FBI Uses Fake Facebook Profiles To Spy On Suspects: Via Huffington Post.

WASHINGTON — The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too.

U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.

Think you know who's behind that "friend" request? Think again. Your new "friend" just might be the FBI.

The document, obtained in a Freedom of Information Act lawsuit, makes clear that U.S. agents are already logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs and video clips. [ Read more ... ]

EFF to Urge True Transparency in Congressional Hearing Thursday: Via EFF.org Updates.

Washington, D.C. - On Thursday, March 18, at 2 p.m., members of the U.S. House of Representatives Oversight and Government Reform Committee will hold a public hearing on the Freedom of Information Act (FOIA) and the Obama administration compliance with transparency law. The hearing comes as transparency advocates celebrate Sunshine Week, the annual celebration of our nation's open government laws that features numerous events measuring the progress made in combating official secrecy.

Senior Counsel David Sobel of the Electronic Frontier Foundation (EFF) will testify at Thursday's hearing, urging the White House to fulfill its promises for open government. Despite President Obama's order to government agencies last year to renew their commitment to FOIA, EFF and other organizations still see delays in releasing relevant documents, excuses for not releasing other records, and excessive redactions, among other needless secrecy. [ Read more ... ]

FBI Hoaxes Boost Online Fraud: Via Threat Level.

Online fraud in the United States doubled to a reported $560 million in losses last year as illicit phishing expeditions by thieves posing as the Federal Bureau of Investigation represented the biggest consumer complaint, according to a Friday government survey.

The e-mail phishing scams represented 16.6 percent of all complaints. The next closest category, at 12 percent, concerned consumer unhappiness about being billed for products never ordered or received, according to FBI data unveiled Friday.

Overall, the number of reported dollar losses stemming from online fraud doubled in 2009 from the year prior. [ Read more ... ]

Congress Drops the Ball on Upgrading Patriot Protections: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

We're sorry to say, but is anyone surprised that Congress has capitulated to post-underpants bomber fear-mongering and passed the three expiring provisions of the Patriot Act without so much as a debate?

Oh, you didn't hear about that?

Wednesday night, the Senate passed a straight one-year extension by voice vote, and last night, the House followed suit.

That’s right. No changes. Nothing. Nada. Zip, zilch, zero. (You get the picture.)

That leaves ordinary Americans like you and me without the civil liberties safeguards proposed by several bills last year. Both the House and Senate had bills that would have improved the Patriot Act. The Senate bill even had the support of the White House. But instead of passing the much-needed reforms, Congress: [ Read more ... ]

Lawmakers Punt Patriot Act to Obama: Via Threat Level.

The House and Senate are forwarding to President Barack Obama legislation reauthorizing three expiring provisions of the Patriot Act — despite heated debate among lawmakers the surveillance measure went too far.

The act, hastily adopted six weeks after the 2001 terror attacks, greatly expanded the government’s ability to spy on Americans in the name of national security. Three measures of the act were set to expire at the end of 2009, but lawmakers in December extended the deadline to the end of February in hopes of reaching a compromise.

But no deal was reached by the end of the new Feb. 28 deadline. Instead, both chambers ditched two competing measures and extended the Patriot Act for another year without any changes. The final package was sent to the president Thursday for his expected signature.

Lawmakers had taken the expiration as an opportunity to revisit a number of the act’s surveillance provisions, including elements of the Patriot Act that were not expiring. This included proposals to alter the standard by which so-called National Security Letters are issued. [ Read more ... ]

Record 13-Year Sentence for Hacker Max Vision: Via Threat Level.

PITTSBURGH — A skilled San Francisco-based computer intruder was sentenced to 13 years in federal prison Friday for stealing nearly two million credit card numbers from banks, businesses and other hackers — receiving the longest hacking sentence in U.S. history.

Max Ray Vision, 37, was also ordered to pay $27.5 million in restitution, and to serve five years under court supervision following his release, during which time he’ll be allowed to use computers only for legitimate employment or education.

Vision, who changed his name from Max Butler shortly before his arrest, ran an online forum for thousands of identity thieves called CardersMarket, where he sold credit card magstripe data to the underground for about $20 a card. He was caught with 1.8 million stolen credit card numbers belonging to 1,000 different banks, who tallied the fraudulent charges on the cards at $86.4 million. [ Read more ... ]

FBI wants records kept of Web sites visited: Via Politics and Law - CNET News.

WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting. [ Read more ... ]

Report Confirms FBI Misuse of Authority to Obtain Phone Records: Via EFF.org Updates.

The Washington Post reported today that the "FBI illegally collected more than 2,000 U.S. telephone call records," using methods that FBI general counsel Valerie Caproni admitted "technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records."

This issue first came to light in a March 2007 report by the DOJ's Office of the Inspector General, which revealed that the FBI's Communications Analysis Unit (CAU) had routinely been using “exigent letters” to obtain customer information from telecommunications companies, including Verizon and AT&T. [ Read more ... ]

FBI Illegally Gathered Phone Records And Misused National Security Letters: Via American Civil Liberties Union.

Congress Must Curb NSL Abuse Through Patriot Act Revisions

FOR IMMEDIATE RELEASE
CONTACT: (202) 675-2312 or media@dcaclu.org 
               (212) 519-7829 or 549-2666 or media@aclu.org
 
WASHINGTON – According to a report in the Washington Post today, the FBI routinely claimed false terrorism emergencies to illegally collect the phone records of Americans for four years of the Bush administration by abusing an already expansive Patriot Act power. Using “exigent letters,” or emergency letters, to gain private records for investigations when no emergency existed, the FBI seemingly violated the Electronic Communications Privacy Act. The FBI also routinely issued National Security Letters (NSLs) after the fact in an attempt to legitimize the use of exigent letters. [ Read more ... ]

FBI Broke Law Spying on Americans’ Phone Records, Post Reports: Via Threat Level.

An internal audit found the FBI broke the law thousands of times when requesting Americans’ phone records using fake emergency letters that were never followed up on with true subpoenas — even though top officials knew the practice was illegal, according to The Washington Post.

The inspector general’s follow-up report on the so-called “exigent” letters — an investigation that started in 2007 — is due in a few months. E-mails obtained by the Post showed that responsible agency officials informed superiors in 2005, but the practice continued for two more years.

While it looks as if the nation’s top law enforcement agency routinely violated the nation’s wiretapping laws for years, it seems no one will actually be prosecuted since the violations are being judged as merely “technical.” [ Read more ... ]

Adding More Names to Watch Lists Isn’t Change, It’s a Step Back: Via Threat Level.

Adding more names to the government’s terrorism watch lists as a way to prevent another underwear bomber, as President Obama promised to do Thursday, won’t work. It will only make things worse. It’s the anti-terrorism equivalent of the D.C. cliché of throwing money at a problem — far short of what we’d expect from the country’s first high-tech president.

From top to bottom, for over a decade, this country’s system for putting suspected terrorists in databases to help keep them out of the country has been a failure. Critics on the right and left (now including Obama) howl that Umar Farouk Abdulmutallab should have been put on a watch list, rather than being allowed to board a plane destined for the United States while he was wearing a bomb. And, rightly so, since he was reported to U.S. authorities as a threat by his own father, there were plenty of other clues, and we’ve spent billions of dollars on high-tech systems that well-paid analysts are supposed to use to detect plots.

Still, that watch list failure is hardly surprising to anyone who has followed the saga of the watch lists, or who remembers that less than a year ago, the DoJ’s inspector general found that the FBI routinely forgets to add subjects of a terrorism investigation to the list. Just as disturbingly, the FBI also neglects to remove people when an investigation is closed.

Given that the lists are used at traffic stops and airline check-ins foreign and domestic — and that the FBI is only one of many three-letter agencies that nominate people to the list — having the good guys on the list and the bad ones off of it is far from ideal. [ Read more ... ]

FBI investigating online New York school district theft: Via Computerworld Cybercrime/Hacking News.

A New York school district has reverted to using paper checks after cybercriminals tried to steal about $3.8 million from its online accounts just before Christmas, prompting an FBI investigation.

For three days starting Dec. 18, cybercriminals started transferring money overseas from the accounts of the Duanesburg Central School District, which has two schools with about 950 students about 20 miles west of Albany, New York. [ Read more ... ]

The Decade’s 10 Most Dastardly Cybercrimes: Via Threat Level.

It was the decade of the mega-heist, when stolen credit card magstripe tracks became the pork bellies of a new underground marketplace, Eastern European hackers turned malware writing into an art, and a nasty new crop of purpose-driven computer worms struck dread in the heart of America.

Now that the zero days are behind us, it’s time to reflect on the most ingenious, destructive or groundbreaking cybercrimes of the first 10 years of the new millennium. [ Read more ... ]

7-Eleven Hack From Russia Led to ATM Looting in New York: Via Threat Level.

Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days.  After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards. A lucky traffic stop catches two more plunderers who’d driven in from Michigan. Another pair are arrested after trying to mug an undercover FBI agent on the street for a magstripe encoder. In the end, there are 10 arrests and at least $2 million dollars stolen.

The wellspring of the dramatic megaheist turns out to be more prosaic than imagined: It started with a breach of the public website of America’s most famous convenience store chain: 7-Eleven.com. [ Read more ... ]

Citigroup, law enforcement refute cyber heist report: Via Computerworld Cybercrime/Hacking News.

Citigroup says no system breach, no losses of customer or bank data, funds

Citigroup and a federal law enforcement source on Tuesday refuted a claim that the bank's customers lost millions of dollars in an advanced cyber heist over the summer, leaving lingering questions over details of the alleged attack.

According to a report in Tuesday's Wall Street Journal, the FBI is investigating the theft of tens of millions of dollars from Citibank using malicious software created in Russia.

A source within federal law enforcement who declined to be identified said the Wall Street Journal story was inaccurate and appears to have confused a known 2007 hack of Citigroup-branded automated teller machines with a long-running criminal effort to hack online banking customers and move money out of their accounts.

"They've screwed up so many different things," he said. The FBI had no comment. [ Read more ... ]

FBI Linguist Guilty of Leaking Classified Documents to Blog: Via Threat Level.

An Israeli-American lawyer who worked as an FBI linguist pleaded guilty Thursday to providing an unidentified blogger with classified documents derived from U.S. communications intelligence.

Shamai Kedem Leibowitz, 39, of Silver Spring, Maryland, pleaded to one felony count of disclosing to an unauthorized party five documents that were classified “secret” that he obtained through his work with the FBI.

Leibowitz leaked the documents to the unnamed blogger in April 2009. The blogger — identified as “Recipient A in court filings — then wrote a post based on the classified documents.

“As a trusted member of the FBI ranks, Leibowitz abused the trust of the FBI and the American public by using his access to classified information for his own purposes,” said FBI Special Agent in Charge Richard A. McFeely in a press release. [ Read more ... ]

FBI: 19,000 Matches to Terrorist Screening List in 2009: Via Threat Level.

United States law enforcement agents and partners reported “encounters” with suspected terrorists 55,000 times in the last year; a check against the terrorist watchlist found a match 19,000 times, according to testimony presented to the Senate on Wednesday.

The figure includes multiple hits on the same people, according to an FBI spokesman, who didn’t know how many unique individuals were counted in the 19,000 hits.

The statistics appeared in testimony by the FBI’s Timothy Healy, director of the Terrorist Screening Center, or TSC, to the Senate Homeland Security and Government Affairs Committee.

Established in 2003, the TSC is a multi-agency clearinghouse for tips and other information about known and suspected terrorists that is shared with federal, state and local law enforcement agencies, as well as intelligence agencies and 17 foreign partners.

The center maintains the terrorist watchlist, which currently has about 400,000 individuals on it, most of them non-U.S. citizens, and includes those suspected of providing financial assistance or aid to terrorists. A subset of this list, the No Fly list, includes people considered a threat to aviation or national security and contains about 3,400 names, of which about 170 are U.S. persons. [ Read more ... ]

Handy Chart Tracks Proposed Amendments to Patriot Act: Via Threat Level.

Confused by all the proposed changes to the Patriot Act ricocheting through the Capitol? The Center for Democracy and Technology (CDT) has put together a handy chart comparing the current law with the various amendments in the House and Senate.

The chart compares proposed amendments (.pdf) to National Security Letters (NSLs) and the so-called “lone wolf” provisions of the Patriot Act. The proposals have only been passed by the judiciary committees, and face further amendments before they hit the full House and Senate for votes.

According to Gregory Nojeim, CDT’s director of project on freedom, security and technology, although neither of the current proposals goes far enough in fixing all of the problems that civil libertarians find in the Patriot Act, they do show improvements. [ Read more ... ]

TSA nominee questioned over FBI censure: Via washingtonpost.com .

Sen. Susan Collins (R-Maine) questioned President Obama's nominee to lead the nation's airport security agency Tuesday about a censure he received from the FBI in 1988.

Erroll Southers, who was serving as an FBI special agent at the time of the censure, asked a co-worker's husband who worked for the San Diego Police Department to run a background check on his ex-wife's boyfriend.

Under questioning by Collins, Southers said that he has not misused government databases to receive personal information on anyone since the incident and that he would not do so in the future.

Collins did not describe the incident during Tuesday's hearing, instead referring only to an "issue" that led to the censure. [ Read more ... ]

Judge Refuses to Lift 5-Year-Old Patriot Act Gag Order: Via Threat Level.

A federal judge on Tuesday declined to remove a gag order imposed on the president of a small ISP who wants to reveal the contents of a national security letter he received from the FBI.

The NSL demanded the president of the New York company provide the government with e-mails from a customer the government deemed a threat. An NSL, a type of self-issued subpoena fortified by the Patriot Act, allows the FBI to obtain telecommunication, financial and credit records relevant to a government investigation without a court warrant.

The case last hit the courts in December, when the 2nd U.S. Circuit Court of Appeals, in a decision with Sonia Sotomayor in the majority, narrowed the standard by which recipients of NSLs must keep mum.

Those supplying the requested data to the government are forbidden from disclosing their mandatory cooperation, and face up to five years in prison for breaching the gag. The government issues about 50,000 NSLs each year, and an internal audit showed widespread government abuse in connection to them. [ Read more ... ]

FBI delves into DMV photos in search for fugitives: Via The Associated Press on Google.

RALEIGH, N.C. — In its search for fugitives, the FBI has begun using facial-recognition technology on millions of motorists, comparing driver's license photos with pictures of convicts in a high-tech analysis of chin widths and nose sizes.

The project in North Carolina has already helped nab at least one suspect. Agents are eager to look for more criminals and possibly to expand the effort nationwide. But privacy advocates worry that the method allows authorities to track people who have done nothing wrong.

"Everybody's participating, essentially, in a virtual lineup by getting a driver's license," said Christopher Calabrese, an attorney who focuses on privacy issues at the American Civil Liberties Union. [ Read more ... ]

ACLU Says Extracting DNA From Suspects Unconstitutional: Via Threat Level.

California’s law requiring the authorities to take a DNA sample from every person arrested on felony accusations was challenged in federal court Wednesday as an unconstitutional privacy breach.

A lawsuit (.pdf), filed by the American Civil Liberties Union on behalf of two Californians who were arrested and released, seeks to overturn a voter-approved law that became effective this year. Proposition 69 requires detainees to provide a saliva or sometimes a blood sample upon felony arrest. The sample is stored in state and FBI databases, even if the arrested person is never charged or convicted of a crime.

The challenge, if successful, threatens to derail similar laws in other states. According to DNAResource.com, 10 other states have such statutes. They are Alabama, Alaska, Colorado, Florida, Kansas, Louisiana, North Dakota, South Carolina, South Dakota and Vermont. [ Read more ... ]

FBI Investigated Coder for Liberating Paywalled Court Records: Via Threat Level.

When Aaron Swartz, a 22 year-old programmer, decided last fall to help an open government activist amass a public and free copy of millions of federal court records, he did not expect he’d end up with an FBI agent trying to surveil his house.

But that’s what happened, as Swartz found out this week when got his FBI file through a Freedom of Information Act request. A partially-redacted FBI report shows the feds mounted a serious investigation of Swartz for helping put public documents onto the public web.

The FBI ran Swartz through a full range of government databases starting in February, and drove by his home, after the U.S. court system told the feds he’d pilfered some 18 million pages of documents worth $1.5 million dollars. That’s how much the public records would have cost through the federal judiciary’s paywalled PACER record system, which charges eight cents a page for most legal filings. [ Read more ... ]

Terrorism Case Shows Range Of Investigators' Tools: Via NPR - National Public Radio.

Investigators in the terrorism case against Najibullah Zazi claim to have amassed stacks of evidence against the former Denver-area shuttle bus driver.

[...]

Officials say FBI agents in Denver and New York had been tracking Zazi for some time — and experts analyzing the case say the way law enforcement gathered evidence against Zazi and possible co-conspirators may be a textbook case of how to conduct a terrorism investigation. The FBI used a blend of wiretaps and subpoenas, search warrants and local police, among other things, to build its case.

"I think what's striking about the Zazi case is not so much that new tools were being used, but that old tools were being used in a comprehensive fashion," [ Read more ... ]

Lawmakers Cave to FBI in Patriot Act Debate: Via Threat Level.

Powerful Senate leaders on Thursday bowed to FBI concerns that adding privacy protections to an expiring provision of the Patriot Act could jeopardize “ongoing” terror investigations.

The Patriot Act was adopted six weeks after the 2001 terror attacks, and greatly expanded the government’s power to intrude into the private lives of Americans in the course of anti-terror and criminal investigations. Three provisions are expiring at year’s end.

During a Senate Judiciary Committee hearing, Sen. Patrick Leahy, the committee chairman,  and Sen. Dianne Feinstein (D-California) introduced last-minute changes (.pdf) that would strip away some of the privacy protections Leahy had espoused just the week before. The Vermont Democrat said his own, original proposal of last week could jeopardize ongoing terror investigations.

“All of us are mindful that threats against American safety are real and continuing,” Leahy said at the hearing . “I’m trying to introduce balances on both sides.” [ Read more ... ]