Hacker Teaches iPhone Forensics To Police

Ponca City, We love you writes "The Mercury News reports that former hacker Jonathan Zdziarski has been tapped by law-enforcement agencies nationwide to teach them just how much information is stored in iPhones — and how to get it. 'These devices are people's companions today,' says Zdziarski. 'They're not mobile phones anymore. They organize people's lives. And if you're doing something criminal, something about it is probably going to go through that phone.' For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime."

iPhone secret screenshots?

[cloricus]

"For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it." - TFS What?

Re:iPhone secret screenshots?

[Ethanol-fueled]

Haw. If you're gonna rob a bank or burglarize a home, why not do it in style?

Envision a crook trying to scream at the clerk to empty out the register while pausing to say, "Hold up, I gotta take this call..." Or instructing his getaway driver, "Turn left here....um, right here...oh, Mike just broke up with Jen...turn left here, exit 95..."

Compartmentalize, crooks. Compartmentalize.

Re:iPhone secret screenshots?

[auntieNeo]

"For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it." - TFS What?

I'm guessing it does that because when it opens it wants to look just as spiffy as it looked when the user closed it, and it can't do that if it has to re-render the map from scratch.

Re:iPhone secret screenshots?

[PNutts]

This is for the animation of screens opening and closing. This news is about two years old. It doesn't specifically call out the iPhone model so it may not apply to the newer ones with hardware encryption unless the book's been updated since 2008.

Re:iPhone secret screenshots?

[Graff]

"For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it." - TFS What?

It's called caching. When an iPhone application switches to another application it can quickly store an image of the app's current state. When the user switches back it displays that image while the real view is being built. That way the user gets an immediate view of the last state of the app rather than having to wait around for that state to be re-built.

Your desktop computer's web browser (and many other programs and devices) does the same thing, it stores data for quick access and responsiveness. You'd be surprised at just how many devices use this technique, the iPhone is far from the only device to cache data.

It's a smart technique but yeah, if you're committing crimes then too bad for you. I'd suggest that maybe you shouldn't be using ANY electronic device during a crime that you don't completely understand what data it sends and stores and how to deal with it before it becomes evidence.

Re:iPhone secret screenshots?

[icebike]

Exactly. It has only ONE image, the last one.
Not a history of images. Open your map tap the Locate icon when at home or any other common place, and problem solved.

Besides, everyone who watches TV knows you use a untraceable "burner" phone, right?

Sun Glasses....
Yeaaaaaaaahhhh!

Re:iPhone secret screenshots?

[clone53421]

Exactly. It has only ONE image, the last one.
Not a history of images.

You’re quite sure of that? Even assuming it does purge the old image files when it saves a new one – the old screenshots can’t be undeleted?

Re:iPhone secret screenshots?

[Hognoxious]

[CSI] Restore previous. Zoom. Enhance. [/]

Re:iPhone secret screenshots?

[Aeternitas827]

Besides, everyone who watches TV knows you use a untraceable "burner" phone, right?

Street cred. If your phone ain't blang you ain't da realz shizzle for shizzle, dizzle, yo.

Translation: There's a segment of the criminal populace that are more worried about being in-style while doing their thing, than getting away with it. So what if a big guy whose name might be Bubba takes a few liberties in the communal shower? At least I carjacked Joe Schmoe with an iPhone in the pocket that hovers between my knee and calf, depending on when I hitched my pants up last.

Re:iPhone secret screenshots?

[Aeternitas827]

how to deal with it before it becomes evidence.

Detonation or thermite. Pretty easy solution if you must be encumbered by an electronic device.

Personally, I like the Thermite, because it's fun to watch...but not always practical.

Re:iPhone secret screenshots?

[MrCrassic]

Well, the thing to remember is that physical access = game over. Without exploits or clearly open holes (i.e. jailbreakers opening SSH and forgetting to change the root password), it's pretty hard to gain access to an iPhone or Android device by default. Unless the phone is encrypted (very unlikely), most of the juicy bits are very easy to get and extract after physical possession (e.g. one can still browse the flash RAM on an iPhone even if it has a PIN lock, which is one of the reasons why it's not very helpful).

I'm not a security expert, but I think it's much easier to gain access to sensitive information by way of social engineering or dictionary attacks (everyone hates passwords or being too paranoid about stuff).

Re:iPhone secret screenshots?

[BasilBrush]

You're both right. It only keeps one image - it's called Default.png. Yet it's possible multiple versions could be retrieved if the file's data blocks on the flash disk have not yet been overwritten by another file.

Point is: iPhone is doing nothing nefarious, secretive or underhand, as some here would love to imagine. Yet forensics could discover more than a person might first imagine.

Re:iPhone secret screenshots?

[bcmm]

It doesn't specifically call out the iPhone model so it may not apply to the newer ones with hardware encryption unless the book's been updated since 2008.

If the key is stored on the same device as the encrypted data, the encryption is a particularly funny instance of security through obscurity.

The only other options are to have the user memorise a key, which will practically inevitably be far too short, use around some kind of separate authentication device, or having the user memorise a password that is used to retrieve the key from some kind of authentication server (which could make a shorter password safer by limiting attempts). However, my money is on the key being stored on the device.

/me googles it

Heh.

(This reminds me of this photo, which I found on Bruce Shneier's blog).

Re:iPhone secret screenshots?

[w0mprat]

Crook: "Hold up, I gotta take this call..." *answers*... "Hello? I can't hear you you're breaking up. HELLO?"

Clerk: "You're not holding it right.. here let me show you"

Re:iPhone secret screenshots?

[w0mprat]

"For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it." - TFS What?

It's called caching. When an iPhone application switches to another application it can quickly store an image of the app's current state. When the user switches back it displays that image while the real view is being built. That way the user gets an immediate view of the last state of the app rather than having to wait around for that state to be re-built.

Your desktop computer's web browser (and many other programs and devices) does the same thing, it stores data for quick access and responsiveness. You'd be surprised at just how many devices use this technique, the iPhone is far from the only device to cache data.

It's a smart technique but yeah, if you're committing crimes then too bad for you. I'd suggest that maybe you shouldn't be using ANY electronic device during a crime that you don't completely understand what data it sends and stores and how to deal with it before it becomes evidence.

Yes I would be surprised how many devices use that technique, and I don't think it's that defensible. It's a obvious security/privacy problem.

As far as I'm aware most browsers don't do this, and certainly not cache screendumps to permanent storage, with the exception of Opera and Chrome's "Speed Dial" feature requiring a thumbnail of the page.

A smart technique? It's a bit cheeky, but then such tricks are frequently used to fake responsiveness in UIs. Aside from the benefits of 'cheating', it's quite simply a security hole - a screenshot of many apps could reveal personal information that's not otherwise easily available (Examples: browser history would be easily extractable, contents of my gmail not so much).

Re:iPhone secret screenshots?

[BasilBrush]

It's not an early morning and a lack of coffee that's not allowing you to explain yourself. It's the fact that you are voicing your hatred rather than a rational viewpoint. There absolutely nothing related to a walled garden here. It's a cache, pure and simple, and it's documented. Even free software uses caches.

Re:iPhone secret screenshots?

[hitmark]

yep, and i suspect the iphone do many such tricks to look more responsive and fast working then it actually is.

Like say using still images in transitions rather then rendering every icon or ui element.

Re:iPhone secret screenshots?

[Spy+der+Mann]

Ah, but first time criminals aren't aware of the situation. It's those that are easiest to catch. And the police better do it before they become SERIAL criminals.

On the other hand, iPhone storing screenshots of the GPS indicating where you've been... it's outright creepy. Orwell was right, man.

Re:iPhone secret screenshots?

[Abcd1234]

As far as I'm aware most browsers don't do this, and certainly not cache screendumps to permanent storage, with the exception of Opera and Chrome's "Speed Dial" feature requiring a thumbnail of the page.

Why would they? They cache *the entire page contents, including a pre-rendered DOM*.

Seriously, if you're worried about little screenshots in your iPhone, your PC is probably a *far FAR* bigger problem for you.

Re:iPhone secret screenshots?

[morari]

Smart people don't use them anyway, for anything. ;)

Re:iPhone secret screenshots?

[BrokenHalo]

Clerk: "You're not holding it right.. here let me show you"

Exactly. When a felon's engaged in his gainful employment, he doesn't need to be browsing Facebook on his iPhone. A cheap Nokia burner-phone should be sufficient. It's just a matter of paying attention to the job in hand. If he doesn't, then he deserves to get caught.

Re:iPhone secret screenshots?

[Jeremi]

Detonation or thermite. Pretty easy solution if you must be encumbered by an electronic device

Of course, to do that you have to carry explosives around with you (or hide them somewhere). And if the police find those, now they think they have evidence that you're a terrorist. Probably not an improvement in your legal position.

Re:iPhone secret screenshots?

[Jeremi]

If he doesn't, then he deserves to get caught.

He deserves to get caught in any case, because he's a f*cking criminal.

Re:iPhone secret screenshots?

[trentblase]

That may work for data it stores, but what about data it sends? Of course, an elite hacker can make a remote computer blow up by sending a few choice lines of code over the network.

Re:iPhone secret screenshots?

[shermo]

This is an example pretty much taken straight from the 'don't talk to the police' video that always gets linked in these threads.

Scenario:

Guy gets interrogated. Guy in good faith says 'Well, I'm not sure where I was 3 weeks ago at 6pm. I guess I would have just got home at that time like I always do. Yeah, I guess so, I would have been at home".

Woops, guy actually left work late that day and was still in town at 6pm, iPhone pinpoints his location and guy is caught out in a lie. Guy looks like he's hiding something, and nothing he says will be trusted by anyone.

Of course this isn't specific to the iPhone, and is more an example of why you really shouldn't talk to the police. No, really.

Re:iPhone secret screenshots?

[ekhben]

See the iOS Programming Guide information for details. The second last bullet point in the transition guide that, of course, every developer read before rebuilding for iOS 4.0 is:

Remove sensitive information from views before moving to the background. When an application transitions to the background, the system takes a snapshot of the application's main window, which it then presents briefly when transitioning your application back to the foreground. Before returning from your applicationDidEnterBackground: method, you should hide or obscure passwords and other sensitive personal information that might be captured as part of the snapshot.

I guess whatever map you were looking at doesn't count as sensitive personal information. Sounds like there's a market opportunity for iThief - obscures your maps so the cops don't know where you picked your kids up from last week when they catch you in the vicinity of a crime via cell tower triangulation!

Re:iPhone secret screenshots?

[Sparr0]

Storing screenshots to trick the user into think the phone is faster than it really is is secretive, nefarious, and underhanded. I said as much when the feature was first revealed, and I stand by it.

Re:iPhone secret screenshots?

[BasilBrush]

However much you want to stand by your opinion, it's an uninformed one.

Symbian OS was doing exactly this under it's original Epoc32 name back in 1997. It's purely about producing a better user experience.

Application startup takes a non-insignificant time on any platform. For any significant application, by the time the application is fully loaded and able to fully draw it's usual view, the user will have started worrying that they hadn't clicked properly on the application icon. So you have to display something. Likely choices are:

1) A progress bar or a progress wheel, often over a dimmed version of the app launch shell.
2) A splash screen with app specific graphics and text.
3) A first draft approximation of how the initial fully drawn screen will look.

1. is simple and does give the idea that the application start was successful, and the application will become available. The downsides are that it leaves the user context in the app launch screen, and emphasises the passing of time.

2. is loved by marketers but hated by users. If it disappears as soon as the underlying application is fully loaded it may go whilst the user is halfway though reading it. If it has a minimum display time, it may be slowing the user down, consuming time that could be used with the actual app. Whatever, splash screens become ever more contemptible the more often you see them.

3. moves the users head space immediately into that of the app. It doesn't emphasise the passing of time, and doesn't add irrelevant stuff to read or view, nor become contemptible. It doesn't jar by changing the screen completely, moments after the user has launched the app.

If you do user testing of these 3 approaches, users will always prefer the latter. To not give them it because some sort of misguided sense of intellectual honesty would be stupid.

The iPhone platform actually gives a choice of either 2 or 3. It just displays whatever is in Default.png. That could be a splash screen, or it could be a first draft of the app UI. The UI recommendation is (quite rightly) to do 3. Most commonly that is done with an image that doesn't contain any data, but just the outline of a table and a toolbar, or whatever the UI is. But with a mapping app, there is little in the way of common UI framework to display. A map without specific data is just an empty screen. So the only way to create a reasonable first draft is to display an actual map. And the most obvious and least jarring map to display is the same one as was there when the app closed. The same one that will be there when the app fully starts and redraws it's screen. And the way to achieve that is a snapshot before the app closes.

 

Re:iPhone secret screenshots?

[BasilBrush]

On the other hand, iPhone storing screenshots of the GPS indicating where you've been... it's outright creepy.

Garmin Nuvi, possibly the most popular sat-navs in the world. Press Tools>Settings>Map>Trip Log>Show

It will show you a trail on the map of everywhere you have been with the sat-nav for the last few days. You can clear that trail out with a command, and you can switch off the display of it. But you can't stop the sat-nav from collecting it.

Saving a single position, the last time you closed the app is hardly 1984 by comparison.

Re:iPhone secret screenshots?

[Sparr0]

4) Start the application in the background or minimized, with an indicator on a status/task bar of some sort showing when it is ready to be used

5) Start the application using less than the full screen, allowing the previously focused application to be used on the other half.

6) Give feedback that the button was clicked (audible clicks, a visual blink or pulse, etc).

6 can be mixed with any of the others, as can 5. Just 6 is how most classic PDA interfaces worked, along with some of 4.

PS: 3 makes starting every app take longer, because it has to load and display the image before doing anything else.

PPS: "It's ok to lie to our users, they want us to!".

your own personal lo-jack

[romanval]

You would think most criminals would know not to carry a cell phone at all, since the cell towers tracks and record their location at every moment.

Re:your own personal lo-jack

[MobileTatsu-NJG]

You would think most criminals would know not to carry a cell phone at all, since the cell towers tracks and record their location at every moment.

Criminals still get busted by leaving fingerprints.

Re:your own personal lo-jack

[blai]

gloves, son.

Re:your own personal lo-jack

[MobileTatsu-NJG]

You'd think... but it still happens. They're not all Lex Luthor.

Re:your own personal lo-jack

[Nethead]

7-11 and all stores have cameras now. It it's that important, they will get an image of you.

Better to buy a hot pre-paid phone off someone and then re-up your minutes at a drive up ATM on a motor cycle with your helmet on.

Re:your own personal lo-jack

[shaitand]

Actually the preferred method is to use crooks who don't have a record and therefore don't have prints on file. If the cops have you to compare the prints you are already busted.

Re:your own personal lo-jack

[shaitand]

Yes and the cameras all have something in common, they are mounted up high to get maximum coverage. As long as you don't look up, they don't capture your face. ATMs are a different story.

Re:your own personal lo-jack

[Nethead]

Good point. Case the place carefully.

Re:your own personal lo-jack

[Antisyzygy]

In other news, Some dickhead sells out to law enforcement with knowledge which is actually beknownst to many others. He has no more knowledge than any other person, but he is more willing to sell what he knows for personal gain.

Re:your own personal lo-jack

Not true; there are many ways the police can get your prints without you ever being a criminal. Concealed carry permits require you to submit prints, and so does the Military. In fact, I remember hearing some controversy when I was a kid because the police were collecting students prints from school, under the cover of showing kids how law enforcement works.

Re:your own personal lo-jack

[Aeternitas827]

And this is a concern, because the morphology of a print doesn't vary between ages under 10, and those over 10? Unless this was done in High School, the prints would bear resemblance only after modification...as you grow, the prints change, and the proportions aren't even.

I'd love for the police to fingerprint my child(ren) in elementary school and then try and use those prints later on to make a connection. I'd have at least a badge (maybe a couple) and an overzealous prosecutor's law degree hanging on my mantle.

Re:your own personal lo-jack

[shaitand]

Last I checked they don't chloroform you before any of those. It doesn't particularly matter how they got your prints, you know if you've been printed.

Re:your own personal lo-jack

[The+Snowman]

Actually the preferred method is to use crooks who don't have a record and therefore don't have prints on file. If the cops have you to compare the prints you are already busted.

The "police" have my fingerprints on file and I have no criminal record. As a requirement to get a security clearance with the military, the FBI fingerprinted me and put me in their database. All ten digits, two prints each. Granted I never got to see any classified data, but still, they have those fingerprints and of course they will never get rid of them.

This is pure conjecture, but I expect that most law enforcement, military, some defense contractors, etc. would all be fingerprinted and those prints stored in the FBI database. Even if these people are less likely to commit "normal" crimes, I imagine people with everyday access to classified material are far more likely to commit espionage or leak classified information than the general public who does not have access to that information. Having their prints and other information on file will help answer the question "we have a mole, but who is it?"

Re:your own personal lo-jack

[Chowderbags]

Despite what CSI shows tell you, fingerprints are not some magical thing left behind at every crime scene. It's tough to get a clear fingerprint, it's mutually excusive with getting DNA off a surface, actually checking the fingerprint against various databases has a backlog of days to weeks, and unless the person who did it is in one of those databases (i.e. former criminal, law enforcement, someone with a security clearance, foreigner) or matches someone you already suspect and can get a warrant to get a fingerprint on, you've got nothing. Oh, and people can wear gloves too. And even after all that, fingerprints just establish that you were at that place, but don't narrow down the time you were there, so unless the fingerprints are in a place you claim to have never been, so what if they're there?

Re:your own personal lo-jack

[MobileTatsu-NJG]

Heh. I said busted, not convicted.

You would think with 50+ years of TV and movies telling us about fingerprints that every would-be criminal would wear gloves. But.. nope, as you said, there's a backlog.

Re:your own personal lo-jack

[Bing+Tsher+E]

This isn't a black hat forum. People who help the police track down and capture criminals are not 'dickheads.'

Re:your own personal lo-jack

[SupremoMan]

But if the glove does not fit, you must acquit!

Re:your own personal lo-jack

[geminidomino]

This isn't a black hat forum. People who help the police track down and capture criminals are not 'dickheads.'

Depends on the "crime."

Question

Say, can I borrow your cell phone tomorrow afternoon? Just for an hour or so.

Re:More good resons for not buying a iPhone (iSpy)

[phantomfive]

It is also illegal when your electronics spy on you.

This is an interesting idea, where do you get that from? Some places have anti-spyware laws, but AFAIK taking a screenshot to make drawing faster when the app opens again is not covered under that. Nor should it be.

Re:More good resons for not buying a iPhone (iSpy)

[pixelpusher220]

the relevant question though, is does Android have similar 'features'?

failure

[lobf]

Hilariously, it seems like the purpose of the article is to make us feel safer.

Re:failure

[Idbar]

Actually, I think the purpose is to tell Apple users that fingerprint-catcher devices are good. They can use those to track bad people!

Criminals usually aren't very smart

[Sycraft-fu]

Most smart people find other work for two reasons:

1) When you are smart, you have options. Smart is a talent people want, particularly practical smarts of the problem solving nature. So you find that when you have that, you have options of where to work and what to do. Makes crime less attractive.

2) Smart people can better understand the consequences for crime, and the likelihood of getting caught especially on repeated attempts. So even if crime is tempting, they don't do it because they are smart enough to think ahead and realize it isn't worth the risk over all.

Most criminals are just not that bright. A friend of mine has worked with the public defender's office and the stories he has of the stupid criminals they try to defend and just amazing. They get caught and busted by their own stupidity more than anything else. They love to run their mouths to the police, they never plan their crimes, etc, etc. More or less the only time they were able to get someone off the hook was when the police made a mistake. Otherwise, the criminals sunk themselves.

Re:Criminals usually aren't very smart

[antifoidulus]

The really smart criminals just bribe the cops or even better just bribe the politicians to make what they are doing not illegal.

Re:Criminals usually aren't very smart

The really smart criminals just bribe the cops or even better just bribe the politicians to make what they are doing not illegal.

No, the really smart criminals are all WEARING the suits.

Re:Criminals usually aren't very smart

[John+Q+Dallas]

No, those are just smart people, the really smart do both.

Re:Criminals usually aren't very smart

[Scrameustache]

Most criminals who get caught are just not that bright.

ftfy

Re:Criminals usually aren't very smart

[Sycraft-fu]

The problem is that when you do things over and over, you WILL get caught. Everyone fucks up every day, we all make mistakes. What this means is that when you keep committing crimes, the chances you will do something that will give you away approaches certainty. It is just near impossible to keep committing crimes and not get caught.

So sure, I suppose a smart person might commit a single crime and get away with it. However hard to get enough money from a single crime to make it worth doing as the only thing for your life.

Also the bigger the crime, the most heat it draws, the more it is scrutinized and the smaller the fuckup that can lead to you getting caught.

Re:Criminals usually aren't very smart

[JoshuaZ]

The poster you are replying to did not say IQ, he said intelligence. But let's for a second assume that he had said IQ. Would your evidence about someone with a 195 IQ be useful? Well, considering that this is an anecdote from a book called "Outliers" and an outlier is an extreme point in a statistical distribution that doesn't match the rest of the data, I'm going to go with that not being very relevant. And in fact there's a correlation between IQ and income. The exact correlation is unclear, with there being some evidence that there's a diminishing marginal return (that is, at low IQs slightly higher IQ adds a lot of income but as IQ gets higher, adding more IQ doesn't increase the chance of a high income by that much). See for example http://pss.sagepub.com/content/15/6/373 (that study actually looked primarily at SAT scores but they have a method of estimating a conversion between the two.) See also the work by Jay Zagorsky which found a correlation between IQ and net wealth (Unfortunately, I don't have a citation for that off the top of my head other than secondary sources such as http://researchnews.osu.edu/archive/intlwlth.htm and I can't find the studies on the OSU website. They used to be at http://www.chrr.osu.edu/surveys but they don't seem to be linked there anymore. This should be good enough for a Slashdot comment.)

Re:Criminals usually aren't very smart

[shaitand]

"Most criminals are just not that bright. A friend of mine has worked with the public defender's office and the stories he has of the stupid criminals they try to defend and just amazing. They get caught and busted by their own stupidity more than anything else."

Most people are not that bright so it stands to reason most crooks aren't either. That said, has it ever occurred to you that your friend and most others in the justice system aren't catching many smart crooks because smart crooks aren't getting caught?

"So you find that when you have that, you have options of where to work and what to do. Makes crime less attractive."

Crime pays better than legit work. That makes crime more attractive. Most smart people choosing legit work today simply haven't found a smart opportunity for crime or don't have the guts. With a big enough payoff, small enough risk, and small enough amount of effort most people would be all over it.

"especially on repeated attempts"

That's a given. But there is no particular reason there needs to be repeated attempts.

Re:Criminals usually aren't very smart

[gagol]

I met a guy one day, he was on probation for growing pot in his house and was already selling drugs while on probation... not smart.

Re:Criminals usually aren't very smart

[roman_mir]

of-course the most successful of the criminals are so bright, that they are doing what is not even considered crime, but they turn that into crime, they repeat it billions of times and they take very very little money from each separate crime individually, so that goes right against your proposition :)

I talk about high frequency trading of-course.

Re:Criminals usually aren't very smart

[noidentity]

Sample bias there? The smart criminals don't get caught. And the really smart ones create a public perception of their actions not even being criminal.

Re:Criminals usually aren't very smart

[BasilBrush]

The problem is that when you do things over and over, you WILL get caught. Everyone fucks up every day, we all make mistakes. What this means is that when you keep committing crimes, the chances you will do something that will give you away approaches certainty. It is just near impossible to keep committing crimes and not get caught.

You need to balance that up with the fact that the average policeman isn't that smart either, and is probably overworked. You don't just have to fuck up to be caught. You need to fuck up in a way that the police are looking for, and would recognise. As you say, the size of the crime is critical. Murder of a clean cut middle class white girl is going to be investigated by smart people, and they are going to devote significant time to it. On the other hand, property crime, not involving the threat of violence... I could see someone smart being able to make a living at that without ever getting caught.

Re:Criminals usually aren't very smart

[Sycraft-fu]

The more crimes you commit, the more people look for you. Despite your best efforts, you'll leave a signature and this'll get noticed. It may take time, but if you keep committing crimes you'll wind up on bigger and bigger radars, more people, at a higher level, will be looking for you.

Also there's no such thing as no risk crime. So you say ok just stick to property crime. Then it turns out your break in to a house that's wired. A silent alarm goes off, security company sees you on video. Before you know it, there are cops are private security guards outside. Or you break in to a supposedly empty house, but the home owner is home sick. He gets scared and shoots you. Or hell you just break in to a house and happen to wind up getting recorded by a webcam that some guy has set up to watch his cat. All that aside, there's the problem of monetizing what you steal, and then dealing with the money. Money can be tracked, and of course trying to avoid the people who might do the tracking (like the IRS) can also be tracked.

The more often you do it, the more likely. As I said, we all make mistakes. If you make a mistake when committing a crime, it may be your last.

Now if you want to try it, well go right ahead. However You'll get no sympathy out of me when it turns out that you weren't quite as clever as you thought, and some slip up finally was your undoing.

If you don't want to do it, well then that just kinda goes to my point doesn't it?

I think geeks romanticize the notion of a smart criminal because they like to think they could beat the cops. They think they are clever enough that, if they wanted to, they could be a mastermind criminal who never got caught. In response to that I'll point you to Hans Reiser, who was not nearly as clever as he wanted to think he was.

You are right, that your average traffic cop is probably not that intelligent. However that isn't all you face. There ARE plenty of very clever people in law enforcement. What's more, they are clever in the right areas. They know all about how to look for clues, how to spot patterns in behaviour, and how to trip someone up. Their profession is catching criminals and that leads to knowing a lot about it.

You also have the additional risk, that even if you are successful in something where it is difficult for the authorities to get at you, like say the drug lords (though if you follow such things they get arrested more often than you'd think), that is attractive to competition. Being that you are talking criminals, your competition may choose the expedient method of dealing with you by killing you. This happens in the drug trade often.

All in all it turns out to be a lot of risk for rewards that, if you are smart, are usually not that much better than what you can get legally. Hence, not so many smart crooks.

Re:Criminals usually aren't very smart

[Sycraft-fu]

My favourite was a guy who got busted stealing change out of newspaper machines. This was maybe 10 years ago. While more people bought the paper then as opposed to now, it still isn't what you'd call real brisk business, especially since they are cheap. What's more, those things are rather solidly built to withstand the rigors of being outside all the time. It took this guy a good amount of effort to get in to one, and he'd get a few bucks for his troubles. The cops said he literally could have made more per hour of work at McDonalds than doing this.

Re:Criminals usually aren't very smart

[Sycraft-fu]

Guess what? We've got a pretty good idea how many crimes are committed where people aren't caught. People tend to report crimes, especially big ones. Turns out there are not tons of profitable crimes begin committed where nobody is caught for it. Most of the stuff that goes unsolved is minor things, because it doesn't get much attention, and one off things, like crimes of passion. Go look it up, the US DOJ has all the stats you could want.

Also crime does not pay better than legit work in any significant way. A popular myth, but a myth. Steven Levitt did a great analysis on this that I encourage you to read. What people also think about when they talk about that is drug lords. You are right, the top drug lords make a lot of money... But then so do the top business executives and there are a LOT of those. The people at the top make a lot, this is true regardless of what you are talking about. However it also turns out the people at the bottom don't make much. The low skill people slinging drugs on the corner make shit.

There actually is a reason that there needs to be repeated attempts. Unless you commit a really profitable crime, you are going to need more money at some point. I mean suppose you want to maintain a lower middle class lifestyle. You say you want to be able to live like someone who makes $40,000 a year. To pull that off, you'd need to net about $2-2.5 million dollars to be able to pay your taxes on it (and you'd better pay taxes, lifestyle that doesn't match with taxes is a prime way people get caught) and save enough to live off of for the rest of your life. Well that's a hell of a lot to steal in one go, and you then have to be frugal. You have to live that $40k/year lifestyle, no living like a rich person. This is also assuming you could invest the money so that inflation didn't eat it up.

You want to live a high class lifestyle? Well that figure increases rather sharply. Turns out it just isn't easy to get that much money in a single incident. Goes double since most things you might think of would require multiple people, all of who want a piece of the action and each which is an additional risk.

Robbing a house or a bank won't do the trick, don't even talk about kidnapping for ransom (the FBI has closed 100% of kidnapping for ransom cases), drugs are a continuing operation, etc. Not easy to find that big haul that you can get at, get away with, and then live off of.

Re:Criminals usually aren't very smart

[BasilBrush]

The risks you point out are those relating to the stupid. The smart criminal wouldn't break into a house they don't know to be empty. The existence of a video camera doesn't matter because his face is covered or disguised and he's not wearing any easily distinguishable clothing. The fact that you are suggesting these things as problems suggests that you haven't the smarts to be a smart criminal. But it certainly doesn't mean that other people don't.

As to risk, everything has risk. But there are plenty of roofers who last an entire career without falling off a roof. Most of them in fact. A smart criminal isn't under pressure. He can choose what crimes to commit, picking those where he can control the situation, and leave the risk as low as many other jobs.

There will be many criminals that make a living at it and have never been caught, because they have been good at their job. You just don't get to hear about them for obvious reasons.

Why don't I do it? Morality. Empathy. I like to do things that make the world a better place, not a worse one. Same reason I wouldn't take a job as a cold call telesales person. No, that doesn't help your point in any way.

Re:Criminals usually aren't very smart

[sveinungkv]

even better just bribe the politicians to make what they are doing not illegal.

It's not always smart to make what you are doing legal. In many areas that would really destroy your profits. Just imagine what would happen to the market for illegal drugs if everyone could manufacture and import drugs legally.

Re:Criminals usually aren't very smart

[morari]

The smart criminals never get caught. Likely, you might never even realize a crime was committed.

Re:Criminals usually aren't very smart

[hoggoth]

Really smart people with no ethics or morals don't waste their time stealing thousands and risking punishment. They get elected to Congress and steal millions.

Do not mod this 'funny'.

Re:Criminals usually aren't very smart

[CharlyFoxtrot]

Incidentally that's also why smart people don't generally join the police : smart people have other options and realize the reward isn't worth the risks.

Re:Criminals usually aren't very smart

[Azaril]

So every drug trafficking crime gets reported? You have to remember that most of the profitable crimes - vice, drugs, gambling, smuggling... don't have a victim in the classical sense. No one will report them because everyone is complicit. I'm sure there are plenty of intelligent drug smugglers. How about Mr nice for one?

Re:Criminals usually aren't very smart

[Jeremi]

As to risk, everything has risk. But there are plenty of roofers who last an entire career without falling off a roof.

That is a misleading analogy... a roof is an unintelligent object whose behavior is (relatively) simple and predictable. A criminal isn't going up against simple, unpredictable objects, he's going up against human beings, many of whom are quite intelligent, and all of whom can behave unpredictably.

Furthermore, when a roofer does fall off of a roof (or suffer some other kind of injury) there's a whole social safety net waiting to help him recover and return to work. Emergency rooms, doctors, worker's comp, insurance, etc. A criminal, on the other hand, won't get any help returning to his "work" -- just the opposite, there's an entire system set up to make sure he doesn't return to work. So while a fall off of a roof might put a roofer out of work for 6 months, a getting caught will put a criminal out of work for years (if not decades).

Lastly, the lack of societal support effects even the criminals who don't get caught. If a roofer gets stiffed on a deal, he can go to the police and file a complaint, or go to the Better Business Bureau and complain there, or sue the other party in court. If a criminal gets stiffed, he has none of those options -- doing any of those things would be just as likely to put him in jail as get him any redress. So he can either (a) shoot the other person, or (b) suck it up and take a loss. Shooting the other person doesn't get him his money back, and it's one more crime that he runs the risk of getting caught for. Sucking up the loss doesn't do his bottom line any good either. And of course anyone who knows about his criminal behavior can try to blackmail him (or otherwise influence him) at any time, simply by threatening to give evidence to the police. Not a particularly profitable position in most ways.

Re:Criminals usually aren't very smart

[lwsimon]

This is also true for stealing from those who acquired the wealth illegally. If you stole $10m USD from a drug kingpin in Mexico, chances are slim he's going to call the cops.

Re:Criminals usually aren't very smart

[dbcad7]

You are right, the top drug lords make a lot of money... But then so do the top business executives and there are a LOT of those.

ok, so your comparing criminals to criminals..

Re:Criminals usually aren't very smart

[shaitand]

"Guess what? We've got a pretty good idea how many crimes are committed where people aren't caught. People tend to report crimes, especially big ones."

That a rather large assertion without any support. I can't speak of all areas of crime, only 'cybercrime'. I can assure that most of this type of crime DOES NOT go reported regardless of size.

The reason is very simple. At this level both the robbed and the insurance company both have a great interest in making sure the event doesn't go public. That interest is greater than whatever help the police might provide. The insurance company has other clients who are likely vulnerable to the same thing. It is usually better to prevent others from finding out how to copycat than to stop this one guy. Especially if the guy is reported and not caught! The company robbed doesn't want to see a story about how they were attacked on MSNBC the next day. Their stock would plummet! Forget the company getting robbed, that would cost the CEO, VP's, and the board a lot of money on a personal level.

Your numbers about crime not being profitable run counter to common sense. The bulk of the things we outlaw are only called bad because they shift a large amount of wealth from one to another easily, consistently, and rapidly.

Also you pose this false dichotomy where one has to repeatedly take the same chance or else be able to live off a single event.

Five years ago it took 3hrs worth of work (but not time since you have to wait for mailings and such) to fake an identity get a few thousand in credit extended and convert that credit into cash. A reasonably intelligent person could figure out how to perform this task and make tracing and catching him meet the 'hard enough' threshold within an afternoon. That person could walk away with $5000. That is a pretty large chunk of cash for most of us.

The credit card company not only wouldn't report this but would fight with law enforcement in every way they legally could if law enforcement tried to investigate. Because of this if the 'victim' tries to report the crime the local police would say that interstate banking is the FBI problem. The FBI would tell her not to file the report because the card companies won't cooperate!

How do I know? I saw it first hand many times. If you did this enough the card companies would see a pattern and report you. They would cooperate. But if you were bright enough to stop at one or two times you could make $5k-$10k pretty much risk free.* Afterward you could continue your life the same as before but with a pretty substantial chunk, perhaps to invest for retirement. Perhaps for a child's college fund. Or maybe just to blow, it was free and easy money after all. As for taxes, $5k-$10k doesn't change a lifestyle and can easily be absorbed without having to pay the taxes as long as you don't deposit it all at once (or even at the same bank within a 3 month period, banks have to report large cash transactions over $5k or a suspicious combination of them).

* This is no longer the case. So many bright and unreported criminals did this that identity theft laws were lobbied for and put into place to make this more difficult.

Re:Criminals usually aren't very smart

[Omestes]

... he discusses the story of Christopher Langan, a man who ended up working on a horse farm in rural Missouri despite having an IQ of 195 (Einstein's was 150).[2] Gladwell points out that Langan has not reached a high level of success because of the environment he grew up in.

I don't see the point. Perhaps the guy enjoyed working at a horse farm? A high IQ doesn't mean you WANT to be an-Einstein-type person. Hell, I have a high IQ, and my dream job has nothing to do with being a physicist, corporate brain, or academic. I'd actually rather be a forest ranger than a theoretical physicist.

Also, IQ isn't as important as people make it out to be. I know several people with high IQs who are pretty much idiots working at menial jobs who haven't made anything of their lives, and I know many people with lower IQs (sub-100) who are happy, and very intelligent. I'm not saying that IQ is meaningless, it just has less meaning than people would like it have. In broad strokes we can say that yes, someone with a 150 IQ is brighter than someone with an IQ of 90, but it really doesn't mean to much beyond that. We don't even know what the hell IQ tests measure.

Re:Criminals usually aren't very smart

[exomondo]

Malcolm Gladwell pointed this out in his book Outliers

The clue is in the title, i guess you missed that.

Re:Criminals usually aren't very smart

[mjwx]

"Most criminals are just not that bright.

Confidence men, pyramid scams, bank fraud?

Burglars and would be bank robbers are not smart, but more then a few criminals are quite bright and they tend to get away with it because:
1. Public apathy Little Timmy isn't seen crying on the news in front of a smashed window, thus it does not register in the minds of most people as a heinous crime.
2. Harder crimes to solve. Often you're dealing with criminals who are expert social manipulators and are operating their actual crimes in foreign jurisdictions. They literally get their own victims to defend them.

So my advice when beginning that life of crime, put down the 410 sawn off and start a life of white collar crime, if you're ever caught they'll take a pittance of what you've bilked out of your victims and sentence you to a year or two of house arrest (if you can fake an illness and jet off to Majorca all the better).

Re:Criminals usually aren't very smart

[BasilBrush]

Of course being a criminal isn't like being a roofer, nor any other legit career. The analogy is only to show that continual low level risk does not equate to eventually being caught out. Roofers can control risk by always using scaffolding rather than a ladder, and always using crawling boards rather than walking on the roof itself. Likewise smart criminals can control risk by wearing gloves, masks, choosing their targets carefully etc. Neither can eliminate risk. But that doesn't mean wither of them will eventually be caught out by the low level risks they have.

As to "getting stiffed on the deal", a truly smart criminal wouldn't work with anyone else. Except perhaps family. To do so would be to relinquish that control of risk.

Re:Criminals usually aren't very smart

[ToasterMonkey]

Most smart people find other work for two reasons:

Well if you're looking at financially motivated crimes (other work?), the smart ones are better at not getting caught and/or keeping to things that aren't crimes _yet_.
I would say smart people do this because of two reasons:

1) When you are smart, you have options.

2) Smart people can better understand the risk.

Some criminals are idiots, but if all criminals were idiots, the world wouldn't have organized crime, investment scams, corrupt politicians, politician corruptors?, international drug trade, illegal arms trade, corporate espionage, faux religions, embezzling, forgeries, counterfeiting, art thieves, identity thieves, ebay scams, credit card thieves, etc. I'm not even mentioning lower risk things that SHOULD be crimes, good jesus that would be a huge list.

All those employ a lot of smart people at the top and a LOT of dumb people at the bottom. Just like legitimate work. If you were to unilaterally increase the entire planet's intelligence, crime would no go away. You'd just have some really bizarre crimes, and just as much if not more gray markets and white collar crimes.

Re:More good resons for not buying a iPhone (iSpy)

[ryanov]

A good question would be if this screenshot is overwritten every time or if a new one is written every time the program is closed. The latter would make no sense, and the former would make it nearly useless to authorities.

Re:More good resons for not buying a iPhone (iSpy)

[jonfr]

European privacy laws. I know nothing about U.S privacy laws. But in all of EU and EEA member states this is in fact illegal. Countries outside EU and EEA might have different law (except Switzerland due to bilateral agreements with EU).

http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications

http://en.wikipedia.org/wiki/Data_Protection_Directive

Real criminals use pre-paid phones

[ap0]

Or at least ones with half a brain do. I'm not much of a criminal, but were I to become one, the last thing I'd use would be a smartphone. It's just not economical to toss in the garbage if you feel like you're being watched.

Re:Real criminals use pre-paid phones

[clone53421]

And the rest of them are low-hanging fruit.

Re:Real criminals use pre-paid phones

[SydShamino]

The people that were smashing car windows in our neighborhood were seen, and followed running back to their house in our neighborhood.

In my opinion learning to not hit your own neighborhood where you'll be recognized and followed on foot to our house is the first, basic thing to learn as a new criminal. Apparently that's too much for some people. Planning ahead so far as to coordinate your efforts with a throw-away phone is several steps down that list.

Re:Real criminals use pre-paid phones

[Jah-Wren+Ryel]

The people that were smashing car windows in our neighborhood were seen, and followed running back to their house in our neighborhood.

Kids, right? I bet you live in a gated neighborhood too. Happens all the time in those kinds of places - teenagers commit crimes of convenience because they are bored and hormonal, not because of any really criminal intent. Funny thing, most gated neighborhoods actually have equal or even higher rates of crime because the kids are somewhat "locked in" and people are foolish enough to think the gates keep criminals out so they are often less attentive.

Re:Real criminals use pre-paid phones

[Jeremi]

In my opinion learning to not hit your own neighborhood where you'll be recognized and followed on foot to our house

AHA! The cat's out of the bag now, SydShamino! Slashdot citizens, arrest that man!

Re:Real criminals use pre-paid phones

[SydShamino]

No, it's not a gated community, but yes, I think they were teenagers pulling their first crimes. It's middle-middle class for our area.

Re:Real criminals use pre-paid phones

[SydShamino]

Curses! Foiled by a typo! I would have succeeded too if it wasn't for you darn grammar nazi kids!

Mobile phones have always been trackable.

[0x25]

This is just making it even easier than it already was.

If it was really necessary, it is possible to triangulate the location of your phone by determining which towers your phone was communicating with.

If your phone has a location feature, you'll notice that when you try to disable it you will be presented with the options "Location On" or "911 Only". There doesn't seem to be any way to completely disable this feature. At least this is the case on Motorola and Blackberry phones.

If you are concerned about someone being able to track your location via your cell phone, the safest way to ensure it won't happen is to pull the battery.

Re:Mobile phones have always been trackable.

[Runaway1956]

It's not that hard to disable, really. A propane torch applied to the antenna will do it. Ooops - you melted down all the rest of the phone, and the antenna is still pretty much intact? No problem - without the rest of the phone, the antenna isn't going to broadcast anything!

Re:Mobile phones have always been trackable.

[Nethead]

Ya know we have nicer soldering irons than the one you got in your Tandy leather burning kit in 1965.

But yeah, you'd have better luck using the local 2m phone patch. Hell, I still hear an old IMTS mobile phone system still on the air in my area (hacked it back in the 80s with a tube final phone.) Let's see them trace that sucker!

Re:Mobile phones have always been trackable.

[0x25]

Ah, yes. Phones with antenna's; I have such fond memories. I had a Blackberry 7520 up until last year. It was a Nextel/Mike phone. I was afraid I was going to get charged with manslaughter because one of the girls who worked at the cafe I was at almost died from laughter when she saw the phone.

There's always the old saying - "With enough TNT, you can solve any problem."

Re:Mobile phones have always been trackable.

[Runaway1956]

Google "iphone antenna". To my knowledge, every telephone in the world either has an antenna, or a transmission wire. How do you transmit without an antenna or a wire? Whack yourself upside your blond head, dude.

Re:Mobile phones have always been trackable.

[0x25]

I thought you were implying an external antenna. My bad.

in dubio pro reo

[drolli]

instead of "checking if the suspect" is lying, how about "verifying what he says". Would sound nicer, especially taking into account that the screenshots were not originally designed for tracking persons.

Gadgets are not trustworthy..

[xtal]

Nobody would ever be clever enough to generate false data.. for an iAlibi? ..or clever enough to hack into and plant incriminating evidence? (not that there's ever been a security breach!)

Re:Gadgets are not trustworthy..

[RajivSLK]

That's true for almost all evidence... Nobody would be clever enough to plant DNA evidence? or hair strands. So I guess we should just do away with all evidence then...

Re:Gadgets are not trustworthy..

[FranTaylor]

Digital data is TRIVIAL to fake, with the right software it's even easier than that.

Physical evidence is MUCH harder to fake

read above post about smart criminals

Stupid Criminals

[whisper_jeff]

If you're a criminal and you're using a cell phone or, especially, a smart phone to conduct your criminal activities, you deserve what you get. Stupidity often solves a lot of problems that way.

Re:More good resons for not buying a iPhone (iSpy)

[99BottlesOfBeerInMyF]

It is also illegal when your electronics spy on you. So in fact apple software breaks the law by taking a screen shot of the map application and storing it.

As far as I know, caching an image by the OS is not illegal in any jurisdiction. Taking an image and transmitting it to someone who is not the owner of the device, without their permission would be a problem in some jurisdictions. But then, that's not what anyone is claiming is happening.

WTF?

[Runaway1956]

Just WTF is a "former hacker"? That's like a "former scientist" or a "former student" or - - I suppose if you accept "hacking" to mean "criminal cretin living in his mother's basement breaks into email accounts and spreads bots around the internt" - then someone COULD be a "former hacker". A real hacker never stops hacking. It's more than a way of life - it's a way of thinking!

Re:WTF?

[Sycraft-fu]

The meanings of words change, deal with it. In popular usage, hacker means someone who does illegal things with computers. I don't care if that wasn't what it was supposed to me, that is what it means. You have to deal with that in terms of common usage.

Some other examples would be interference or acceleration. In the scientific context, interference just means something that changes a system. There is no positive or negative to it. However in popular usage, interference means messing with something to cause a bad result. Likewise acceleration is the process of changing speed or direction. You accelerate to a stop, or in a turn. However in popular usage it means to go faster, you decelerate to a stop.

It is silly to get all overly pedantic about it because it accomplishes nothing. You have to accept that languages are living things, and usages change.

Re:WTF?

[Runaway1956]

Nope. People are still hacking the Linux kernel - including Linux Thorvalds. Hacking in the "popular" context is just so much mindless drivel - much like most of the entertainment from Hollyweird. Oh yeah - that's where the "popular" definition came from - HOLLYWEIRD!!

Re:WTF?

[Urkki]

Nope. People are still hacking the Linux kernel - including Linux Thorvalds.

I sure hope not... Wouldn't that be illegal ;-)

But seriously, doing "standard" software development work isn't "hacking" as far as I'm concerned. A hack is by it's nature something ad-hoc, usually non-general, a quick (and preferably brilliant) solution to a particular problem. I sure hope that does not describe how Linux kernel is developed these days... :-)

Re:WTF?

[Urkki]

It is silly to get all overly pedantic about it because it accomplishes nothing. You have to accept that languages are living things, and usages change.

Will you accept that he can do all he wants to change it back, then?

It'd be better if he just kept on hacking (in the meaning of the word he prefers), rather than fight windmills.

(It's a well know fact that people can't do two things at the same time, so doing both is clearly not an option ;-)

Re:WTF?

[Ihmhi]

I don't know if I agree with that, though.

I can understand additional definitions being added if a word acquires them through use of slang (i.e. "bad" equating to "good" is a prevalent example). However, the scholarly side of me has issues with a different definition supplanting the original meaning of the world, especially when it's tied to another language literal meaning. For example, the word "decimate" is sourced from the Latin word decimare, "to take the tenth part of anything". But nowadays, it's used more as if it meant "utterly and completely destroyed".

While I'm fine with the evolution of language, misuse of a word from its roots doesn't sit very well with me. 8|

Re:WTF?

[CyberDragon777]

Duh, hackers are the evil criminals who steal data and make your computer stop working.

The guys working with the government and fighting the criminals are Cyber Warriors.

Re:WTF?

[Arrepiadd]

His name is Linus Torvalds.

Re:WTF?

[Runaway1956]

Yes - the Linux instead of Linus was a typo - the Thorvalds was just stupid spelling. Thanks, though.

Re:WTF?

[u17]

No, I think you mean GNU/Linus Torvalds!

Re:WTF?

[ScrewMaster]

The meanings of words change, deal with it. In popular usage, hacker means someone who does illegal things with computers. I don't care if that wasn't what it was supposed to me, that is what it means. You have to deal with that in terms of common usage.

The Hell I do. Every sub-group in a complex culture has its own terminology, its own private vocabulary, its own jargon. Doctors do, lawyers do, mechanics do, soldiers do, programmers do ... and I feel perfectly free to use the term "hacker" as it was originally intended when communicating with a group of largely like-minded individuals (like here, on Slashdot.) You either learn to communicate on our terms, or find another site that habitually uses the more common usage.

It is silly to get all overly pedantic about it because it accomplishes nothing. You have to accept that languages are living things, and usages change.

Sure it does, it accomplishes quite a lot, in fact. When people who regularly interact use certain words to mean certain things, to use as verbal shortcuts, it can enhance their communication. An outsider may find that confusing, but that's irrelevant ... either that person learns the jargon, or stays confused. In this case, you comprehend the true meaning of "hacker", but you just want all of us to use the corrupted popular term, one that you find more appealing.

Thing is, there's no reason whatsoever that we should. I will continue to use the term "hacker" to mean someone who lives, eats, and breathes technology, and is always trying to push the limit, to see if he can make another hacker who is at least as good as he himself is say, "Whoa. Now that is cool."

The popular media can go on about "evil" hackers trying to breaking into banks and classified military installations, but those of us who know better call such people what they are: criminals.

Re:WTF?

[ScrewMaster]

But seriously, doing "standard" software development work isn't "hacking" as far as I'm concerned. A hack is by it's nature something ad-hoc, usually non-general, a quick (and preferably brilliant) solution to a particular problem. I sure hope that does not describe how Linux kernel is developed these days... :-)

Not really, I think you're confusing two entirely different processes. The result of "hacking" is not necessarily to produce a hack. Hacking is a state of mind, and a hacker is someone is capable of, and and enjoys being in, that state. A hack is just, as you say, a quick solution which has nothing to do with "hacking" per se. One does not need to be a hacker to produce a hack, and in fact, most hacks are produced by hacks (that is, third-rate coders who couldn't write a decent like of code if you paid them) not hackers.

Re:WTF?

[Bing+Tsher+E]

I agree with much of your sentiment, however, you're still dancing around with the subculture's jargon meaning of the term, and the general populace and MSM will not understand.

In the larger scope, we have to accept that our jargon is not mainstream. Some of us even find that refreshing. But it's a waste of time to rant about the differences here in our own forums.

Re:WTF?

[Bing+Tsher+E]

Sure it does, it accomplishes quite a lot, in fact. When people who regularly interact use certain words to mean certain things, to use as verbal shortcuts, it can enhance their communication. An outsider may find that confusing, but that's irrelevant ...

It sounds like you're engaging in a circle-the-wagons we're-better-than-them form of elitism. "Don't you DARE use our jargon the way the mainstream uses it, right HERE in our private space!"

Yes. We know, and we understand the different meanings of the term. And you can try to drive people who are not 'true believers' out of the forum for offending your sense of pride in how you feel the term should be used. Ultimately you're just spinning your wheels, though.

Re:WTF?

[ScrewMaster]

"Don't you DARE use our jargon the way the mainstream uses it, right HERE in our private space!"

I don't care how he uses it. Don't care how you use it. You and the GP, on the other hand, seem to care how I use it. My point is that when you are in the middle of a group of people who are communicating a certain way, expecting them to just adapt to your own prejudices is inconsiderate at best. If there's any elitism here, it's not me. Dude, when in Rome, you shoot Roman candles.

Tell you what, go tell your lawyer not to communicate with other lawyers using legal terminology. He'll tell you that you're nuts. Try telling your doctor to talk to other doctors without using their own vocabulary. You'll get the same response.

When I deal with people outside my own group, I accept without comment usage of many words that may have different meaning in other contexts. The GP was attempting to tell me that I must always use what our media moguls define as "common usage", no matter with whom I'm communicating.

I disagree, especially when dealing with what American media considers acceptable.

Re:WTF?

[ScrewMaster]

Language is about using words to communicate between two parties with similar, but ideally the same, understanding of the words. You can use your definition when you have reason to believe your audience would understand it correctly, but you become the problem when you have reason to believe your audience has a different understanding of the word, even if you think their understanding is wrong (unless you want to be a pedantic, annoying ass that corrects everybody on the term "hacker" all the time, which will make people loathe hanging out with you).

Sure, I agree with you, that's obvious. My point was simply that when an outsider comes into a group and tries to make that group arbitrarily change its vocabulary to suit his own convenience, he is being that annoying ass.

Regarding the word "hacker", Slashdot happens to be comprised of people who, by and large, understand what the word really means. Many of us were in the business when the word was first coined. Consequently, I have reason to believe that Slashdotters are likely to understand the correct definition of the term, and am not being unreasonable in using it that way here. In any event, we have the right to use that word any way we wish amongst ourselves. You're free to use it any way you wish as well, just expect to have your misuse of the word pointed out to you now and then.

Re:More good resons for not buying a iPhone (iSpy)

[acedotcom]

one thing i have noticed is that google maps stores the voice cache right at the top of the SD card in its own folder. so anyone with an SD card reader can plug in your phone and listen to the voice prompts for your route. i am sure that it using the same kind of caching for screens....but you dont need to be a "hacker" to find the voice prompts.

Re:More good resons for not buying a iPhone (iSpy)

[phantomfive]

I'm not a lawyer, but as far as I can tell, those laws apply to remote data gathering, not storage on your own computing device. Otherwise every program that caches something would be illegal.

Re:More good resons for not buying a iPhone (iSpy)

[bm_luethke]

Iit will depend on the application, I assume the iPhone is the same way as it is fairly typical of devices with fairly limited resources.

There are life cycles of an android application, some of them (say loosing focus) means they tend to store states so that when you return to them they are where you left off. There are also state changes where the OS totally kills the application and nothing is saved - if you write for the Android platform you *must* assume under a heavy load this will occur. However it is rare. So for the most part they can probably get it but it isn't guaranteed. Nor do I know of any way to force a random application to do such a thing - you would most likely need to get the Android source and modify your own ROM. While possible it isn't likely and that behavior will break a number of applications as it isn't a normal application process life-cycle.

A more relevant question is there any device that doesn't leave similar types of trails? If you carry a recording device that monitors you location, your schedule, your e-mail, your search patterns, and a great deal of your life do not be surprised when law enforcement can get a hold of it.

Re:More good resons for not buying a iPhone (iSpy)

[phantomfive]

That is a good question; from reading the article, it seems like a lot of the data they are able to collect is because the file-system (and the tinySQL database that a lot of apps use) uses lazy deletion: it marks the items as deleted, but doesn't actually write over the bits until the space is needed. So you'd need special software to find that stuff.

Statistics, motherfucker. Can you do it?

[Hognoxious]

.. he discusses the story of Christopher Langan, a man who ended up working on a horse farm in rural Missouri despite having an IQ of 195 (Einstein's was 150).[2] Gladwell points out that Langan has not reached a high level of success because of the environment he grew up in.

Do ALL people who work on horse farms have an IQ higher than Einstein's? Or is it just most of them? Or is he just basically a freak case that proves nothing?

I guess you grandfather smoked 80 cigarettes a day since he was 12 and he got run over by a truck one day short of his 120th birthday while training for a marathon.

Re:Statistics, motherfucker. Can you do it?

[llamapater]

They do convince people they need horses in this day and age, enough to make enough money off it to have enough land for these horses and make a fairly decent living. Horse farmers all being really smart is a distinct possibility.

The iPhone is Not Your Friend

[Nom+du+Keyboard]

Your iPhone is clearly not your friend, and this isn't the only story about why today. It's the fink waiting to rat you out at the first opportunity. Go look up the new Safari html 5 database tracking that uniquely identifies you to advertisers. Until the phone comes with strong enough encryption to defeat this hacker in addition to remote wipe that truly wipes the phone, you shouldn't be sleeping too well at night, courtesy of Mr. Steve Jobs.

Re:The iPhone is Not Your Friend

[kialara]

If you're worried about getting uniquely identified by your browser, you may want to read or listen to this episode of Security Now:

http://www.grc.com/sn/sn-264.htm

Re:The iPhone is Not Your Friend

[Super_Z]

Yes, because caching app data, inserting exif data in pictures, offering location service API to applications, storing SMS messages and storing browser history are unique to the iOS. As for "the new Safari html 5 database" storing unique IDs in Web SQL databases, this is a W3C specification also currently supported by Opera and Google Chrome. Not to forget that other browsers also stores unique IDs through flash-cookies.
Why do you think that other mobile OSs like Android does not suffer from the same "problems"? Perhaps it is your obvious Apple hate that clouds your reasoning?

Re:The iPhone is Not Your Friend

[CharlyFoxtrot]

So your Droid has whole disk encryption ? What makes you think you're invulnerable to this kind forensics ?

Re:The iPhone is Not Your Friend

[Bing+Tsher+E]

What's Gibson trying to sell us this time?

I never bought Spinrite, though I knew people who ranted and raved about it back in the late 80's.

Re:The iPhone is Not Your Friend

[lordDallan]

Yes. And then you go to Settings->Safari->Databases and erase any databases you don't want to keep. Just like you clear out cookies you don't want. Cookies that allow "cookie tracking" that "uniquely identifies you to advertisers". From a "managing my private data on my iPhone" perspective, I happen to prefer the databases so far, because they are easier to identify and delete than cookies are.

Also, as far as I can see, the databases are based on sqlite, making it really nice for web developers to keep well-organized data client-side that they can retrieve using standard SQL queries embedded in javascript. I for one would rather have more of my data on my local device where I can easily(see above) delete it than stored out in the cloud. If having a good way to store more data in an organized fashion encourages developers (yes even "evil" ad developers) to store more of my data locally by making local storage more convenient and powerful for those developers, I'm all for that.

If you want to complain about something, complain that mobile Safari doesn't have a private browsing mode, meaning you have to manually delete cache/history/cookies/databases after any browsing you'd prefer to keep anonymous. That stinks IMHO.

Re:Need advice

[cheekyjohnson]

Technically, meager insults anger just about anyone of any age. You'd be surprised (or maybe not) at how upset people get over mere words.

Re:More good resons for not buying a iPhone (iSpy)

[blackomegax]

I had fun with that once when i plugged my android phone into my car stereo via USB and mounted it to play mp3's.

Re:Need advice

[Aeternitas827]

Like, this whole AC bit has one or possibly more people that are a few fries short of a happy meal? That isn't/aren't the sharpest block(s) of cheese? A die short of a game of Yahtzee? A bun short of a Big Mac?

I could go on, but really...I don't want carpal tunnel by 25.

jvaa

[jvaa]

Perhaps I misunderstand something here but wouldn't the 'locating data' only tell something about the whereabouts of the PHONE?

Re:jvaa

[ScrewMaster]

Perhaps I misunderstand something here but wouldn't the 'locating data' only tell something about the whereabouts of the PHONE?

Yes, the presumption on the part of law enforcement being that you are carrying your own phone. Kinda like the RIAA assuming that a file being downloaded by a specific IP address is guaranteed to identify the holder of the ISP account in question.

What it comes down to is that if you're a crook who wants to use a cell phone for voice communication during the commission of a crime, go on EBay and by the oldest, dumbest phone you can that will take a SIM card and work on your network. Make sure that it has no location capability whatsoever. Then call your partners in crime on the thing and speak in code because you never know when somebody might be listening.

Zombie Flash cookies and going deep

[AHuxley]

http://arstechnica.com/apple/news/2010/09/rldguid-tracking-cookies-in-safari-database-form.ars
I wonder how many will soon be tracked via Flash-based cookies and deep stored history options.
The Safari database seems to be an open and safe way to track a user via a normal 'ad' after a site visit.
Stop giving state task forces and feds signals intelligence via a next generation of toys in your pocket.
Go simple and swap any used device out asap.
Try a collection of dumb devices with no networking or life long databases.
Recall the Malcolm X script... "Don't never write nothing down ....
Cause if they can't find no [iphone] they ain't got no proof..."
The serial numbers, hidden databases, location services ect, almost makes you think someone really put thought into tracking.
Any ex CIA director's investment banks seed money linked to funding this stuff?

Not-so-secret secret techniques...

[geekmux]

"...Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime."

Yes, and now that it has been announced to the world, saavy criminals will figure out a way to turn off this caching.

It really does amaze me sometimes the blind ignorance in thinking there are no criminals out there that are computer saavy that also might happen to read articles online.

Sometimes, the best "secrets" are ones that you keep that way.

Re:Not-so-secret secret techniques...

[lwsimon]

So, you're advocating for security through obscurity?

Re:Not-so-secret secret techniques...

[geekmux]

So, you're advocating for security through obscurity?

Vulnerabilities (or in this case "features") will always come out and be disclosed anyway eventually. I'm certainly not advocating security by obscurity, but there's a reason that certain LE policies and procedures are considered sensitive information, and are not divulged to the public.

And when you find that divulging certain procedures actually helps criminals, I fail to see the justification in releasing that information.

Wait, wait, wait...

[piffey]

I'm sorry, but how many criminals carry iPhones? I thought criminals used Blackberrys to arrange their complex board meeting schedules.

Apple can easily change this and or make the jailb

[Joe+The+Dragon]

Apple can easily change this and / or make so if you jailbreak then EULA says you no longer have the right to use ios? so you are stealing ios? Just like how they calm that useing payed boxed copys of osx non apple systems is stealing.

Absolutely Correct

[andersh]

I am a [European] lawyer and the Directive is clearly not applicable. The highlighted text explains the addresses:

The first general obligation in the Directive is to provide security of services. The addressees are providers of electronic communications services. This obligation also includes the duty to inform the subscribers whenever there is a particular risk, such as a virus or other malware attack.[5]

The second general obligation is for the confidentiality of information to be maintained.[6] The addressees are Member States, who should prohibit listening, tapping, storage or other kinds of interception or surveillance of communication and “related traffic”, unless the users have given their consent or conditions of Article 15(1) have been fulfilled.

Searching your phone is covered by other laws.

Re:Absolutely Correct

[jonfr]

There is nothing stopping Apple from sending this information to there servers.

Zdziarski has been doing this for years

[InvisiBill]

As the article states, Jonathan Zdziarski has been doing this for several years. He's the author of iErase/iWipe (which seems to have been in the App Store previously but is Cydia-only now), runs iPhoneInsecurity.com, and has a blog with quite of bit of stuff related to iPhone forensics and security. He even has a post specifically addressing the "screenshot leak".

Re:Stupid Iceland

[jonfr]

How can a screenshot being a cache information ? Explain that and prove me wrong.

By the way, I am well advised on how mobile phones, Windows, Linux works and use cache information. It is nothing like the screenshot "feature" of the iPhone.

Huh?

[katorga]

Why would anyone use an expensive smart phone to handle communications for illegal enterprises? Cheap, pre-paid, zero audit trail phones are the way to go. Why ditch a $600 phone every few days?

Re:Need advice

[Known+Nutter]

A few sandwiches short of a picnic...

http://www.clothes6.us

[lokkk1452]

========= http://www.clothes6.us/ ====== Cheap Nike air Jordan shoes33$,Air Force 1 33$, Nike dunks SB shoe,Nike Shox shoe. Wholesale Cheap Nike shoes with discount jersey, High quality T-shirts,ED hardy t-shirts,ED Hardy hoodies,ED hardy shoes,ED hardy Jeans,Evisu shoes,GUCCI shoes,LV Handbag,Chanel Handbagwelcome to ==== http://www.clothes6.us/ ==== Nike shox(R4,NZ,OZ,TL1,TL2,TL3) $33 Handbags(Coach lv fendi d&g) $33 Tshirts (Polo ,ed hardy,lacoste) $16 Jean(True Religion,ed hardy,coogi) $30 Sunglasses(Oakey,coach,gucci,Armaini) $12 New era cap NY $9 Bikini (Ed hardy,polo) $18 $9 ========= http://www.clothes6.us/ ======