Thursday, May 31, 2018

Criminal Justice Technology in the News

Law Enforcement News

Law Enforcement Agencies Turning to Drones to Fight Crime, (05/29/2018), John Seewer for The Associated Press
The number of public safety agencies with drones has more than doubled since the end of 2016, according to data collected by the Center for the Study of the Drone at New York's Bard College. The center estimated that slightly more than 900 police, sheriff, fire and emergency agencies now have drones, with Texas, California and Wisconsin leading the way.
Link to Article

New Program Allows Teachers to Alert Police in Seconds
Western Mass News, (05/23/2018), Mary Cate Mannion and Erin Fitzsimonds
A new program is being implemented in some western Massachusetts schools that will allow teachers to alert police in seconds in an emergency. The In Force app can be launched from a cell phone or a computer, and within 12 seconds, an alert is sent to local police with the location. Officers will join the alert, and a chat bubble will open where the sender can add a description of an assailant or information about an emergency.
Link to Article

Officials Demonstrate Getting into ‘Warm Zones' During Mass Attacks to Treat Victims
Pittsburgh Post-Gazette, (05/23/2018), Annie Rosenthal
Pittsburgh police officers, firefighters and EMTs recently participated in training to prepare them to treat victims of mass shootings or other attacks before the scene has been cleared. Previously, protocol has required emergency medical teams to wait until a building is entirely cleared before sending in medics. The new method is to provide police protection that will allow teams of medical personnel to enter areas of a building that police have deemed free of immediate threats without having to wait until the entire building is clear.
Link to Article

Need a Safe Place to Exchange Goods? Sunnyvale Police Has Just the Place for You
The Mercury News, (05/23/2018), Khalida Sarwari
People in Sunnyvale, Calif., can now exchange goods purchased from online sites in an area in front of the Sunnyvale Department of Public Safety. The exchange zone is two well-lit, marked parking spaces that are monitored by surveillance cameras 24 hours a day. The cameras keep a log of transactions that officers can go back and review in the event of a dispute or safety violation.
Link to Article

Small County in Texas Gets its First Cyberdetective, Thanks to a Federal Training Program
Palestine Herald-Press, (05/25/2018), William Patrick
The police department in Palestine, Texas, has its first cyberdetective, who took a five-week course on computer evidence recovery at the U.S. Secret Service National Computer Forensics Institute in Hoover, Ala. With more than 21,000 reported cases last year, Texans lost nearly $80 million to Internet crime alone. In Palestine, detectives face hundreds of computer and Internet-based crimes every year, such as scams attempting to acquire personal information and money.
Link to Article

Troy Police Awarded $6k Grant to Improve Bicycle, Pedestrian Safety
Troy Record, (05/27/2018), Nicholas Buonanno
The police department in Troy, N.Y., will use $6,000 in grant funds to advance bicycle and pedestrian safety. The Governor's Traffic Safety Committee has distributed more than $468,000 in federal grant funds for 20 bike and pedestrian projects across the state. Programs cover bicycle safety education and helmet distribution, pedestrian safety outreach and law-based education.
Link to Article

Corrections News

South Carolina Plans to Use Drones to Remotely Watch Inmates
Herald Business Journal, (05/24/2018), Meg Kinnard for The Associated Press
South Carolina corrections officials plan to use drones to remotely monitor inmates at the state's 21 prisons. The technology can be used to monitor a prison and the area outside, where contraband like cellphones and drugs can be launched over walls.
Link to Article

Ohio Prison Inmates Pirated Movies and Built Computers From Spare Parts, Inspector General Finds, (05/23/2018), Jackie Borchardt
Inmates at Ohio's Marion Correctional Institution assembled several dozen computers from parts, pirated software and illegally copied movies to broadcast on the prison movie network, an investigation from the state inspector general has found. The findings, released in a report, stemmed from a previous 2017 investigation that found inmates hacked into the prison network, stole fellow prisoners' personal information and applied for credit cards in their names.
Link to Article

Parole Official: State Needs More Housing for Ex-Inmates
The Associated Press via The Seattle Times, (05/17/2018)
New Mexico should invest in more residential treatment centers and transitional housing for people recently released from prison, according to Sandy Dietz, chairwoman of the New Mexico Parole Board. During remarks at a public safety task force meeting, Dietz indicated the inadequate number of supportive housing and treatment options for ex-inmates has resulted in some violating their parole and ending up back in prison.
Link to Article

Louisiana to Restore Voting Rights to People on Probation and Parole for Felonies
Gambit, (05/17/2018), Alex Woodward
Legislation passed by the Louisiana state legislature would restore voting rights to potentially thousands of formerly incarcerated people convicted of felony crimes. The legislation, which went to the governor to consider for signature, would restore the right to vote to most felons after a five-year period after leaving prison, giving roughly 3,000 of the state's 70,000 formerly incarcerated people a chance to vote.
Link to Article

Dept. of Probation Launches Rap Sheet Review Project
News12, (05/16/2018)
The New York City Department of Probation is offering a workshop to help residents review their criminal records. The Rap Sheet Review Project helps people learn their rights, find out what is on their criminal records and show them what to do if there are errors.
Link to Article

Assistant Attorney General for National Security John C. Demers Delivers Remarks at FedScoop’s 5th Annual FireEye Government Forum on Cyber Threat Intelligence

Good afternoon, and thank you for inviting me here to share a few words on the importance of collaboration in confronting the national security cyber threat.

Protecting the nation from national security threats is the mission of the National Security Division.  Although NSD was created in response to the September 11th terrorist attacks, its mission goes well beyond terrorism.  In the past years it has come increasingly to include a focus on cyber as part of the threat posed by certain foreign nations.  And as we do with respect to terrorism, NSD drives collaboration among prosecutors, law enforcement officials, intelligence attorneys and the Intelligence Community to ensure that we approach the national security cyber threat using every tool and resource available to the federal government.

Some of you in this room come from the private sector — companies both large and small.  Companies that consult and provide advice, and companies that manufacture products.  Others come from federal, state and local governments — or from other countries.  Your work may be diverse, but you all appreciate one thing.  You know that there are countries in this world that want what we have.  They want our sensitive information, our technology, our intellectual property.  And they want to destroy any competitive advantage we enjoy.  Around the world there are people who wake up every morning thinking about how they’re going to destroy it.  And they go to bed at night, much too often, thinking about a job well done.   One thing they’re not spending much time thinking about is our laws and international cyber norms.

You don’t have to be a defense contractor to be worried about this.  Recently, we prosecuted cases involving the thefts of grains of rice and kernels of corn.  No one is immune.  If you’re in business, if you’re in government, if you’re in medicine or academic research, you have something of value to someone else.  And to get it, foreign countries will use all means, including computer intrusions.

You are not going to stop these countries on your own.  No private company or institution has the resources of a determined nation state.  Nor is any one part of the federal government going to stop these adversaries on its own.  We’ll only succeed in defending the nation’s firepower and the fruits of its brain power if we’re partnered together.

In recent years, NSD has furthered the government’s efforts to deter and disrupt malicious national security cyber threats by charging hackers acting on behalf of China, Russia, Iran and Islamic State of Iraq and al-Sham (ISIS).  But not every cyber disruption needs to be a prosecution.  In fact, just last week, the Department announced it obtained a court order to disrupt a global botnet known as the “VPNfilter” that had infected hundreds of thousands of home and office routers controlled by the Sofacy Group, a well-known malicious cyber-hacking organization.  The botnet provided the Sofacy Group ability to undertake all manner of malicious cyber activity, from unlawful surveillance to theft of valuable information to disruptive attacks.  The Department could not have begun to neutralize this threat alone.  We worked closely with the private sector, including private security researchers, and other government partners, such as the Department of Homeland Security.  If we continue to work together, we will do much, much more.

Let me provide two other illustrations of the good that can happen when the private sector and the government work together.

Let’s take the case of Yahoo.  Yahoo was the victim of a breach in 2013, only to discover three years later that it had been subject to a second, massive breach in 2014.  When this information came to light, Yahoo notified the government and provided valuable assistance to the FBI, fully cooperating at every stage of the investigation.

As a result of this effective collaboration, Yahoo and the FBI determined that hackers, working both for financial gain and on behalf of Russian intelligence officers, had stolen information from at least 500 million Yahoo accounts, and used that stolen information to obtain access to the contents of accounts hosted by Yahoo, Google and other providers.  Russian journalists, U.S. and Russian government officials, and private-sector employees of financial, transportation and other companies had all been targeted.

Thanks to the close cooperation of Yahoo, Google and others, DOJ prosecutors and the FBI were able to identify and expose the hackers without further compromising the privacy of the account holders.  Three of the defendants were Russian nationals residing in Russia — two Federal Security Service or “FSB” agents and a known Russian hacker, an FBI “Most Wanted Cyber Criminal,” Alexsey Belan.

The fourth defendant was a 22-year-old hacker named Karim Baratov, who resided in Canada.  Following the U.S. indictment, Canada captured and arrested Baratov.  He was brought to the U.S. and pleaded guilty to eight criminal counts, including conspiracy to commit computer fraud and abuse and aggravated identity theft.  Earlier this week, he was sentenced to five years in jail.

The second case demonstrates that cooperating with the government, and benefiting from its knowledge and tools, can help a company that has been hacked, see things for what they really are.

A few years ago, a Midwestern consumer goods company was the victim of what appeared to be a “run of the mill” intrusion.  An intruder had obtained unauthorized access to their customer database and had obtained personally identifiable information for their customers.  The company’s IT personnel worked diligently to eject the hacker from their network, but he kept coming back.  Eventually, the hacker threatened to expose the company’s customer information unless he was paid a ransom.

Around that time, the company connected with the FBI.

The FBI determined that Ardit Ferizi, a Kosovo citizen studying computer science in Malaysia, was one of the hackers who had gained unauthorized access to the victim company’s PII. 

Although the hacker had a financial motive in demanding a ransom from the company, the customer PII Ferizi stole was not destined for the black market; that data was of interest because, among the tens of thousands of customer names and email accounts he stole, there were more than a thousand email addresses that ended in “.gov” or “.mil.”

Ultimately, Ferizi used that information to produce a list of PII for approximately 1,300 U.S. government civilian employees and U.S. military personnel.

He provided this information to a Syrian-based ISIS member named Junaid Hussain.

A few months earlier, Hussain, acting in the name of the Islamic State Hacking Division, had posted a “kill list” that purported to include the names and addresses of 100 members of the U.S. military.  Ferizi wanted to help him create and disseminate a second kill list.

And in fact, soon after he received the information from Ferizi, Hussain used Twitter to publish the PII of all 1,300 U.S. government and military customers of the company.  In his tweet, he threatened “the Crusaders” who were conducting a “bombing campaign against the Muslims.”

The Department of Justice charged Ferizi with violations of the Computer Fraud and Abuse Act, and with conspiring to provide material support to ISIS.  We were successful in obtaining his extradition from Malaysia to the United States, and he ultimately pleadded guilty.

In September 2016, Ferizi was sentenced to 20 years in prison.  He was also ordered to pay $50,000 in restitution to the company.

Even though the prosecution of Ferizi was public, the name of the company was never revealed.  

We are often asked why we would bring a case against foreign nationals located outside the U.S.  Well for one, as the Yahoo and Ferizi cases prove, we may well get one or more of them.  The U.S. government has extradition agreements with more than 100 countries, so it is not enough for these defendants to forego a visit to Disney World.  For the rest of their lives they will be unable to travel to more than half the countries in the world without fear of arrest and extradition to the U.S.

Second, the investigation and charges can assist other parts of the Government in bringing their authorities to bear.  For instance, Treasury’s Office of Foreign Assets Control can designate the charged individuals or entities under an Executive Order that authorizes blocking the property of persons engaging in significant malicious cyber-enabled activities — ensuring that the perpetrators will be financially isolated from the world.  When we brought charges against the founders and employees of the Iranian Mabna Institute that hacked more than 300 American and foreign universities, and government agencies and institutions around the world, Treasury also designated the Institute and ten Iranian individuals.

Third, charges raise awareness, both generally and specifically, to this threat.  In some cases there may be additional victims that don’t know they’ve been hacked.  To help the private sector identify malicious activity and better protect itself, the FBI and DHS will often release technical details to the public. FBI did that just last week, when it released a Public Service Announcement about VPNFilter, advising you to reboot your router and including signatures of the botnet’s malware, so network defenders can identify its presence in their network.

And finally, we pursue these cases to strip these hackers of anonymity and call them out.  This prevents nation state actors from hiding behind ritualized denials and feigned ignorance.  The recent indictment of Mabna Institute members and the prior indictment of the Chinese People’s Liberation Army are cases in point.

So that’s what’s in it for the country.  What’s in it for you?  What are the benefits of working with law enforcement — before, during and after a computer intrusion or attack?

    We can help you understand what happened when your organization has a cyber-incident.

    We can share context and information about related incidents or malware.

    We can ensure proper investigation and preservation of evidence for eventual. prosecution.

    We can assist you in dealing with regulators.

At the end of the day, the Government simply has many more tools at its disposal to deal with the problem of national security cyber intrusions.  Tools that, working together, we can use to respond to intrusions and deter future ones.  Although we will always consider criminal charges, pursuing prosecution may not be the best response in all cases.  Accordingly, NSD attorneys work with their interagency partners to determine whether our investigative information may be used to support sanctions, trade pressure, technical alerts, diplomatic options or other responses instead of, or in addition to, prosecution.  All of these tools can impose real costs on malicious activity, depriving hackers and their sponsors of the benefit of their crimes and deterring future misbehavior.

Let me close on this note.  Everyone in this audience understands that we are in this together, and we have an obligation to help one another.  The organization that reports a cyber intrusion doesn’t just help itself, it also helps other targeted companies that may not even know they’ve been victims of a hack, and it helps the country.  It helps other organizations by raising their awareness and sparking a check on their part for similar compromises.  It also enables the government to work to disrupt and deter intrusions of those other organizations. And it helps the country by allowing the Government to piece together and respond to the intentions and actions of antagonistic nations to better defend our nation’s economic and military security.

It is the National Security Division’s job to disrupt and deter national security cyber threats.  We will continue to work with other agencies to use all elements of national power to meet this ever-changing and growing challenge.  And to adequately protect our shared national cyber security against persistent attack, we will need your help as well.

I look forward to working with you.