Prison Debate Team Beats Harvard's National Title Winners 185 writes: Lauren Gambino reports at The Guardian that months after winning this year's national debate championship, Harvard's debate team has fallen to a debate team of three inmates with violent criminal records. The showdown took place at the Eastern correctional facility in New York, a maximum-security prison where convicts can take courses taught by faculty from nearby Bard College, and where inmates have formed a popular debate club. The Bard prison initiative has expanded since 2001 to six New York correctional facilities, and aims to provide inmates with a liberal arts education so that when the students leave prison they are able to find meaningful work. A three-judge panel concluded that the Bard team had raised strong arguments that the Harvard team had failed to consider and declared the team of inmates victorious. "Debate helps students master arguments that they don't necessarily agree with," says Max Kenner. "It also pushes people to learn to be not just better litigators but to become more empathetic people, and that's what really speaks to us as an institution about the debate union."

The prison team has proven formidable in the past, beating teams from the US military academy at West Point and the University of Vermont. They lost a rematch against West Point in April, setting up a friendly rivalry between the teams. The competition against West Point has become an annual event, and the prison team is preparing for the next debate in spring. In the morning before the debate, team members talked of nerves and their hope that competing against Harvard—even if they lost—would inspire other inmates to pursue educations. "If we win, it's going to make a lot of people question what goes on in here," says Alex Hall, a 31-year-old from Manhattan convicted of manslaughter. "We might not be as naturally rhetorically gifted, but we work really hard."

International Exploit Kit Angler Thwarted By Cisco Security Team 36

An anonymous reader writes: Researchers at a Cisco security unit have successfully interrupted the spread of a massive international exploit kit which is commonly used in ransomware attacks. The scientists discovered that around 50% of computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. Once informed, Limestone cut the servers from its network and handed over the data to the researchers who were able to recover Angler authentication protocols, information needed to disrupt future diffusion.

4 Calif. Students Arrested For Alleged Mass-Killing Plot 446

The New York Times reports that four high school students in the small California town of Tuolumne, about 120 miles east of San Francisco, have been arrested, but not yet charged, for planning an attack on their school, Summerville High School. According to the Times, three of the four were overheard discussing this plot, and a fourth conspirator was later identified. Their goal, according to Toulumne sheriff James Mele, was "to shoot and kill as many people as possible at the campus"; they had not however been able yet to obtain the weapons they wanted to carry out the attack. From NBC News' version of the story: "Detectives located evidence verifying a plot to shoot staff and students at Summerville High School," Mele said. "The suspects' plan was very detailed in nature and included names of would-be victims, locations and the methods in which the plan was to be carried out."

Experian Breached, 15 Million T-Mobile Customer's Data Exposed 161

New submitter Yuuki! writes: The Washington Post reports that T-Mobile's Credit Partner, Experian, has been breached revealing names, addresses, Social Security numbers, birth dates and driver's license and passport numbers for any customer who has applied for device financing or even services from T-Mobile which required a credit check. Both parties were quick to point out that no no credit card or banking data was stolen as part of the attack. The attack started back in September 2013 and was only just discovered on September 16, 2015. Both Experian and T-Mobile have posted statements on their websites and Experian is offering credit for two free years of identity resolution services and credit monitoring in the wake of the breach.

Patreon Hacked, Personal Data Accessed 79

AmiMoJo writes: In a blog post Jake Conte, CEO and co-founder of Patreon, writes: "There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."

Citadel Botnet Operator Gets 4.5 Years In Prison 42

An anonymous reader writes: The U.S. Department of Justice has announced that Dimitry Belorossov, a.k.a. Rainerfox, an operator of the "Citadel" malware, has been sentenced to 4.5 years in prison following a guilty plea. Citadel was a banking trojan capable of stealing financial information. Belorossov and others distributed it through spam emails and malvertising schemes. He operated a 7,000-strong botnet with the malware, and also collaborated to improve it. The U.S. government estimates Citadel was responsible for $500 million in losses worldwide. Belorossov will have to pay over $320,000 in restitution.

How the FBI Hacks Around Encryption 91

Advocatus Diaboli writes with this story at The Intercept about how little encryption slows down law enforcement despite claims to the contrary. To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that's just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it's called hacking.

Hacking — just like kicking down a door and looking through someone's stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects' devices. Doing so gives them the same access the suspects have to communications — before they've been encrypted, or after they've been unencrypted.

Curbing the For-Profit Cybercrime Food Chain 19

msm1267 writes: A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime. Instead, the focus, they says, should be on attacking the criminal infrastructure. The report outs a number of soft spots and inter-dependencies in the criminal underground that could be leveraged to cut into the efficacy of cybercrime. "Commoditization directly influences the kinds of business structures and labor agreements that drive recent cybercrime," the researchers write. While shutting down the black market is easier said than done, the paper notes a few ways to deter the behavior of attackers, if not fully break the chain.

Police Program Aims to Pinpoint Those Most Likely to Commit Crimes 244

An anonymous reader writes: Using profiling algorithms, police are tracking suspected criminals to prevent them from committing predicted crimes. We're one step from locking people up for what they might do. The New York Times reports: "The strategy, known as predictive policing, combines elements of traditional policing, like increased attention to crime “hot spots” and close monitoring of recent parolees. But it often also uses other data, including information about friendships, social media activity and drug use, to identify “hot people” and aid the authorities in forecasting crime."

'RipSec' Goes To Hollywood: How the iCloud Celeb Hack Happened 28

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipSec using a photoshopped naked image of major TV star who offered access to her iCloud account. "I contacted some of the celebrities and she gave me access to her account," Doering says. "From there I baited them (the hackers)."
United States

OPM Says 5.6 million Fingerprints Stolen In Cyberattack 93

mschaffer writes: The Office of Personnel Management data breach that happened this summer just got a little worse. The OPM now says that 5.6 million people's fingerprints were stolen as part of the hacks. The Washington Post reports: "That's more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. However, OPM said Wednesday the total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same."

Morgan Stanley Employee Pleads Guilty In Data Breach Case 43

An anonymous reader writes: A former Morgan Stanley financial adviser who was fired in connection with a major breach of client information pleaded guilty to accessing client data and taking it home with him. According to court records Galen Marsh copied names, addresses, account numbers, investment information and other data for approximately 730,000 accounts. "This action, which follows Morgan Stanley's initial investigation and reporting of his misconduct, makes clear that misuse of client account information will not be tolerated," the bank said in a statement.

Bitcoin Ponzi Scheme Operator Pleads Guilty To $150M Fraud 114

JustAnotherOldGuy writes: Bitcoin Savings & Trust founder Trendon Shavers pleaded guilty to fraud over his company's Ponzi scheme, whose victims believed they would earn one percent interest every three days — an annual rate of 3,641 percent. Shavers used new depositors' money to pay the existing depositors, and skimmed enough cream to pay for a car, a $1000 Vegas steak dinner, and plenty of casino gambling. He cost his depositors about $150M and was holding onto $40.7M in Bitcoin when he was arrested. At his peak, he controlled about 7 percent of all Bitcoins in circulation. He netted $164,758 from the scheme. Under a plea deal, Shavers has agreed not to appeal any sentence at or below 41 months in prison. Sentencing before U.S. District Judge Lewis Kaplan is scheduled for Feb. 3. Shavers, who went by "pirateat40" online, was arrested in November, two months after a federal judge in Texas ordered him to pay $40.7 million in a related U.S. Securities and Exchange Commission civil lawsuit.
United Kingdom

UK Man Gets Britain's First-Ever Conviction For Illegal Drone Use 77

jfruh writes: Nigel Wilson of Nottingham was quite a drone enthusiast: he flew a drone over a Champions League soccer match low enough to startle police horses, and at other times flew drones over iPro Stadium in Derby, the Emirates Stadium in north London, and near the Houses of Parliament, Buckingham Palace, the HMS Belfast and the Shard tower in London. He's been convicted under the Air Navigation Order 2009 and fined £1,800.

A Call To RICO Climate Change Science Deniers 737

GregLaden writes: The argument could be made that the organized effort to disrupt climate change science and the development of effective policies to address climate change is criminal, costing life and property. The effort is known to be generally funded by various actors and there are people and organizations that certainly make money on this seemingly nefarious activity. A group of prominent scientists have written a letter to President Obama, Attorney General Lynch, and OSTP Director Holdren asking for this to be investigated under RICO laws, which were originally designed to address organized crime.

Some Trump Donors Get Fleeced By 3rd-Party Payment System 113

According to an article in Maine's WMTW Channel 8, some Donald Trump supporters claim they've ended up giving more than they intended to this campaign, because a since-resolved "glitch" (according to campaign spokeswoman Hope Hicks) meant they were charged multiple times. From the article: "Heather Nason of Saco told WMTW News 8 that her husband was one of the affected customers. ... Nason said a series of unauthorized charges appeared on her husband's bank statement days later. She said someone tried to make 13 withdrawals from her husband's account. After the first six charges went through, the account was almost empty."

Tracking a Bluetooth ATM Skimming Gang In Mexico 44

tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.

Bitcoin Trader Agrees To Work For Police In Plea Agreement 111

An anonymous reader writes: Florida Bitcoin trader Pascal Reid, who was arrested in a February 2014 sting operation as part of his plea agreement, promised to carry out 20 sessions of law enforcement training in Bitcoin as well as serve as a consultant in criminal cases involving Bitcoin. This is in addition to 90 days in jail with credit for time served and a $500 reimbursement to the State of Florida for the expense of prosecuting him. Qntra has a write up on the case and the full text of the draft plea agreement.

Mt. Gox CEO Charged With Stealing $2.7 Million 99

An anonymous reader writes: After being arrested six weeks ago in Japan, Mt. Gox CEO Mark Karpeles has now been formally charged with the theft of $2.66 million worth of clients' money. "Tokyo-based MtGox shuttered last year after admitting 850,000 coins — worth around $480 million at the time, or $387 million at current exchange rates — had disappeared from its digital vaults. The exchange, which once said it handled around 80 percent of global Bitcoin transactions, filed for bankruptcy protection soon after the cyber-money went missing, leaving a trail of angry investors calling for answers." Karpeles still denies doing anything illegal. The case is proving difficult for Japanese authorities to unravel, and they're taking it as slowly as they legally can.

Sharebeast, the Largest US-based Filesharing Service, Has Its Domain Seized 122

An anonymous reader writes: The RIAA says that the FBI has seized the domain of file-sharing service ShareBeast, shutting down what it said was responsible for the leaks of thousands of songs. The site now only displays a notice saying the FBI acted "pursuant to a seizure warrant related to suspect criminal copyright infringement." In a statement, RIAA CEO Cary Sherman called the seizure "a huge win for the music community and legitimate music services. ShareBeast operated with flagrant disregard for the rights of artists and labels while undermining the legal marketplace."