FBI in 1954, working in New York and Chicago before retiring in Las Vegas in 1979 and becoming vice president of corporate security for the Golden Nugget. He worked for Wynn until his retirement in the late 1990s.
Thanks to Ed Koch
The "Big Guy" From Spilotro's Hole in the Wall Gang Dies
The late Tony Spilotro was the Chicago Outfit's fearless, brutal soldier in Las Vegas, who once tortured a man by putting his head in a vise and squeezing it until one of his eyes popped out. But even Spilotro was unnerved by one man -- a member of Spilotro's own Hole in the Wall Gang, -- Lawrence Neumann.
Long before Neumann joined
, he left a trail of violence.
In 1956, when Neumann thought he got shortchanged at an Uptown bar, he went back and shotgunned three people dead. Later, Neumann would be convicted of one more murder, and suspected in two others in McHenry County.
Neumann had a steady income from a trust fund, so he didn't need to steal, rob and kill to make money. Apparently, he just enjoyed it.
Now, his long history of violence has ended. Neumann, 79, in advanced stages of cardiac disease, died of natural causes Jan. 9 at Menard Correctional Center located Downstate. He was pronounced dead at 5:45 a.m. in the medical unit of the prison where he was serving a life term for murder.
"As long as they don't remove the stake out of his f - - - - - - chest, we'll be all right," said onetime mobster Frank Cullotta during a telephone interview Wednesday from an undisclosed location. Cullotta was not particularly saddened to hear of Neumann's death.
Cullotta turned federal informant and testified against Neumann in a murder trial in 1983 that resulted in putting Neumann away for life. Neumann killed mob-connected jeweler Robert Brown during a robbery. Brown was strangled, hit on the head and when he wouldn't die, stabbed with a bayonet. "He was a real animal, the world's a better place without him -- a safer place I should say," Cullotta, who has written an autobiography that's soon to be released, said of Neumann.
Neumann was born in St. Louis, the son of a successful sporting goods salesman. He was kicked out of a Missouri military academy when he was 14, then attended Amundsen High School in Chicago, where he started running with a rough crowd and eventually dropped out, according to a published interview with his father in 1956.
It was in June of that year when Neumann went into Mickey's Miracle Bar with a shotgun he had bought on sale and unloaded on one of the owners, an employee and a patron, killing them all. He felt the bar had shorted him on change. The triple slaying sparked a citywide manhunt. Neumann's efforts to contact a "pretty divorcee" -- as she was described in news accounts -- helped police track him down. Neumann had vowed to kill one of the lead detectives trailing him. After a gun battle between Neumann and police, he surrendered peacefully. Neumann was sentenced to 125 years in prison but because of a change in parole laws, he was released after serving a little more than 10s.
Cullotta met Neumann when they were in Stateville Prison, and Neumann sought out Cullotta after both were released. "He wanted to be involved in my type of life," Cullotta said. So Neumann got into mob life, including Spilotro's burglary crew out in Las Vegas, called the "Hole in the Wall Gang" because members knocked holes through the walls of buildings to avoid alarm systems.
Dubbed "The Big Guy" and "Lurch," Neumann's hands were so big, authorities sometimes had trouble fingerprinting him. More than one top mobster -- who scared people for a living -- was frightened by Neumann, a fitness buff who reportedly did 1,000 sit-ups a day.
"Tony [Spilotro] was scared of him," Cullotta recalled. "He said, 'Please . . . don't ever get the The Big Guy mad at me or you.' "
Retired FBI agent Dennis Arnoldy said, "Larry would always go overboard," even by Spilotro's loose standards.
After Neumann died last week, no one claimed him. The state paid to cremate him, said Downstate funeral director Mike McClure. The prison chaplain will say a brief service next week over his cremated ashes in a plastic urn at Evergreen Cemetery in the nearby town of Chester.
At his request, Neumann, who was Jewish, was cremated with his yarmulke on his head.
Thanks to Steve Warmbir and Robert C. Herguth
Long before Neumann joined
, he left a trail of violence.In 1956, when Neumann thought he got shortchanged at an Uptown bar, he went back and shotgunned three people dead. Later, Neumann would be convicted of one more murder, and suspected in two others in McHenry County.
Neumann had a steady income from a trust fund, so he didn't need to steal, rob and kill to make money. Apparently, he just enjoyed it.
Now, his long history of violence has ended. Neumann, 79, in advanced stages of cardiac disease, died of natural causes Jan. 9 at Menard Correctional Center located Downstate. He was pronounced dead at 5:45 a.m. in the medical unit of the prison where he was serving a life term for murder.
"As long as they don't remove the stake out of his f - - - - - - chest, we'll be all right," said onetime mobster Frank Cullotta during a telephone interview Wednesday from an undisclosed location. Cullotta was not particularly saddened to hear of Neumann's death.
Cullotta turned federal informant and testified against Neumann in a murder trial in 1983 that resulted in putting Neumann away for life. Neumann killed mob-connected jeweler Robert Brown during a robbery. Brown was strangled, hit on the head and when he wouldn't die, stabbed with a bayonet. "He was a real animal, the world's a better place without him -- a safer place I should say," Cullotta, who has written an autobiography that's soon to be released, said of Neumann.
Neumann was born in St. Louis, the son of a successful sporting goods salesman. He was kicked out of a Missouri military academy when he was 14, then attended Amundsen High School in Chicago, where he started running with a rough crowd and eventually dropped out, according to a published interview with his father in 1956.
It was in June of that year when Neumann went into Mickey's Miracle Bar with a shotgun he had bought on sale and unloaded on one of the owners, an employee and a patron, killing them all. He felt the bar had shorted him on change. The triple slaying sparked a citywide manhunt. Neumann's efforts to contact a "pretty divorcee" -- as she was described in news accounts -- helped police track him down. Neumann had vowed to kill one of the lead detectives trailing him. After a gun battle between Neumann and police, he surrendered peacefully. Neumann was sentenced to 125 years in prison but because of a change in parole laws, he was released after serving a little more than 10s.
Cullotta met Neumann when they were in Stateville Prison, and Neumann sought out Cullotta after both were released. "He wanted to be involved in my type of life," Cullotta said. So Neumann got into mob life, including Spilotro's burglary crew out in Las Vegas, called the "Hole in the Wall Gang" because members knocked holes through the walls of buildings to avoid alarm systems.
Dubbed "The Big Guy" and "Lurch," Neumann's hands were so big, authorities sometimes had trouble fingerprinting him. More than one top mobster -- who scared people for a living -- was frightened by Neumann, a fitness buff who reportedly did 1,000 sit-ups a day.
"Tony [Spilotro] was scared of him," Cullotta recalled. "He said, 'Please . . . don't ever get the The Big Guy mad at me or you.' "
Retired FBI agent Dennis Arnoldy said, "Larry would always go overboard," even by Spilotro's loose standards.
After Neumann died last week, no one claimed him. The state paid to cremate him, said Downstate funeral director Mike McClure. The prison chaplain will say a brief service next week over his cremated ashes in a plastic urn at Evergreen Cemetery in the nearby town of Chester.
At his request, Neumann, who was Jewish, was cremated with his yarmulke on his head.
Thanks to Steve Warmbir and Robert C. Herguth
Subscribe to:
Posts (Atom)