Intuit’s effort to stop tax fraud under scrutiny
Intuit’s effort to stop tax fraud under scrutiny
CSI: Cyber Season 1 Episode 1 Recap: Kidnapping 2.0
A recap of season 1 episode 1 of CSI: Cyber TV show.
The episode starts off in Baltimore Maryland at 1:37 am when a couple is awakened from voices coming out of a baby-cam monitor that was apparently hacked and the infant (Caleb Reynolds) kidnapped. It was later discovered the foreign voices were from individuals bidding on the baby in an illegal auction.
This has actually occurred to a Houston Nanny taking care of an infant. The nanny changing a diaper heard an unfamiliar voice come out of the family baby monitor. “That’s a really poopy diaper,”, apparently watching Ashley Stanley, the nanny, and little Samantha.
https://www.yahoo.com/parenting/nanny-freaks-as-baby-monitor-is-hacked-109405425022.html
The scene quickly shifts to Washington, DC where special agent Avery Ryan played by Patricia Arquette is surfing the web and receives an instant message about the Baltimore kidnapping. She meets with her boss Simon Sifter played by Peter MacNicol asking that the case be assigned to her group; Sifter states that the case has already been assigned to major crimes. Avery responds by saying:
Ryan: “Any crime involving electronic devices is by definition, cyber”
At this point Sifter gives in and states he would transfer the case to the cyber team.
In the next scene Agent Elijah Mundo played by James Van Der Beek is introduced while playing a first person shooter video game called “Assassins” which he cleverly use later in the show to make a vital connection with a teenage boy to obtain critical information about the kidnapping. While playing the game Mundo receives a call from Ryan.
Ryan: ”Wake up solider boy, duty calls.”
This also provides some background into Agent Mundo’s character assuming that he is former military personnel. The next scene provides additional information pertaining to Agent Mundo’s character traits as he provides Ryan with updates about to the case as they are walking to join the rest of the team in the Cyber Threat Operation Center (CTOC).
Mundo: “I put Caleb Reynolds’ photo out on the wire, notified TSA, contacted Baltimore PD, it took me a bit, finally got detective Cho on the wire. CSI has already process the parameter, he’s going to hold the rest of the crime scene for us…. So he says. State police highway patrol already mobilized check points already and amber alerts have been issued as well.”
The CTOC is the nerve center equipped with a lot of hi-tech devices; this is where the rest of the team is introduced (Daniel Krumitz played by Charley Koontz and Raven Ramirez played by Hayley Kiyoko) including Brody Nelson a black hat hacker that is working with the team played by Shad Moss aka Bow Wow.
Det. Cho of the Baltimore PD updates the team, when Ryan asked about the status of the baby-cam, Det. Cho stated, “it was unplugged and secured”. Here is where we get a taste of Krumitz personality as he stated
Krumitz: “Unplugged? That’s the quickest way to lost all the data.”
After hearing about the baby-cam being unplugged Ryan states:
Ryan: ”Please treat all hardware including the baby-cam like a dead body. Don’t touch it, don’t move it until we get there.”
Then the team heads to Baltimore
Once in Baltimore Ryan ask Krumitz to team up with Nelson
Krumitz: “What…? You’re sticking me with newbie Nelson?” The guy I busted?
Nelson: “Hey Chubby, keep my name out of your mouth, I’m not your braces”
Ryan: “Enough… Nelson, zip it! Krumitz, game face!”
This scene explained many things about the show and the team dynamics
- How Nelson ended up working on to the team
- Ryan’s role as she will try to keep things on track
- Nelson’s wittiness
- Krumitz being referred to as the best white hat hacker in the world
- And that Nelson would be doing jail time if Ryan didn’t ask the judge to have him work with her.
Ryan: “One mistake federal pen five years…”
In the house Krumitz and Nelson have a small exchange
Nelson: Hey man what’s you problem?
Krumitz: You are my problem man. It is bad enough that Avery heads up the “It takes a hacker to catch a hacker program.” I only support it because she is my boss and I love my job, doesn’t mean I believe in it.
Nelson: Okay, look I don’t want to get in any more trouble than I already am because of you.
Krumitz: Then learn the job, ask questions, listen to intelligent answers.
From here the show takes us through numerous events such as the kidnappers being tracked down, they did not find baby Caleb, but they did find a lot of money in the trunk of the car they were driving. Before the team could interrogate the kidnappers, they were shot by a sniper, which Agent Mundo eventual killed. They were lucky enough to find evidence that led to additional information on locating the whereabouts of baby Caleb.
The show took us thought provoking interviews, holographic autopsy and a few additional shootouts. Every member of the team was able to solve various pieces of the puzzle to help advance the case until they were able to solve the crime at the end and rescue baby Caleb from a submerged car in the lake.
At the end, Nelson asked Ryan why is she helping him. Ryan responded by stating she wanted to help hackers become better people as she had been hacked before when she was a behavioral psychologist. The hacker released all her patient’s files which led to one of them getting killed. Ryan then revealed that after every case she goes to a place where thinks about how she will catch that hacker that stole her files. That place ended up being the Lincoln Memorial and that is how the show ended.
Overall, I think the first episode did a great job in introducing the various characters. I look forward to additional character development and learning more about how each member got to where they are and what they do on their spare time. I do have a bit of a problem with Patricia Arquette’s role; she seems very emotionless and bland. I am hoping that will change over time.
I also think this show can bring many information security, privacy and Internet safety issues we face in real life to the forefront and assist with overall user awareness.
We give this week’s episode a 3 1/2 Orb out of 5.
CSI: Cyber comes every Wednesday night at 10:00 p.m. eastern time on CBS. Follow @SecurityOrb on twitter for live tweets during the show.
Did you see CSI: Cyber, what did you think about it? Please share with us, leave a comment.
The Internet of Toys and Games by @mhbjr for My Security Thoughts
I am a father of two teenage boys. I love my boys. They are one of the main reasons for me to advance making sure they have a safe and secure home. They are also Xbox-heads.
They love that console. I have come to see it as not just a gaming console but as an extension of their social lives. They not only play games with their friends and others but they use it as a communication hub to connect with their friends from school even though they are not engaged in a game. I have watched as one of my sons watched a video on YouTube on his phone while talking with one of his friends about the video over Xbox Live. No game being played just talking.
Now walking away from his room started me thinking about what is going thru that console. My wife and I have learned to give them the throwaway credit stores you buy at the grocery store rather than use our cards. Thanks you Sony. Still the amount of information that is collected such as birthdates and full names for some games is disturbing.
I know that those collecting the information have privacy policies that are supposed to put us at ease. We know that protecting our information overrides any financial incentives that they may have. Plus if there is a breach and the data gets out they will give us free support for a whole year.
Still we are talking about humans under the age of 18 providing information that could hurt them in the future. In addition I feel that our younger children are being targeted to provide detailed information or at the very least being trained to provide the information.
Why do I believe this? Well one recent example is the new Barbie doll that is coming to stores or that may already be on the shelves. It is the ‘Internet Connected Barbie’. It has voice recognition and you or your child can have conversations with it.
See this link: http://abcnews.go.com/Technology/barbie-internet-connected-doll-conversations/story?id=29026245
I am not going to go into the types of hacks that could be done on this toy. Not even the possibility to turn it into a spy device for the paranoid divorced parent that wants to spy on the estranged spouse. Let’s just not go down that road.
I just have to assume that this doll if using voice recognition is tied into some server in a cloud farm. I think that they are storing some of this information.
You might say that want can a pre-teen or younger say to a doll that would have any consequences. I don’t know what they could say. I do know that children have been known to repeat things that they hear at the most inopportune ties. Remember I have two boys and they had an uncanny ability to embarrass my wife and I. We had to watch what we said even if we did not think they could hear.
Now take a small child with an Internet connected toy with voice recognition and you have potential for leakage of information. If I was to be paranoid how long before this Internet connected doll gains the Xbox Kinetic-like ability to do visual recognition of the people and objects in the room.
Will law enforcement now send subpoenas for the audio and video recordings from Barbie? Will Mattel be subjected to National Security Letters?
Thoughts?
CSI: Cyber – A New TV Series about CyberSecurity
CSI: Cyber is the latest CSI spin-off that will premiere today Wednesday, March 4 at 10/9c. The show follows FBI Special Agent Avery Ryan (Patricia Arquette) and her team of investigators, who solve crimes for the Cyber Crime Division in Quantico, Virginia. In addition to Arquette, she is accompanied by James Van Der Beek, Peter MacNicol and Shad Moss aka Bow Wow to name a few of the cast members.
The pilot for CSI: Cyber was first aired on April, 30 2014 in a CSI: Crime Scene Investigation episode titled “Kitty” where they investigated a cyber-related murder of a prominent casino owner’s wife and received help from the FBI’s Cyber Crime Division with Patricia Arquette as a guest star.
Tonight’s first episode of CSI:Cyber is titled “Kidnapping 2.0”, where the FBI’s Cyber Crime Division investigate illegal activities on the Internet. In the opener, the team investigate a case of hacked baby monitors.
Full recap will be available at SecurityOrb.com after the show…
CSI:Cyber Full Cast
STARRING:
Patricia Arquette (Special Agent Avery Ryan)
James Van Der Beek (Agent Elijah Mundo)
Peter MacNicol (Simon Sifter)
Charley Koontz (Daniel Krumitz)
Shad Moss (Brody Nelson)
Hayley Kiyoko (Raven Ramirez)
A List of National Computer Security Incident Response Teams
A Computer Incident Response Team (CIRT) or Computer Security Incident Response Team (CSIRT) is an organization that receives reports of security breaches, conducts analyses of the reports and responds to the senders.
National Computer Security Incident Response Teams
The following CSIRTs have responsibility for an economy or a country.
Argentina (AR) ArCERT Computer Emergency Response Team of the Argentine Public Administration http://www.arcert.gov.ar/ Contact: ArCERT
Austria (AT) CERT.at National Computer Emergency Response Team of Austria http://www.cert.at/index_en.html Contact: CERT.at
Australia (AU) CERT Australia Australia’s National Computer Emergency Response Team http://www.cert.gov.au/ Contact: CERT Australia
Azerbaijan Republic (AZ) CERT.GOV.AZ Azerbaijan Government CERT http://www.cert.gov.az/ Contact: CERT.GOV.AZ
Belgium (BE) CERT.be Belgian National Computer Emergency Response Team http://www.cert.be Contact: CERT.be
Brazil (BR) CERT.br Brazilian National Computer Emergency Response Team http://www.cert.br Contact: CERT.br
Brazil (BR) CTIR Gov Computer Security and Incident Response Team – Brazilian Federal Government http://www.ctir.gov.br/index_en.html Contact: CTIR Gov
Brunei Darussalam (BN) BruCERT Brunei Computer Emergency Response Team http://www.brucert.org.bn/ Contact: BruCERT
Cambodia (KH) CamCERT National Cambodia Computer Emergency Response Team http://www.camcert.gov.kh/ Contact: CamCERT
Canada (CA) CCIRC Canadian Cyber Incident Response Centre http://www.publicsafety.gc.ca/prg/em/ccirc/index-eng.aspx Contact: CCIRC
Chile (CL) CLCERT Chilean Computer Emergency Response Team http://www.clcert.cl Contact: CLCERT
China (CN) CNCERT/CC National Computer Network Emergency Response Technical Team – Coordination Center of China http://www.cert.org.cn/ Contact: CNCERT/CC
Curacao (CW) CARICERT Caribbean CERT http://www.caricert.cw/ Contact: CARICERT
Czech Republic (CZ) CSIRT.cz Computer Security Incident Response Team of the Czech Republic http://www.csirt.cz/ Contact: CSIRT.cz
Denmark (DK) GovCERT.DK Danish GovCERT https://www.govcert.dk Contact: GovCERT.DK
Denmark (DK) DKCERT Danish Computer Emergency Response Team https://www.cert.dk/kontakt/engver.shtml Contact: DKCERT
Estonia (EE) CERT-EE CERT Estonia http://www.cert.ee/ Contact: CERT-EE
European Union (EU) CERT-EU Computer Emergency Response Team European Union http://cert.europa.eu/ Contact: CERT-EU
Finland (FI) CERT-FI Finnish Communications Regulatory Commission http://www.cert.fi/ Contact: CERT-FI
France (FR) CERTA Centre d’Expertise Gouvernemental de Réponse et de Traitement des Attaques informatiques http://www.certa.ssi.gouv.fr/ Contact: CERTA
Germany (DE) CERT-Bund Computer Emergency Response Team für Bundesbehörden http://www.bsi.bund.de/certbund/ Contact: CERT-Bund
Hong Kong (HK) HKCERT Hong Kong Computer Emergency Response Coordination Centre http://www.hkcert.org/ Contact: HKCERT
Hungary (HU) CERT-Hungary CERT-Hungary http://www.cert-hungary.hu/ Contact: CERT-Hungary
Iceland (IS) CERT-IS Computer Emergency Response Team-Iceland http://www.cert.is Contact: CERT-IS
Indonesia (ID) ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure http://idsirtii.or.id/ Contact: ID-SIRTII
Japan (JP) JPCERT/CC Japan Computer Emergency Response Team Coordination Center http://www.jpcert.or.jp/ Contact: JPCERT/CC
Japan (JP) NISC National Information Security Center http://www.nisc.go.jp/eng/index.html Contact: NISC
Latvia (LV) CERT.LV Information Technologies Security Incidents Response Institution http://www.cert.lv/?lang=en Contact: CERT.LV
Lithuania (LT) CERT LT Lithuanian National Computer Emergency Response Team https://www.cert.lt/en/index.html Contact: CERT LT
Luxembourg (LU) CIRCL Computer Incident Response Centre Luxembourg http://www.circl.lu/ Contact: CIRCL
Malaysia (MY) MyCERT Malaysian Computer Emergency Response Team http://www.cybersecurity.my/en// Contact: MyCERT
Mauritius (MU) CERT-MU Mauritian National Computer Security Incident Response Centre http://www.cert-mu.org.mu/ Contact: CERT-MU
Myanmar (MM) mmCERT Myanmar Computer Emergency Response Team http://www.mmcert.org.mm/ Contact: mmCERT
Netherlands (NL) NCSC-NL National Cyber Security Centre-Netherlands https://www.ncsc.nl/ Contact: NCSC-NL
New Zealand (NZ) NCSC National Cyber Security Centre http://www.ncsc.govt.nz/index.html Contact: NCSC
Norway (NO) NorCERT Norwegian Computer Emergency Response Team http://www.cert.no Contact: NorCERT
Oman (OM) Oman National CERT Oman National Computer Emergency Readiness Team http://www.cert.gov.om/ Contact: Oman National CERT
Panama (PA) CSIRT Panama Computer Security Incident Response Team Panama http://www.cert.pa Contact: CSIRT Panama
Peru (PE) PeCERT Peru Computer Emergency Response Team http://www.pecert.gob.pe/ Contact: PeCERT
Philippines (PH) PH-CERT Philippine Computer Emergency Response Team http://www.ph-cert.org/ Contact: PH-CERT
Poland (PL) CERT Polska Computer Emergency Response Team Polska http://www.cert.pl/ Contact: CERT Polska
Portugal (PT) CERT.PT CERT.PT http://www.cert.pt/ Contact: CERT.PT
Qatar (QA) Q-CERT Supreme Council for Information and Communications Technology, ictQATAR http://www.qcert.org Contact: Q-CERT
Republic of Kazakhstan (KZ) KZ-CERT Kazakhstan CERT http://www.kz-cert.kz/ Contact: KZ-CERT
Saudi Arabia (SA) CERT-SA Computer Emergency Response Team – Saudi Arabia http://www.cert.gov.sa/ Contact: CERT-SA
Sri Lanka (LK) Sri Lanka CERT | CC Sri Lanka Computer Emergency Readiness Team | Coordination Centre http://www.cert.gov.lk Contact: Sri Lanka CERT | CC
Singapore (SG) SingCERT Singapore Computer Emergency Response Team http://www.singcert.org.sg/ Contact: SingCERT
Slovakia (SK) CSIRT.SK Computer Security Incident Response Team Slovakia http://www.csirt.gov.sk/ Contact: CSIRT.SK
Slovenia (SI) SI-CERT Slovenian Computer Emergency Response Team http://www.arnes.si/english/si-cert/ Contact: SI-CERT
South Korea (KR) KrCERT/CC CERT Coordination Center Korea http://www.krcert.or.kr/ Contact: KrCERT/CC
Spain (ES) CCN-CERT Cryptology National Center – Computer Security Incident Response Team https://www.ccn-cert.cni.es/ Contact: CCN-CERT
Spain (ES) INTECO-CERT INTECO IT Incident Response Center http://www.inteco.es/rssRead/Seguridad/INTECOCERT Contact: INTECO-CERT
Spain (ES) RedIRIS-CERT Spanish National Research Network Computer Emergency Response Team http://www.rediris.es/ Contact: RedIRIS-CERT
Sweden (SE) CERT-SE The National and Governmental Computer Emergency Response Team of Sweden https://www.cert.se Contact: CERT-SE
Switzerland (CH) SWITCH-CERT Swiss Education and Research Network Computer Emergency Response Team http://www.switch.ch/security/incident-handling/ Contact: SWITCH-CERT
Taiwan (TW) TWNCERT Taiwan National Computer Emergency Response Team http://www.twncert.org.tw/ Contact: TWNCERT
Thailand (TH) ThaiCERT Thai Computer Emergency Response Team http://www.thaicert.or.th/ Contact: ThaiCERT
Tunisia (TN) tunCERT Tunisian Computer Emergency Response Team http://www.ansi.tn/en/about_cert-tcc.htm Contact: tunCERT
Turkey (TR) TR-CERT Turkey Computer Emergency Response Team http://www.bilgiguvenligi.gov.tr/certen/index.php Contact: TR-CERT
Ukraine (UA) CERT-UA Computer Emergency Response Team Ukraine http://www.cert.gov.ua/?lang=eng Contact: CERT-UA
United Arab Emirates (AE) aeCERT The United Arab Emirates Computer Emergency Response Team http://www.aecert.ae/ Contact: aeCERT
United Kingdom (UK) GovCertUK GovCertUK http://www.govcertuk.gov.uk/ Contact: GovCertUK
United Kingdom (UK) CPNI Centre for the Protection of National Infrastructure http://www.cpni.gov.uk/ Contact: CPNI
United States (US) US-CERT United States – Computer Emergency Readiness Team http://www.us-cert.gov Contact: US-CERT
Uruguay (UY) CERTuy Uruguay – CERT http://www.cert.uy Contact: CERTuy
Venezuela (VE) VenCERT National Incident Management Telematics of the Bolivarian Republic of Venezuela http://www.vencert.gob.ve Contact: VenCERT
Viet Nam (VN) VNCERT Viet Nam CERT http://www.vncert.gov.vn/ Contact: VNCERT
Source: www.cert.org
My Security Thoughts – Autonomous Vehicles by @mhbjr
I am going to take a different tack in this posting versus my previous three postings. I will still look at the security implications of technology or service but am going to examine the other affects both positive and negative that these things will have on society as a whole. This writing will look at the following:
Benefits of autonomous vehicles
Economic loss from autonomous vehicles
Security dangers of autonomous vehicles
First let me say what I feel an autonomous vehicle is from my perspective. An autonomous vehicle is a vehicle that is able to drive/navigate without a human being in the control loop. The vehicle is able to recognize both moving and stationary objects while avoiding both and engaging in digital conversation with other autonomous vehicles and navigational aids.
The time frame for when autonomous vehicles will be on the highways and byways is probably not in my lifetime. It is my opinion that the automakers and governments would not want these types of vehicles. I think that we will see them but when is still a big question. Why you ask well that is part of the posting below. One of the main ones is legislation. The auto companies are going to fight this one and they have very deep pockets and are skilled in working our political leadership. In short I will say now that the benefits are for the individual person not for the corporation or government. We all know that if it does not benefit big business or government then the people can kick sand. I digress now let us delve into my thoughts.
Benefits of Autonomous Vehicles: Senior citizens will welcome autonomous vehicles. They will realize that the limitations of age that force them into nursing homes can be reduced by having mobility when still living in their own abode. Numerous seniors are currently living in nursing or assisted living homes because they can no longer drive themselves to doctor’s appointments, grocery stores, and other destinations that they need to accomplish their daily tasks.
Senior citizens will be able to travel greater distances then having to drive the vehicles themselves. The ability to set a destination, say the grandkids house two states away, and take a nice leisurely ride. The vehicle can be set to update the rider’s relatives on their current status and estimated time of arrival.
Senior citizens would not be the only group that could see the advantages of autonomous vehicles. Another group would be families with dual incomes and children without driver’s licenses. The autonomous vehicles could be set to pick up children from school, daycare, etc. and take them back home. Calling for a vehicle and taking them to their respective destinations could accommodate kids with different activities in different locations.
Restaurants and bars may see a significant uptake in income. Autonomous vehicles would allow patrons to drink more which raises the bar tab. The threat of lawsuits due to drunk drivers leaving their establishments would decrease. I say decrease because those of the legal profession will find some other way to sue.
Rental car companies may also benefit with many people now choosing to not own a car or trunk but renting when needed. This just in time rental may be the new business model for Uber. A customer using the new Uber would fire up the app see what vehicle was available call for it as well as enters the destination. If possible at the same time a pick up time could be entered so that the customer would not have to worry about having a vehicle available.
Depending on the business model, companies that do not deliver items on a regular basis could see a decrease in their cost due to not owning any vehicles but utilizing on-demand vehicle services. If the on-demand service offered a variety of types of vehicles other businesses would be able to draw on this inventory at their leisure ensuring that the costs are directly related to the requests of their customers.
Police would prefer autonomous vehicles as well since they could disable the vehicles or if there is a lock-in feature direct the vehicle to an area where the possible loss of life to bystanders would be decreased. In addition thieves would not car jack autonomous vehicles, which is a benefit to everyone.
Economic Loss from Autonomous Vehicles: If one group benefits then another group will suffer a loss. My thoughts are that nursing, assisted living, and retirement homes will see a drop in revenue due to a decrease in the number of residents that are able to live on their own but unable to drive.
In cities a decrease in car ownership may occur which would mean loss sales to car companies. Car companies would see a decrease in that there would only be enough cars on the road that were really needed. Car companies may attempt to compensate by building autonomous vehicles with a limited life span. Thus seeing economic salvation in replacing vehicles with increased frequency.
State and local governments would see a decrease in revenue from ticketing. The number of speeding, red light running, parking, and other traffic violations would decrease since the programming of autonomous vehicles incorporates obeying traffic laws. I would assume that the politicians would compensate for this loss of revenue by raising taxes in other areas.
Though police would see benefits from the populace using autonomous vehicles, there may be a loss to the police in the seizures of cars if the criminal element does not own the same number of vehicles. Chop shops would see a reduction inventory available for their purposes. The autonomous vehicles would be heavily connected to the net making tracking easier and giving instant warning when a vehicle was moved without prior authorization.
Dangers from Autonomous Vehicles: When you have a vehicle that is basically a node on the Internet. Tracking of the vehicle and its connection to other vehicles presents the possibility of true compromise of the vehicles control. Deliberately disabling the braking system is already a possibility on cars today. The link below is from a report that shows some of the possible dangers for today that can be extrapolated for the future.
http://threatpost.com/markey-car-security-report-just-the-start-for-automakers/110962
Autonomous vehicles may be subject to both local and remote attacks. A remote attack on an autonomous vehicle could mean that the attacker could launch the attack from an Internet café.
Information from the vehicle could be used by a stalker to plan the optimum time to strike their victim. In the near future individuals may use the car systems to not only locate a restaurant but also make reservations and pay for parking in advance.
The FBI has a report that shows their fears from autonomous vehicles: http://www.theguardian.com/technology/2014/jul/16/google-fbi-driverless-cars-leathal-weapons-autonomous
The number of access points in an autonomous vehicle would be large. Automakers adequately securing all these points are unlikely. We have seen today how slow these companies are in making changes or recalling cars in the name of safety.
http://covisintblogs.com/autonomous-vehicles-what-are-the-security-risks/
I could go on with in greater detail of the security risks but I will save that for another posting.
In closing do you or would you feel safe in an autonomous vehicle?
