Now here a strange case, a man climbs into a young girls bedroom in the middle of the night, threatens her with a baseball bat and then chains a bomb to her neck. His random instructions include e-mailing to a Gmail account and he leaves a ‘soft copy’ version of the ransom note on a pen-drive with the girl.

You can find the court docs here – Collar Bomber Complaint

The man who claimed to have attached a bomb collar to an Australian high school student two weeks ago thought it would be a good idea to leave a ransom note on a USB stick looped around her neck. What he probably didn’t realize is that he also left his name, hidden deep in the device’s memory.

Court documents unsealed Tuesday describe the harrowing Aug. 3 incident, which began when a man broke into Madeline Pulver’s bedroom wearing a striped balaclava and wielding a black aluminum baseball bat. He told her to sit down and chained a black box around her neck.

He also draped a purple lanyard over the terrified girl with a note saying that the black box was a bomb. The note included ransom instructions for Pulver’s family, telling them to e-mail a Google address — dirkstraun1840@gmail.com — for further instructions. Also on the lanyard was a 4GB USB stick that contained a digital version of the note, saved as a pdf file.

The next 10 hours were a gruelling ordeal for the girl before a Sydney police bomb squad was able to determined that the threat was a hoax. But a closer look at the USB drive turned up a couple of files that the criminal thought he’d deleted. One of them, a version of the ransom note written in Microsoft Word, contained metadata about the document’s author, including his name: “Paul P.”

On Monday, U.S. authorities arrested Paul “Doug” Peters, 50, in La Grange, Kentucky, seeking to extradite him to Australia to face kidnapping and breaking-and-entering charges. It’s not clear why Peters attempted such a bizarre crime, but U.S. prosecutors say he once worked for a company linked to Pulver’s family. The girl’s father, Bill Pulver, is the CEO of voice recognition software company Appen Butler Hill.

There are plenty of metadata extraction tools such as Metagoofil and The Revisionist. And well even without those, after recovering the file you can just open it in Word and view the metadata.

I’m guessing this Paul Peters chap wasn’t so familiar with wear levelling and metadata. He should have known better, and well he was doing this for a ransom..so really he should have just bought a new pen-drive for the job.

But as we know well, these people don’t think like we do – that’s why they end up in the news.

Police collected footage from surveillance cameras in a library where a computer was used to access the Gmail account. The footage, along with the USB drive and circumstantial evidence, such as purchases made around the time of the incident, link Peters to the crime, prosecutors say.

Even if the collar bomber had known his name was on the USB drive, it would have been very hard to remove it, according to Frank McClain, an independent computer forensics expert.

As computer geeks and investigators know, when users delete a file from a computer the file isn’t deleted immediately from the hard drive. Instead, the computer takes note that the area of the disk where the file is stored is now available to be written over. So investigators can often recover at least snippets of data from files that are supposed to have been deleted.

With flash drives things are more complex, thanks to mechanisms built into the drives to prolong their lifespan. Because flash memory cells stop working after they’ve been overwritten too many times, flash devices use tricks called “wear leveling” to even out how the memory cells are used. A side effect of wear levelling is that it is “almost impossible” to completely erase data from a flash device, McClain said.

That can come in handy for people trying to recover photos or other files they’ve accidentally deleted, and there are many tools, some of them free, to help recover their data.

The collar bomber’s first mistake was thinking he could delete something completely from his USB stick. But he also erred by not altering the metadata in his Word document. When Word saves a document, it automatically saves data, such as the user’s login name, as part of the file. Office 2007 users can see this metadata by hitting the Office button, then “Prepare” and “Properties.”

Well there you go, an interesting mid-week story – not entirely sure what is going to happen to this guy. Doesn’t seem like a really strong case for extradition – he just seems like a complete nutcase.

He had a decent enough idea for extortion I suppose, just a really poor execution. Perhaps he’s been watching to o many Hollywood movies where these things seem really easy and nothing even goes wrong.

BTW if any of you readers out there see any cool new tools/techniques or news tidbits that I may have missed, I always welcome a heads-up so just hit me up on the Contact Page here.

Source: Network World

Now this is a massive growth, 8000% percent..woah!

Thankfully losses are still ‘modest’ whatever that means, I guess although the attacks grow in
number, awareness an education also increases (in places like UK anyway) so the risk is fairly well mitigated.

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to the government’s financial watchdog authority. Although losses remain modest compared to other forms of financial fraud, banking security experts speaking before the House of Lords science and technology committee are concerned about the growing prevalence of scams designed to trick consumers into handing over online banking credentials.

The numbers are massively higher as recorded in the UK, and as they say detection quality has also gone up, so that would lead to higher figures. That means as always, the statistics could be in reality rather inflated.

Between January and June 2005, 312 phishing incidents were recorded, a figure that shot up to 5,059 for the first half of 2006, according to figures from UK banking payment organisation Apacs. Improved detection rates are partly behind the increase but even so the growing sophistication of scammers is leading to heavy losses from UK banks.

Apacs security chief Philip Whitaker told peers that scammers had transformed phishing scams from a cottage industry into an industrial process.

As always phishing is on the up, so be wary!

Source: The Register

It seems like phishers are changing their tactics to those similar to spammers, rather than going for big targets and mass mails they are turning to more wealthy customers and fewer but larger bounties.

Imagine if they can nail a few big ones, they are set.

Online fraudsters are turning their attentions away from large banks and increasingly targeting wealthy consumers as phishing schemes continue to lure large numbers of people into unknowingly sharing their private information with criminals, reports Gartner.

Americans are losing fewer dollars to online phishing schemes as a whole, but Internet-savvy, affluent PC users are being hit up for more money than ever, according to the latest Gartner research.

Based on a survey of 5,000 consumers in the United States, Gartner said users are being assaulted with more phishing attacks than ever before and are falling for more of the gimmicks. Yet at the same time, customers are losing less money to the schemes, due to a growing awareness of the online fraud model, as banks and other businesses spoofed in the attacks have put more tools in place to help identify suspicious behavior.

So phishing is on the up…and so are monetary losses, people are generally losing less but more people are losing and wealthier people are being targeted so the average has gone up.

There really is an amazing amount of phishing going on

artner estimates that 109 million U.S. adults received phishing e-mails during the last 12 months, compared to only 57 million in 2004. An estimated 24.4 million Americans went on to click on phishing e-mails in 2006, up from approximately 11.9 million in 2005. The company said 3.5 million adults gave sensitive information to fraudsters in 2006, compared to only 1.9 million adults last year.

Based on the survey, the average loss per victim has grown from $257 to $1,244 per victim in 2006. Finding a refund for money lost to the schemes has also become harder: Consumers recovered approximately 80 percent of their cash in 2005, but are getting back an average of only 54 percent in 2006.

The moral of the story is…don’t fall for it, because it is your fault and it’ll be hard to get your money back.

Awareness generally is higher, but people are still getting conned left right and center.

As with any technology, it enables bad just as well as good.

Source: Eweek

Sheriff Brian Rahn said the man made coffee, cooked and ate meals, took showers, picked out a change of clothes, watched television and checked his e-mail during the burglaries.

He left behind valuables, including jewelry, firearms and electronic equipment, Rahn said.

He also allegedly stole a car in the town of Wayne in the last of the incidents, Schmidt said.

Lori Menzel of the town of Kewaskum said the burglar left his Yahoo! account open after checking his personal e-mail on the computer at her home.

“He never logged out,” she said, adding: “He made himself at home here. He spent some time in our bedroom trying on my husband’s clothes. I could tell he went through some of my clothes.”

Baraboo police officers saw the suspect Thursday inside a vehicle near the Sauk County Courthouse shortly before 1 p.m., Sinden said.

Source: Associated Press

Can anyone say dumbass?

Man criminals are getting stupid, they used to pretty smart, they used to be pretty devious, they used to innovate…now any idiot can be a criminal.