Monthly Archives: April 2014

Supreme Court Ponders Warrantless Cell Phone Searches

US Supreme CourtU.S. Supreme Court Justices are currently struggling with the issue of warrantless cell phone searches. The arguments before the court is whether police have the right to examine the contents of cell phones found in the possession of criminal suspects.

Being considered are cases from Boston and San Diego. In the San Diego case David Leon Riley was pulled over for driving with expired tags. During a search of the car (legal) police found concealed and loaded weapons. Riley was arrested and officers seized his smartphone.  A warrantless search of the phone revealed photos and videos linking Riley to a recent gang shooting. Eventually, Riley received an extended sentence because of the gang affiliation. Lawyers for Riley argued before the court that police had overstepped their bounds by searching the phone. A lower court disagreed and allowed the search and evidence to be used in the eventual conviction. California Solicitor General Edward C. Dumont, argued that the lower court had gotten it right that there was no need for a warrant to search the cell phone. Dumont suggested there are distinct privacy difference between pictures in someone’s billfold and pictures seized from a cell phone. 

One of the questions being considered is the seriousness of the crime. Justice Elena Kagan, using a minor crime such as driving without a seatbelt as an example, questioned Dumont’s argument saying “the police could take that phone and could look at every single e-mail that person has written, including work e-mails, including e-mails to family members, very intimate communications, could look at all that person’s bank records, could look at all that person’s medical data, could look at that person’s calendar, could look at that person’s GPS and find out every place that person had been recently because that person was arrested for driving without a seat belt.” Kagan pointed out that the information found in a cell phone was far more detailed and sensitive than just a photo in billfold.

Chief Justice John Roberts questioned  the contents of apps found on smartphones and the additional privacy implications for those apps.  “Could you have a rule that the police are entitled to search those apps that, in fact, don’t have an air of privacy about them?  He also asked how a magistrate would discern what part of the smartphone could be searched?

Justice Ruth Bader Ginsburg, pointing out that if the police had seized the phone and preserved it as evidence, she asked;  “So I don’t understand why we cut the warrant out of this picture,” she said.

In the Boston case the court dealt not with a smartphone but a simple flip phone. Brima Wurie, was arrested in 2007 for selling cocaine. After the arrest, Wurie’s  phone kept receiving  calls from a number identified as “my house” on the caller ID screen. Police opened the phone and accessed the number. Using a reverse directory they were able to obtain an address which led them to get a warrant and find a stash of crack cocaine. Wurie was sentenced to 262 months in prison. His lawyers argued on appeal that the evidence should be thrown out and the court agreed.

Massachusetts Deputy Solicitor General Michael R. Dreeben argued the decision should be reversed. “The facts of this case,” Dreeben argued, “illustrate why any categorical rule that would preclude searches of cell phones incident to arrest would be inconsistent with historical practice and detrimental to law enforcement.”

Justice Kennedy asked Dreeben if he had any limits apply to this practice.  Dreeben answered that the search of cell phones “should be relevant to the crime of arrest” and said the court could articulate the rule in a way that would “prevent roving searches or speculative searches.”

Breaking it Down

Black people need to pay attention to these questions. We all have cell phones but we are not all criminals by any measure. But we have an inglorious history with the police and we have to understand what the law is saying. We have a right to refuse a search if a police officer asks, especially if you are not under arrest. We have the right against self-incrimination. So we can refuse to hand over a cellphone if asked.  But once you are under arrest things change. Legalzoom.com can give you some simple legal guidelines when you are in a situation with a police officer so you know what they can and can’t do.  In this case the Supreme Court must decide if a cell phone is searchable upon arrest.

Is the cell phone considered evidence in the crime based on the possible evidence it may contain? If that phone is searched and other evidence is discovered of additional crimes is that evidence admissible? In legal language this is known as “fruit of the poison tree.” This means that if the phone is searched and other evidence is found; was the initial search legal. If the search is deemed illegal then the evidence is inadmissible in court. It’s fruit of the poison tree.

The police have to decide if the phone was used to commit or conceal a crime. How can the police know this without searching the phone? Another question is what if one phone legally searched can lead to evidence on another phone? What about other evidence found there? Can a suspect claim the fifth amendment right against self incrimination if their phone is connected to a crime? Can they be forced to surrender it to police?

The answers to these questions must fit into the Constitution’s definition of legal search and seizure. But the founding fathers could never imagine this technology or the society we live in today. Right now police can, and do, seize property or secure a crime scene to preserve evidence. They can hold property until they can obtain a search warrant and that is the point that  Justice Ginsburg is making. If police seize a cell phone can they make a reasonable argument that the phone has evidence of a crime? If so then a search warrant is granted.

I believe that Justice Ginsburg has the right idea. Let the police seize the phone and make their argument that it has evidence. Maybe they can make the claim that the drug dealer is using the phone to sell drugs and let the magistrate decide. But what if the suspect can use remote technology to wipe all data from the phone before the warrant is executed? Is he exercising his right against self incrimination?

ALERT! Emergency Adobe Flash Player Security Update ALERT!

As if the Windows Eflash_windowsxplorer bug was not enough here we go again. An emergency Adobe Flash Player security update has released an emergency security update  to repair yet another critical software flaw. Apparently the software has a flaw that allows hackers to takeover your computer!   This flaw is named CVE-2014-0515 and impacts Windows, MAC OS and Linux computers.

In order to fix your computer and protect yourself you need to to visit the Adobe Download Center. To clear up any confusion this Adobe Flash Player fix WILL NOT correct the Microsoft Explorer bug.

Breaking It Down

Now keep in mind this problem is unrelated to the Microsoft Explorer bug I wrote about yesterday.  But this Flash Player is yet another default program found on many computers owned by black people. Its likely you have it and don’t know it. And yes this flaw allows hackers to take over your computer. See bot, botnet and zombie. And that is why I do what I do. I encourage black people to get a little more familiar with their computer and their software. Learn what is there so you can see what’s not supposed to be there. I have said it before, if there is software on your computer you don’t use or don’t know what it is for then uninstall it.  Read; Treat Your Internet Like Your Home parts 1, 2 and 3.

This is another one of those endless mistakes that software code writers simply can’t seem to stop making. I really don’t understand this. Apple is pretty good at keeping its code secure and its only rarely that you hear of an Apple specific code issue.  So my question is;  why can’t others emulate what Apple is doing?  The hackers seem to find these holes every time. Do I need to stress that it is extremely dangerous to build a car with the gas tank in the passenger compartment? Well that’s the way I see software makers writing code. If  a mistake is made the user gets burned…over and over again.

Man-in the-Middle; Hackers Stealing Home Buyers Down Payments

Courtesy of Salvatore Vuono

Courtesy of Salvatore Vuono

Black home buyers beware! In a frightening development hackers are now stealing home buyers down payments. It seems that hackers have struck the real estate industry, in this case First American Title.  The scheme, known in technical circles as the “man-in-the-middle attack” works like this;  hackers intercept emails from title agencies to home buyers.  The email contains information for the wire transfer of down payment funds for the purchase of a home. Hackers alter the information putting in their own bank account numbers then send it to the home buyer.  The home buyer, suspecting nothing, wires his hard earned down payment directly to the hacker’s account.   First American Title is aware of the scam and issued this statement;

“First American has been notified of a scheme in which potential purchasers/borrowers have received emails allegedly from a title agency providing wire information for use by the purchaser/borrower to transmit earnest money for an upcoming transaction.”

“The messages were actually emails that were intercepted by hackers who then altered the account information in the emails to cause the purchasers’/borrowers’ funds to be sent to the hacker’s own account. The emails appear to be genuine and contain the title agency’s email information and/or logos, etc. When the purchasers /borrowers transferred their funds pursuant to the altered instructions, their money was stolen with little chance of return. This scam appears to be somewhat similar to the email hacking scheme that came to light earlier this year that targeted real estate agents.”

“It is apparent in both scams that the hackers monitor the email traffic of the agency or the customer and are aware of the timing of upcoming transactions. While in the reported instances, a customer was induced to misdirect their own funds, an altered email could conceivably be used to cause misdirection of funds by any party in the transaction, including the title agent themselves.”

This type of attack reveals the importance of using two-factor authentication for email. Larger email services such as  Gmail.com, Hotmail and Yahoo! all now offer this form of authentication. If you do business via email you need to use this authentication method.  Other services like DropboxFacebook and Twitter all offer additional account security options beyond just encouraging users to implement powerful passwords.

But none of this means anything if additional security is defeated by a hacker who get inside a computer or network  using some form of malware. I urge computer users to clean up their PC by using the guidelines found on KrebsonSecurity Tools for a Safer PC primer.

 

Breaking It Down

First things first, I am really sorry if someone lost their down payment for a home. That had to be devastating  to their heart and soul. What we have is a clear indication that someone’s computer system is not as secure as it should be. Malware can and does open your computer up for attacks and this is one way. In this example malware probably infiltrated someone’s computer and revealed passwords. That’s all it takes. When a hacker can get into your computer you have almost no defense. Be extremely cautious about attachments and advertisements you see online. A lot of malware comes into your computer that way. And familiarize yourself with what is known as a drive by download. I’m not laying blame on anyone here but sound business IT practices are an absolute necessity nowadays.  If you are using email to exchange business information then you need to be hyper alert to what can happen. Man in the middle attacks are more common than you would think. If this scam works on one real estate company it certainly would work on others. So First American Title is not alone in its vulnerability.  I would suggest you use every authentication method possible when dealing with large sums of money. If you have to call the realtor and ask them to confirm the information before you transfer money then do it! Better still, hand carry the check to the bank or realtor. Do what you have to do but be certain your money goes where its supposed to and protect your dreams.

African-American Parents, Fight Child Identity Theft

canstockphoto2780627Child identity theft is a rapidly growing crime in the cyber age. Black parents need to be aware of the vulnerability of their child’s identity and what they need to do to protect it. Sadly most child identity theft is done by family members. Parents have used their child’s social security number and name to get credit cards and such basic services as phone and cable television. Its a ghetto move and we as black people know it happens.

As these children gets older and try to enter the working world they may discover that their credit is already screwed up thanks to mom or dad. If the child is college bound they may find that student loans are impossible to get due to bad credit. Even getting a cell phone might be impossible. The child starts life already handicapped with a deadbeat credit report.

But there are others that seek to steal a child’s identity and you have to watch out for them. Criminals love a child’s identity because it offers them almost limitless opportunity to get credit cards, loans, even cars and home mortgages. How? Because some credit reporting companies do not verify age of the applicant.  So when a criminal applies for credit using a child’s social security number they may list their age as 24. And that’s the age the credit record will show. The actual age of the child, who’s social security number is used, doesn’t matter. The question now is how do you, as a parent, fight back.

One of the first things a parent needs to do to protect their child is to regularly check their child’s credit report using the free service at AnnualCreditReport.com. This should be performed at least once a year. If you have not done this there are some clues you should be aware of. These include;

  • Check your child’s credit history and look for activity like credit cards in their name, especially store credit cards.
  • You attempt to open a bank account for your child only to discover there is an account open with your child’s social security number or the bank denies you due to a history of bad checks.
  • Your child applies for a student loan or credit card and is denied because of credit problems they were unaware of.
  • Your child receives frequent offers for credit cards.
  • Your child is receiving bills, bank statements or notices from collection agencies.
  • Your child can’t get a driver’s license because someone else has a driver’s license using their social security number.Or there is a driving record associated with the child’s name that has outstanding citations.
  • You are audited because someone else has claimed your child as a dependent.
  • A letter from the IRS is sent to your child claiming they failed to file report income.

If you discover fraudulent activity using your child’s identity act immediately. You can place a freeze on your child’s credit profile and begin getting the situation corrected. You can also find information specifically for child identity theft at the Federal Trade Commission website.

Breaking It Down

Black parents are focused on giving their children every possible advantage. Lets face it, society is not always kind to us. We need to focus on protecting them not only from the things we know could hurt them but the hidden dangers of life. Black children need to know the value of their social security number and their identity. Start early with this education so they grow up knowing how easily an identity is stolen. Your child is probably online so you need to let them know they should never use their identity online or give any information to websites or even friends online. Black children need to learn the value of information early in life and understand where the threats are. Like that cell phone and their Facebook page or any other social media they maybe into.  We often think of predators as pedophiles, and they really are a serious danger to our children, but we also need to be alert to information gathering websites. Especially product oriented websites, online gaming websites and free offers that come in our children’s email or text messages. Some predators just want information.  Its up to you to educate your child to the dangers of the world, especially the cyber world.

Google Offers Refunds after Virus Shield Fiasco

Google has offered full refunds for an anti-virus app that was sold on its Google PlayStore site. The app, named Virus Shield, was completely ineffective but still became a best seller. In addition to the refund Google is also offering a $5 dollar credit. Deviant Solutions, the maker of the app claims there was mistake  and the app was  not supposed to be released.

Prepaid Cellphone War Could Benefit African-Americans

AT&TAT&T has decided its not going to give up the prepaid cellphone market to T-Mobile without a fight. T-Mobile has been sucking AT&T customers away with some pretty aggressive tactics and AT&T is feeling it. In a move to make it’s no contract phone plans more competitive with T-Mobile AT&T is upping the amount of data customer’s receive with each plan. Starting  April 25th AT&T will change two of its no contract plans. The GoPhone plan changes  include the  $60 per month plan which will now have an additional 500MB of data. That brings it’s monthly data package up to 2.5GB per month and will also allow GoPhone customers to use their data to create Wi-Fi hotspots. The other change doubles the data on their $40 a month  plan from 250MB to 500MB per month. AT&T is also introducing a plan solely for Walmart that includes 1GB of data and unlimited talk for $45 a month.

Breaking It Down

If you can’t see what’s happening here let me show you. T-Mobile has been making a big push for pre-pay customers. And they have been gaining market share in that area. Its a lucrative market that consists of a lot of African-American customers. And there’s plenty of room for growth and that means money. AT&T wants a piece of the pie and have stepped up their game to get it.  But it goes further than that. These extra chunks of data offered by AT&T could benefit black people who use smartphones and mobile devices in greater proportion than the rest of the country.  Yeah, a lot of people are sitting in Starbucks using the free WiFi. But many black people would appreciate being able to use that WiFi in the safety of their own home and cut out that expensive home internet connection. Especially in this security conscious cyber age where it can be dangerous to use someone’s open WiFi. People with smartphones can do a lot more with that extra data and AT&T knows it. But wait! There’s more! Sprint offers an everything plan with unlimited data, talk and messaging. Only $79.00 a month. But you have to sign the contract. How long before AT&T and T-Mobile decide they can do it too without without a contract? Sprint better look out.

For many people, Black people included, prepaid cellphones are an economic blessing. This is an important and profitable segment of the market.  People who are economically disadvantaged are also usually in possession of a pre-paid cell phone. This news is sure to get a lot of smiles from this market segment. You’re getting a lot more for the same amount of money and that is always good news.

Change Your Obamacare Password

As a result of the Heartbleed bug the Department of Health and Human Services is requiring consumers to change their password for the Obamacare or HealthCare.gov website. A notice was posted on the website notifying users. Although HealthCare.gov has not reported any negative instances related to the Heartbleed bug the website believes it is in the best interest of the consumer to change their passwords anyway. The website says they are patching the flaw and re-installing the encryption keys to provide the most secure environment possible.

Healthcare.gov is currently undergoing complete security testing every quarter. The federal government only requires such testing every three years. This testing will continue for the next two to three years.

Breaking It Down

You shuld not be surprised by this development. As matter of fact you should have changed your passwords to every site that uses one by now. I urge black people to take heed when you see warnings like this especially when it involves the Heartbleed bug. Don’t ignore these things! The Obamacare website is the lightning rod in Washington and there are plenty of people who want to see it fail. This is another arrow in their quiver. Why else is the site undergoing quarterly testing. I guarantee some hacker somewhere is trying to bring it down.

Finally, lets talk about passwords. Your passwords should be a passphrase. I warn people all the time that passwords are highly ineffective unless you make it as complicated as possible. So when I say passphrase I ‘m saying think of a phrase using no less than 12 characters. Make it something that makes no sense at all and can’t be related to you. Like friedgreentomatoesaresexy. Then dress it up so it looks like this Fr!Edgr33ntOm@tOe5rSxY. Trust me it seems hard but it is not if you practice and you will be a lot safer online.

Faketoken Malware Hits Android Phones

Faketoken malware has hit Android phones in the U.S. and 55 countries. Black people understand the convenience of banking through your smartphone. But that luxury has become downright dangerous to your financial health. According KasperskyLabs.com the Faketoken malware is highly effective at stealing passwords and temporary passwords used to transfer money and pay bills  using Android mobile devices.

Kaspesky labs describes the malware as a banking trojan.  The malware places itself  between you and your bank and redirects your payments to criminals’ bank accounts. Banks fight this by  using “Two-factor authentication“, implemented via SMS. When you attempt to transfer money, you must approve the transaction by using your password, and another one-time password (OTP, mTAN) sent via text message to your smartphone. Criminals have developed a scheme in which they try to infect both your computer and smartphone to steal the password and mTAN at the same time. The scheme first came about with the Zeus/Zbot malware duo, and was highly effective. So criminals have adapted the same concept with the Android malware known as Faketoken. It too has been very efffective. According to the “IT threat evolution Q1 2014” published by Kaspersky Lab Faketoken reached #13 in the Top 20 mobile threats “hit parade”, accounting for 4.5% of all infections.

Social engineering is at the heart of this malware infection and it works like this; during an online banking session the Faketoken places a request on the infected webpage telling the user to download a fake Android app needed to complete a secure transaction. The link actually leads to Faketoken. After the malware ends up on a user’s smartphone, cybercriminals then use the computer-based Trojans to gain access to the victim’s bank account, and Faketoken allows them to harvest mTANs (one time passwords) and transfer the victim’s money to their accounts.

Breaking It Down

Are you scared yet? Black people use mobile banking more than whites. So we better know about these phony apps sent our way. Making use of this knowledge could keep you out of a lot of hassles in the future. My advice is never ever download a banking app that your bank has not explicitly approved of. When using your smartphone never ever download an attachment unless you know who its from and what it is. Most malware is delivered via email attachments. Mobile banking is a major convenience in life but not without dangers. If you see and ad, app request or pop up on your smartphone phone while you are on your bank’s website log out immediately. Scan your phone for malware, I recommend Lookout, then change your passwords. One last bit of advice, malware on your phone may be there to steal more than your money. It can steal your identity and even infect your friends phone who are in your contacts. Be aware!

Kill Switch Coming to Smartphones

Smartphone thefts cost consumers more than $30 million in 2012. The theft of smartphones has become a thorn in the side of both law enforcement and the phone companies that have resisted placing kill switch technology on phones. They claimed hackers might be able to activate the kill switch. Yahoo News reported that CTIA, The Wireless Association announced the Smartphone Anti-Theft Voluntary Commitment program. Companies including Apple, Samsung, Verizon Wireless, AT&T, U.S. Cellular, Sprint, and T-Mobile all agreed to provide a free pre-loaded or downloadable anti-theft software on all U.S. smartphones after July 2015. The technology will allow owners to wipe the data from the phone and prevent its re-activation if stolen or lost.

The change in the group’s position came after Samsung announced that they were going to make the technology standard on their phones. This development and the actions by some states to require the technology forced the group to change their position.

The group has agreed to make the kill switches standard on their phones. Phones with the kill switch technology will be offered at no cost to consumers.  Kill switches will prevent the phone from being reactivated without the owners approval and the data would be retrievable if the owner recovers the phone.

Critics accuse the phone makers and service providers of profiting from selling replacement phones and re-activating stolen phones.

 

Breaking It Down

What has happened here is that one company broke ranks and decided to offer the anti-theft technology on their phone. One brick lost brought down the whole house. Telephone makers and service providers were simply too lazy or did not want to pay for the technology. No matter how much customers and law enforcement screamed for the kill technology they stuck together. That is until Samsung added the technology to its phones and the walls came tumbling down. Let’s not forget that the State of California and others were about to pass a law that required the technology on phones.  The excuse the industry used was that they believed that a hacker could use the kill technology against the legitimate owner. Yeah maybe, but what they are really saying is that they are not smart enough to prevent this.

Black people of the inner city are all too familiar with this crime. Smartphones are stolen by criminals snatching them from the hands of someone on public transportation or just walking the street. Sadly its a game to some kids. The phone is usually lost forever. This has to stop and the way to do this is that the thief understands that the owner can kill the phone, forever.

 

Amazingly Sneaky Phishing Scam Hits Netflix Customers

One of the sneakiest phishing scams ever has been hitting Netflix customers. The scam allows the criminal to rummage around inside your computer and steal files while you are on the phone with them. Its amazing and elaborate but customers have been hit. If you are a Netflix customer you need to check this out.