Speedy Drivers Can Hide From Cops, But Not Hackers

Millions of people who use smartphone software to avoid police speed traps may have fallen into a trap set by hackers instead.

Trapster, a GPS-based app that lets iPhone, Android and BlackBerry owners report and view police speed traps on a map, alerted users this week that their passwords may have been stolen in a massive security breach.

“If you’ve registered your account with Trapster, then it’s best to assume that your e-mail address and password were included among the compromised data,” Trapster said.

The company noted, however, that only a portion of Trapster users were affected, but it declined to say how many. Trapster has about 10 million users total, but only those who opt to report speed traps must sign up for a Trapster account with an e-mail address and password.

If all Trapster users were compromised, the security breach would be significantly larger than the security leak at the Gawker blog network. In December, hackers stole the e-mail addresses and passwords of all 400,000 users who registered for an account on Gawker.com or one of its blogs, such as Gizmodo, Jezebel and Lifehacker.

Trapster officials advised its app users to change their passwords immediately on Trapster.com. If they used the same password for other services such as e-mail, those passwords should be changed, too.

Trapster said it has rewritten software code to prevent future break-ins.

Defense Attorney Files Complaint Alleging Mistreatment of Bradley Manning

The attorney for suspected WikiLeaks source Pfc. Bradley Manning filed a formal complaint this week over Manning’s treatment at the Marine Corps brig where he is being detained.

Attorney David E. Coombs filed the complaint Wednesday, the day after Manning was abruptly placed on suicide watch by the commander of the U.S. Marine Corps brig in Quantico, Virginia. During the suicide watch, Manning was confined to his cell around the clock, while a guard sat outside watching him.

Manning was stripped to his underwear, and his prescription eyeglasses were taken from him. The latter were returned only during the one hour he was permitted to watch television and when he was permitted to read, Coombs wrote on his blog.

The commander removed Manning from suicide watch Thursday, but Coombs said the development was only the latest issue in Manning’s seven months of highly restrictive pretrial confinement, where he’s been awaiting a mental-health hearing to determine if the court-martial case will proceed to the next step.

Manning has spent most of that time as a maximum-custody detainee under prevention-of-injury, or POI, watch. “Like suicide risk, he is held in solitary confinement, Coombs wrote on his blog Friday. “For 23 hours per day, he will sit in his cell.”

In his Article 138 complaint, Coombs asked that Manning’s custody level be lowered from maximum to medium security, and that he be removed from the POI watch.

The military’s concern over the 23-year-old Manning’s mental health dates back to late 2009, when Manning was deployed as an intelligence analyst at Forward Operating Base Hammer in Iraq. Coombs acknowledged last September that Manning’s Army unit “has in fact documented a history, if you will, from as early as December of 2009 to May of 2010 of behavior that they were concerned about.”

This included “prolonged periods of disassociated behavior, quite a bit of nonresponsiveness from Pfc. Manning … that progressed from the very beginning of the deployment and deteriorated somewhat toward the end,” he said. At one point, while Manning was deployed as an intelligence analyst in Iraq, his superiors grew concerned enough that they removed the bolt from his military weapon, disabling it, Coombs said at the time.

Coombs, who did not respond to a request for comment, wrote Friday that when Manning first arrived at the brig last July he was classified as a suicide risk. But shortly thereafter, following the recommendation of a brig psychiatrist, his classification was downgraded from suicide risk to prevention-of-injury watch.

The psychiatrist later recommended Manning’s classification be changed from maximum custody to medium custody, since he had adjusted well to his confinement. The Quantico brig commander has never acted on that recommendation, Coombs wrote.

Instead, on Jan. 18, the Quantico brig commander placed Manning under suicide watch again. Coombs maintained this occurred despite consistent assertions by two psychiatrists over many months that Manning is not a suicide risk. With assistance from the Judge Advocate’s office, Coombs managed to get the brig to reconsider and remove the suicide watch.

A brig spokesman told Threat Level that the status of detainees is under constant review and that determinations to change it come with input from many sources, not just psychiatrists.

“That is a determination that is made based on input from medical professionals, psychological providers, religious specialists and the marines that work in the brig,” said 1st Lt. Brian Villiard. “Each one of those different sources provide information for the brig commander to make what he thinks is the most appropriate action.”

Villiard wouldn’t discuss the specific details that caused the brig commander to put Manning on suicide watch, but said if a detainee “were to demonstrate something that caused somebody to be concerned,” it could be cause to place him on watch.

Manning was arrested last May in Iraq after telling a former hacker that he had leaked vast amounts of classified material to the secret-spilling site WikiLeaks. He was transferred to Kuwait, where he was detained for about two months before being moved to the brig in Virginia. Manning has been held there in maximum security waiting to see how the military plans to handle his case.

At the same time, U.S. prosecutors have reportedly been trying to develop a criminal case against WikiLeaks founder Julian Assange on the theory that he conspired with Manning to siphon classified documents from a government network and publish them online. Assange has said he believes Manning is being mistreated in order to pressure him into cooperating in a case against Assange, and WikiLeaks supporters have decried Manning’s treatment as a form of torture.

Coombs told The Washington Post that, in addition to the complaint filed this week, he plans to file a motion alleging that the conditions under which Manning has been confined amount to unlawful pretrial punishment.

Writing on his blog, Coombs summarized the conditions.

The guards will check on him every five minutes by asking him if he is okay. PFC Manning will be required to respond in some affirmative manner. At night, if the guards cannot see him clearly, because he has a blanket over his head or is curled up towards the wall, they will wake him in order to ensure that he is okay. He will receive each of his meals in his cell. He will not be allowed to have a pillow or sheets. He will not be allowed to have any personal items in his cell. He will only be allowed to have one book or one magazine at any given time to read. The book or magazine will be taken away from him at the end of the day before he goes to sleep. He will be prevented from exercising in his cell. If he attempts to do push-ups, sit-ups, or any other form of exercise he will be forced to stop. He will receive one hour of exercise outside of his cell daily. The guards will take him to an empty room and allow him to walk. He will usually just walk in figure eights around the room until his hour is complete. When he goes to sleep, he will be required to strip down to his underwear and surrender his clothing to the guards.

Villiard said that these conditions are the same for all detainees who are classified under maximum-detention and prevention-of-injury status.

“The fact that it is Bradley Manning is not an issue for us, the fact that we have a maximum-custody detainee is the issue,” he said. “We have a responsibility to make sure that all detainees are safe, secure and make it to trial.”

Photo: Antiwar protesters rally for Bradley Manning in Quantico, Virginia, last October.
mar is sea Y/Flickr/Creative Commons

Parents Sue Expert Witness Who Made Fake Child-Porn of Their Kids

Dean Boland

An Ohio lawyer who serves as an expert witness in child pornography cases might be on the hook for hundreds of thousands of dollars in civil damages for Photoshopping courtroom exhibits of children having sex.

Attorney Dean Boland purchased innocent pictures of four juvenile girls from a Canadian stock-image website, and then digitally modified them to make it appear as if the children were engaged in sexual conduct. Boland was an expert witness for the defense in half-a-dozen child porn cases, and he made the mock-ups to punctuate his argument that child pornography laws are unconstitutionally overbroad because they could be applied to faked photos.

In 2007, the tactic made Boland the defendant of a deferred federal child-porn prosecution in Ohio even though his exhibits helped clear at least one client of child-porn-related allegations. Now, a federal appeals court decision (.pdf) is reinstating a civil lawsuit by the parents of two of the girls, potentially putting Boland on the hook for a minimum $300,000 plus legal costs.

Boland, a former state prosecutor, had argued he was immune from such a lawsuit because, among other reasons, he’d created the images for use in court. That argument had already failed in his own criminal case, and was no more successful with the Cincinnati-based 6th U.S. Circuit Court of Appeals.

“[N]o constitutional principle … allows a criminal defendant to defend one criminal charge by urging his lawyer or witness to commit another,” wrote the three-judge panel, in an unanimous ruling Wednesday. “Otherwise, an individual on trial for a murder-by-stabbing charge could try to prove that the knife was not long enough to kill someone by using it to stab someone else in the middle of the trial.”

Boland said in a telephone interview Thursday, “I was hired as an expert witness. This was not like, let’s start a website of this crap.”

Wednesday’s ruling reverses a lower court’s dismissal of the civil lawsuit (.pdf) that the parents lodged against Boland in 2007. Under the 1986 Child Abuse Victims’ Rights Act, each victim is entitled to a minimum $150,000 in damages if Borland loses at trial.

“This is a complete scam,” Boland said.

Boland said the avalanche of legal trouble started when he was an expert witness in a local Ohio child-porn prosecution in 2004, in which his testimony and morphed images helped convince a judge to drop the pornography-related charges in a rape case.

He had used the morphed pictures as exhibits in a nuanced legal defense.

Given that the law prohibited “knowingly” accessing child pornography, Boland argued, it violated the First Amendment on “vagueness and over-breadth grounds” because a defendant could not know whether what he was viewing was an actual or virtual image of a child having sex.

The parents learned of the photo morphing from the FBI, according to the girls’ attorney. They’re suing over Boland transforming a picture of a 5-year-old girl eating a doghnut into one of her having oral sex. Another photo was of a 6-year-old girl’s face placed on the body of an adult woman having sex with two men. Boland purchased the pictures from iStockPhoto, according to court records.

The appeals court noted that Boland could have attempted to make his legal defense without creating or possessing child pornography.

“Boland could have illustrated the difficulty of discerning real from virtual images by combining two innocent pictures into another innocent picture,” the court wrote. It added that once Boland modified the images of the minors, “he crossed the line between possessing lawful images and violating the statute.”

Still, the appeals court said Boland could try to convince the judge presiding over the girls’ civil lawsuit that the children are not entitled to damages. That’s because the law requires them to have suffered “personal injury.” In this case, the children don’t know about the pictures, so they haven’t suffered any psychological harm, he said.

The parents are “insisting I owe them hundreds of thousands of dollars for harm these children don’t even know is going on,” Boland said.

But the parents’ attorney, Jonathan Rosenbaum, said the harm was real enough. The pictures, he said in a telephone interview Thursday, were distributed in disc format to an untold number of “defense lawyers and different clerks of courts.”

“Their faces have been abused and misappropriated in the most disgusting manner,” Rosenbaum said. “How would you like this to happen to your children?”

Photo: Courtesy of Dean Boland

See Also:

Scammers Seek Support for Serrana Flood Victims

In January 2011, floods caused severe calamity in several towns in the mountainous region of Brazil known as the Serrana region, in the state of Rio de Janeiro. Scammers, as usual, are on their toes to take advantage of the opportunity to send scam messages that request fake donations.

Scammers utilized a domain name to carry out the phishing scam. The domain name consisted of words in Brazilian Portuguese which translate to “donations for the tragedy in Friburgo”; Friburgo is a municipality located in the affected region. The Top Level Domain (TLD) of the domain name was Brazil. Though the TLD was of Brazil, the domain name was located on servers based in Dallas, USA. The content of the phishing Web page was in Brazilian Portuguese and translates to:

 “The images show districts affected by the tragedy. The number of cities that reported casualties has risen to five, after heavy rains in the Serrana region caused devastating floods. The municipalities and fire department have confirmed a total of 600 deaths. Rio De Janeiro is in need of your help. We donate food and water to those people who have lost their homes. Please help by donating a little money. You may pay with your credit card or directly from your bank account. On behalf of all the homeless, we are grateful for your help.”  

Below the message were logos of popular banks and credit card services of Brazil. There were a set of hyperlinks below the logos that prompted end users to pay their donations by clicking on the link. Each hyperlink was for a specific amount of donation in dollars. The amounts specified were $5, $10, $15, $30, and $50. Upon clicking the links, end users were redirected to a phishing site that spoofed the corresponding brand. At the bottom of the page, a message stated that end users may also pay donations in other amounts by contacting a particular email address of the same domain name. The phishing sites of the brands asked for the user’s login credentials. Upon entering the login credentials, the phishing site redirected to the legitimate Web site.

In this way, scammers were targeting several brands by means of a single phishing scam. If end users fell victim to the phishing site, scammers will have succeeded in stealing their credentials for financial gain.

Internet users are advised to follow best practices to avoid phishing attacks, such as:

·         Do not click on suspicious links in email messages.    

·         Avoid giving any personal information when answering an email.

·         Never enter personal information in a pop-up screen.

·         Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.

 

Thank you to the co-author of this blog, Ravish Bagul.