There are well over 100 small, irregular, asymmetric, and revolutionary wars ongoing around the world today. In these conflicts, there is much to be learned by anyone who has the responsibility of dealing with, analyzing, or reporting on national security threats generated by state and nonstate political actors who do not rely on highly structured organizations, large numbers of military forces, or costly weaponry—for example, transnational criminal organization (TCO)/gang/insurgent phenomena or politicized gangs. In any event, and in any phase of a criminal or revolutionary process, violent nonstate actors have played substantial roles in helping their own organizations and/or political patrons coerce radical political change and achieve putative power.

In these terms, TCO/gang/insurgent phenomena can be as important as traditional hegemonic nation-states in determining political patterns and outcomes in national and global affairs. Additionally, these cases demonstrate how the weakening of national stability, security, and sovereignty can indirectly contribute to personal and collective insecurity and to achieving radical political change. […]

Jamaican posses (gangs) are the byproducts of high levels of poverty and unemployment and lack of upward social mobility. Among other things, the posses represent the consequences of U.S. deportation of Jamaican criminals back to the island and, importantly, of regressive politics in Jamaican democracy. […]

It is estimated that there are at least 85 different posses operating on the island with anywhere between 2,500 to 20,000 members. Each posse operates within a clearly defined territory or neighborhood. The basic structure of a Jamaican posse is fluid but cohesive. Like most other gangs in the Americas, it has an all-powerful don or area leader at the apex of the organization, an upper echelon, a middle echelon, and the “workers” at the bottom of the social pyramid. The upper echelon coordinates the posse’s overall drug, arms, and human trafficking efforts. The middle group manages daily operational activities. The lowest echelon performs street-level sales, purchases, protection, and acts of violence as assigned. When posses need additional workers, they prefer to use other Jamaicans. However, as posses have expanded their markets, they have been known to recruit outsiders, such as African Americans, Trinidadians, Guyanese, and even Chinese immigrants, as mules and street-level dealers. They are kept ignorant of gang structure and members’ identities. If low-level workers are arrested, the posse is not compromised and the revenue continues to come in. […]

Jamaican posses are credited with being self-reliant and self-contained. They have their own aircraft, watercraft, and crews for pickup and delivery, and their own personnel to run legitimate businesses and conduct money-laundering tasks. In that connection, posses have expanded their operations into the entire Caribbean Basin, the United States, Canada, and Europe. The general reputation of Jamaican posses is one of high efficiency and absolute ruthlessness in pursuit of their territorial and commercial interests. Examples of swift and brutal violence include, but are not limited to, fire-bombing, throat-slashing, and dismemberment of victims and their families. Accordingly, Jamaican posses are credited with the highest level of violence in the English-speaking Caribbean and 60 percent of the crime in the region. […]

Today, it is estimated that any given gang-cartel combination earns more money annually from its illicit activities than any Caribbean country generates in legitimate revenues. Thus, individual mini-state governments in the region are simply overmatched by the gang phenomenon. The gangs and their various allies have more money, better arms, and more effective organizations than the states. […]

The great city of São Paulo, Brazil—the proverbial locomotive that pulls the train of the world’s eighth largest economy—was paralyzed by a great surprise in mid-May 2006. […] More than 293 attacks on individuals and groups of individuals were reported, hundreds of people were killed and wounded, and millions of dollars in damage was done to private and public property. Buses were torched, banks were robbed, personal residences were looted and vandalized, municipal buildings and police stations were attacked, and rebellions broke out in 82 prisons within São Paulo’s penal system. Transportation, businesses, factories, offices, banks, schools, and shopping centers were shut down. In all, the city was a frightening place during those days in May.

During that time, the PCC [one of the largest and most powerful gangs in the world] demonstrated its ability to coordinate simultaneous prison riots; destabilize a major city; manipulate judicial, political, and security systems; and shut down the formal Brazilian economy. The PCC also demonstrated its complete lack of principles through its willingness to indiscriminately kill innocent people, destroy public and private property, and suspend the quality-of-life benefits of a major economy for millions of people.

{ PRISM | Continue reading }

Swiss scientists have developed an algorithm which they claim can determine the source of spam, computer viruses or malware by analysing a small percentage of network connections. […]

The researchers said the algorithm could also be used as a tool for advertisers who use viral marketing strategies by using the Internet and social networks to reach customers.

The algorithm would allow advertisers to identify specific Internet blogs that are most influential for their target audience and to understand how these articles spread throughout the online community.

{ CBR | Continue reading }

The first Target store opened in the U.S. in 1962. […] Target found itself having to investigate things like slip-and-falls, shoplifting, theft by employees, and the like. To do so, they created a centralized investigation unit in their Minneapolis, Minnesota headquarters. And over time, this unit became more and more advanced. Today, it and a sibling outfit in Las Vegas are, combined, one of the more sophisticated crime labs out there. And even that may be an understatement. In 2006, an FBI agent familiar with the labs told the Washington Post that “[o]ne of the nation’s top forensics labs is located at Target’s headquarters building in downtown Minneapolis. They have abilities and technology that far surpasses many law enforcement agencies in the country.”

{ Now I Know | Continue reading }

artwork { Jasper Johns, White Target, 1957 }

In some cases, the electronic information being gathered is used for illegal purposes, such as electronic identity theft. In other cases, the information is gathered for lawful purposes but is extremely annoying to users, such as when targeted and aggressive marketing tactics are used. Users are growing uncomfortable with the amount of information marketers possess today about them and many feel it is an invasion of their privacy even if the marketing is currently considered to be lawful. Moreover, even legitimate and lawful enterprises that collect confidential information about a user runs the risk of having an intruder penetrate their databases and acquiring the information for subsequent unlawful purposes. […]

Assignee: Apple Inc. (Cupertino, CA)
Filed: October 21, 2011

Techniques to pollute electronic profiling

Techniques to pollute electronic profiling are provided. A cloned identity is created for a principal. Areas of interest are assigned to the cloned identity, where a number of the areas of interest are divergent from true interests of the principal. One or more actions are automatically processed in response to the assigned areas of interest. The actions appear to network eavesdroppers to be associated with the principal and not with the cloned identity. […]

The invention claimed is:

1. A device-implemented method, comprising: cloning, by a device, an identity for a principal to form a cloned identity; configuring, by the device, areas of interest to be associated with the cloned identity, the areas of interest are divergent from true areas of interest for a true identity for the principal; and automatically processing actions associated with the areas of interest for the cloned identity over a network to pollute information gathered by eavesdroppers performing dataveillance on the principal and refraining from processing the actions when the principal is detected as being logged onto the network and also refraining from processing the actions when the principal is unlikely to be logged onto the network.

{ United States Patent | Continue reading }

For the past two decades New Yorkers have been the beneficiaries of the largest and longest sustained drop in street crime ever experienced by a big city in the developed world. In less than a generation, rates of several common crimes that inspire public fear — homicide, robbery and burglary — dropped by more than 80 percent. […]

Twenty years ago most criminologists and sociologists would have doubted that a metropolis could reduce this kind of crime by so much. Although the scale of New York Citys success is now well known and documented, most people may not realize that the city’s experience showed many of modern America’s dominant assumptions concerning crime to be flat wrong, including that lowering crime requires first tackling poverty, unemployment and drug use and that it requires throwing many people in jail or moving minorities out of city centers. Instead New York made giant strides toward solving its crime problem without major changes in its racial and ethnic profile; it did so without lowering poverty and unemployment more than other cities; and it did so without either winning its war on drugs or participating in the mass incarceration that has taken place throughout the rest of the nation.

{ OUP | Continue reading }

photo { Peewee from The Dirty Ones, Williamsburg, Brooklyn | more }

related { NY greaser gangs | What is the difference between greaser gangs and regular gangs? }

bonus: 1976 News Footage Of The Devils Rebels Street Gang In Brooklyn, NY:

Free services in exchange for personal information. That’s the “privacy bargain” we all strike on the Web. It could be the worst deal ever. […]

Why do we seem to value privacy so little? In part, it’s because we are told to. Facebook has more than once overridden its users’ privacy preferences, replacing them with new default settings. […]

Even if you read the fine print, human beings are awful at pricing out the net present value of a decision whose consequences are far in the future. […] The risks increase as we disclose more, something that the design of our social media conditions us to do. […]

Imagine if your browser loaded only cookies that it thought were useful to you, rather than dozens from ad networks you never intended to interact with. […] There’s a business opportunity for a company that wants to supply arms to the rebels instead of the empire.

{ Technology Review | Continue reading }

photo { Leonard Freed }

Worst Companies At Protecting User Privacy: Skype, Verizon, Yahoo!, At&T, Apple, Microsoft.

{ Main Device | full story }

photos { Marlo Pascual | Sean and Seng }

A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. […] Dubbed “Flame” by Russia-based anti-virus firm Kaspersky Lab […]

The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware.

Kaspersky Lab is calling it “one of the most complex threats ever discovered.” […]

Gostev says that because of its size and complexity, complete analysis of the code may take years. “It took us half-a-year to analyze Stuxnet,” he said. “This is 20-times more complicated. It will take us 10 years to fully understand everything.” […]

Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.

The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network. The attackers appear to use this component to hijack administrative accounts and gain high-level privileges to other machines and parts of the network. […]

Because Flame is so big, it gets loaded to a system in pieces. The machine first gets hit with a 6-megabyte component, which contains about half-a-dozen other compressed modules inside. The main component extracts, decompresses and decrypts these modules and writes them to various locations on disk. The number of modules in an infection depends on what the attackers want to do on a particular machine.

Once the modules are unpacked and loaded, the malware connects to one of about 80 command-and-control domains to deliver information about the infected machine to the attackers and await further instruction from them. The malware contains a hardcoded list of about five domains, but also has an updatable list, to which the attackers can add new domains if these others have been taken down or abandoned.

While the malware awaits further instruction, the various modules in it might take screenshots and sniff the network. The screenshot module grabs desktop images every 15 seconds when a high-value communication application is being used, such as instant messaging or Outlook, and once every 60 seconds when other applications are being used.

{ Wired | Continue reading }

New York City agency pushes plan to prevent cyberattacks on elevators, boilers

What would happen if an attacker broke into the network for the industrial control systems for New York City’s elevators and boiler systems and decided to disrupt them?

“You could increase the speed of how elevators go up or down,” says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority (NYCHA), which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems (ICS) for the boilers, they could raise the heat levels for municipal boilers, causing them to explode.

{ Network World | Continue reading }

photo { Bill Sullivan }

{ US Drone fleet can keep tabs on the movements of Americans, far from the battlefields. And it can hold data on them for 90 days — studying it to see if the people it accidentally spied upon are actually legitimate targets of domestic surveillance. | Wired | full story }

A group of computer security researchers have refined an innovative method of combatting identity theft. (…) Its method, described in the journal Information Sciences, “continuously verifies users according to characteristics of their interaction with the mouse.”

The idea of user verification through mouse monitoring is not new. As the researchers note, “a major threat to organizations is identity thefts that are committed by internal users who belong to the organization.”

To combat this, some organizations turn “physiological biometrics” to verify the identity of a computer user. But these techniques, such as fingerprint sensors or retina scanners, “are expensive and not always available,” the researchers write.

An alternative approach is the use of “behavioral biometrics.” Such a system compiles biometric data such as “characteristics of the interaction between the user and input devices such as the mouse and keyboard” and constructs a “unique user signature.”

{ Pacific Standard | Continue reading }

painting { Antonio Ciseri, Ecce Homo, 1871 }

The internet is no stranger to crime. From counterfeit and stolen products, to illegal drugs, stolen identities and weapons, nearly anything can be purchased online with a few clicks of the mouse. The online black market not only can be accessed by anyone with an Internet connection, but the whole process of ordering illicit goods and services is alarmingly easy and anonymous, with multiple marketplaces to buy or sell anything you want.

Understanding how the market thrives—unregulated and untraceable—can give you a better sense of the threats (or resources) that affect you and your business.

In our scenario we are going to legally transfer $1,000 USD out of a regular bank account and into a mathematical system of binary codes, and then enter a neighborhood of the Internet largely used by criminals. This hidden world anyone lets purchase bulk downloads of stolen credit cards, as well as a credit card writer, blank cards, some “on stage” fake identities—and maybe even a grenade launcher they’ve had their eyes on.

A journey into the darker side of the Internet starts with two open-source programs: Bitcoin and the Tor Bundle.

{ CSO | Continue reading }

artwork { General Idea, Miss General Idea Glove Pattern (Form Follows Fetish), 1975 }

For eight days running, YouTube’s front page had been taken over by “botted” videos—videos whose views had been artificially inflated by software programs designed to trick YouTube’s servers—and as far as YouTubers could tell, YouTube’s owner, the mighty Google, seemed powerless to stop them.

Google did eventually stop the worst of the bots, fixing a vulnerability in how the site counts mobile views. But the botting problem is far from over. And the episode leaves a lot of lingering questions over the site’s future.

{ DailyDot | Continue reading }

related { Hulu, which attracted 31 million unique users in March under a free-for-all model, is taking its first steps to change to a model where viewers will have to prove they are a pay-TV customer to watch their favorite shows. | NY Post }

Google’s harvesting of e-mails, passwords and other sensitive personal information from unsuspecting households in the United States and around the world was neither a mistake nor the work of a rogue engineer, as the company long maintained, but a program that supervisors knew about, according to new details from the full text of a regulatory report.

The report, prepared by the Federal Communications Commission after a 17-month investigation of Google’s Street View project, was released, heavily redacted, two weeks ago. Although it found that Google had not violated any laws, the agency said Google had obstructed the inquiry and fined the company $25,000.

On Saturday, Google released a version of the report with only employees’ names redacted.

The full version draws a portrait of a company where an engineer can easily embark on a project to gather personal e-mails and Web searches of potentially hundreds of millions of people as part of his or her unscheduled work time, and where privacy concerns are shrugged off.

The so-called payload data was secretly collected between 2007 and 2010 as part of Street View, a project to photograph streetscapes over much of the civilized world. When the program was being designed, the report says, it included the following “to do” item: “Discuss privacy considerations with Product Counsel.”

“That never occurred,” the report says.

Google says the data collection was legal. But when regulators asked to see what had been collected, Google refused, the report says, saying it might break privacy and wiretapping laws if it shared the material. (…)

Ever since information about the secret data collection first began to emerge two years ago, Google has portrayed it as the mistakes of an unauthorized engineer operating on his own and stressed that the data was never used in any Google product.

The report, quoting the engineer’s original proposal, gives a somewhat different impression. The data, the engineer wrote, would “be analyzed offline for use in other initiatives.” Google says this was never done. (…)

The Street View program used special cars outfitted with cameras. Google first said it was just photographing streets and did not disclose that it was collecting Internet communications called payload data, transmitted over Wi-Fi networks, until May 2010, when it was confronted by German regulators.

Eventually, it was forced to reveal that the information it had collected could include the full text of e-mails, sites visited and other data.

{ NY Times | Continue reading }

{ Mac Flashback Attack Started With Compromised WordPress Blogs }

related { We’ve heard much about the possibility of a quantum internet which uses single photons to encode and send information protected by the emerging technology of quantum cryptography }

For decades in art circles it was either a rumor or a joke, but now it is confirmed as a fact. The Central Intelligence Agency used American modern art - including the works of such artists as Jackson Pollock, Robert Motherwell, Willem de Kooning and Mark Rothko - as a weapon in the Cold War. In the manner of a Renaissance prince - except that it acted secretly - the CIA fostered and promoted American Abstract Expressionist painting around the world for more than 20 years. (…)

Why did the CIA support them? Because in the propaganda war with the Soviet Union, this new artistic movement could be held up as proof of the creativity, the intellectual freedom, and the cultural power of the US. Russian art, strapped into the communist ideological straitjacket, could not compete.

{ Independent | Continue reading }

photo { Jackson Pollock, Clement Greenberg, Helen Frankenthaler, Lee Krasner and an unidentified child at the beach, 1952 }

A Star Trek-style cloaking technique allows people to spy on your Facebook account in a way that is difficult to spot and even harder to stop, say computer scientists.

{ The Physics arXiv Blog | Continue reading }

illustration { Grant Orchard }

This has led researchers to ask the questions: How can we get mobile users to break out of their patterns, visit less frequented areas, and collect the data we need?

Researchers can’t force mobile users to behave in a certain way, but researchers at Northwestern University have found that they may be able to nudge them in the right direction by using incentives that are already part of their regular mobile routine.


“We can rely on good luck to get the data that we need,” Bustamante said, “or we can ‘soft control’ users with gaming or social network incentives to drive them where we want them.”


{ McCormick School of Engineering and Applied Science | Continue reading }

related { What Privacy Advocates Don’t Get About Data Tracking on the Web }

related { Google regularly receives requests from government agencies and courts around the world to remove content from our services and hand over user data | Who Does Facebook Think You Are Searching For? | Thanks Samantha! }

Facebook’s inventory of data and its revenue from advertising are small potatoes compared to some others. Google took in more than 10 times as much, with an estimated $36.5 billion in advertising revenue in 2011, by analyzing what people sent over Gmail and what they searched on the Web, and then using that data to sell ads. Hundreds of other companies have also staked claims on people’s online data by depositing software called cookies or other tracking mechanisms on people’s computers and in their browsers. If you’ve mentioned anxiety in an e-mail, done a Google search for “stress” or started using an online medical diary that lets you monitor your mood, expect ads for medications and services to treat your anxiety.

Ads that pop up on your screen might seem useful, or at worst, a nuisance. But they are much more than that. The bits and bytes about your life can easily be used against you. Whether you can obtain a job, credit or insurance can be based on your digital doppelgänger — and you may never know why you’ve been turned down.

Material mined online has been used against people battling for child custody or defending themselves in criminal cases. LexisNexis has a product called Accurint for Law Enforcement, which gives government agents information about what people do on social networks. The Internal Revenue Service searches Facebook and MySpace for evidence of tax evaders’ income and whereabouts, and United States Citizenship and Immigration Services has been known to scrutinize photos and posts to confirm family relationships or weed out sham marriages. Employers sometimes decide whether to hire people based on their online profiles, with one study indicating that 70 percent of recruiters and human resource professionals in the United States have rejected candidates based on data found online. A company called Spokeo gathers online data for employers, the public and anyone else who wants it. The company even posts ads urging “HR Recruiters — Click Here Now!” and asking women to submit their boyfriends’ e-mail addresses for an analysis of their online photos and activities to learn “Is He Cheating on You?”

Stereotyping is alive and well in data aggregation. Your application for credit could be declined not on the basis of your own finances or credit history, but on the basis of aggregate data — what other people whose likes and dislikes are similar to yours have done. If guitar players or divorcing couples are more likely to renege on their credit-card bills, then the fact that you’ve looked at guitar ads or sent an e-mail to a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. When an Atlanta man returned from his honeymoon, he found that his credit limit had been lowered to $3,800 from $10,800. The switch was not based on anything he had done but on aggregate data. A letter from the company told him, “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.” (…)

In 2007 and 2008, the online advertising company NebuAd contracted with six Internet service providers to install hardware on their networks that monitored users’ Internet activities and transmitted that data to NebuAd’s servers for analysis and use in marketing. For an average of six months, NebuAd copied every e-mail, Web search or purchase that some 400,000 people sent over the Internet.

{ NY Times | Continue reading }

Amy, a 20-year-old brunette at the University of California at Irvine, was on her laptop when she got an IM from a random guy nicknamed mistahxxxrightme, asking her for webcam sex. Out of the blue, like that. Amy told the guy off, but he IM’d again, saying he knew all about her, and to prove it he started describing her dorm room, the color of her walls, the pattern on her sheets, the pictures on her walls. “You have a pink vibrator,” he said. It was like Amy’d slipped into a stalker movie. Then he sent her an image file. Amy watched in horror as the picture materialized on the screen: a shot of her in that very room, naked on the bed, having webcam sex with James.

Mistah X wasn’t done. The hacker fired off a note to James’s ex-girlfriend Carla Gagnon: “nice video I hope you still remember this if you want to chat and find out before I put it online hit me up.” Attached was a video still of her in the nude. Then the hacker contacted James directly, boasting that he had control of his computer, and it became clear this wasn’t about sex: He was toying with them. As Mistah X taunted James, his IMs filling the screen, James called Amy: He had the creep online. What should he do? They talked about calling the cops, but no sooner had James said the words than the hacker reprimanded him. “I know you’re talking to each other right now!” he wrote. James’s throat constricted; how did the stalker know what he was saying? Did he bug his room?

They were powerless. Amy decided to call the cops herself. But the instant she phoned the dispatcher, a message chimed on her screen. It was from the hacker. “I know you just called the police,” he wrote. (…)

The task of hunting him down fell to agents Tanith Rogers and Jeff Kirkpatrick of the FBI’s cyber program in Los Angeles. (…)

Luis Mijangos was an unlikely candidate for the world’s creepiest hacker. He lived at home with his mother, half brother, two sisters—one a schoolgirl, the other a housekeeper—and a perky gray poodle named Petra. It was a lively place, busy with family who gathered to watch soccer and to barbecue on the marigold-lined patio. Mijangos had a small bedroom in front, decorated in the red, white, and green of Mexican soccer souvenirs, along with a picture of Jesus. That’s where he spent most of his time, in front of his laptop—sitting in his wheelchair. (…)

In the early days of cybercrime, hackers had to code their software from scratch, but as he searched the Web, Mijangos found dozens of programs, with names like SpyNet and Poison Ivy, available cheaply, if not free. They allowed him to access someone’s desktop but limited the number of computers he could control simultaneously. Bragging to his peers, Mijangos says he found a way to modify an existing program that supported roughly thirty connections so that it could handle up to 600 computers at once.

{ GQ | Continue reading }