interested in joining corrections.com authors network, email us for more information.

Archive

Posts Tagged ‘cybercrime’

Cyber-risk: Can Corrections Get it Right?

May 9th, 2017

Computers and corrections (in the community and behind the walls),  is really getting some headlines recently. The thread that appears to running these stories is “risk.” Is there a risk with offenders and computers and if there, is how do we manage it? Let’s start with the case that is currently before the U.S. Supreme Court, Packingham v. North Carolina.

Lester Gerard Packingham Jr., a  convicted North Carolina sex offender, who was no longer under any form of supervision, posted a message “”G-d is Good” on Facebook after a traffic citation was dismissed. Problem is in North Carolina all sex offenders are prohibited from accessing social media.  His conviction has been appealed all the way to the Supreme Court.  A decision is likely this month. The question is can a sex offender, even after he has served all of his sentence, be prohibited for using social media? Does their risk trump the Constitution?

The next story comes from New Jersey. A sex offender on lifetime supervision was completed barred from accessing the Internet by his parole officer. It is unclear if the officer had tried monitoring/filtering and/or periodically computer searches before imposing the complete prohbition.The New Jersey Supreme Court struck down the condition noting that:

access to the internet is a basic need because most job seekers these days need it to find and obtain work.”

Gee, I wonder how the U.S. Supreme Court will rule in imposing Internet restrictions on sex offenders who completed their sentence (I am betting it gets struck down). Now the next two stories represent that even prisons can not stop offenders from accessing the Internet. In the first case, federal sex offenders, in custody, swapped child pornography using smuggled cellphones and data cards. Apparently, they were in a low-security prison, where they were able to work in tandem, to defeat staff’s supervision of them.

In the next story Ohio inmates built their own computer and used the prison’s Internet access to download hacking programs and carry out identity theft. Apparently, some of the inmates were part of a detail working on disassembled computers for a contractor. Unfortunately, they were not supervised and were able to build their system. They also were able to connect to the prison network and to power, all undetected.  The last two examples are cases where offenders, presumedly under a much higher level of supervision were still able to find a way to get connected. It appears corrections staff underestimated their “risk.”

Corrections appears to have trouble understanding risk when it comes to computers. They either overstate it or understate. I recently got forwarded a request from a corrections professional asking how to teach high risk offenders Internet safety because they were posting inappropriate things online and getting in trouble. I took this to be a request of “can we teach felons to lock up their social media profiles so they stop getting in trouble, particularly with their supervision officers?” Really? Is that what we want, high risk offenders who can’t be monitored online? I think not.

There is a fine line that many in corrections can’t seem to grasp in managing cyber-risk. They either go over board, such as with complete bans, which aren’’t always upheld, or they go the other way and ignore the risk. We need to get this right and soon. I have been absent from this column for too long and maybe, just maybe, I need to resume writing about these issues. On that note, I left a cigar lit somewhere. Be safe out there!

Uncategorized , , , , ,

Felony Arrest Not Key to Hacking Success

April 14th, 2015

Well, it has been quite a while since I put some random thoughts down in this forum. My apologizes to corrections.com and those of you who might have found my “pebbles of wisdom” of interest over the years.  (Yes, I know it is pearls, but that would be a bit vain of me wouldn’t it?)  Recent events have caused me to draw some parallels for those hacker wantabees out there and those who must deal with them when they are caught.

About a month ago the Fortune article 6 Notorious Hackers and Their Second Careers caught my eye.  I have been aware for years that two of the noted hackers in this article, notably Kevin Mitnick and Kevin Poulsen, had turned their life in a law abiding direction. For those who work in corrections this is a confirmation that individuals can and do turn away from a life of crime. Not that they need my praise, but well done to both of them.

The second event that occurred was the recent arrest of Pasco County, Florida teen for allegedly hacking into his school’s computer network to engage in an prank. This event was followed by an opinion piece by Robby Soave, staff editor at Reason.com. He notes in part:

Treating every small infraction of school rules as a crime requiring police involvement is a waste of time and public resources. And it’s bad for the kids. (Juvenile Name)  might not be able to return to school; will he learn anything from this experience? Will he become a more mature teen? Or will his life become immeasurably worse because officials went to DEFCON 1 over almost nothing?”

I agree with Soave that this youth doesn’t need to go to juvenile prison. However, I don’t agree that his conduct should just be ignored.  I also don’t believe the media is doing any service to this juvenile or other “wantabees” by glorifying his conduct.  This got me thinking about the old mindset that if one could hack one could become famous and get hired by some big tech company.   What are the odds that this juvenile who is being elevated to somewhat “star” status by the media might turn out to be another famous (infamous) hacker? Let’s take for a moment our two reformed hackers as examples.

Both Mitnick and Pouslen were jailed/convicted in around 1995/1996. During those years the U.S. Department of Justice charged between 43-45 defendants for computer fraud. So a rough estimate is that 4% to 5% of the “hacker” class of 1995/1996, made it “big.”

Let’s put that in comparison to sports, particularly at this time of seniors getting ready to graduate and go to college. Stats compiled by the NCAA reflect that 6.9% percent of the high schools who played baseball in high school went on to play in college.  For high school football players the percentage is 6.5%.  So the odds of playing college sports are better than making it big as a hacker. But wait, who cares about college … what about professionals?  The percentage of baseball and football college players who are were drafted professionally is 8.6% ( MLB) and 1.6%  ( NFL) respectively.  Obviously, this means less high school graduates make it to the big leagues.

Now I know many of you are like wow. You have a better chance of making it big as a hacker compared to playing professionally sports, provided of course you have “talent.” But not so fast Mister Matrix! The percentage I used for the hacker class is only federal convictions. There were countless convictions occurring at the state level, even in 1995/1995, which significantly reduce those “success”stats.

One also should point out that both Mitnick and Pouslen had to serve long periods of incarceration and later time on supervision. Mitnick in particular had computer restrictions that would make daily life today almost impossible.  Finally, it took both Mitnick and Pouslen a significant amount of time and energy to get where they are today.  Was prison and felon status a better first option than going to college and obtaining employment?  I would say no but they may answer otherwise. In the end, we have to treat cybercrime as any other crime. It is not a resume builder for the vast majority of individuals.  On that note, take care as I left a cigar lit somewhere.

Uncategorized , , , ,

Back to Tor, Silk Road and Bitcoins

March 4th, 2014

It was a few months back when I first introduced the terms, Tor, Silk Road, and Bitcoins on this forum. Those of you who read my piece recall that drugs were being sold on an underground website located on the Tor network called Silk Road. The currency for this underground website was bitcoins, a digital cyptocurrency.  I know. It sounds like the start of a bad science fiction movie but it is all true. Quite a bit has happened since that piece was written which warrants revisiting.

 At approximately the same time I introduced the above,  law enforcement appeared to be on a Tor offensive, with Silk Road’s allegedly leader, Ross Ulbricht, aka, Dread Pirate Roberts (DPR) and several of his alleged co-conspirators arrested and the offending site shut down.  Additionally, arrests related to illegal guns sales were also made on another Tor site, called BlackMarket Reloaded, which by the way also sells drugs.  But the online drug dealers were not through and launched Silk Road 2.0.  Much to their surprise they found that law enforcement was up to the task and two moderators of Silk Road 2.0, who apparently were also involved in the original site, were arrested. It came out last month that Silk Road 2.0, unlike its predecessor, apparently had its assets stolen by hackers as opposed to being seized by law enforcement.  

The assets stolen, specifically bitcoins, have also had their ups and downs. When I first mentioned them they were going for about $135 a piece.  Early last month they were going for about $800 a piece, only to drop these past few weeks to about $500 a piece. The reasons for this wide price fluctuation are varied but include: the seizure of Silk Road bitcoins, China imposing restrictions on their use, and more recently  the public exposure of a bitcoin flaw, transaction malleability. Okay, your head is now officially spinning. Transaction malleability, is that like a trans warp, anti-matter drive used on a starship? Trust me it is not and I promise I will stop using “geek” terms.

Here is something that is not so geek for you to wrap your mind around.   An Australian online study involving 9,470 drug using respondents, in three countries (United States, United Kingdom, and Australia) was completed at the end of 2012. Silk Road goods were part of the survey questions. To put this in perspective, Silk Road was only about a year old in 2012. The results of this study were published in the journal,  Addiction.   According to a news report on this study:

  • 18% of American drug users had used Silk Road “products.” 
  • Over  three-quarters of the respondents indicated they used Silk Road because it had better-quality of drugs.
  • Depending upon the country, between 53 and 60 percent bought MDMA, while 35 and 51 percent bought marijuana.

I know this study may be considered skewed because it was an online study, meaning non-online drug users would not be included. But think about it for a moment. After only a year being on the cyber-space corner, 18% of U.S. online drug users had experienced Silk Road products. I am no business major but 18% from nothing in a year seems pretty impressive to me.

So what does this all mean to those of us in corrections? I think it reiterates what I noted in 2011, namely that drug use and sales are going online.  We now have large scale sites dealing drugs and a significant number of users consuming drugs obtained online. Users are noting they are buying online based upon quality. What trends can we expect?  Stopping drug usage in your own community is one thing. When the entire world becomes an illicit supply chain the task  becomes much more difficult to control. We are likley to see more users getting their supply, at least in part, from online sources.  I also think if  Tor becomes much more user friendly on cell phones we will likely see more underground drug purchases made through cell phones. It can be currently run on an Android phones but it ain’t pretty. Android phones by the way can be used to hold a bitcoin wallet,  the currency of choice in this underground market place. Instead of looking at an offender with a wad of bills, we may need to start looking at cell phones with bitcoin wallets. On that thought, I left a cigar lit somewhere. Be safe out there in the real world and in cyberspace.

Uncategorized , , , , , , , ,

Investigating Internet Crimes: A Crimcast Interview

February 8th, 2014
On February 7, 2014, Crimcast interviewed me about Internet crime and my new book, Investigating Internet Crime: An Introduction to Solving Crimes in Cyberspace, co-written with Todd G. Shipley.  Click here to access the interview.  (And by the way thanks to Crimcast for the interview!)

Uncategorized , ,

Thank You American Probation and Parole Association!

December 18th, 2012

I got notified today that the American Probation and Parole Association is giving me the 2013 Sam Houston University Award. This award is presented to an individual who has published an article concerning probation, parole or community corrections, which provides new information and insight into the operation, effectiveness or future of the community corrections profession. They noted… “Not only have you published an article, you have been prolific in the number of articles you have published.” Most if not all of the stuff I have written this year has been on cybercrime. It has been a good day!

Uncategorized , , ,