Slashdot Mirror

I filed a complaint a few days ago because some asshat tried to be cute with a dick pic of two men who bear a remarkable resembelance to me having sex. The dick pic by itself was nothing. Putting my name and URL was something else.

https://www.ic3.gov/

Your iCloud account got hacked too???

I filed a complaint a few days ago because some asshat tried to be cute with a dick pic of two men who bear a remarkable resembelance to me having sex. The dick pic by itself was nothing. Putting my name and URL was something else.

https://www.ic3.gov/

Honest question - what sort of crime do you imagine that this is? What statute, exactly, would give the FBI jurisdiction?

Copyright infringement and revenge porn.

[...] it might even make you SUPER mad...

I'm not mad. As a content creator, I have to protect my copyrights or risk losing them.

[...] but how does the FBI get involved?

FBI Internet Crime Complaint Center
https://www.ic3.gov/

http://www.cbsnews.com/news/ca...

In a dramatic demonstration, he and his colleagues use a laptop computer to hack into a car being driven by Stahl. Much to her surprise, they were able to take control of many of the car's functions, including the braking and acceleration.

Yeah that's, like, very credible. (Have you actually bothered to read the full thing?).

http://www.cnbc.com/2015/07/22...

In a controlled test, they turned on the Jeep Cherokee's radio and activated other inessential features before rewriting code embedded in the entertainment system hardware to issue commands through the internal network to steering, brakes and the engine.

Translation: their commands were ignored or didn't even reach the intended systems. If they had actually managed to "disable the brakes", they'd probably mention it in a bit more than a vague subsentence like that.

http://www.infoworld.com/artic...

They also cause the steering wheel to jerk around by making the car think it's in reverse and activating the auto-park feature, and thanks to their hacks, the car's brake pedal ceased to work entirely.

Translation (if honest): at very low speeds, we can actually disable the brake pedal.
Color me impressed. I'm glad that car wouldn't be allowed on EU roads.

In fact, Valasek and Miller ask Greenberg to turn off the car after their speedometer prank, most likely to head off the car deploying its airbag when its speed drops rapidly from 199mph to the actual number, which the car would interpret as a crash.

That's a wild, and wrong, guess. That's not how airbags deploy.

http://www.cnn.com/videos/tech...

I honestly tried to watch the video but it's unclear which of the few dozens 3rd party javascripts to allow for it to actually play.

https://www.washingtonpost.com...

Not only does the computer weakness allow hackers to manipulate the locks and turn off the engine, it also enables them to cut the brakes. They can even take over the steering wheel if the car is in reverse

That sounds like the paragraph above re-digested.

https://www.ic3.gov/media/2016...

[disabling the brakes at low speed only] (paraphrased)

Meh.

Well, at least I have learned that American cars may actually have brake-by-wire, fair enough. In the developed world, there are safety requirements, like a redundant physical link between the brake pedal and the actual brakes, that has to work regardless of failure of one of the brake-supporting systems.

Oh, and one more for you. Direct from NHTSA...
https://www.ic3.gov/media/2016...

So this article links to a story here, and on the very same page, NHTSA links to the remote exploits story below. Someone there needs to connect the dots.

https://www.nhtsa.gov/press-re...

Motor Vehicles Increasingly Vulnerable to Remote Exploits
https://www.ic3.gov/media/2016...

I buy games through bundles and one says unequivocally that PayPal has the lowest fees, but they use a separate processor for credit cards. eBay still uses only PayPal, despite them being split up into two separate companies again. I used to have a Google Wallet account to use a credit card, but they've discontinued the credit card feature, and recommended Simple.com. I've taken to having PayPal pulling money from my Simple.com account, the first time I've been having things work that way. I was sick in the hospital and PayPal effectively floated me about a $16 0% perpetual loan because of Netflix and Hulu. By the way, if you are in the hospital and automatic withdrawals make you go into overdraft, many banks/credit unions will refund you overdraft fees if you tell them you were in the hospital. PayPal has what I consider a stupid withdraw from bank account but don't withdraw until certain terms are met but the money apparently appears in the seller's account on time feature. There was an invalid withdrawal made from my account and I reported it at http://www.ic3.gov/complaint/d... and PayPal put the money back. Once they've made a decision you can actually appeal it, though they don't make that clear. I'm just not seeing most of the things that people are making complaints about PayPal.

I know others have said it, but, here is a link: https://www.ic3.gov/default.as... Going to law enforcement with the issue, should be a decent shield from prosecution. IANAL, so take this with a big grain of salt. So, maybe talk to a lawyer and ask them to file the complaint.

How about actually looking at the article and finding out the who IC3 is?

http://www.ic3.gov/default.aspx

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

Did some one get over excited thinking they were being clever?

It's easy to laugh and feel superior that a small percentage of people fall for these scams, but what isn't funny is that the people falling for it are mostly senior citizens. Just yesterday my mother-in-law brought me the phone and told me, "It's somebody from Microsoft! They say our computer is infected with a virus!"

I answered the phone and somebody with an Indian accent told me his name was "Todd Moody" and that our computer was sending error messages to Microsoft. Curious about the scam, I let him walk me through opening the application error log and trying to delete some errors from it, to which he exlaimed, "Oh no sir! You cannot delete the errors! This is very very bad! You have a very dangerous trojan virus on your computer!"

If I hadn't been there, my mother-in-law would have handed over her credit card information no questions asked. In fact, my father-in-law had done this in the past. One day I'm going to be a senior citizen and my bullshit detector is going to stop working like it does for everyone else. The Federal Government should be putting a stop to this predatory scumbaggery with extreme prejudice.

When you see this crap, do your civic duty and report it.

The warning issued by the Internet Crime Complaint Center, which has some sort of hard to describe relationship with the FBI, is completely useless to any small business that would be susceptible to this attack. The only thing that they could get from the warning is to use virus scanner for all attachments to emails. No additional information that a small business might find useful is conveyed. Further, virus scanners are a) never going to catch the newest Trojans or other malicious software, and b) unlikely to be installed as a result of this warning. Any small business that knows about the IC3 and their warnings will be using up to date email security practices. Those that don't use up to date email security practices are unlikely to know about the IC3 and their warnings. This is a highly ineffective "warning" or "note" as the IC3 describes it.

The coined term "cyberwar" is an abstraction. Like all abstractions, it's an imperfect model of a much more complex reality. It would be foolish to believe that capable nation states would not conduct surveillance and reconnaissance, and when conditions are favorable, offensive operations, and therefore defensive as well, in cyber-space as one would in any other physical medium (not that cyber-space is not physical -- it is). The same is true for criminality, organized certainly, but not exclusively, by demonstration, for example, here: http://www.ic3.gov/media/default.aspx. Why would one expect otherwise where there are risks and rewards in favorable ratios? So, offensive and defensive cyber-warfare is one very likely potential, if not an ongoing and evolving reality. So is cyber-crime. So are script kiddies. So are average people behaving typically well, badly, and all points in between in a complex environment. For policy makers, the challenge is in changing the risk to reward ratio. So, what is bullshit? Depends on your bullshit criteria and thresholds, I suppose.

He can report this attempted crime to the FBI Cybercrime office and they will take care of everything!

It's good to see something involving Romania and security that's positive for a change. Wait, do we know where the authors of Conficker came from? Hmmmm...

Look, I know editors are sloppy here but honestly...how hard is it to identify the correct agency who issued the alert?

It's not the FBI, you dolts.

It's the IC3 -- which is a "partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C)"

For a tech site, "close" is not good enough. Details matter.

That vulnerability 'basically allowed you to take over the account of one individual,' he said. ... However, the attack described by the FBI would be extremely hard to pull off , Todd said.

Oh it's difficult! (^_^) Good, then it probably wont be exploited.

Oh...

The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software.

People who have never used e-mail are going to be far more susceptible to scams that those who have used e-mail have become well aware of and learned to ignore.

• FBI NATIONAL COMPUTER CRIME SQUAD (May be outdated)
• FBI Tampa Cyber Crime squad (you may have your own local version of this)
• Internet Crime Complaint Center (IC3)
• CERT
• Forum for Incident Response and Security Teams
• Swedish IT incident Center (sitic at pts dot se)

So if we really want to avoid having the police hunt us for petty crimes of downloading files - give them something real. :-)

You actually think they will care or even have the knowledge and know-how to do anything about it? There is, however, the Internet Crime Complaint Center and here just down the street from me (10 min).

1) Don't contribute to the problem. Attacking botrunners directly, or vigilante action doesn't help, and may actually be harmful - by teaching them how to build better drones. See http://fm.vix.com/internet/security/superbugs.html

2) As for US gov't agencies, if you or the attacker seem to be in the US, http://www.ic3.gov/ is likely to be interested. http://www.cert.org/csirts/national/contact.html can also put you in touch with nationial computer security incident response teams, who will also be interested (you only need to contact the one local to you, please don't shotgun complaints to all of them.)

3) As for private companies and research organizations, if the bot isn't already clearly and specifically detected by antivirus, report it to them, following their reporting guidelines. Shadowserver (http://www.shadowserver.org) seems to be interested in researching and gathering intelligence on botnets also.

According to 2005 FBI Internet Crime Report, almost all surveyed companies used antivirus, antispyware, firewalls and antispam software. The article also says that many victims in this case were as well. I have also had a Win2K box compromised that was very well protected; malware detectors and updates do not work against new exploits. I generally run Linux and Mac systems, and, although there are many fewer threats, I have them protected to the nines. In this case, as others mention, it is the human element: innocent looking attachments are sent from trusted individuals. This is a very good case for PGP and other systems, not to mention rampant paranoia when receiving any attachment.

If these sites do wind up phishing sites, at least sedo.com will know who owns them. So what you do is to contact the Internet Crime Complaint Center. Give them the address of the phishing site - and be sure to let them know that sedo.com sold them the domain, so they'll have the customer contact info.

The link is here: http://www.ic3.gov/

Obviously the FBI don't watch "The Bill". IC3 is the abbreviation used by London police for a black person (e.g. "IC3 male").

Do they call the Terrorism Complaint Center www.ic6.gov?

805 is Bakersfield, California, USA. You're charged whatever your long distance carrier feels like. If you go to the FBI website, you'll find that there's a link to file an Internet crime complaint. The link is here: http://www.ic3.gov/

If you have received an email threat please take the time to fill out a complaint at the Internet Crime Complaint Center. The threats are a crime whether they are personal or to a business address. I also have a friend that is contacting someone at the U.S. Atty's office here. It may seem futile but spammers get sloppy sometimes and they have been sent to prison before.

You could always report it to CERT (US Computer Emergency Readiness Team) or the FBI's Internet Crime Complaint Center.

In the US, the FBI is interested in Computer Intrusion. See their website to report criminal activity on your computer.

...you can report Sony's illegal acts here!