Category Archives: Gaming

CCTV hack takes casino for $33 MILLION in poker losses

Quote

Posted on by
Reply

A sophisticated scheme to use a casino##Q##s own security systems against it has netted scammers $33m in a high-stakes poker game after they were able to gain a crucial advantage by seeing the opposition##Q##s cards.

The team used a high-rolling accomplice from overseas who was known to spend large amounts while gambling at Australia##Q##s biggest casino, the Crown in Melbourne, according to the Herald Sun. He and his family checked into the Crown and were accommodated in one of its $30,000-a-night villas.

The player then joined a private high-stakes poker game in a private suite. At the same time, an unnamed person got access to the casino##Q##s CCTV systems in the poker room and fed the information he gleaned back to the player via a wireless link. Over the course of eight hands the team fleeced the opposition to the tune of $33m.

According to a 2010 Victorian Law Reform Commission report, the Crown has one of the most sophisticated security systems in the industry. Cameras and microphones are studded throughout the casino complex and the feeds are monitored 24/7 by both the casino and staff at the Victorian Commission for Gambling Regulation.

Access to the casino##Q##s private high-stakes poker rooms is restricted to the holders of special keycards, and this is augmented by physical security on the door. These rooms also have extra surveillance, with multiple pan, tilt, and zoom cameras watching the players.

crown casino CCTV hack takes casino for $33 MILLION in poker losses

Cameras both obvious and otherwise. Credit: David Caird

“Crown##Q##s surveillance department recently reported concerns over a sophisticated betting scam. A Crown investigation is under way and is ongoing,” said a Crown spokesman. The company is “in a good position to recover a significant portion of the amount involved in the scam.”

“Crown has been liaising with both the police and the Victorian Commission for Gambling and Liquor Regulation regarding these matters,” he said.

There may be very little the police can do. Once the scam was uncovered the high-roller was ejected from his suite in the middle of the night and banned from any future visits. He is believed to have returned to his overseas home. The VIP handler assigned to look after him on his visit has also been fired.

It##Q##s been an expensive few days for the casino, but the Crown##Q##s hardly in financial problems. The casino gets around 30,000 visitors a day and is a top spot for high-spending Chinese gamblers. Last year it reported profits of $181m.

CCTV hack takes casino for $33 MILLION in poker losses • The Register.

“How to Snoop on Your Kid While They’re Online” – Online Child Security Guide

Quote

Posted on by
Reply

online How to Snoop on Your Kid While Theyre Online Online Child Security GuideAs kids approach adolescence, their need for privacy and insistence upon keeping parts of their life away from the prying eyes of a parent can make it difficult to monitor their activity. With the advent of smartphones that allow your child to carry the Internet around with him in his pocket, the need to make sure that he’s not getting into online trouble can feel even greater. While it’s usually more effective to attempt an open dialogue about what is and is not considered appropriate online behavior before resorting to spy-level surveillance, there may be times when snooping feels like the only choice.

Monitoring Software

Even less than tech-savvy parents can learn to navigate parental monitoring software, which is designed to run in the background and be undetectable by users. There are several varieties of monitoring programs, all with different features and levels of functionality. One thing that they all have in common is an ability to reveal all the things your child is doing online when you’re not there to look over his shoulder.

Limit Computer Use to Common Areas

If you’ve opted not to give your child a web-capable smartphone or a laptop, then you may find it easier to snoop while he’s online if the main computer is located in a high-traffic area of your home. When your child knows that a simple glance his way could reveal questionable web content he’s viewing, he’s more likely to think twice about what he looks up. Not only will you be able to keep an eye on what your child is looking at, but you’ll also be able to influence him into making better choices based solely on your nearby presence.

Check Your Browser History

Older kids with more advanced computer knowledge may be savvy enough to delete their browser history, but younger kids and tweens may not yet have the required know-how. After your child uses the computer, take a moment to scroll through the browser history. You’ll be able to access all of the pages your child has recently viewed, allowing you to get a good idea of what areas need to be addressed most.

Fake Social Networking Profiles

If your children haven’t deleted you from their Facebook friends list yet, there’s a strong possibility that they’ve learned to manipulate the safety and security settings so that they can block what you’re able to see. One way to make sure that you’re seeing everything posted on your child’s timeline and every interaction he has is to sign up for your own fake profile and use it to add your child. Unless he’s naturally suspicious of strangers, he probably won’t block the visibility of his posts to a new friend.

Keystroke Recording Software

Every email, every message and every web search can be recalled with a keystroke recorder, along with your child’s passwords. If you have a serious reason to believe that something is wrong and you’ll need to be able to confront your child with concrete evidence to make a difference, keystroke software may be the way to go. Be warned, however, that a child who’s not actually involved in questionable activities will almost certainly feel that she has no privacy or grounds for trusting her parents. In the event of an emergency, these programs can be quite valuable tools for parents.

Webcam Monitoring

There are ways to remotely view everything the webcam in your child’s computer sees, but it’s wise to think long and hard before resorting to such things. No invasion of privacy is as personal or as upsetting as being actively watched when you’re not aware of it. Furthermore, there are some sights a parent just doesn’t need to see.

Smartphone Apps

Do you want to track your child’s movements with an online GPS service connected to his phone or block content he’s able to view with the device? There are a slew of kid-monitoring apps available for smartphones that can help you keep tabs on your child when he’s away from home.

These methods will help you track and monitor what your kids are doing online, but there is no app or program to replace the trust that is almost certain to be lost when your child discovers the depth of your investigation. Before resorting to underhanded means of finding out what your youngster is up to, you may want to attempt having an open, judgment-free conversation about boundaries, appropriate behavior and the implications of being careless on the Internet.

How to Snoop on Your Kid While He’s Online | Nanny Background Check.

Incoming search terms:

  • keeping a check on the kids using webcam?
  • monitoring software systems
  • sytech webcam

Sony Fined in UK over PlayStation Cyberattack

Quote

Posted on by
Reply
sony Sony Fined in UK over PlayStation Cyberattack In this Aug. 19, 2009 file photo, Sony Computer Entertainment Japan President Shawn Layden displays a new PlayStation 3 during a news conference in Tokyo, Japan. Britain’s Data Regulator fined Sony 250,000 pounds ($396,100) on Thursday, Jan. 24, 2013 for having insufficient security measures to prevent a 2011 cyberattack on its PlayStation Network. The attack in April 2011 targeted credit card information through Sony’s PlayStation Network and put millions of users’ personal information – including names, addresses, birth dates and account passwords – at risk. Courtesy of AP Photo/Itsuo Inouye, File

British regulators have fined Sony 250,000 pounds ($396,100) for failing to prevent a 2011 cyberattack on its PlayStation Network which put millions of users’ personal information — including names, addresses, birth dates and account passwords — at risk.

Britain’s Information Commissioner’s Office said that security measures in place at the time “were simply not good enough.” It said the attack could have been prevented if software had been up to date, while passwords were also not secure.

David Smith, deputy commissioner and director of data protection, acknowledged that the fine for a “serious breach of the Data Protection Act” was “clearly substantial” but said that the office makes “no apologies” for that.

“There’s no disguising that this is a business that should have known better,” he said in a statement. “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”

Smith called the case “one of the most serious ever reported” to the data regulator.

Sony, which has previously apologized for the data breach, said it “strongly disagrees” with the ruling and plans to appeal.

David Wilson, a spokesman for Sony Computer Entertainment Europe Ltd., said the company noted that the ICO recognized that Sony was the victim of a criminal attack and that there is no evidence payment card details were accessed.

“Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defense and working to make our networks safe, secure and resilient,” he said in a statement.

Sony Fined in UK over PlayStation Cyberattack | DFI News.

Incoming search terms:

  • david wilson sony

Manual Outlines Policies and Procedures for Digital Evidence

Quote

Posted on by
Reply

manual Manual Outlines Policies and Procedures for Digital EvidenceElectronic devices such as computers, cellphones and digital cameras must be properly seized, processed and stored to preserve the integrity of the data and ensure its evidentiary value. A manual developed by the Electronic Crime Technology Center of Excellence (ECTCoE) can provide agencies with much-needed guidance on drafting policies and procedures for handling digital evidence.

As stated in the text, the purpose of the sample Policy and Procedure Manual is to give law enforcement agencies a collection of documents that can serve as a starting point for developing policies and procedures for the collection, handling and processing of digital evidence. Once final, the manual will be posted to the National Law Enforcement and Corrections Technology Center (NLECTC) System website, in a Microsoft Word format to facilitate editing as needed by individual agencies. The NLECTC System is a program of the Office Justice Programs’ National Institute of Justice.

“The document was written in response to the many requests we’ve seen on the various computer forensic email lists requesting copies of policy and procedure
manuals by state and local officers and agents who have been tasked with developing such a document for their own agency,” explains Russell Yawn, ECTCoE deputy director.

In developing the manual, the ECTCoE was able to take advantage of in-house expertise along with information gathered from law enforcement agencies.

“The ECTCoE deals with the law enforcement community at large so we have contacts throughout the country and some internationally that we can rely on for input,” says ECTCoE Director Robert O’Leary. “We have a well-established network and relied on that network to provide us with examples that agencies were using at the state level, and combined it with the expertise in the ECTCoE. Every CoE staff member has criminal justice experience with digital evidence collection and examination, so we were able to leverage all those resources and put together this set of policies and procedures.”

Some of the agencies that provided assistance include the Southern Oregon High Tech Crimes Task Force, the New York Police Department, Orlando Police Department, Austin Police Department, Dallas Police Department and Charleston Police Department. The ECTCoE also looked at sample policies from the U.S. Department of Defense.

“We were able to get a great deal of information from a number of agencies and contacts, and look at the policies that had been implemented and ensure that we did not overlook any topics or points of interest that other agencies may have found important,” O’Leary says.

The manual should also help agencies performing the Commission on Accreditation for Law Enforcement Agencies (CALEA) accreditation process regarding digital evidence procedures. The purpose of CALEA accreditation programs is to improve the delivery of public safety services, primarily by maintaining a body of standards and establishing and administering an accreditation process.

“Another thing we tried to keep in mind was the CALEA standards,” O’Leary says. “We wanted to ensure that these procedures would lend themselves to compatibility, and we were able to rely on some of our contacts that perform CALEA reviews.”

The manual has sections covering case assignment and prioritization; equipment testing, validation and updates; evidence and property handling; search and seizure; storage of evidence and retention policy; reports; materials and supplies; computer forensic lab access; Manual Outlines Policies and Procedures for Digital Evidence2 release of information to the media; quality assurance policy and process; and sample forms (e.g., computer lab request for service, evidence inventory and details, and evidence access and tracking).

“Some forms we developed, others are based on forms received from other agencies. We simply wanted to give agencies a format they could work with as a guide,” O’Leary says.

Manual Outlines Policies and Procedures for Digital Evidence | DFI News.

Incoming search terms:

  • cell site analysis blog
  • local police department computer forensic procedure
  • give procedure of digital evidence collection and digital evidence preservation- *

Murder by Internet – Future CyberThreats

Quote

Posted on by
Reply
crime Murder by Internet Future CyberThreats

(Credit: iStockphoto)

New cyberthreats that will emerge in 2014 include the use of Internet-connected devices to carry out physical crimes, including murders, and cybercriminals leveraging mobile-device Near Field Communications (NFC) to wreak havoc with banking and e-commerce, predicts IID (Internet Identity, a provider of technology and services that help organizations secure their Internet presence,

With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders.

Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.

“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective.  That’s horrifying,” said IID president and CTO Rod Rasmussen. “Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”

NFC dangers

By 2014, Juniper Research predicts, almost 300 million (one in five) smartphones worldwide will be NFC-enabled, and Global NFC transactions will total almost $50 billion. NFC is a set of smartphone standards that enables everything from payments to unlocking of hotel room doors to automatic peer-to-peer information exchange between two devices placed closely together. IID predicts that while the underlying technology in NFC is secure, almost all of the applications that will be written to interface with the technology will be riddled with security holes, and massive losses will ensue.

“The amount of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”

Other cybersecurity trends IID predicts for 2014 include:

  • A large increase of government-sanctioned malware targeting other government institutions around the globe, with nation states openly engaging in acts of cyber-espionage and sabotage
  • At least one successful penetration of a major infrastructure component like a power grid that results in billions of dollars in damage
  • An exploit of a significant military assault system like drones that result in real-world consequences

Intelligence sharing network

However, IID predicts a strong response in the form of an intelligence sharing network that will alert participating companies, government institutions, and more about the latest cybercrime attacks.

Currently, government agencies lack clear guidance about the rules of engagement for sharing, and enterprises are worried about the potential liabilities created by intelligence sharing. IID expects that Congress will enact new cybersecurity legislation that provides safe harbor protections enabling enterprises and government institutions to share intelligence without such fears in the coming months.

Murder by Internet | KurzweilAI.

Spy Games

Quote

Posted on by
Reply

xbox Spy Games

Recent years have brought reports of the U.S. government eavesdropping on phone conversations, e-mails, even tweets — all in the name of fighting terrorism. But surely your Xbox must be safe from the prying eyes of Big Brother?

Not for long. You might not immediately think that slaying dragons or driving like a maniac through virtual streets is all that interesting to intelligence agents, but the U.S. government believes there might be law enforcement gold on your Xbox. Government researchers say that hacking into consoles will allow police to catch pedophiles and terrorists. Meanwhile, privacy advocates worry that gamers may leave sensitive data — and not just credit card information — on their Nintendos without knowing it.

 

At the cutting edge of this development is Obscure Technologies, a small San Francisco-based company that performs computer forensics and which has just been awarded a $177,237 sole-source research contract to develop “hardware and software tools that can be used for extracting data from video game systems,” and “a collection of data (disk images; flash memory dumps; configuration settings) extracted from new video game systems and used game systems purchased on the secondary market,” according to the contract award from the U.S. Navy. (Law enforcement agencies contacted the Department of Homeland Security’s Science and Technology Directorate for help on a tool to examine gaming console data. The Department of Homeland Security (DHS) then asked the Naval Postgraduate School (NPS) to execute the contract and spearhead the research because of the expertise of Simson Garfinkel, a computer science professor at the NPS in Monterrey, Calif. — hence the U.S. Navy contract.)

 

The project, called the “Gaming Systems Monitoring and Analysis Project,” originated in 2008, when law enforcement authorities were concerned about pedophiles using video game consoles to find victims. “Today’s gaming systems are increasingly being used by criminals as a primary tool in exploiting children and, as a result, are being recovered by U.S. law enforcement organizations during court-authorized searches,” says Garfinkel, a computer forensics expert. Indeed, the FBI warns that pedophiles often use online gaming forums as their hunting grounds. However, “there is a suspicion” that terrorists are also using online games to communicate, says John Verrico, spokesman for DHS‘s Science and Technology Directorate. While homeland security is the primary DHS mission, it also supports domestic law enforcement and first responders, Verrico says.

 

The ultimate goal is to “improve the current state-of-the-art of computer forensics by developing new tools for extracting information from popular game systems, and by building a corpus of data from second-hand game system that can be used to further the development of computer forensic tools,” Garfinkel said in an email to Foreign Policy. Though the research is being overseen by NPS, the contract award states that the tools developed by Obscure will be delivered to DHS.

 

Monitoring gaming consoles is harder than you might think. Consoles such as the Microsoft Xbox 360, Sony Playstation 3, and Nintendo Wii encrypt their devices to prevent piracy and tampering. Indeed, the contract states that “analysis of the game systems requires specific knowledge of working with the hardware of embedded systems that have significant anti-tampering technology.” But this is more than hacking; the government wants tools that can apply computer forensics, which look for legally admissible evidence, to consoles.

 

While there have been some attempts to use computer forensics on consoles, researchers say this is relatively new ground. The DHS project is “exploratory research and development,” said Obscure Technologies president Greg May. “It will be interesting to see, because it’s new to us as well. A lot of this stuff hasn’t been done. We’re not sure how complicated it is.”

 

Of course, what the government is interested in is not the game itself, but the platform — and the way you use it. Video game consoles have evolved beyond simple entertainment machines into powerful all-purpose devices that are used to watch movies,  post on Facebook, or — more important to an FBI or CIA agent — chat with other players. “You wouldn’t intentionally store sensitive data on a console,” says Parker Higgins, a spokesman for the online privacy group, the Electronic Freedom Foundation (EFF). “But I can think of things like connection logs and conversation logs that are incidentally stored data. And it’s even more alarming because users might not know that the data is created.”

“These consoles are being used as general purpose computers,” Higgins adds. “And they’re used for all kinds of communications. The Xbox has a very active online community where people communicate. It stands to reason that you could get sensitive and private information stored on the console.”

 

Thing about it: Your Nintendo Wii might tell government investigators when you were connected to the Internet, who you were talking to, what you were saying, and what you were playing. “Taken in context, it could end up revealing more than you expect,” Higgins warns. There have already been hacks that could allow for spying on users of the Xbox Kinect, a video-enabled add-on that reads body movement for interactive gaming.

 

DHS is aware of the domestic privacy issues, which is why it says it intends to target consoles from overseas. “This project requires the purchasing of used video game systems outside the U.S. in a manner that is likely to result in their containing significant and sensitive information from previous users,” states the contract. Why go abroad? “We do not wish to work with data regarding U.S. persons due to Privacy Act considerations,” says Garfinkel. “If we find data on U.S. citizens in consoles purchased overseas, we remove the data from our corpus.”

 

So will console game manufacturers cooperate with government efforts to break into their devices or will they construct bigger and better firewalls? Neither Microsoft, Sony, Nintendo nor the Entertainment Software Association responded to questions from FP, but the Electronic Freedom Foundation’s Higgins believes that the issue of console privacy and security has been neglected because consoles are dismissed as gaming toys. “I’ve spoken with privacy people at Microsoft, and they’re aware that it’s something that can be personal and sensitive. If you don’t use Xbox, you might think it’s just a frivolous video game. But a lot of real communication happens between people in this form. Just because it’s a form associated with games doesn’t mean it deserves less privacy protection.”

 

Gamers may not have much choice in the matter. Unlike regular computers, whose users can install security software, gamers can’t just install an anti-virus program like McAfee or spyware monitoring software. And jailbreaking (modifying) a console runs afoul of the Digital Millennium Copyright Act, which bars circumvention of copyright protection technology. The EFF is lobbying the U.S. Copyright Office for an exemption that would allow users to add essential software such as security programs to their game consoles, smartphones, and tablets.

 

With pedophiles using consoles as a means to lure victims, or terrorists possibly using them to communicate, it was probably inevitable that video game consoles would be targeted by law enforcement. Indeed, in an era when the National Security Agency can conduct warrantless electronic searches of your email, it is naive to assume that video games would be exempt. There is a powerful case to be made for giving the government the technical means to collect evidence from consoles.

 

There is also good reason to worry. Numerous cases of illegal wiretaps, as well as surveillance of various political and ethnic groups for dubious reasons, are grounds for suspicion. The issue here may not be just one of privacy, but also of alertness. Those who are concerned about eavesdropping on their voice and email communications may be surprised to discover that their video games are no less secure. And who knows whether  some violent trash talk by a teenage video gamer will trigger an alarm in a government surveillance computer?

 

The sad truth is: When it comes to crime and punishment, even video games aren’t games anymore.

Spy Games – By Michael Peck | Foreign Policy.