The articles on this page are either produced by the operator of the website, from national publishers or Government departments. Where the information is from an external source all information on the origins of the article will appear under the title.

Links annotated [Option 1] will direct you to a website that will possibly download a 3rd party cookie to your computer. Your Browser or security software may be set up to prevent this download from taking place.

NEWS 2016 will soon be found within the ARCHIVE menu.









SEPTEMBER 2017

SEPSIS - WHAT EVERY PARENT NEEDS TO KNOW
(The UK Sepsis Trust)

If your child is unwell with a bug or infection, is rapidly geeting worse and you ae worried that their illness seems different to any previous illness, it could be sepsis.

Sepsis is rare but serious complication of an infection.

IF YOUR CHILD HAS ANY OF THESE SYMPTOMS YOU SHOULD TAKE IMMEDIATE ACTION

- Looks mottled, bluish or pale

- Is very lethargic or difficult to wake

- Feels abnormally cold to touch

- Is breathing very fast

- Has a rash that does not fade when you press it

- Has a fit or convulsion

---------- GO TO A&E IMMEDIATELY OR CALL 999 ----------

 DETAILED SYMPTOMS

Sepis is rare in children, but if your child is unwell with a bug or infection, watch your child closely.

These symptoms may be the signs of sepsis :

Temperature

- Temperature over 38 degree's C in babies under three months
- Temperature over 39 degree's C in babies aged three to six months
- Any high temperature in a child who cannot be encouraged to show interest in anything
- Low temperature (below 36 degree's C, check three times in a 10 minute period)

Breathing

- Finding it much harder to breathe than normal - looks like hard work
- Making 'grunting' noises with every breath
- Can't say more than a few words at once (for older children who normally talk)
- Breathing that obviously 'pauses'

Toilet /Nappies

- Not had a wee or wet nappy for 12 hours

Eating and Drinking

- New baby under one month old with no interest in feeding
- Not drinking for more than eight hours (when awake)
- Bile stained (green), bloody or black vomit / sick

Activity and Body

- Soft spot on baby's head is bulging
- Eyes look sunken
- Child cannot be encouraged to show interest in anything
- Baby is floppy
- Weak, 'whining' or continuous crying in a younger child
- Older child who's confused
- Not responding or very irritable
- Stiff neck, especially when trying to look up and down

If your child has any of these symptoms, is geting worse, or is sicker than you would expect (even if their temperature falls), trust your instincts and seek medical advice urgently from NHS111 (telephone 111).

FOR MORE INFORMATION

Visit : nhs.uk/sepsis or sepsistrust.org

uaware note

This information was copied from a Sepsis Trust leaflet picked up from Boots during September 2017.

(1st October 2017)


THE BOTNET ARMY - TRACKER REVEALS THE EUROPEAN 'BOTSPOTS' POWERING GLOBAL CYBERATTACKS
(International Business Times, dated 27th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/botnet-army-tracker-reveals-european-botspots-powering-global-cyberattacks-1641063

Swarms of internet-connected devices infected with malware have become a popular tool for hackers as their collective power can be used to launch cyberattacks.

Known as bot networks - or botnets - they typically include hijacked computers, smartphones or internet of things (IoT) devices which can be deployed at will to spread malware, generate spam and conduct distributed denial of service (DDoS) attacks.

This week (27 September), Symantec released an updated botnet tracker, sharing insight into where bots are lurking in the Europe, the Middle East and Africa (EMEA) region.

According to the firm, 6.7m bots joined the global botnet in 2016, and Europe made up nearly one-fifth (18.7%) of the world's total bot population.

The UK, Symantec said, was Europe's 11th highest source of bot infections, falling from 7th place in 2015.

The City of London boasted the majority of the UK's bot infected devices with 34.4% of all British bots located there at the time of writing.

"More than 13.8m people in the UK were victims of online crime in the past year, and bots and botnets are a key tool in the cyber-attacker's arsenal," said researcher Candid Wueest.

"It's not just computers that are providing criminals with their robot army; in 2016, we saw cyber criminals making increasing use of smartphones and Internet of Things (IoT) devices. In fact, IoT devices may be part of the uptick in global bot infections in 2016.

"Nearly a third (31%) of attacks originated from devices in Europe alone."

Indeed, the cities of Madrid, Istanbul and Moscow had more bots in their cities than the vast majority of nations had in their entire countries, Symantec said.

But Russia was home to the largest number of bots in all of Europe, with 13.6% of Europe's bot-infected devices residing there. However, with the largest internet-connected population in Europe, Russia's 'bot density' is comparatively low, experts revealed.

'Bot density' or 'bots per connected capita' is a comparison between a country's number of internet users and the volume of bot infections.

It aims to make it clear which countries have a true higher rate of infection.

With one bot for every 41 internet users, Russia was 31st in Europe and 94th in the world for 'bot density'. This comparatively low infection rate may be influenced to some degree by the codes of conduct of Russia's hacking community, researchers said.

"Russians infecting Russians is considered a hacking faux pas," Wueest noted.

"There have been instances in the past of hackers being 'doxxed' or outed to police by the hacking community for the sin of infecting local computers.

"The number of bot infections isn't typically representative of where cybercriminals live. Infection rates are typically lower in countries where users have better cyber-hygiene and hackers are often the most 'hygienic' or paranoid when it comes to their devices."

In comparison, Rome's Holy See, the world's smallest country, had the highest bot density not only in Europe, but globally. Its significantly smaller internet-connected populace meant Vatican users had approximately "a one in five chance of using a 'zombie' device."

In most cases, victims caught up in these networks are unwitting participants in crime.

For example, bot networks played a key role in the alleged Russian influence campaign during the 2016 US presidential election when they were used to amplify divisive messages, circulate conspiracy theories and share pro-Donald Trump talking points.

In another case from last year, swarms of IoT devices were enslaved into the so-called Mirai botnet and used to takedown websites including Reddit, Twitter and Netflix.

Concerned that your device may be enslaved in a bot army?

Symantec said that some key warning signs includes if your device starts drastically slowing down, displaying mysterious messages or crashing for no apparent reason. It advised users to keep up-to-date with security updateds and never to click suspicious links.

(1st October 2017)


SIXTEEN WAYS TO AVOID BEING HACKED WHEN SHOPPING ONLINE DURING BLACK FRIDAY
(The Telegraph, dated 27th September 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/technology/0/black-friday-ways-avoid-hacked-online/

Black Friday, the sales bonanza when millions of shoppers scour the internet for deals and discounts, is inching closer and closer.

Many shoppers will make their purchases by logging into online accounts with high-street retailers - accounts which contain sensitive details including credit card numbers, addresses and phone numbers and are often created in haste to bag the latest online deal.

But the Black Friday sales are also a great time for hackers: bargain-hunting consumers are often at risk of scam websites and fake marketing emails. Even on legitimate websites, poor security practices can land you in trouble.

Here are some simple tips from the Telegraph Technology team to keep you safe when shopping online this holiday season.

1. Never use a password more than once

Many of us are guilty of having had the same password for every account for years and, even worse than that, the most common 25 passwords include "123456", "password", and "abc123". The best way to keep your online accounts - from your internet banking to social media - secure is to never use the same password more than once.

Create a different password for each online account that you have and store them in a password manager, such as DashLane, 1Password or LastPass. These services store passwords securely, save time from endlessly typing them out when you log in, and can randomly generate keys for you.

Once you've set up a secure set of account logins make sure you don't share your passwords with anyone.

2. Check if you've already been hacked

If you're worried that you might have been hacked or had any of your personal details compromised, it would be wise to change your usernames and passwords immediately. Before coming up with a string of new keys, though, you can use a service such as have i been pwned to find out if you have an account that has been compromised in a data breach.

Enter an email address or username into the search bar and it will tell you if you've been a victim.

https://haveibeenpwned.com/

3. Update with the latest patches

Downloading software updates as and when they're available is a good way to protect yourself. Software updates for computers, phones, tablets, and other devices generally include improved security settings and patches that fix vulnerabilities. This is also true of updates to any apps or programs that you have installed on those devices.

To make sure you receive the updates as soon as they're available you can enable automatic updates on your devices, often by looking in Settings.

4. Check before you download


Before downloading apps onto your phone or software on your computer do some research - check what it's asking for access to (look for apps permissions in Settings), check an app's rating in the iOS or Google Play story, read reviews online, and make sure you're downloading the official version.

5. Use the latest anti-virus software


If you use a Windows computer you should protect it using anti-virus software, such as AVG or Sophos. Make sure you regularly install the updates and scan for malware.

6. Look for the padlock

When using secure online services, such as email, online shopping or banking, and social media, always check there is a padlock symbol in front of the URL, and that the web address begins "https://" before you log in or register. Websites must pass certain security tests to be accredited with the padlock, and the 's' stands for 'secure'.

7. Watch what Wi-Fi you connect to

Make sure your home WiFi is protected with a strong password that only you and your family know. When out and about never use a hotspot that may be unsecured, especially when what you're doing is personal or private.

8. Keep your settings private


Check the privacy settings on all of your social media accounts so that only the people you want to share your information with can see it. You can restrict what others see about you in the Setting sections of your account.

For example, you can make your posts private on Facebook, and restrict what Google can know about you. Use a site like Ghostery to find out what websites are tracking you and easily block them.

9. Beware of public mobile charging points

It's possible to hack into a smartphone that is charging via USB in a public place, such as an airport, cafe or on public transport. To avoid being a victim, only plug your phone into trusted computers when using a USB cable.

10. Stick to encrypted messaging apps


End-to-end encrypted messaging apps such as WhatsApp, iMessage and Telegram protect your privacy by masking the contents of your messages from would-be eavesdroppers.

11. Always be careful of suspicious messages

Never open or forward a suspicious looking email, or respond to a social media message from someone you don't know. Watch out for phishing emails and text messages that ask you to log in or provide bank details.

Companies, such as Apple and WhatsApp, and government services will never email or text you to ask you to log into your account, provide bank details or download a program.

12. Type out web addresses


It's good practice to be suspicious of hyperlinks (particularly shortened links) that come from outside sources, such as unknown senders in an email. If you're asked to log into an account or provide payment details, type out the URL yourself and go directly to the legitimate site to make sure that you're not on a fake site that's designed to look like the official one.

13. Post in haste, repent at leisure


What goes online stays online so never say anything that could hurt, anger or endanger yourself or someone else.

14. Log off, log out

Always make sure you log out of your accounts when you've finished with them and log off a computer when you've finished using it.

15. Be a clever dater

With hundreds of thousands of us turning to dating apps every day in the quest to meet potential partners, there are a few ways to make sure you don't put yourself in a compromised position.

Try to avoid disclosing private information when using online dating sites, and take every precaution that profiles you are looking at are genuine. Never be tempted to send or transfer money to people you meet online, however unfortunate their story.

###How to avoid dating scams

- If you're suspicious about a profile report it to the dating website or app so they can investigate it.

- Try doing your own detective work - ask them for their full name and look them up on Google and social media.

- Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

- Remember, they may spend months building a relationship with you and will only ask for money once you're emotionally involved.

- Ask a friend for advice as they are not as emotionally involved as you, they may be able to see something you can't.

- Look out for fake or stolen photographs. You can use sites like TinEye.com to check the authenticity of a photo and you can try doing a reverse image search on Google (by clicking on the camera logo in the search bar and uploading an image) to see if they are using a fake picture.

- Never give out too much personal information, such as your home address, phone number or email.

- Consider setting up a new email address to use for online dating and perhaps even get a cheap Pay As You Go phone to use for making phone calls.

(Source: James Preece - dating expert)

16. Use your common sense

If an email offer looks too good to be true, the prices on a website are abnormally low or you receive an unsolicited telephone call offering computer support, it's probably a scam.

(1st October 2017)


RANSOMWARE SURGES AGAIN
(ZDNET, dated 27th September 2017 author Danny Palmer)

Full article [Option 1]:

www.zdnet.com/article/ransomware-surges-again-as-cyber-crime-as-a-service-becomes-mainstream-for-crooks/

Purchasing cybercrime-as-a-service tools such as malware and DDoS for hire services is no longer just something for low level or aspiring hackers, organised criminal gangs are taking advantage of these services as the underground criminal landscape continues to become more professionalised and mature.

But that doesn't mean the likes of ransomware attacks or phishing campaigns are going away, they're also more prolific than ever.

Europol's newly released 2017 Internet Organised Crime Threat Assessment analyses a number of the key trends in cyber crime - with the likes of WannaCry ransomware emphasising the global nature of attacks - and warns how the increasing willingness of professional cybercriminals to turn to crime-as-a-service schemes is set to create further risks.

Non-technical criminal groups can buy the likes of ransomware, or phishing tools to help carry out or cover traditional crimes from investigation by law enforcement.

"Crime-as-a-service is becoming more mature; it's now serious, organised crime that are using these services, this is no longer script-kiddies or youngsters sitting in their basements," said Philip Amman, Head of Strategy of the European Cyber Crime Centre, speaking at the launch of the report.

Put simply, no single cyber criminal organisation can specialise in every form of attack or nefarious activity, so there's an increasing market for the hiring of skills or the purchase of toolsets to help facilitate criminal activity - be they online, physical or both.

"When they require something outside their own area of competency, they need only to find someone offering the appropriate tool or service in the digital underground; they can simply buy access to what they need," says the report.

Nonetheless, while cyber criminal activity continues to professionalise and diversify, Europol notes that many attackers continue to stick to what they know - and for many, that's ransomware, which the report says has "eclipsed" most other global cybercriminal threats.

Indeed, the first half of 2017 saw ransomware attacks on a scale never seen before, with the spread the WannaCry ransomware-worm in May, followed by the outbreak of the self-spreading Petya in June.

Europol warns how these attacks have highlighted how reliance on internet connectivity, combined with poor digital hygiene standards and practices can enable such attacks to spread far and wide - and that many organisations need to do more to protect themselves.

"The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level," said Europol Executive Director Rob Wainright.

Banks and other major businesses are now targeted on a scale not seen before and, while police have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough.

However, despite the damage caused by the global ransomware attacks, the 2017 Internet Organised Crime Threat Assessment offers some silver-linings.

The report notes how one "unintended positive" of the global ransomware outbreaks is that it has raised awareness about the need for proper information security practices. Indeed, some in the criminal fraternity are already worried that this is the case.

But in order to combat the threat of cyber crime, Europol states that law enforcement must continue to focus on those developing and providing cyber crime and attack tools - particularly for the likes of ransomware, malware, and DDoS attack tools.

The idea is that by taking away the ability for criminal groups to simply buy the services they need, law enforcement will be able to focus on tracking down and stopping the kingpins.

"If we can do something to prevent cyber crime from happening in the first place, that's a win. Then law enforcement can focus on the top actors that provide key services and tools - DDoS for hire, botnets, counter-anti-virus. If we can counter that, law enforcement can focus on the main actors" said Amman.

The report identifies the No More Ransom initiative as successful example of this strategy, having provided free decryption tools to 29,000 victims and depriving criminals of an estimated EUR 8 million in ransoms. If law enforcement can make these attacks not-profitable, they will become unappealing to criminals.

Europol's newly released 2017 Internet Organised Crime Threat Assessment :

www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2017

(1st October 2017)


CAR THEFT SOARS AS CRIMINALS LEARN HOW TO BEAT SECURITY DEVICES
(The Telegraph, dated 27th September 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/09/27/car-theft-soars-criminals-learn-beat-security-devices/

The number of cars being stolen has soared by 30 per cent in the last three years as criminals work out ways to override sophisticated security measures, new figures have revealed.

The development of engine immobilisers and keyless technology had seen car theft fall to a record low four years ago.

But since then thieves have successfully developed techniques and technology that allows them to bypass modern anti-theft measures.

Organised crime gangs have been stealing many prestigious vehicles to order, before shipping them overseas.

As a result motorists are increasingly resorting to traditional security devices such as mechanical steering locks which fit over the wheel and were popular in the 1980s and 1990s.

Retailers report that the sale of such products has soared by almost 60 per cent in recent months as drivers seek to protect their vehicles.

Three years ago car theft reached fell to its lowest point in almost half a century, as manufacturers perfected technology that boasted of making many vehicles virtually theft proof.

Data from the Office for National Statistics (ONS) suggested that less than 70,000 cars were reported in 2014.

But the latest figures, released under the Freedom of Information Act, showed that since then, there has been a rapid increase in car theft, peaking at 85,688 in 2016 - a rise of almost 30 per cent.

Experts believe the rise is largely down to criminals catching up with the technology.

Mark Godfrey a director with RAC Insurance, which compiled the FOI data, said: "Unfortunately, these figures show a very unwelcome rise in the theft of vehicles from much lower numbers in 2013.

"Technology advances in immobilisers, keys and car alarms had caused the number of vehicle thefts to decrease significantly from more than 300,000 in 2002, but sadly they have now increased after bottoming out in 2013 and 2014.

"We fear thieves are now becoming more and more well equipped with technology capable of defeating car manufacturers' anti-theft systems."

Mr Godfrey said this was bad news for motorists because it caused car insurance premiums to rise, but said motorists could take steps to protect themselves by parking in well lit areas and never leaving the keys in the ignition.

But he added: "In addition, anti-theft devices such as steering wheel locks which were popular in the 1980s and early 1990s are starting to make a comeback as they are still a very effective visible deterrent.

"This is quite ironic as they were replaced a number of years ago by alarms and immobilisers, which until now, offered better theft prevention."

A spokesman for Halfords said they had seen a sharp rise in the sale of traditional security devices in recent months, following a spike in car crime.

David Hammond, car security expert at Halfords said: "Organised gangs have mastered how to get around high-tech security devices, leading to a significant rise in car thefts across the UK.

"To guard against falling victim to these car thieves, police are advising drivers to invest in a physical deterrent like a classic steel steering lock.

"These first became popular in the 1980s and '90s but remain an extremely effective - and visual - way of deterring thieves, and we've recently seen an increase in sales as car owners turn to old school solutions."

Deputy Assistant Commissioner Graham McNulty, the National Police Chiefs' Council Lead for Vehicle Crime said: "In recent years vehicle theft has started to increase across the country following many years of reductions.

"We are seeing more sophisticated operations by organised crime gangs exporting cars for profit as well as increasing scooter and motorcycle and keyless car theft.

"Police forces are working with the Home Office, the National Crime Agency, the National Vehicle Crime Intelligence Service, Europol and car manufacturers to design-out crime and disrupt these networks."

(1st October 2017)


HACKERS WANT TO CRACK BANK ATM NETWORKS
(ZDNET, dated 26th September 2017 author Danny Palmer)

Full article [Option 1]:

http://www.zdnet.com/article/hackers-want-to-crack-bank-atm-networks-and-your-nearest-cash-machine-is-probably-running-windows-xp/

Cyberattacks against ATMs aren't new, but until now they've mostly required the attackers to have physical access to the target machine in order to compromise it.

However, a joint report by Europol and Trend Micro warns how hackers are increasingly targeting banks' corporate networks in an effort to move across to ATMs and infect them with malware.

The fact the machines are basically moneyboxes attached to a Windows PC makes them an appealing target for attackers, but the icing on the cake for criminals is how large swathes of ATMs are running on obsolete or unsupported operating systems.

"A majority of ATMs installed worldwide still run either Windows XP or Windows XP Embedded. Some of the older ATMs run Windows NT, Windows CE, or Windows 2000. Microsoft," said the report.

According to the Cashing in on ATM Malware report, that means there are hundreds of thousands of cash machines which no longer receive support.

The WannaCry ransomware outbreak demonstrated how at risk unsupported and unpatched systems can be to cyberattacks, meaning that with the correct technical expertise, a criminal operation could exploit the vulnerabilities in an ATM to make off with a fortune via a network-based attack -- or even shutting down machines.

"Should a worm like WannaCry or NonPetya ever manage to breach these networks, then the effect could be devastating, knocking out the whole network," Simon Edwards, cybersecurity solution architect at Trend Micro told ZDNet.

It isn't theoretical; hackers have already demonstrated how they can remotely attack ATMs without physical access to the device on a number of occasions -- like many other forms of cyberattack, the infiltration begins with phishing emails sent to bank employees. If one of these is successful, the hackers can access the rest of the network.

One example is ATMitch, which saw hackers remotely infect banks -- one in Khazakstan and one in Russia -- with malware. The infection allowed the attackers to issue remote commands to the machine, allowing it to distribute money to people working alongside the hackers.

Another incident saw hackers able to access 41 ATMs in Taiwan, stealing a total of $2.5 million from 22 branches of First Commercial Bank without using cash cards or even touching the PIN pads. Some of the perpetrators were eventually tracked down and sentenced for their involvement, but not all of the funds were recovered.

Trend Micro and Europol have dubbed the rapid developments in network-based ATM malware attacks as "unnerving" because "the criminals have realized that not only can ATMs be physically attacked, but it is also very possible for these machines to be accessed through the network".

While this type of attack has mostly only been seen in regions such as South America and Asia, the report warns that it won't be long before North America and Europe see this type of attack as "we believe this to be a new tendency that is probably going to consolidate in 2017 and beyond".

As a result, the report warns, law enforcement agencies must be aware that cybercriminal groups are looking to target ATMs in this way -- and financial organisations must take more steps to secure their ATM installations by installing more security layers, such as keeping the machines on a separate part of the network.

(1st October 2017)


BLOOD TEST TO SPOT KILLER SEPSIS IN HOURS
(London Evening Standard, dated 26th September 2017 author Ross Lydall)

Full article [Option 1]:

www.standard.co.uk/news/health/blood-test-to-spot-killer-sepsis-in-hours-a3643851.html

A device that could transform the treatment of sepsis worldwide by diagnosing potentially deadly infections within hours was unveiled today by London scientists.

Its inventors at Imperial College hope to have it available on NHS wards by next summer and say it could make the difference between "life and death" for critically ill patients.

There are about 123,000 cases of sepsis each year in England, and an estimated 30 million worldwide, with almost a third proving fatal.

Sepsis can be difficult to diagnose and very young and very old patients are most at risk.

Professor Chris Toumazou was due to tell a Royal Institution conference today about the LiDia test for blood infections that lead to sepsis.

It uses a semiconductor to analyse a 10ml blood sample, searching for evidence of about 20 of the most common bugs that cause sepsis, which leads to major organ failure.

The device - a disposable cartridge and main instrument box - gives results within two to three hours, compared to the several days that patients have to wait for their blood cultures to be analysed in the laboratory.

"By that time, the patient could almost be in rigor mortis," Professor Toumazou said.

The regius professor of engineering at Imperial said the "eureka moment" happened when he and a PhD student put saliva on a semiconductor and saw it spark into life.

He told the Standard: "The core of the technology is a semiconductor and microchips. As a result, it has been configured almost as a mini-computer.

"A blood sample is inserted at the front end. Within two to three hours, out comes the result. The result may be what the right antibiotic is, or should be, for that pathogen.

"This is one of the first technologies where we have focused on the genes of the bug… if you look at the DNA of the bug you can check whether or not it responds to antibiotics, or which antibiotics it is resistant to."

The device can be used by GPs or hospital doctors and cuts out the need to send samples to a lab.

Last year Professor Toumazou's spin-off firm, DNAe, won £38.5 million from the US government to expand its work into infectious diseases.

Alison Holmes, professor of infectious diseases at Imperial College London, said today's summit would highlight the work of UK experts.

"The potential for infectious diseases to spread rapidly is a live threat at a global level," she said.

(1st October 2017)


UK CYBER DEFENCES AMONG THE BEST IN EUROPE
(Computer Weekly, dated 25th September 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450426871/UK-cyber-defences-among-the-best-in-Europe

Topping the list of most prepared European Union (EU) nations is the Netherlands, with an overall cyber attack preparedness rating of 60%, according to a report by Website Builder Expert (WBE).

Following the Netherlands is Estonia (58%), France and Italy (57%) and the UK (56%). Conversely, the least prepared nations are Slovakia and Malta (34%), Greece (35%), Spain (38%) and Lithuania (40%).

The overall scores are an average of the cyber security commitment rating and pecentage of protected internet connections for each country.

Estonia has the highest commitment rating of 85%, compared with the UK's 78%, while Italy has the highest percentage of protected internet connections (51%) compared with the UK's (33%).

Although being rated at the most prepared, the Netherlands is second only to Romania in terms of its cyber crime "victimhood" rating of 21%, compared with Romania's 23%. The Netherlands is followed by Portugal (20%), Poland (20%) and Italy (19%).

Countries with the lowest cyber crime "victimhood" ratings are Finland (12%) and Slovakia (14%), along with Germany, Ireland and Austria, which all have a rating of 15%.

Taking into account a range of factors including previous encounters with cyber crime, malware encounter rates, commitment to cyber security initiatives, and how exposed each country's internet connections are, the study shows that Malta is the EU nation most at risk of cyber crime, with a vulnerability score of 42%.

Despite ranking in the middle of the pack for malware and cyber crime encounters, it was Malta's high percentage of exposed internet connection ports (73% of all ports), lack of cybersecurity legislation and poor international co-operation that pushed it to the top of the vulnerability index.

This means that Malta's population, despite encountering a lower incidence of cyber crime than their European neighbours, are actually at far more risk in the long run with few protective or preventative measures in place.

Malta is followed by Romania and Slovakia, which both have a vulnerability rating of 41%, Spain (40%), and Portugal, Lithuania, Cyprus and Hungry with a rating of 39%.

On the opposite end of the scale, Finland was deemed the most cyber-secure country with a vulnerability rating of just 29%, which the report ascribed to the fact that Finland has one of the lowest cyber crime encounter rates in Europe and is one of the most prepared nations too, second only to the UK.

The UK's vulnerability rating is 31%, along with France and Italy, and second only to Estonia, Germany and the Netherlands, all with a vulnerability rating of 30%.

James Kiernan, director of WBE, said that with the threat of cyber crime becoming more evident each day, cyber security on an international level is more important than ever if countries want to protect their interests and residents.

"While it is reassuring to see countries such as the UK and Germany among the safer nations, the level of cyber vulnerability across Europe is still cause for alarm, especially in the wake of June's massive [NotPetya] cyber attack," he said.

The NotPetya attack appears to have targeted mainly organisations in Ukraine, including the central bank, the Ukrenego electricity supplier, the Chernobyl nuclear power plant, and airport and metro services throughout the country.

However, companies outside the Ukraine were also affected, including London-headquartered WPP, US-based pharmaceutical company Merck, multinational law firm DLA Piper, Russian oil company Rosneft, Netherlands-based shipping company TNT and French construction materials company Saint-Gobain.

Danish transport and shipping giant AP Moller-Maersk is believed to have been one of the hardest hit, with the financial impact of the attack estimated at $200m to $300m (£222m), while the UK's WPP estimates the cost at between £10m and £15m before insurance.

UK National Cyber Security Centre (NCSC) technical director Ian Levy recently warned that the UK risks a C1-level national cyber security incident if organisations do not change their approach to cyber security.

He said the NCSC wants to publish data and evidence to ensure that people really understand how to do risk management properly. "Cyber security is just risk management, which is not fundamentally different to HR, legal or financial risk management," he said.

Levy also believes that the way technology tends to be designed currently makes impossible security demands on people.

As a result, he said security professionals have spent the past 25 years saying people are the weakest link. "But this is stupid," he said. "People cannot be the weakest link [because] they are people who do jobs, and they are people who create value in their organisations.

"What this tells us is that the technical systems are not built for people. Techies build systems for techies, not normal people," said Levy.

(1st October 2017)


DELOITTE HIT BY CYBER-ATTACK REVEALING CLIENTS SECRET EMAILS
(The Guardian, dated 25th September 2017 author Nick Hopkins)

Full article [Option 1]:

www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails

One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
Business Today: sign up for a morning shot of financial news
Read more

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte's clients have been told their information was "impacted" by the hack. Deloitte's internal review into the incident is ongoing.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

The hacker compromised the firm's global email server through an "administrator's account" that, in theory, gave them privileged, unrestricted "access to all areas".

The account required only a single password and did not have "two-step" verification, sources said.

Emails to and from Deloitte's 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft's equivalent to Amazon Web Service and Google's Cloud Platform.

n addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte's most senior partners and lawyers were informed.

The Guardian has been told the internal inquiry into how this happened has been codenamed "Windham". It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.

The team investigating the hack is understood to have been working out of the firm's offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.

It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.

Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. This kind of reverse-engineering is not foolproof, however.

A measure of Deloitte's concern came on 27 April when it hired the US law firm Hogan Lovells on "special assignment" to review what it called "a possible cybersecurity incident".

The Washington-based firm has been retained to provide "legal advice and assistance to Deloitte LLP, the Deloitte Central Entities and other Deloitte Entities" about the potential fallout from the hack.

Responding to questions from the Guardian, Deloitte confirmed it had been the victim of a hack but insisted only a small number of its clients had been "impacted". It would not be drawn on how many of its clients had data made potentially vulnerable by the breach.

The Guardian was told an estimated 5m emails were in the "cloud" and could have been been accessed by the hackers. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate.

"In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte," a spokesman said.

"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

"The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers.

"We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.

"Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested."

Deloitte declined to say which government authorities and regulators it had informed, or when, or whether it had contacted law enforcement agencies.

Though all major companies are targeted by hackers, the breach is a deep embarrassment for Deloitte, which offers potential clients advice on how to manage the risks posed by sophisticated cybersecurity attacks.

"Cyber risk is more than a technology or security issue, it is a business risk," Deloitte tells potential customers on its website.

"While today's fast-paced innovation enables strategic advantage, it also exposes businesses to potential cyber-attack. Embedding best practice cyber behaviours help our clients to minimise the impact on business."

Deloitte has a "CyberIntelligence Centre" to provide clients with "round-the-clock business focussed operational security".

"We monitor and assess the threats specific to your organisation, enabling you to swiftly and effectively mitigate risk and strengthen your cyber resilience," its website says. "Going beyond the technical feeds, our professionals are able to contextualise the relevant threats, helping determine the risk to your business, your customers and your stakeholders."

In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world.

Earlier this month, Equifax, the US credit monitoring agency, admitted the personal data of 143 million US customers had been accessed or stolen in a massive hack in May. It has also revealed it was also the victim of an earlier breach in March.

About 400,000 people in the UK may have had their information stolen following the cybersecurity breach. The US company said an investigation had revealed that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

(1st October 2017)



COPS SHUT 28,000 SITES FLOGGING KNOCK-OFF FOOTIE KITS AND OTHER TAT
(The Register, dated 25th September 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/09/25/cops_shut_28k_sites_flogging_knock_off_goods/

Cops have closed 28,000 websites selling counterfeit goods over the last three years, the City of London Police's Intellectual Property Crime Unit (PIPCU) revealed today.

Out of those, more than 4,000 were registered using stolen identities of the UK public. Some 400 individuals have had their identity stolen and used in setting up criminal websites.

One of the main consequences of buying counterfeit goods on websites, social media and online is identity crime, it said.

When buying items, people will part with personal details such as their address and financial information which allows fraudsters to set up new websites selling counterfeit goods in their name.

That can negatively affect punters' credit score and chance of getting credit in the future, and can also take up to 300 hours for their identities to be fully regained.

Over 15,000 reports linked to identity crime were received by Action Fraud between April 2016 and March 2017.

PIPCU has launched an awareness campaign today which warns the public that "there's more at stake when it's a fake".

Apparently fake football shirts were among the most popular counterfeit items.

PIPCU recommended customers always ensure the website address begins "https" at the payment stage and watch out for pop-ups asking for confirmation of card details.

Detective Inspector Nicholas Court, from PIPCU, said: "We are aware of many occurrences where criminals have put consumers at risk, compromising their identity as a result of their online shopping habits."

In July, PIPCU confirmed it had confiscated hundreds of thousands of pounds worth of counterfeit Cisco networking gear.

(1st October 2017)

43,000 NEW PHISHING SITES ARE CREATED EVERY DAY
(Netsecurity, dated 22nd September 2017)

Full article [Option 1]:

www.helpnetsecurity.com/2017/09/22/46000-new-phishing-sites/

An average of 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data collected by Webroot shows today's phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are hard to find using web crawlers, and they trick victims into providing personal and business information.

Phishing attacks have grown at an unprecedented rate in 2017

Phishing continues to be one of the most common, widespread security threats faced by both businesses and consumers. Phishing is the number 1 cause of breaches in the world, with an average of more than 46,000 new phishing sites created per day. The sheer volume of new sites makes phishing attacks difficult to defend against for

Today's phishing attacks continue to be short-lived

The first half of 2017 highlights the continuing trend of very short-lived phishing sites, with the majority being online and active for only 4 to 8 hours. These short-lived sites are designed to evade detection by traditional anti-phishing strategies, such as block lists. Even if the lists are updated hourly, they are generally 3-5 days out of date by the time they're made available, by which time the sites in question may have already victimized users and disappeared.

Attacks are increasingly sophisticated and more adept at fooling the victim

In the past, phishing attacks randomly targeted as many people as possible, with the hope that a substantial amount would open an infected attachment or visit a malicious web page. Today's phishing is more sophisticated. Hackers do their research and utilize social engineering to uncover relevant personal information for individualized attacks. Phishing sites also hide behind benign domains and obfuscate true URLs, carrying more malignant payloads, and fooling users with realistic impersonated websites.

Mix of companies impersonated continues to evolve


Zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorized URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories. The top 10 companies being impersonated throughout the first six months of 2017 are:

- Google : 35%
- Chase : 15%
- Dropbox : 13%
- PayPal : 10%
- Facebook : 7%
- Apple : 6%
- Yahoo : 4%
- Wells Fargo : 4%
- Citi : 3%
- Adobe : 3%

SEE ALSO (uaware)


1.4 million phishing websites are created every month
(ZDNET, dated 22nd September 2017 author Danny Palmer)

Full article [Option 1]:

www.zdnet.com/article/1-4-million-phishing-websites-are-created-every-month-heres-who-the-scammers-are-pretending-to-be/

(1st October 2017)


SINGAPORE SEEN AS TOP SPOT TO LAUNCH GLOBAL CYBER ATTACKS
(Bloomberg Technology, dated 22nd September 2017 author Melissa Cheok)

Full article [Option 1]:

www.bloomberg.com/news/articles/2017-09-21/singapore-ranks-first-as-launchpad-for-global-cyber-attacks

Singapore has overtaken nations including the U.S., Russia and China as the country launching the most cyber attacks globally, according to Israeli data security firm Check Point Software Technologies Ltd.

The company, whose software tracks an average of eight to 10 million live cyber attacks daily, said Singapore rose to pole position after ranking in the top five attacking countries for the previous two weeks.

"It is not particularly unusual for Singapore to be featured among the top attacking countries," said Eying Wee, Check Point's Asia-Pacific spokeswoman.

A key Southeast Asian technology hub, much of the internet traffic flowing through Singapore originates in other countries. That means a cyber attack recorded as coming from Singapore may have been launched outside the country, she said.

The Cyber Security Agency of Singapore said there are a number of reports measuring cyber attacks, which are based on various methodologies and therefore provide different perspectives of the situation.

"As a commercial hub with high interconnectivity, Singapore is undoubtedly an attractive target for cybercriminals," a spokesman for the agency said in an email, adding that it's important for the nation to maintain high cybersecurity standards and take necessary measures to protect its systems and data.
Cyber Defense

The city-state, which wants to become a global technology hub, recently stepped up efforts to tighten cyber security after several high profile attacks on government agencies and companies.

"Singapore has now found itself on someone's list," Singapore's Defense Minister Ng Eng Hen said in July. "The attacks are orchestrated, the attacks are targeted, they want to steal specific information, there are minds behind this orchestration."

Earlier this year, Singapore's military established a cyber defense unit while the government drafted legislation to impose new cyber security requirements aimed at helping companies protect critical information infrastructure.

In May, Singapore stopped most of its public servants from being able to access the internet from their work computers. The nation's central bank has also set up an international advisory committee dedicated to enhancing the safety and resilience of Singapore's financial sector.

(1st October 2017)



MORE DATA LOST OR STOLEN IN FIRST HALF OF 2017 THAN THE WHOLE OF LAST YEAR
(The Register, dated 20th September 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/09/20/gemalto_breach_index/

More data records have been lost or stolen during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).

Digital security company Gemalto's Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are lost or stolen every day.

During the first half of 2017 there were 918 reported data breaches worldwide, compared with 815 in the last six months of 2016, an increase of 13 per cent. A total 22 breaches in Q1 2017 included the compromise, theft or loss of more than a million records.

Gemalto estimates less than 1 per cent of the stolen, lost or compromised data used encryption to render the information useless.

Malicious outsiders (cybercriminals) made up the largest single source of data breaches (74 per cent) but accounted for only 13 per cent of all stolen, compromised or lost records. While malicious insider attacks only made up 8 per cent of all breaches, the amount of records compromised was 20 million, up from 500,000 in the previous six months.

North America still makes up the majority of all breaches and the number of compromised records, both above 86 per cent. The number of breaches in North America increased by 23 per cent with the number of records compromised increasing threefold (up 201 per cent).

Traditionally, North America has always had the largest number of publicly disclosed breaches and associated record numbers, although this may change somewhat next year when global data privacy regulations like the European General Data Protection Regulation (GDPR) and Australia's Privacy Amendment (Notifiable Data Breaches) Act come into play.

Europe only had 49 reported data breaches (5 per cent of all breaches), a 35 per cent decline from the six months before.

The UK had the second highest number of reported incidents after the US, with 40 (down from 43). A total of 28,331,861 data records were compromised in the UK in H1 2017 (up 130 per cent from H2 2016).

Half of data incidents in the UK involved a malicious outsider (50 per cent), with 38 per cent attributed to accidental loss. Two-thirds of the breaches in the UK are classified as identity theft (65 per cent).

Government was the single biggest source of security incidents with 12 in H1 2017, ahead of technology firms (seven) and healthcare (six).

The Breach Level Index, which has been running since 2013, benchmarks publicly disclosed data breaches.

As new regulations such as the UK's Data Protection Bill and GDPR come into effect, the numbers of disclosed breaches could skyrocket.

(1st October 2017)

POLICE FORCES "MIGHT WORK WITH VIGILANTE PAEDOPHILE HUNTERS"
(The Telegraph, dated 18th September 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/09/18/police-forces-might-work-vigilante-paedophile-hunters/

The UK's lead police officer on child protection has said forces will "potentially" have to look at working with so-called paedophile hunters.

Senior officers have previously said vigilante groups such as Dark Justice or The Hunted One could put child abuse investigations at risk.

But figures obtained by the BBC show an increase in the number of cases where evidence gathered by paedophile hunters is being used.

More than 44 per cent (114 of 259) cases of the crime of meeting a child following sexual grooming used this evidence in 2016, compared to 20 out of 176 cases in 2014 (11.3 per cent).

Chief Constable Simon Bailey, the national lead for child protection at the National Police Chiefs' Council, told the BBC: "(These) vigilante groups are putting the lives of children at risk.

"I'm not going to condone these groups and I would encourage them all to stop, but I recognise that I am not winning that conversation."

When asked whether police could work with vigilantes, he said: "I think that's something we're going to have to potentially have to look at, yes, but it comes with some real complexity."

Tyneside-based duo Dark Justice claim on their website to have helped apprehend 104 sex crime suspects, leading to 50 convictions.

A sting operation by a group known as The Hunted One descended into violence as they ambushed a man who sent sexual messages to a decoy account.

Their target, Mirza Beg, 29, was jailed at Maidstone Crown Court in August for 40 months after he turned up with condoms at the Bluewater Shopping Centre in Greenhithe, near Dartford, Kent, believing he was meeting a 14-year-old girl.

(1st October 2017)



HACKERS SLIPPED MALWARE INTO POPULAR PC SOFTWARE CCLEANER

(Yahoo Finance, dated 18th September 2017 author Matt Brian)

Full article [Option 1]:

https://finance.yahoo.com/news/hackers-slipped-malware-popular-pc-142300993.html

A popular PC-cleaning software used by over 130 million people put users at risk after hackers were able to insert malware into legitimate downloads. Piriform's CCleaner, owned by antivirus provider Avast, was found to be hosting a "contained a multi-stage malware payload" that could install ransomware or keyloggers and further infect target computers on command.

According to Avast, around 2.27 million people ran the affected software, which was delivered via a hacked server. The impact is damaging, but considering that the application has amassed over 2 billion downloads and adds around 5 million new users each month, it could have been significantly worse. The company said it has already forced updates of the affected version and in its own words was "able to disarm the threat before it was able to do any harm."

Starting life as a "crap cleaner," CCleaner has earned a reputation for its ability to remove rogue programs and clear things like tracking cookies on Windows PCs. Users trust the brand, which makes it a prime target for attackers. "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates," said Cisco Talos researchers, who discovered the threat, in a blog post.

The attack vector isn't a new one, but it's become a lot more prevalent in recent months. The Petya ransomware was distributed via a similar method and hackers also modified the Mac Bittorrent app Transmission on official servers to compromise users' computers.

In the past, attackers would create fake alternatives of popular applications and trick people into downloading them. The trend now, however, is to attack the download source directly and gain access to legitimate servers. Once they are in, it's a case of loading the trusted software with a nefarious payload, with the end-user being none the wiser.

"This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world," Cisco Talos warns. "Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected."

-----------------------

See also :

HACKERS COMPROMISED CCLEANER FREE SOFTWARE, AVAST'S PIRIFORM SAYS
(Reuters, dated 18th September 2017 author Joseph Menn)

Full article [Option 1]:

www.reuters.com/article/us-security-avast/hackers-compromised-free-ccleaner-software-avasts-piriform-says-idUSKCN1BT0R9

-----------------------

(1st October 2017)


BT LAUNCHES SYDNEY CYBERSECURITY CENTRE
(ZDNET, dated 18th September 2017 author Corinne Reichert)

Full article [Option 1]:

www.zdnet.com/article/bt-launches-sydney-cybersecurity-centre/

Telecommunications provider BT and the New South Wales government have announced the launch of a global cybersecurity research and development (R&D) centre in Sydney.

The NSW government's Jobs for NSW invested AU$1.67 million in support of the centre, the state's Minister for Innovation and Better Regulation Matt Kean said, with BT making a AU$2 million investment in capital infrastructure.

"This facility is a major boost for our economy, and will be a real-time nerve centre protecting large enterprises, industries, governments, and even nations from cyber attack," Kean said.

BT will also make a "multimillion investment" in order to employ cybersecurity specialists, Kean added.

According to BT, the cybersecurity hub expands on its already existing security operations centre (SOC) in North Sydney, and will provide 172 new jobs over the next five years, including 38 graduate positions.

"The hub is BT's first cybersecurity R&D facility outside of the United Kingdom, and will employ highly qualified cybersecurity specialists," BT said on Monday.

"The areas of expertise in the new hub will include cybersecurity, machine learning, data science analytics and visualisation, big data engineering, cloud computing, data networking, and the full life cycle of software engineering."

Kean said the NSW government -- which also invested in a startup hub in July, and handed out AU$10 million to incubators and accelerators and AU$3 million in direct grants to startups while providing AU$96 million to the Jobs for NSW initiative -- is hoping the centre's opening will attract and retain IT talent in the state.

"This operation will help keep Australia's best cybersecurity talent here in NSW, and nurture our next generation of specialists to ensure we remain a regional leader in this fast-growing industry," the minister said.

"I'm confident job opportunities offered by BT will also act as an incentive for Australian citizens currently working overseas to come back home and bring their highly valuable skills with them."

BT has 14 SOCs worldwide, which develop, provide, and deploy managed security services for customers across 180 countries.

BT had in May told ZDNet that it was undertaking much of its ongoing development on its new cybersecurity platform -- the Assure Cyber Platform system -- out of its Australian R&D arm.

BT's Assure Cyber Platform makes use of both a computerised element, which uses learning algorithms to sort through the data and learn from it, in addition to a human element in order to combine creative attention to detail with the "relentless efficiency" of computers.

"At least for now, you can't replace people," BT Global Services chief architect for Asia, the Middle East, and Africa Matt Allcoat told ZDNet at the time.

"People have an uncanny knack to spot odd things ... so we have a load of visualisation software that we put on the front of the data lake, and it allows human operators to literally visualise on big screens what this thing is."

BT at the time also took the wraps off its Dynamic Network Services portfolio comprising three offerings: Bandwidth on demand; on-demand virtual services; and on-demand software-defined wide-area networks (SD-WAN).

The first stage enables customers to turn up and down the speeds they're using at will under consumption-based pricing, BT said, which is aimed at aiding the increasing uptake of cloud solutions.

The second phase will see "purely virtual" products, cloud service nodes, and technologies launch by mid-2018, with such network services able to be switched on and off as and where needed by companies, and will be charged via hourly usage, BT told ZDNet.

The final piece of the puzzle involves provisioning on-demand virtual networks, with BT kicking off its SD-WAN suite with the release of Nokia's Agile Connect product, to be joined by Cisco intelligent WAN (IWAN) products in the future.

BT said it is able to extend its virtual networks not only over its own infrastructure, but also over the top of any other carrier.

To match these new network offerings, BT said it was focused on improving its security services.

Earlier this month, BT then announced its new cloud-based "business-platform-as-a-service" offering, which is aimed at speeding up the time it takes businesses to go to market with digitised services.

BT said the new platform, labelled the BT Personalised Compute Management System (PCMS), allows customers to access, purchase, and bring their own digital services to market within around 12 weeks.

It utilises BT's "cloud of clouds" solution, which connects customers to cloud collaboration apps, security services, third-party datacentres, customer datacentres, and third-party cloud services including Cisco, Amazon Web Services, Microsoft Azure, Oracle, HPE, Salesforce, Equinix, Google, and IBM Softlayer.

PCMS contains a global catalogue of services with localised sales channels, allowing customers to buy online in their own currency, contract terms, taxation laws, and language, BT explained.

The platform currently has more than 45 digital business support processes, including customer management, product management, user authentication, order management, and billing solutions.

(1st October 2017)


EQUIFAX HACK PUTS DATA OF 400,000 UK CUSTOMERS AT RISK

(The Guardian, dated 16th September 2017 author Press Association)

Full article [Option 1]:

www.theguardian.com/technology/2017/sep/16/equifax-hack-puts-data-of-400000-uk-customers-at-risk

About 400,000 people in the UK may have had their information stolen following a cybersecurity breach at the credit monitoring firm Equifax.

The US company said an investigation had revealed that a file containing UK consumer information "may potentially have been accessed".

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.

In an effort to provide reassurance, the firm said it was unlikely people would be hit by "identity takeover". It said it would contact them in writing to offer advice and a free identity protection service to monitor their personal information and data.

Equifax's president, Patricio Remon, said: "We apologise for this failure to protect UK consumer data. Our immediate focus is to support those affected by this incident and to ensure we make all of the necessary improvements and investments to strengthen our security and processes."

Equifax alerted the public to the cyber-attack on 7 September. The data of 143 million people was breached in America.

Equifax said its UK systems had not been impacted by the attack but that information on British consumers may have been accessed because of a process failure in 2016 that meant a limited amount of UK data was stored on the US system between 2011 and 2016.

The UK consumer data that may have been stolen does not include "any single Equifax business clients or institution," it said.

The alert comes after the Information Commissioner's Office (ICO) ordered Equifax to alert British customers following the firm's announcement that criminals had exploited a website application to access its files.

Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.

A spokesman for the ICO said: "It is always a company's responsibility to identify UK victims and take steps to reduce any harm to consumers.

"The Information Commissioner's Office have been pressing the firm to establish the scale of any impact on UK citizens and have also been engaging with relevant US and UK agencies about the nature of the data breach.

"It can take some time to understand the true impact of incidents like this, and we continue to investigate.

"Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with.

"We also advise that people review their financial statements regularly for any unfamiliar activity.

"If any financial details appear to have been compromised, victims should immediately notify their bank or card company. If anyone thinks they may have been a victim of a cyber crime they should contact Action Fraud."

Equifax said the investigation into the data breach was ongoing and it was working with the Financial Conduct Authority and the ICO.

Cyber-attacks have become an increasing problem for firms that hold a large amount of customer data. HSBC and TalkTalk are among the most high profile British firms to be hit in recent years.

uaware - further information

-----------------------

The Equifax breach and 5 years of missed warning signs
(Huffington Post, dated 17th September 2017 author Dante Disparte)

Full article [Option 1]:

www.huffingtonpost.com/entry/the-equifax-breach-and-5-years-of-missed-warning-signs_us_59bf2480e4b06b71800c3b07

-----------------------

EQUIFAX AND THE UK - WHATS GOING ON ?
(BBC News, dated 14th September 2017 author Rory Cellan-Jones)

Full article : www.bbc.co.uk/news/technology-41257580

-----------------------

CYBERSECURITY INCIDENT AND IMPORTANT CONSUMER INFORMATION
(Equifax, 15th September 2017)

Full article [Option 1]: https://www.equifaxsecurity2017.com/

-----------------------

CREDIT CARD FRAUD SPIKES AFTER EQUIFAX CYBER-ATTACK
(New York Post, dated 8th September 2017 author Lisa Fickenscher)

Full article [Option 1]:

http://nypost.com/2017/09/08/credit-card-fraud-spikes-after-equifax-cyber-attack/?utm_campaign=partnerfeed&utm_medium=syndicated&utm_source=flipboard

-----------------------

EQUIFAX IT LEADERS "RETIRE" AS COMPANY SAYS IT KNEW ABOUT THE BUG THAT BROUGHT IT DOWN
(The Register, dated 17th September 2017 author Simon Sharwood)

Full article [Option 1]: www.theregister.co.uk/2017/09/17/equifax_cio_and_cso_retire/

-----------------------

(1st October 2017)

POLICE TAKE 40 MINUTES TO REACH 999 CALLERS
(London Evening Standard, dated 15th September 2017 author Justin Davenport)

Full article [Option 1]:

Scotland Yard has reviewed response policing in parts of London after officers took nearly 40 minutes to reach emergency calls.

Police took an average 36 minutes to respond to 999 calls in Redbridge in June, and 35 minutes in Barking and Dagenham.

The boroughs are part of a trial "super borough" - which also includes Havering - set up in a bid to modernise the force.

Camden and Islington were also merged under the scheme and figures show the Met also failed to reach target response times for 999 calls in these boroughs in June.

Launched in January, the two areas are paving the way for a shake-up in policing in London which will see fewer senior officers and an end to the 32-borough structure.

Critics of the plan say it will leave vast areas under the command of relatively junior officers. Insiders claim that response officers are forced to race on blue lights from an emergency call at one end of a "super borough" to another miles away.

Concerns were raised about figures showing that police were failing to reach the most urgent "I-grade" or "immediate" 999 calls within a target time of 15 minutes.

Typically, these are calls where a resident is reporting a burglar in their home or where someone is in danger of serious injury.

Figures seen by the Standard show response times in the five test boroughs steadily worsened from January when the project began.

Insiders say hundreds of priority calls - so-called "S" calls which should be answered inside one hour - were not even attended on the day they were made but handed to the next shift.

Scotland Yard today admitted some emergency calls were handed over to the following day's shift but insisted police control room operators stayed in touch with callers to ensure that lives were not at risk.

Deputy Assistant Commissioner Mark Simmons, who is responsible for the trial, said: "We have had a problem with response times in these three boroughs [Redbridge, Barking and Dagenham, and Havering], some of the changes we put in place did not work in the way that we thought they would.

We have made significant changes to address that and we have made improvements in response times.

"They are not back to where we want them to be but they are heading in the right direction."

Police say 73 per cent of calls in the three boroughs are now within 15 minutes, compared with 50 per cent in June. The average response time is now just over 10 minutes.

(1st September 2017)


ANOTHER MONTH, ANOTHER MALWARE OUTBREAK IN GOOGLE'S PLAY STORE
(The Register, dated 15th September 2017 author Iain Thomson)

Full Article [Option 1]:

www.theregister.co.uk/2017/09/15/malware_outbreak_googles_play_store/

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory's code checking system.

The malware was dubbed ExpensiveWall by Check Point security researchers because it was found in the Lovely Wallpaper app. It carries a payload that registers victims for paid online services and sends premium SMS messages from a user's phone and leaves them to pick up the bill. It was found in 50 apps on the Play Store and downloaded by between 1 million and 4.2 million users.

The malware is a strain that the researchers first spotted in the Play Store in January, but with one crucial difference. This time the authors had encrypted and compressed the malware, making it impossible for Google's automated checking processes to spot.

Once downloaded, the malware asks for permission to access the internet and send and receive SMS messages. It then pings its command and control server with information on the infected handset, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI numbers.

The servers then send the malware a URL, which it opens in an embedded WebView window. It then downloads the attack JavaScript code and begins to clock up bills for the victim. The researchers think the malware came from a software development kit called GTK.

"Check Point notified Google about ExpensiveWall on August 7, 2017, and Google promptly removed the reported samples from its store," the researchers note. "However, even after the affected Apps were removed, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later."

It appears that Google missed warnings about the malware infection. The user comments section of at least one of the infected apps was filled with outraged users noting that it was carrying a malicious payload and it appears that the apps were being promoted on Instagram.

Cases of malware infecting Google's Play Store are becoming depressingly common. Just last month it was banking malware and a botnet controller, in July commercial spyware made it in, advertising spamming code popped up in May (preceded by similar cases in March and April), and there was a ransomware outbreak in January.

By contrast, Apple's App Store appears to do a much better job at checking code, and malware is a rarity in Cupertino's app bazaar. While some developers complain that it can take a long time to get code cleared by Apple, at least the firm is protecting its customers by doing a thorough job, although Apple's small market share also means malware writers tend not to use iOS for their apps.

By contrast, Google's Bouncer automated code-checking software appears to be very easily fooled. Google advised users to only download apps from its Store, since many third-party marketplaces are riddled with dodgy apps, but that advice is getting increasingly untenable.

It's clear something's going to have to change down at the Chocolate Factory to rectify this. A big outbreak of seriously damaging malware could wreak havoc, given Android's current market share, and permanently link the reputation of the operating system with malware, in the same way as Windows in the 90s and noughties.

(1st October 2017)


UK TERROR ARRESTS RISE 68% TO RECORD LEVEL DURING YEAR OF ATTACKS
(The Guardian, dated 14th September 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/sep/14/uk-terror-arrests-rise-68-record-level-during-year-attacks

The number of people arrested for terrorism-linked offences rose 68% to a record 379 in the 12 months to June, one of the most intense periods for terrorist attacks in recent history.

The Home Office said it was the highest number of terrorist arrests in a year since records began in 2001. They included 12 arrests linked to the Westminster attack in March, 23 connected with the Manchester Arena bombing in May, 21 arrests following the London Bridge attack in June and one in relation to the Finsbury Park van attack soon after.

The Home Office quarterly bulletin on the police's use of their counter-terrorism powers says 123 of those arrested were charged - 105 with terrorism offences - and 189 were released without charge. The rest were either bailed pending further investigation or faced alternative action.

So far, 32 of the 105 charged with terrorist offences have been prosecuted and found guilty and 68 are awaiting prosecution.

The number of terrorist prisoners in British jails has also risen in the past year, by 35% to 204. The Home Office said 91% of those in prison on 30 June held extreme Islamist views and a further 5% had far-right ideologies.

Police use of stop and search powers under the counter-terrorism laws rose by 17%, from 552 stops to 646. But the proportion of people arrested as a result of stops fell from 12% in the previous year to 8% this year.

The deputy assistant commissionerand senior national coordinator for counter-terrorism policing, Neil Basu, said six terrorist plots had been prevented since the Westminster attack in March.

"There is no doubt that since March and following the attacks in London and Manchester we have seen a shift-change in momentum. But while the terrorist threat has increased in recent months, so has our activity, reflected by this significant increase in arrests.

"We're taking every possible opportunity to disrupt terrorist activity - be it making arrests for terrorism offences, intervening where there are signs of radicalisation, or working with communities to prevent terrorists operating in their area," he said.

"Police, together with the security services are determined to make the UK as hostile an environment for terrorists as possible."

The figures show there have been 19 terrorist plots foiled in the UK by police and the UK intelligence community since June 2013. A broad spectrum of people have been arrested in connection with terrorism investigations in terms of age, gender and ethnicity.

"These figures show that there is no such thing as a 'typical' terrorist," Basu said.

"We're seeing young and old; women and men; all from a variety of different ethnic backgrounds and communities. It's therefore important that members of the public remain vigilant in all situations, and report any suspicious activity to police."

(1st October 2017)



NUMBER OF YOUNG PEOPLE PENALISED CARRYING KNIVES AT EIGHT YEAR HIGH
(The Guardian, dated 14th September 2017 author Damien Gayle)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/sep/14/number-of-young-people-penalised-for-carrying-knives-at-eight-year-high

More young people are being cautioned or sentenced for carrying knives than at any time for nearly eight years, new figures have revealed.

Under-18s were penalised for knife possession 1,180 times from April to June, Ministry of Justice statistics show - the highest quarterly tally for that age group since the period July to September 2009.

In total, 5,237 knife possession offences were dealt with by the criminal justice system in the three months to the end of June - up 6% on the equivalent period in 2016.

An MoJ report accompanying the statistics said knife possession offences fell between 2008 and 2014, but the trend has reversed in the last three years.

The figures come amid fresh concern about knife crime, particularly in London where 13 teenagers have been fatally stabbed so far this year. Teenagers have also been charged in many cases where adults have been the victims of deadly stabbings.

Police have shifted their outlook on youth knife crime away from a narrative of gang violence, and now say young people are more often carrying blades for status and self-protection.

Whitney Iles, of Project 507, a social enterprise that tackles the causes of violence, said the increase in knife crime had created a vicious spiral that spurred more young people to carry weapons. Fewer educational opportunities and a lack of decent jobs has also left young people feeling dismal about their future, making them more likely to take risks and adopt violent lifestyles, she said.

"These kinds of things spread, so you have to look at it from the more people that are carrying knives it means that more and more people are going to want to protect themselves," Iles said. "If you carry a knife it means that you are willing to put your life in danger and it means that you feel like your life is in danger - you go straight into survival mode.

"If we've got young people that are not seeing themselves as able to live a longer life or have the opportunities that they need or deserve, then what we have is a lot of young people who are thinking more in the moment."

Two in five adult offenders and 13% of juveniles were given an immediate custodial sentence. Three in 10 juvenile offenders and 7% of adults received cautions.

Under a "two strikes" system introduced in 2015, minimum sentences were introduced for those aged 16 and over who are convicted of a second or subsequent offence of possession of a knife or offensive weapon.

The punishments are at least six months imprisonment for adults, while young offenders face a minimum four-month detention and training order.

Dominic Raab, the justice minister, said: "We're catching and prosecuting more of those who carry a knife or blade. Those convicted are more likely to go to prison, and for longer terms. Knives are a scourge of communities. Our message to those carrying a knife is that you should expect to end up in jail."

So far, 26 young people have been killed by knives in the UK in 2017, according to the Guardian's count.

(1st October 2017)


CONFUSION HITS CONSUMER MARKET OVER US BAN OF KASPERSKY
(CNBC and Reuters, dated 14th September 2017)

Full article [Option 1]:

www.cnbc.com/2017/09/14/confusion-hits-consumer-market-over-us-ban-of-kaspersky.html

Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Labs software on Wednesday. Best Buy said it will no longer sell software made by the Russian company, although one security researcher said most consumers don't need to be alarmed.

Best Buy declined to give details about why it dropped Kaspersky products, saying that it doesn't comment on contracts with specific vendors. The Minneapolis Star Tribune first reported that Best Buy would stop selling Kaspersky software.

The U.S. Department of Homeland Security cited concerns about possible ties between unnamed Kaspersky officials and the Kremlin and Russian intelligence services. The department also noted that Russian law might compel Kaspersky to assist the government in espionage.

Kaspersky has denied any unethical ties with Russia or any government. It said Wednesday that its products have been sold at Best Buy for a decade. Kaspersky software is widely used by consumers in both free and paid versions, raising the question of whether those users should follow the U.S. government's lead.

Nicholas Weaver, a computer security researcher at the University of California, Berkeley, called the U.S. government decision "prudent"; he had argued for such a step in July. But he added by email that "for most everybody else, the software is fine."

The biggest risk to U.S. government computers is if Moscow-based Kaspersky is subject to "government-mandated malicious update," Weaver wrote this summer.

Kaspersky products accounted for about 5.5 percent of anti-malware software products worldwide, according to research firm Statista.

Another expert, though, suggested that consumers should also uninstall Kaspersky software to avoid any potential risks. Michael Sulmeyer, director of a cybersecurity program at Harvard, noted that antivirus software has deep access to one's computer and network.

"Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think would be assuming too much risk," he said. "There are plenty of alternatives out there."

Sulmeyer also said retailers should follow Best Buy's lead and stop selling the software.

Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn't immediately return messages seeking comment.

Various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.

Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.

Russia criticized the decision to band the software, saying the U.S. ban is delaying the recovery of bilateral ties between the two countries.

The decision by the U.S. government to stop using Kaspersky Lab products is "regrettable," the Russian embassy in the United States said.

"These steps can only evoke regrets. They only move back the prospects of bilateral ties recovery," the embassy said in a statement issued late on Wednesday.

It also called for consideration of Russia's proposal to form a joint group to address cybersecurity issues.

(1st October 2017)


ULTRASOUND TURNS SIRI AGAINST YOU

(New Scientist, dated 13th September 2017 author Nicole Kobie)

Full article [Option 1]:

www.newscientist.com/article/mg23531433-300-siri-and-alexa-can-be-turned-against-you-by-ultrasound-whispers/

DID you hear that? Alexa certainly did. Voice assistants have been hijacked using sounds above the range of human hearing. Once in, researchers were able to make phone calls, post on social media and disconnect wireless services, among other things.

That is a problem because voice assistants can also be connected to services ranging from smart thermostats to internet banking, so security breaches are pretty serious.

The hack was created by Guoming Zhang, Chen Yan and their team at Zhejiang University in China. Using ultrasound, a command inaudible to us was used to wake the assistant, giving the attacker control of the speaker, smartphone or other device, as well as access to any connected systems (Cryptography and Security, arxiv.org/abs/1708.09537).

The attack works by converting the usual wake-up commands - "OK Google" or "Hey Siri" - into high-pitched analogues. When a voice assistant hears these sounds, it still recognises them as legitimate commands, even though they are imperceptible to the human ear.

Yet it isn't easy to pull off. The attacker needs to be close to the target device to hack it, although it may be possible to play the commands via a hidden speaker as they walk past. Assistants falling for the ploy included Amazon's Alexa, Apple's Siri, Google Now and Microsoft's Cortana.

"Voice assistants are now connected to everything from thermostats to smart banking"

But not all devices were equally easy to fool. To take control of Siri, the owner's voice had to be surreptitiously recorded for playback before being converted to ultrasound, as Apple's system recognises only the speaker.

To secure voice assistants in the future, ultrasound could be suppressed, says Tavish Vaidya of Georgetown University in Washington DC. However, we should focus on protecting against unauthorised commands rather than limiting what assistants can do, he says.

(1st October 2017)

THEY HEAD FOR LONDON IN THE HOPE OF ESCAPING POVERTY....BUT THE SLAVE MASTERS ARE WAITING
(London Evening Standard, dated 13th September 2017 author Ed Cummings)

Full article [Option 1]:

www.standard.co.uk/news/modern-slavery/they-head-for-london-in-the-hope-of-escaping-poverty-but-the-slave-masters-are-waiting-a3633621.html

Down a dirt track on the outskirts of Lagos, sitting in a bare concrete safe house behind an eight-foot fence, the women told me their stories. How they had left their homes after the promise of a better life in Europe, only to find themselves beaten, abused, raped and forced to work as prostitutes.

Recognised as victims of trafficking and returned to safety in Nigeria, these were the lucky ones, although some of them struggled to believe it. But in bleak rooms all over London and the UK, their fellow victims are still being exploited and abused.

Anywhere that people dream of a better life, traffickers lie in wait to take advantage of them. Just as it is an international centre of other kinds of business, London has become a global hub for modern slavery.

As Kevin Hyland, the Independent Anti-Slavery Commissioner, tells the Standard: "London is a global city, truly multicultural, and while that's one of the best things about the capital, we know that criminals have also exploited that.

Where do Britain's modern slaves come from?

The majority of confirmed victims of slavery in the UK in 2016 came from these 30 countries (including the UK).

United Kingdom : 326
Albania : 699
Afghanistan : 83
Bangladesh : 54
Bulgaria : 21
China : 241
Czech Republic : 37
DR Congo : 22
Eritrea : 109
Ethiopia : 41
Egypt : 19
Ghana : 45
Hungary : 36
India : 100
Iran : 60
Iraq : 39
Latvia : 21
Lithuania : 38
Nigeria : 243
Pakistan : 70
Poland : 163
Philippines : 45
Romania : 202
Slovkia : 73
Somalia : 37
Sudan : 79
Thailand : 23
Uganda : 21
Vietnam : 519
Zimbabwe : 19

"London has a huge population with busy airports and a big economy. There is immense demand for illicit services. The criminals have been getting away with it for far too long.

"Compared to smuggling guns or drugs, trafficking of people has been seen as low-risk. We need to develop an understanding of the whole threat picture.

"Until recently we've been operating on unfounded intelligence, or myths. If we don't get these basics right, our response will be wrong."

The National Referral Mechanism identified almost 4,000 potential victims last year, from a staggering 108 countries. As our map shows, the most common foreign nationalities of the victims are Albanian, Vietnamese and Nigerian, followed by Chinese and Romanian.

Given that Mr Hyland estimates the true number of victims to be much higher, up to 13,000 and, according to the National Crime Agency, possibly in the tens of thousands, it's likely there are even more countries involved.

Mr Hyland has launched a report into the trafficking routes from Vietnam. One of his goals as commissioner is to show the complex relationships between Britain and origin countries, each of which has distinct cultural factors that can seem alien to British observers.

Nigerian women might fear a Juju curse. Vietnamese boys - young males make up the largest cohort of Vietnamese modern slaves in Britain - live in fear of debt. A typical case might involve a friend or neighbour offering work in London to someone in the north of Vietnam. As identified in the commissioner's report, the price for transport could be anything from £10,000 to £33,000.

As collateral, the victim's parents might hand over the "red book", the deeds to their property. The journey could take months, with various overland routes leading to France, where the victim will wait with hundreds of other Vietnamese people for an opportunity to cross the Channel. Along the way, beatings and rape are common. Even if they get to the UK, they will almost never repay the debt.

Re-trafficking is another key issue. Once a Vietnamese person has been released from one exploitative situation, through escape, especially from less secure children's facilities or a raid, they can often find themselves walking the streets.

It's easy for them to end up being exploited again. It might be a nail bar, for example, rather than a cannabis farm: often the two businesses are interconnected, with nail bars used to launder drug profits.

Parosha Chandran, the UK's leading anti-slavery barrister and a United Nations expert on trafficking, says part of the problem is the lack of co-ordination between police departments. Too often, raids focus on disrupting the place of illegal cannabis cultivation, rather than investigating who is responsible for running the sophisticated, often multi-million-pound drug business the trafficking victims are caught up in.

Until a landmark case she won, children and adults found cultivating cannabis in this manner were prosecuted as criminals, rather than recognised as being victims of modern slavery.

"It's time for some critical leadership on investigating modern slavery," she says. "There are two crimes being committed [in these cases]: human trafficking and the illegal cultivation of drugs.

"Both have all the hallmarks of organised crime. Police departments must club together their expertise on financial crime, drug crime, modern slavery and witness protection to have an effective response.

"They need to trace money streams, preserve evidence at the scene and offer witness protection to victims to encourage them to come forward, to help with prosecutions. These gangs rule by fear."

While law enforcement has a part to play, it is not the only piece of the puzzle. Londoners who use cannabis, or visit nail bars or car washes, have a responsibility to spot the signs, and fight the modern slavery that goes on under their noses.


Ten key signs that someone is a victim - Spot the red flags and help stop slavery

- Is someone always watching them?

- Do they have injuries that appear to be the result of an assault?

- Do they seem frightened or won't look you in the eye?

- Do they always wear the same few clothes?

- Do they look starving or neglected?

- Are they living in dirty, cramped or overcrowded conditions?

- Do they live and work at the same address?

- Are they being controlled by a "boyfriend"?

- Do they have ID documents?

- Are their travel arrangements unusual?


Take action to end slavery by going to our online activity platform :

www.freedomunited.org/evening-standard-modern-slavery/

(1st October 2017)


WHY HOTEL WIFI CONNECTIONS ARE A HACKERS DREAM COME TRUE
(International Business Times, dated 12th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/why-hotel-wifi-connections-are-hackers-dream-come-true-explained-1639101

With your feet up at the end of a long day and with the tiny kettle boiling, it can be very tempting to log into your hotel's WiFi connection and have a scroll through social media. You may quickly log in to your online banking, download some podcasts or even send some work emails.

But have you ever stopped to consider the hotspot you are connected to - which is probably using the name of the hotel followed by the word 'Guest' - is actually a trap?

That your usernames, passwords and other sensitive information may be flowing directly into the hands of a hacker? You should, cybersecurity experts warn.

This week (12 September), research from Broadband Genie, which asked 2,512 thousand people about their internet access when staying in hotels, found that more than 90% admitted to logging in when it's available.

A whole 58% said they were not worried about being monitored.

The survey revealed that the most popular uses for hotel WiFi included email and internet browsing.

A small, but still significant, number (26%) said they used it for work purposes. But nearly all respondents, it claimed, were accessing some form of private data.

You may think it's not important. Why would a hacker be interested in you, after all?

Unfortunately, hackers trade in data - and hotel WiFi connects transmit a lot of sensitive information. Emails contain passwords. Work email accounts are a chance to mould successful social engineering attacks. Your bank account - well, that one is obvious.

Does the connection even have a password?

"Assuming the hotel WiFi is unsecured, the range of potential attacks is broad," Ondrej Kubovic, a security expert at Slovakia-based antivirus firm ESET, told IBTimes UK.

"An attacker can passively eavesdrop on the victim's communication, alter it, hijack the user's session, redirect him/her to malicious sites, extract sensitive data or even manipulate the victim to download malware and take control of his/her device," he added.

Rob Hillborn, head of strategy at Broadband Genie, elaborated: "I think many go in on the assumption they are secure because they've paid for a service and are in a safe environment, where actually we should always be erring on the side of caution on any WiFi connection."

Studies show that such connections are a major weak spot for the general public.

In 2015, cybersecurity firm F-Secure conducted an experiment on the streets of London - creating a fake hotspot to see how many people joined without question. In one half-hour period, a whopping 250 devices connected to the hotspot, the firm later revealed in a report.

One of the terms and conditions of the hijacked hotspot's use was that the user must give up their first-born child or most beloved pet in exchange for the internet. Six people agreed.

"What are we really signing up for when we check the 'agree' box at the end of a long list of T&C's we don't read?" the firm pondered in a blog post at the time. "There's a need for more clarity and transparency about what's actually being collected or required of the user."

And when it comes to the more specific topic of WiFi in hotel rooms - hackers have been caught exploiting it for gain on numerous occasions - be it for money or espionage.

One of the most prolific groups to conduct these operations has, aptly, been dubbed DarkHotel.

n 2014, researchers from Kaspersky Lab, a Russian cybersecurity firm, found the group had - for years - been using malware on victims staying in hotels, mostly businessmen.

It took advantage of unprotected WiFi connections to launch phishing attacks.

"Considering their well-resourced, advanced exploit development efforts and large, dynamic infrastructure, we expect more DarkHotel activity in the coming years," Kaspersky Lab warned in a report at the time.

They were correct.

In 2017, the hackers were again profiled by security firm Bitdefender, which found the team had shifted its attention to political figures. "The threat actors have been able to run their business undisturbed for years," warned threat researcher Bogdan Botezatu in his analysis.

So the problem hasn't gone away. In fact, as more personal information is being bundled into smartphones and tablets, the issue is only likely to intensify, security experts believe.

"Hotel WiFi, or indeed any other public WiFi such as the ones found in airports and coffee shops, should always be approached with caution," Javvad Malik, a security advocate at AlienVault, told IBTimes UK. "It is relatively trivial for an attacker to set up a fake access point."

Users who want to browse the web using public WiFi should, if possible, use a virtual private network, or VPN, to add an extra later of security. In many cases, a common sense approach is paramount - be vigilant of what you click and make sure websites are legitimate.

(1st October 2017)


GUN POLICE TO TAKE ON TERRORISTS FROM NEW LONDON HQ
(London Evening Standard, dated 11th September 2017 authors Martin Bentham and Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/london/antiterror-police-to-have-new-50m-hq-and-training-centre-in-london-a3631741.html

A new £50 million base for armed police officers is to be built in central London to help protect the public from terrorism.

The new base will house at least 200 officers and contain a practice firing range, weapons storage and other facilities designed to enable the force's firearms specialists to hone their shooting and decision making skills.

It will be built in Limehouse and is being located in east London partly to make it easier to keep officers on hand to respond to any future terror attacks in the capital.

The move comes as the Met also announced it would trial the use of drones for firearms operations and other police actions in London.

Scotland Yard said it was borrowing a drone from Sussex Police to help deal with incidents such as high risk missing people, serious traffic collisions, searches for suspects and the identification of cannabis factories.

However, the drone would also provide aerial support for "pre-planned and spontaneous firearms operations" in an eight week trial. It will also be used in surveillance operations to provide life footage of operation deployments.

The decision to set up the new firearms base comes as the Met continues to expand its firearms capability through the recruitment of 600 extra armed officers.

Once completed that will take the total number of armed officers employed by the Met to 2,800.

The increase, which amounts to a rise of more than a third in the number of armed officers in London, was ordered last year before this summer's terror attacks in the capital and Manchester in recognition of the heightened threat since the Islamic State urged its followers to inflict murder in their own countries using whatever means possible.

But the need for armed officers to be available to respond rapidly has been illustrated by the incidents at Westminster and London Bridge in particular, as well as by attacks overseas in Barcelona and elsewhere.

News of the new base comes 100 days after the London Bridge attack when armed officers rushed to the scene to confront and kill the three Islamist attackers within eight minutes.

Disclosing the decision to set up a firearms base in Limehouse, Met Deputy Commissioner Craig Mackey said the force needed new sites for its armed officers and had already built a new firearms range at Hendon.

But the new Limehouse base would make it easier to ensure that officers were easily available to tackle both terrorist incidents and other crimes in which guns might be involved.

He added: " The reality is that when you have the sort of firearms capability we have, you have to acrredit and train people regularly.

"The firearms range at Hendon is up, but it's not just that one. As we redevelop in the east of London we are looking at a similar type of capability at Limehouse. That's about making sure we can keep those officers trained, accredited, and up to the standards they need to be, and available."

Mr Mackey said the projected £50 million cost was a "place marker" figure and that the eventual bill could be either higher or lower.

Other non-firearms officers would also be stationed at Limehouse, which will be built as part of a wider overhaul of the Met's property portfolio under which more than 250 buildings will be disposed of and a smaller number of new stations developed to take their place.

"You will see buildings that are multi-functional, that have uniformed operational officers, custody facilities, where we put road policing units, that's the sort of thing that Limehouse will be," Mr Mackey said.

The Met's armed officers will continue to train at a firing range in Gravesend. The opening of the Hendon range has given the force extra capacity but the centrally located Limehouse base will represent a further significant step up.

The Limehouse base will replace the existing Met firearms base in Leman Street in the City of London which is expected to be sold off.

At the moment, as well as armed officers stationed at prominent locations such as Parliament and Buckingham Palace, other Met firearms teams patrol the capital covertly in vehicles.

The aim is to ensure that they are available to respond rapidly to any incident, terrorist or otherwise, requiring an armed response. The speed at which the firearms teams are able to deal with incidents was illustrated at the London Bridge attack when armed officers rushed to the scene, before confronting and killing the three Islamist attackers within eight minutes of being deployed.

In terrorist incidents, firearms officers are trained to advance towards attackers, despite the risk to their own lives.

They are also instructed to fire repeatedly if necessary to ensure that an attacker is completely incapacitated, which will usually mean dead, because of the risk that a suicide belt or other bomb might otherwise be detonated.

A firm date for the construction of the new Limehouse base has yet to be set but it is part of a five year plan by the Met to transform its property portfolio by closing little used buildings while at the same time updating others or building new ones.

The aim is to improve the force's efficiency and save enough money to fund redevelopment and pay for 1,100 officers.

(1st October 2017)


BEST BUY YANKS KASPERSKY ANTIVIRUS FROM THE SHELVES
(The Register, dated 8th September 2017 author Iain Thomson)

Full article [Option 1]:

www.theregister.co.uk/2017/09/08/best_buy_yanks_kaspersky_software/

US big box retailer Best Buy has pulled from its shelves Kaspersky Lab's PC security software amid fears of Kremlin spies using the antivirus tool to snoop on Americans.

Despite there being no concrete evidence to indicate that the security software is a threat, the retail chain is ending its long relationship with Kaspersky, a Best Buy spokesperson confirmed to The Register on Friday. As to the reasoning, the store chain just said that it doesn't comment on contracts with specific vendors.

"Kaspersky Lab and Best Buy have suspended their relationship at this time; however, the relationship may be re-evaluated in the future," the Russian biz told The Register today.

"Kaspersky Lab has enjoyed a decade-long partnership with Best Buy and its customer base, and Kaspersky Lab will continue to offer its industry-leading cybersecurity solutions to consumers through its website and other retailers."

The news caps off a lousy week for Kaspersky. On Monday US Senator Jeanne Shaheen (D-NH) introduced an amendment to the National Defense Authorization Act that would ban Kaspersky software from any federal computer, following on from her earlier ban on the software being used by the Department of Defense.

"Because Kaspersky's servers are in Russia, sensitive United States data is constantly cycled through a hostile country," she said in an op-ed supporting the amendment.

"Under Russian laws and according to Kaspersky Lab's certification by the FSB, the company is required to assist the spy agency in its operations, and the FSB can assign agency officers to work at the company. Russian law requires telecommunications service providers such as Kaspersky Lab to install communications interception equipment that allows the FSB to monitor all of a company's data transmissions."

What she didn't add is that under the terms of the Patriot Act and other legislation pushed through as part of The War Against Terror (TWAT), American software companies are under similar obligations if the government comes knocking at their doors.

Indeed, the CIA's investment arm In-Q-Tel even funds security startups. FireEye, Interset, ArcSight and Silver Tail Systems all got funding from the intelligence agency.

But why let the facts get in the way of a good bit of publicity? Bashing Kaspersky is very much the game de jour at the moment. The FBI has been giving classified briefings to politicians warning them about the software and conducting nocturnal visits to Kaspersky staffers' homes. Those of us without security clearance are being told to trust them and steer clear of the nasty Russian code, m'kay.

Eugene Kasperky, the eccentric founder of the firm that bears his name, has repeatedly and vehemently denied that there are any backdoors in his software that the FSB can use. He has offered the source code up for inspection by the US government, but no one's taking him up on it.

All this technology bashing has had another effect, however. It appears to have given Vladimir Putin ideas about doing exactly the same thing - a move that could be very costly for some technology companies.

At a meeting of technology executives in the Perm region, Putin told them that they should aim to be using only Russian software. Currently about 30 per cent of the software used by Russian business is home grown, and Putin told them that had to change - the government might penalize some companies if they don't.

"In terms of security, there are things of critical importance for the state, that are essential to support certain industries and regions," he said, the state mouthpiece RT reports.

"You shouldn't offer IBM [products], or foreign software. We won't be able to take it because of too many risks."

Updated to add

Best Buy has confirmed that customers who bought Kaspersky software can have it removed by the retailer's Geek Squad techies, who may also check the computer for child abuse images.

(1st October 2017)


59 POLICE OFFICERS SACKED OR PUNISHED FOR RACIST BEHAVIOUR
(London Evening Standard, dated 8th September 2017 author Benedict Moore-Bridger)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-59-met-police-officers-sacked-or-punished-for-racist-behaviour-a3629956.html

Fifty-nine Met police officers have been sacked or disciplined for racist behaviour in the past five years, the Standard can reveal.

Scotland Yard dismissed 18 officers following complaints about race discrimination and 41 were subject to other disciplinary sanctions.

The figures, from a freedom of information request, also show that 37 cases of discriminatory behaviour on the basis of race were referred to the Independent Police Complaints Commission between January 2012 and this May.

Between 1999 and 2011, 120 Met officers were found guilty of racist behaviour, with six forced to resign, one dismissed and the rest receiving a sanction, most commonly a fine.

In 1999 the Macpherson report, on the investigation into the 1993 murder of black teenager Stephen Lawrence in Eltham, branded the force "institutionally racist". Since then 550 complaints of racist behaviour against Met officers have been referred to the IPCC.

Details of dismissals or final written warnings include an officer in a squad car who remarked that an area of London needed to be "ethnically cleansed". Told that such a comment should not be made, the officer replied: "Why not?" Others made racist remarks to colleagues and the public, or on messaging apps. In 2013 Pc Alex MacFarlane was sacked for gross misconduct after being secretly recorded telling a man under arrest: "The problem with you is that you will always be a n*****."

Another off-duty officer racially abused a ticket inspector on a train when the friends he was with were told to pay penalty fares after trying to pretend they were also police officers.

Retired police superintendent Leroy Logan, founder and former chairman of the Met's Black Police Association, said: "This saddens me as an officer who gave evidence at the Stephen Lawrence inquiry. Nothing has really significantly improved so I am led to only come to the same conclusion - that the organisation is institutionally racist."

According to official statistics, only 13.4 per cent of the Met's workforce is non-white. However, Scotland Yard said the number of black and minority ethnic officers was increasing compared with previous years, and that work was being done to improve diversity.

The Met said: "Staff must act with professionalism and integrity at all times. Where conduct is proven to have fallen below standards expected, the MPS will take robust action to ensure staff are appropriately disciplined."

(1st October 2017)



WHAT IS DNS HIJACKING ?

(Wired, dated 4th September 2017 author Andy Greenberg)

Full article [Option 1]: www.wired.com/story/what-is-dns-hijacking/

Keeping your internet property safe from hackers is hard enough on its own. But as WikiLeaks was reminded this week, one hacker technique can take over your entire website without even touching it directly. Instead, it takes advantage of the plumbing of the internet to siphon away your website's visitors, and even other data like incoming emails, before they ever reach your network.

On Thursday morning, visitors to WikiLeaks.org saw not the site's usual collection of leaked secrets, but a taunting message from a mischievous group of hackers known as OurMine. WikiLeaks founder Julian Assange explained on Twitter that the website was hacked via its DNS, or Domain Name System, apparently using a perennial technique known as DNS hijacking. As WikiLeaks took care to note, that meant that its servers weren't penetrated in the attack. Instead, OurMine had exploited a more fundamental layer of the internet itself, to reroute WikiLeaks visitors to a destination of the hackers' choosing.

DNS hijacking takes advantage of how the Domain Name System functions as the internet's phone book-or more accurately, a series of phone books that a browser checks, with each book telling a browser which book to look in next, until the final one reveals the location of the server that hosts the website that the user wants to visit. When you type a domain name like "google.com" into your browser, DNS servers hosted by third parties, like the site's domain registrar, translate it into the IP address for a server that hosts that website.

"Basically, DNS is your name to the universe. It's how people find you," says Raymond Pompon, a security researcher with F5 networks who has written extensively about DNS and how hackers can maliciously exploited it. "If someone goes upstream and inserts false entries that pull people away from you, all the traffic to your website, your email, your services are going to get pointed to a false destination."

A DNS lookup is a convoluted process, and one that's largely out of the destination website's control. To perform that domain-to-IP translation, a your browser asks a DNS server-hosted by the your internet service provider-for the location of the domain, which then asks a DNS server hosted by the site's top-level domain registry (the organizations in charge of swathes of the web like .com or .org) and domain registrar, which in turn asks the DNS server of the website or company itself. A hacker who's able to corrupt a DNS lookup anywhere in that chain can send the visitor off in the wrong direction, making the site appear to be offline, or even redirecting users to a website the attacker controls.

"All of that process of lookups and handing back information are on other people's servers," says Pompon. "Only at the end do they visit your servers."

In the WikiLeaks case, it's not clear exactly which part of the DNS chain the attackers hit, or how they successfully redirected a portion of WikiLeaks' audience to their own site. (WikiLeaks also used a safeguard called HTTPS Strict Transport Security that prevented many of its visitors from being redirected, and instead showed them an error message.) But OurMine may not have needed a deep penetration of the registrar's network to pull off that attack. Even a simple social-engineering attack on a domain registrar like Dynadot or GoDaddy can spoof a request in an email, or even a phone call, impersonating the site's administrators and requesting a change to the IP address where the domain resolves.

DNS hijacking can result in more than mere embarrassment. More devious hackers than OurMine could have used the technique to redirect potential WikiLeaks sources to their own fake site to try to identify them. In October of 2016, hackers used DNS hijacking to redirect traffic to all 36 of a Brazilian bank's domains, according to an analysis by the security firm Kaspersky. For as long as six hours, they routed all of the bank's visitors to phishing pages that also attempted to install malware on their computers. "Absolutely all of the bank's online operations were under the attackers' control," Kaspersky researcher Dmitry Bestuzhev told WIRED in April, when Kaspersky revealed the attack.

In another DNS hijacking incident in 2013, the hackers known as the Syrian Electronic Army took over the domain of the New York Times. And in perhaps the most high-profile DNS attack of the last several years, hackers controlling the Mirai botnet of compromised "internet-of-things" devices flooded the servers of the DNS provider Dyn-not exactly a DNS hijacking attack so much as a DNS disruption, but one that caused major sites including Amazon, Twitter, and Reddit to drop offline for hours.

There's no foolproof protection against the kind of DNS hijacking that WikiLeaks and the New York Times have suffered, but countermeasures do exist. Site administrators can choose domain registrars who offer multi-factor authentication, for instance, requiring anyone attempting to change the site's DNS settings to have access to the Google Authenticator or Yubikey of the site's admins. Other registrars offer the ability to "lock" DNS settings, so that they can only be changed after the registrar calls a site's administrators and gets their ok.

Otherwise, DNS hijacking can enable a full takeover of a website's traffic all too easily. And stopping it is almost entirely out of your hands.

(1st October 2017)

SIX MILLION INSTAGRAM ACCOUNTS HACKED
(The Telegraph, dated 4th September 2017 author Matthew Field)

Full article [Option 1]:

www.telegraph.co.uk/technology/2017/09/04/six-million-instagram-accounts-hacked-protect/

Six million Instagram accounts have been exposed online after hackers created a dark web database of personal information, revealing private phone numbers and email addresses.

The scale of the hack on the photo-sharing site emerged after the Instagram account of singer Selena Gomez was compromised last week. UK security researchers discovered hundreds of contact details on the dark web of celebrities including Emma Watson, Taylor Swift and Harry Styles.

In addition to leaking the details of hundreds of A-listers, hackers created an online database where cyber criminals could access private user details for $10 per search.

Instagram initially said a "low percentage" of accounts had been affected, although the hackers claim they have details on as many as six million users, the Daily Beast reported.

Instagram has since responded with its advice on how to protect accounts and report suspicious activity.

The hackers, claiming to be Russian and calling themselves "Doxagram", advertised the account details on online forums with links to the dark web, claiming "it is only $10 (price of 2 cups of coffee) for celebrity contact info".

One website linked to the hack has since been taken down, with Facebook, which owns Instagram, purchasing domain names used by the hackers to take them offline.

An official Instagram account for the President of the United States of America, run by the White House social media team, was also reported to be among the exposed details.

"We quickly fixed the bug, and have been working with law enforcement on the matter," said Instagram co-founder Mike Krieger. He added account passwords had not been exposed by the security flaw.

UK cybersecurity company RepKnight identified 500 celebrity accounts that had been compromised by the hack.

"While Instagram has now fixed the bug that lead to the leak, the cat is out of the bag now, and those affected will have to take extra care to maintain their privacy," said RepKnight analyst Patrick Martin.

How was the data stolen?

The potential vulnerability on Instagram was found by researchers at Kaspersky Labs and reported to Facebook.

A flaw in the password reset option in the Instagram mobile app exposed mobile phone numbers and email addresses, but not passwords. The simple attack involved sending a request for a password reset to an account and intercepting the private phone and email details sent in response to the security query.

The vulnerability existed in a 2016 version of Instagram, meaning those with up-to-date accounts should be safe.


How to protect yourself on Instagram

Instagram has since offered its official advice on what to do if your account has been affected. Instagram said users should exercise additional caution if they receive any calls or emails from unknown or suspicious sources.

"Additionally, we're encouraging you to report any unusual activity through our reporting tools," Instagram said. "You can access those tools by tapping the "…" menu from your profile, selecting 'Report a Problem' and then 'Spam or Abuse.'"

Instagram has a page which offers users advice on how best to keep their account protected and what to do if they think an account has been hacked. Users should change their password or send themselves a password reset email if they think they have been affected.

It also suggests users turn on two-factor authentication on their accounts for added protection.

How to turn on two-factor protection on Instagram

- Go to the settings tab in the top right corner of your profile
- Scroll down and select "two-factor authentication"
- Tap "require security code"
- You will then need to add a phone number to your account
- After this a code will be sent to your phone every time you try to log into your account

While this can keep an account safe from hackers, the information taken from Instagram included phone numbers, showing not all data is safe when stored online, even if it is kept private.


Protect your online identity


1. Report suspicious activity

Notify Instagram, Facebook, Twitter and Tinder if you believe you're being impersonated, those accounts will be removed if the case is proven.

2. Use Google Reverse Image Search

If you suspect somebody may have stolen your images, use Google's tool that allows you to search the internet for use of that picture. Simply click on the camera icon on Google Images (images.google.com) and upload.

3. Keep your profiles locked down

It may not be overly sociable, but if you want to minimise the misuse of your photos, keeping your profiles private - so that only friends can see them - is essential, particularly on Facebook and Instagram.

(1st October 2017)


POST WORKERS RECRUITED BY GANGS TO STEAL BANK CARDS
(BBC News, dated 4th September 2017 authors Jonathan Gibson and Riyah Collins)

Full article : www.bbc.co.uk/news/uk-england-41081396

Postal workers are being offered £1,000 per week to steal bank cards, a BBC investigation has found.

Online adverts offer huge sums to tempt Royal Mail staff to intercept letters containing cards and PINs.

More than 11,000 people in the UK have been affected by this type of fraud in 2016, where bank cards are stolen in transit, according to UK Finance.

Royal Mail would not disclose how many workers had been convicted but claimed "the theft of mail is very rare".

It added its security team was investigating the findings by BBC Inside Out West Midlands and it had no evidence of its employees being involved.

West Midlands Police said its economic and fraud teams are not aware of the BBC's findings and it has not had any reports of this type of fraud.

A BBC journalist posed as a postman and responded to an advert offering £1,000 per week to intercept letters.

After a few weeks working to build up the gang's trust, he was able to persuade a member to meet him.

Our reporter secretly filmed a meeting outside the bus station in Lewisham, south-east London, where the gang member explained what was expected.

"We're going to tell you, for example, that Ms *****, she's going to have a letter from NatWest," he told the undercover journalist.

"Any letters from NatWest for Ms *****, intercept. As simple as that.

"If you open up a new account you're going to get your card and you're going to get your PIN, right? Two letters, that's all it is.

"We do that, you intercept the letters, bring them back to us, you get paid."

One gang in Birmingham has been operating for 30 years, according to the unidentified member who said the leader has "been in the game for 30 years".

"He's worked with a number of postmen.

"I've worked with two. One was in the Midlands - Coventry - and one was on the outskirts of London, Romford area.

"But my guy, he lives in Birmingham and I obviously do the work, he sorts out the other side."

On their second meeting in a south London park, the undercover journalist confronted his contact.

The gang member offered no answer and ran away when asked why he was trying to recruit postal workers to commit fraud.

Royal Mail would not comment on how many of its workers had been prosecuted for stealing mail since it was privatised in 2013.

However, 1,759 Royal Mail workers were convicted of theft between 2007 and 2011.

Figures from UK Finance show the problem does not seem to be getting any better with the number of cases, and the cost to card issuers, rising each year since 2014.

In 2016, there were 11,377 cases of fraud where a card is stolen in transit, costing card issuers £12.5m.

UK Finance said it works closely with Royal Mail to target these types of gangs. It has its own police unit with prosecution powers.

"We do have our own police unit and they target organised criminality," Katy Worobec, head of fraud detection at UK Finance said.

"They try and get the people who are actually organising the criminality behind the scene.

"Once you've taken that part of the gang out, the thing falls apart.

"We've got a very good relationship with Royal Mail to help target these types of gangs and we've seen some good successes in the past."

Royal Mail said: "We take all instances of fraud - alleged or actual - very seriously.

"Our security team is reviewing the programme's findings as a matter of urgency and will continue our close and ongoing cooperation with the relevant law enforcement agency.

"The overwhelming majority of postmen and women do all they can to protect the mail and deliver it safely. The safety and security of mail is of the utmost importance to Royal Mail.

"We deliver millions of items safely every day and the theft of mail is rare. The business operates a zero tolerance approach to any dishonesty. We prosecute anyone we believe has committed a crime."

"I don't trust postman"

Darren Blythe, from Banbury, had his bank card intercepted by postal worker Damon Alvey in 2013.

He sensed something was wrong when the new bank card he requested did not arrive within the estimated time.

"I was waiting and waiting and eventually I rang the bank and that's when they told me my bank account had been wiped out totally."

Alvey, from Thame, was jailed for 10 months in 2014 for the fraud which saw about £3,000 taken from Mr Blythe's account.

"He left me with just over £2 in my account," Mr Blythe said.

"It made me really depressed. I was stuck indoors for days and days on end."

Although his money was refunded by the bank within two weeks, Mr Blythe said he did not "trust postmen any more really".

Cases (Source : UK Finance)


2011 : 8,536
2012 : 9,018
2013 : 9,125
2014 : 9,302
2015 : 10,914
2016 : 11,377

(1st October 2017)


POLICE CHIEF : SAFER TO KEEP CONTACTLESS CAP AT £30
(London Evening Standard, dated 4th September 2017 author Michael Bow)

Full article [Option 1]:

www.standard.co.uk/business/police-chief-says-safer-to-keep-contactless-cap-at-30-a3626506.html

The contactless card payment limit should stay at £30 to prevent a rise in card fraud, the head of the City of London police said.

The maximum contactless payment went up from £20 to £30 two years ago but Commissioner Ian Dyson said current concerns over contactless technology meant it was safer to keep the cap in place for now. Today marks 10 years since the launch of contactless.

"I would advise against increasing it for the moment because the losses could be quite significant," he said. "At some point the technology will change and you can raise the limit. The cap is there for sound reasons."

A poll last month found that more than half of retailers wanted the contactless limit increased.

The average supermarket shop is £25, which has influenced the £30 limit on the card. The average contactless card payment is around £8 or £9.

Regulators have been forced to tackle the technology after it emerged some merchants didn't download payment data to the bank until the end of the day, opening the door for fraud.

However, the technology is still relatively safe - about 2.7p in every £100 that was spent was lost to contactless fraud last year.

"I am not advocating a return to waiting five days for payments to clear but with that convenience the public must accept that there is a risk involved," Dyson added.

(1st October 2017)



DON'T FALL FOR THIS MISSING FONT SCAM SPREADING MALWARE TO CHROME AND FIREFOX BROWSERS
(International Business Times, dated 4th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/dont-fall-this-missing-font-scam-spreading-malware-chrome-firefox-browsers-1637893

Hackers are now using a sneaky pop-up technique posing as a font update to spread "Locky" ransomware and a remote access tool (RAT) to users on Google Chrome and Mozilla Firefox which, if clicked, can give cybercriminals complete access over infected computers.

Palo Alto Networks security expert Brad Duncan analysed the hackers' campaign - widely known as "EITest" - which has been using pop-ups since at least December 2016. He has now published his findings in a company blog post and as an update on the SANS Internet Storm Centre.

Two separate attacks were recently spotted in the wild, each using social engineering tactics to send a victim to a compromised website which then displayed a pop-up warning: "The HoeflerText font wasn't found".

An update button - if used by the targeted victim - would instantly download a malicious package.

In one of the August 2017 campaigns, sent via botnet-based spam, Duncan revealed that the pop-up "returned a malicious JavaScript file" disguised as a font library.

It was specially crafted to download and install the Locky strain of ransomware, Duncan said.

The second attack, which took place during the same timeframe, was altered to send out a type of malware under the name "Font_Chrome.exe".

This, it transpired upon analysis, was not a form of ransomware but instead a variant of file downloader which was programmed to spread the "NetSupport Manager RAT".

Locky is a notorious strain of ransomware which typically spreads via spam emails, locks down computer files and demands digital currency for their return. It emerged in February 2016, making an immediate impact by infecting a major hospital in Los Angeles, California.

That campaign alone netted hackers $17,000. The NetSupport RAT in question, meanwhile, is commercially-available software previously linked to hacks on gaming service Steam last year.

According to Duncan, the find signified "a potential shift in the motives of this adversary". The identities of those behind the latest campaigns, however, remains a mystery.

He wrote: "It's yet to be determined why EITest HoeflerText popups changed from pushing ransomware to pushing a RAT. Ransomware is still a serious threat, and it remains the largest category of malware we see on a daily basis from mass-distribution campaigns."

Indeed, in 2017 experts documented multiple ransomware outbreaks. Two major campaigns, using malware called "WannaCry" and "NotPetya" spread to hundreds of thousands of computers across the world. In both cases, experts have suggested the involvement of nation states.

"Users should be aware of this ongoing threat," Duncan said of the EITest campaigns.

"Infected users will probably not notice any change in their day-to-day computer use. If the NetSupport Manager is found on your Windows host, it is probably related to a malware infection."

In March 2017, a security researcher called Mahmoud Al-Qudsi spotted the same HoeflerText pop-ups on a compromised website hosted on WordPress.

(1st October 2017)


THOUGHT YOU'D GOT AWAY WITH THAT PARKING FINE 10 YEARS AGO ? THINK AGAIN
(The Telegraph, dated 3rd September 2017 author Francesca Marshall)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/09/03/thought-got-away-parking-fine-think/

Tens of thousands of people have been left bewildered after receiving letters and text messages demanding payment of hundreds of pounds in fines dating back over a decade.

The demands for unpaid parking tickets and invalid TV licences have been issued in a bid to claw back millions of pounds lost from historic fines.

The orders are part of a scheme being run by the Ministry of Justice with the help of new technology, using databases held by other government departments and online tracing tools which have even managed to locate people who have moved homes.

Since the scheme was launched in September 2016 around £9 million has already been recouped for the taxpayer, but it was not until March this year that the Historic Debt team expanded their tracing activity to include outstanding debts of over 10 years old.

The letters have however left many people confused with some even believing it was a scam and ignoring the requests all together.

The confusion can be blamed in part to the letters failing to include information on the particular incident in question, leaving people to wonder how they are able to prove their innocence.

Recipients are therefore being forced to contact their local magistrates court in order to trace what their alleged offence was.

In one incident a man was charged with a driving offence, despite being abroad at the time, but as a result of the mounting late repayment charges was left with no choice but to pay up.

Mark Thornton, 46, of Kilburn, North London, told the Mail on Sunday how, out of the blue, he received an official letter demanding £183.

He said: "It didn't actually say what the fine was for but eventually we were told it was for an untaxed vehicle. My wife and I were living in Switzerland in 2010, when it was supposed to have occurred.

"'We didn't have the paperwork any more and we didn't want to rack up more fees so we just paid it. It felt Kafka-esque."

The government department responsible has advised that it has been contacting debtors in order to seek payments and further enforcement activity will follow where appropriate.

Such incidents were also reported by The Mail on Sunday with some recipients being hit with further charges from bailiffs and threatened with court action.

Sandra Straupmanis, 54, of Shadwell, East London, received a demand for £205, which related to non-payment of a TV licence seven years ago.

Her son, Dagnis, 29, said: "My mother was very distressed. She rang the number on the letter and discovered it was for a property she had long moved out of.

"Someone else in her shared house put her name on the licence. But she had no way of proving that."

The Ministry of Justice have since said that those who believe they are being wrongly accused can appeal at magistrates court.

An HM Courts and Tribunals Service spokesman said: "The Historic Debt project was set up to tackle outstanding debt.

'It has collected £9 million, including compensation owed to victims of crime. Anyone who believes they have been wrongly contacted can appeal through their local magistrates' court."

A spokesman added that not all debtors have been contacted at this time and that the pursuit of following up the debts will continue.

If you have been contacted the Ministry of Justice advise that you make immediate payment or contact the National Enforcement Service contact centre.


###Parking Fine - When you do have to pay

If you get a Penalty Charge Notice issued by the local council, unless you have grounds to appeal, you should pay up. Here you have broken the law. The penalty is just that - a genuine penalty or fine - not just a "charge".

According to Citizens Advice, the law says that if you have a compelling, or very persuasive, reason for appealing, the council can use its discretion to decide whether to cancel the notice.

First, drivers will have to complain to the council in writing, with any witness statements or photographs included.

If the council accepts your reasons for appealing, your fine will be cancelled and you'll have nothing to pay. If the council rejects your reasons, you will be sent a notice of rejection. You will then have 28 days to make a formal appeal.

The appeal process has two stages before being referred to the courts.

(1st October 2017)

ALARM OVER STEEP RISE IN NUMBER OF SEXTORTION CASES IN UK
(The Guardian, dated 3rd September 2017 author Sarah Marsh)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/sep/03/alarm-over-steep-rise-in-number-of-sextortion-cases-in-uk

Growing numbers of people are falling victim to organised gangs who lure them into sending sexually explicit images and then threaten to post the pictures online unless they get payment.

There has been a sharp rise in webcam blackmail, also known as sextortion. The number of cases reported to the police more than doubling between 2015 and 2016, reaching 1,250 last year. This year so far there have been more than 700 cases.

The figures come as the man who blackmailed Ronan Hughes, 17, was jailed for four years. Iulian Enache, 31, shared intimate photos belonging to Ronan after the schoolboy failed to pay a ransom. The teenager killed himself hours afterwards.

The National Crime Agency (NCA) says the true number of sextortion cases could be even larger because many go unreported. It said the issue was high on its agenda.

The NCA put the rise down to better reporting, but also said copycat criminals were inspired by what they read in the media. Some of the gangs involved operated from overseas, it said.

David Jones, head of the NCA's anti-kidnap and extortion unit, said: "This is a project that is very close to my heart after the sad deaths of four young men because of sextortion reported in recent times. I strongly suspect there may be other suicides linked to it, but I have no evidence for that. It's just my speculation.

"We are keeping this issue on the public radar, first and foremost … making sure all intelligence packages are collated and gathered together to fully exploit all opportunities to put people before judicial systems."

The phenomenon has grown with the use of social media. It can affect anyone, but experts say young men are particularly vulnerable. The majority of cases include men between 18 and 24, but victims have also been as young as 14. Others have been in their 50s to 80s.

The rising figures are mirrored by an increase in calls to the revenge porn helpline, with cases about sextortion rising from 70 in 2015 to 89 last year. They predict a 20% rise in cases this year and a 51% increase from 2015 to 2017.

Laura Higgins, who manages the helpline, said: "Sextortion can be committed by individuals or international, organised crime groups. Our advice to victims is: do not pay or give the perpetrators anything that is being demanded, keep all messages as evidence, immediately cease all contact with the individual and report the matter to the local police.

"The victims will often feel silly or shamed. This is not the case. The fault is with the perpetrator or perpetrators who have violated the trust of the victim and abused that power as a means of coercion."

The NCA said evidence suggests that criminal groups operate in the Philippines, Ivory Coast and Morocco. They pose as young women online and strike up a conversation. They encourage their victims to share explicit photographs and then threaten to share them widely unless they receive payment.

Jones said: "I hope we are on track getting on top of this, but there are likely to be a number of victims who won't come forward to talk about this because of the embarrassment factor.

"We say don't do that ... for whatever reason people may not have any form of encouragement or confidence to report the issue but what I will say is that this is something we take a serious view of and it will not be tolerated in any form whatsoever."

Dr Jessica Barker, a cybersecurity expert, said: "Police figures show a big rise, but that is likely to be the tip of the iceberg as most people who experience sextortion don't report it to the police. There is a lot of embarrassment about it and lots of people feeling like it only happens to them.

"With these crimes it's often criminal gangs, not individuals in their bedroom doing this. These people operate almost like businesses, having office space and teams."

She said teenage girls could also be affected. "What I hear from the female point of view is that teenage girls get targeted over Instagram and get messages. So someone will comment on their photo on Instagram and say: 'I am a model agent or talent scout. I am a casting director in Los Angeles and you have the look we want.' They will exchange messages and build up a rapport and then say, 'We need more photos', and that will go on until they get the girl to send explicit images and then it reverts to sextortion."

Vicky Green of the charity Marie Collins Foundation said young people should be educated about manipulation and that the fault lies not with them for sending a picture but the perpetrator for soliciting it.

Jon Pearn, 64, from Plymouth: 'I told the person trying to blackmail me, this is your unlucky day'

I was on my Facebook and someone sent me a friend request and I pressed yes by accident. The person I accepted was supposedly a young lady and they started sending me private messages.

They asked to Skype me and eventually we spoke over that. She asked: "Do you like sex?" I jokingly replied: "Who doesn't?" And then she said: "You show me yours and I will show you mine."

I said OK but as she suggested it, then she should go first. I was shown a woman stripping over Skype and then I showed her a photo of my penis in response.

That's when the tone changed and the person I was speaking to told me that they were called Angel and they wanted money from me or they would send the pictures to my nieces. I think because we were friends on Facebook they could see my family and knew how to get in touch with them.

Now I look back, I think the clip I saw on Skype may have just been a video of someone. I don't know, it probably wasn't real.

The language when I was asked for money was quite threatening. They said: "Pay up or we will ruin your life." They asked for £500 initially but I said: "Do what you want. I don't care." I told them it was their unlucky day as they had messed with the wrong person.

Eventually they lowered their ask to £100 but I still told them to bugger off. I did think that it would have been different if I had been married or in a relationship but I had nothing to lose.

This happened to me two years ago and I went to the police, but I am not sure if the perpetrator was ever caught. My message is, on Facebook don't friend people you don't know. If people threaten you, don't be ashamed tell the police. Tell them to get stuffed.

(1st October 2017)


CHILD SEX WEBSITE OPERATING IN BRITAIN
(The Times, dated 2nd September 2017 author Katie Gibbons)
thetimes.co.uk [Option 1]

An online listings site that hosts adverts offering trafficked children for sex in the US is running hundreds of explicit postings for sexual services in Britain.

The multimillion dollar site ////////.com, which has been investigated by the US senate for its "knowing facilitation" of child prostitution, operates in the UK yet remains largely unknown.

The company has been linked to the sex trafficking of potentially thousands of children, who are advertised in its "dating" and "escort" sections using coded emojis and phrases.

In the last month alone, dozens of adverts featuring sexually explicit photographs of young girls and boys were posted on ///////.co.uk the British site. Their blurbs used phrases such as "fresh" or "new in town" and the cherry, growing love-heart and lolipop emojis, which have been identified as codes for under-age sex.

Kevin Hyland, the UK independent anti-slavery commissioner, has now called for tighter regulation of such sites to prevent British children from being trafficked and sold for sex online.

"This is wholesale serious crime where people are trading in human suffering and trading in young children," he said. "We need to really think about how we police the internet and how we protect the most vulnerable."

Eight civil actions have been bought in the US this year on behalf of young women allegedly sold for under-age sex through the site, including a 16 year old killed by a customer within three weeks of first being pimped through the dating section.

The company have avoided criminal liability in the US as websites are not legally responsible for third part content. Efforts to amend this legislation are being fought by global tech giants, including Google, Facebook, Amazon and Microsoft, in the name of free speech.

About 70 per cent of the 10,000 trafficked children recorded in America go through ///////.com, according to the National Center for Missing and Exploited Children. However, with sites in 943 locations across 97 countries, experts believe the global number trafficked through the site to be closer to 100,000.

The company has asserted that it is committed to preventing trafficking and the sale of children and as a passive carrier has no control over sex related adverts. However, data files seen by The Times reveal that ///////.com hired workers at a call centre in the Philippines to aggressively drum up sex-related business in the UK.

Though there is no recorded evidence of British children being sold for sex through ///////.co.uk, the company could be held liable in Britain, if they were. James Perry, chairman of the Law Society's criminal law committee, said:" If cases like this emerge in the UK then /////// might well be caught by section 14 of te Sexual Offences Act 2003 which creates an offence of facilitating a child sex offence anywhere in the world".

Spreadsheets,emails, audio files and employee manuals from Avion - the data outsourcing company hired by /////// - reveal that a team of ten were dedicated to drumming up business in the UK. Others targeted Australia, South America and Europe.

They trawled the internet for new sex adverts and offered them free listings. In the first week of March, Avion workers earning $600 a month processed more than a thousand British sex-related adverts. The offshore data haul was inadvertently discovered by the global property company Co-Star while investigating a hack of its own data.

Andrew Florance, its chief executive who is co-operating with the authorities in multiple jurisdictions, said: " As soon as we saw the images it became clear it was very serious. We found what appeared to be child pornography and contacted the FBI. I can confidently say they appeared to be aggressively targeting Britain."

A British child protection chief, who wished to remain anonymous, accused the authorities of an "outdated" approach to traffickers, who were "always one step ahead". She said:" It is very, very likely that children are being bought and sold on listings sites in Britain."

Bharti Patel, chief executive of Ecpat, a global anti-child trafficking organisation, has called for tighter regulation of online platforms to "stop this heinous abuse" that earns traffickers billions.

Reported incidents of child traficking in Britain surged by 30 per cent last year, reaching a record 1,278.

In the US, a senate investigation found that users of ////// were advised how to phrase their posts to avoid removal. Those advertising sex with a "teen" would receive the error message "Sorry, 'teen' is a banned term" and could resubmit their post with sanitised language.

Moderators were instructed to take out words such as "rape", "lolita" and "barely legal" and graphic photographs of what appeared to be children but the adverts themselves remained online. At one point 80 per cent of posts were being moderated.

/////// chief excutive and co-founders have faced several charges of pimping and human trafficking. In eah case the denied any wrongdoing and they have repeatedly avoided prosecution under Section 230 of the US Communication Decency Act. The general counsel for //////, was unable to comment on the allegations because of active legal proceedings.

However, she denied that the site knowingly hosted adverts selling children for sex and said the company "worked continuously" with law enforcement to prevent trafficking.

uaware note

The name of both the company and its website have been redacted from this impression of actual The Times article.

(1st October 2017)


CATCHING THE HACKERS IN THE ACT
(BBC News, dated 2nd September 2017)

Full article : www.bbc.co.uk/news/technology-40850174

Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.

The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.

About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cybereason.

Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.

Thin skin

The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, chief information security officer at Cybereason. The servers were given real, public IP addresses and other identifying information that announced their presence online.

"We set out to map the automatic attack activity," said Mr Barak.

To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.

"They had no more depth than that," he said, meaning the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols.

"There was no assumption that anyone was going to go in and probe it and even if they did, there's nothing there for them to find," he said.

The servers' limited responses did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.

Many of the code vulnerabilities and other loopholes they looked for had been known about for months or years, he said. However, added Mr Barak, many organisations struggled to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.

During the experiment:

- 17% of the attack bots were scrapers that sought to suck up all the web content they found
- 37% looked for vulnerabilities in web apps or tried well-known admin passwords
- 10% checked for bugs in web applications the servers might have been running
- 29% tried to get at user accounts using brute force techniques that tried commonly used passwords
- 7% sought loopholes in the operating system software the servers were supposedly running

"This was a very typical pattern for these automatic bots," said Mr Barak. "They used similar techniques to those we've seen before. There's nothing particularly new."

As well as running a bank of servers for the BBC, Cybereason also sought to find out how quickly phishing gangs start to target new employees. It seeded 100 legitimate marketing email lists with spoof addresses and then waited to see what would turn up.

After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.

About 15% of the emails contained a link to a compromised webpage that, if visited, would launch an attack that would compromise the visitor's PC. The other 85% of the phishing messages had malicious attachments. The account received booby-trapped Microsoft Office documents, Adobe PDFs and executable files.

Mr Barak said the techniques used by the bots were a good guide to what organisations should do to avoid falling victim. They should harden servers by patching, controls around admin access, check apps to make sure they are not harbouring well-known bugs and enforce strong passwords

Deeper dive

Criminals often have different targets in mind when seeking out vulnerable servers, he said. Some were keen to hijack user accounts and others sought to take over servers and use them for their own ends.

Cyber-thieves would look through the logs compiled by attack bots to see if they have turned up any useful or lucrative targets. There had been times when a server compromised by a bot was passed on to another criminal gang because it was at a bank, government or other high-value target.

"They sell access to parts of their botnet and offer other attackers access to machines their bots are active on," he said. "We have seen cases where a very typical bot infection turns into a manual operation."

In those cases, attackers would then use the foothold gained by the bots as a starting point for a more comprehensive attack. It's at that point, he said, hackers would take over and start to use other digital attack tools to penetrate further into a compromised organisation.

He said: "Once an adversary has got to a certain level in an organisation you have to ask what will they do next?"

In a bid to explore what happens in those situations, Cybereason is now planning to set up more servers and give these more depth to make them even more tempting targets. The idea is, he said, to get a close look at the techniques hackers use when they embark on a serious attack.

"We'll look for more sophisticated, manual operations," he said. "We'll want to see the techniques they use and if there is any monetisation of the method."

Brian Witten, senior director at Symantec research


We use a lots of honeypots in a lot of different ways. The concept really scales to almost any kind of thing where you can create a believable fake or even a real version of something. You put it out and see who turns up to hit it or break it.

There are honeypots, honey-nets, honey-tokens, honey anything.

When a customer sees a threat that's hit hundreds of honeypots that's different to when they see one that no-one else has. That context in terms of attack is very useful.

Some are thin but some have a lot more depth and are scaled very broadly. Sometimes you put up the equivalent of a fake shop-front to see who turns up to attack it.

If you see an approach that you've never seen before then you might let that in and see what you can learn from it.

The most sophisticated adversaries are often very targeted when they go after specific companies or individuals.

(1st October 2017)



AUGUST 2017


NHS REVEALS RISING TOLL OF ACID ATTACKS AND ADVISES : REPORT, REMOVE, RINSE
(The Guardian, dated 31st August 2017 author Haroon Siddique)

Full article [Option 1]:

www.theguardian.com/world/2017/aug/31/nhs-acid-attacks-report-remove-rinse

The number of people requiring specialist treatment for acid attacks has doubled over the last three years, NHS England has revealed, as it issued first aid guidance on how to help victims.

Following a spate of recent assaults using corrosive substances, the NHS is predicting that the number of people receiving intensive treatment such as reconstructive or eye surgery will continue to rise.

The figures, published on Thursday, compiled from the 28 specialist burns centres in England, paint only a partial picture of the scale of the problem, as they only capture the most serious incidents, but nevertheless make alarming reading.

One burns centre, St Andrew's in Essex, which serves London and the south-east, is on course to help more than 30 people this year, compared to the 32 who received specialist treatment across the whole of England last year. That was up from 16 in in 2014 and 25 in 2015.

Prof Chris Moran, national clinical director for trauma at NHS England, said: "Whilst this type of criminal assault remains rare, the NHS is caring for an increasing number of people who have fallen victim to these cowardly attacks.

"One moment of thoughtless violence can result in serious physical pain and mental trauma, which can involve months if not years of costly and specialist NHS treatment."

NHS England has partnered up with leading burns surgeons who have treated acid attack victims to issue first aid guidance, instructing the public to "report, remove, rinse":

- Report the attack: dial 999.
- Remove contaminated clothing carefully.
- Rinse skin immediately in running water.


David Ward, president of the British Association of Plastic, Reconstructive and Aesthetic Surgeons (BAPRAS), which helped develop the guidance, said surgeons had "seen first-hand the devastating impact on patients admitted to A&E after vicious corrosive substance attacks. They cause severe pain, scarring which can be lifelong, and can damage the sight, sometimes leading to blindness. Unfortunately these vindictive attacks are on the increase.

"The minutes after an acid attack are critical for helping a victim. This guidance BAPRAS has published with NHS England gives the important, urgent steps a victim or witness can take to help reduce the immediate pain and damage, and long-term injuries."

Corrosive substances are increasingly being used in assaults or robberies, with experts pointing to a crackdown on the use of knives and guns, leading street gangs to instead use more readily available corrosive substances, as a reason for the rise.

The number of crimes using acid or other "noxious substances" has more than doubled in London over the last three years, from 186 in 2014-15 to 397 in 2016-17, official figures show, including 45 in April this year. Large percentage increases have also been recorded elsewhere, including in the West Midlands and West Yorkshire.

Recent incidents include the attack on Resham Khan and her cousin Jameel Muhktar, who had acid thrown through their car window on Khan's 21st birthday on 21 June in Beckton, east London. They both suffered horrific face and neck injuries. John Tomlin, 24, has been charged with grievous bodily harm in relation to the attack.

Delivery drivers have expressed particular fears for their safety after Jabed Hussain, an UberEats driver, had acid thrown over him by two men who stole his moped, in the first of five acid attacks to take place in a three-mile radius in 90 minutes across east London last month.

NHS England said it had liaised with organisations including police forces, ambulance services and the Royal College of Surgeons to ensure the first aid advice was also shared with frontline emergency service staff. Last month, it was announced that police officers in London were being issued with 1,000 acid attack response kits, including protective gear and five-litre bottles of water, to allow officers to give immediate treatment to victims.

(28th September 2017)

TWO MILLION CUSTOMERS WARNED AS RETAILER HACKED
(London Evening Standard, dated 30th August 2017 author Mark Blunden)

Full article [Option 1]:

www.standard.co.uk/news/techandgadgets/cex-hack-two-million-customers-warned-as-retailer-hacked-a3622856.html

Two million customers may have had their personal details stolen from electronic retailer CeX after its systems were hacked, the firm said today.

CeX, which runs the WeBuy electricals buying and selling website, sent out an email last night warning it had "been subject to an online security breach". Formerly Complete Entertainment Exchange, the Watford-based firm was founded in London 25 years ago and now has more than 200 stores internationally.

Managing director David Mullins said an "unauthorised third party accessed our computer systems" and he believes that "some customer data has been compromised".

This includes "personal information" of first name, surname, address, email address and phone number, and for a "small number" of customers, also what the company says is encrypted data from expired credit or debit cards.

CeX called the hack a "sophisticated breach" but gave no further details, and advised customers to change their password.

Mr Mullins said: "We are investigating this as a priority and are taking a number of measures to prevent this from happening again."

Further information (uaware)

See also :

www.ibtimes.co.uk/cex-hack-2-million-customers-personal-data-compromised-massive-security-breach-1637174

(28th September 2017)


UK INFRASTRUCTURE FAILING TO MEET THE MOST BASIC CYBERSECURITY STANDARDS
(The Register, dated 29th August 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/08/29/critical_national_infrastructure_cybersecurity/

More than a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government, according to Freedom of Information requests by Corero Network Security.

The FoIs were sent in March 2017 to 338 organisations including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. In total, 163 responses1 were received, with 63 organisations (39 per cent) admitting to not having completed the "10 Steps" programme. Among responses from NHS Trusts, only 58 per cent had completed the scheme.

In the event of a breach, critical infrastructure organisations could be liable for fines of up to £17m, or 4 per cent of global turnover, under the government's proposals to implement the EU's Network and Information Systems (NIS) directive from May 2018.

The findings suggest that many key organisations are not as resilient as they should be in the face of growing and sophisticated cyber threats. Corero's questions revealed that by not detecting and investigating brief DDoS attacks, organisations could be "leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks".

When asked "Have you suffered Distributed Denial of Service (DDoS) cyber attacks on your network in the last year?", just eight organisations (5 per cent) responded "yes".

(28th September 2017)


MOPED MUGGERS SNATCH 30 MOBILES A DAY
London Evening Standard, dated 29th August 2017 author Justin Davenport)
www.standard.co.uk [Option 1]

The number of phones snatched by moped thieves more than doubled last year, as police say gangs target unwary pedestrians using their devices.

Criminals are using mopeds or pedal cycles to steal more than 30 phones a day from Londoners, figures reveal. More than half of the devices were iPhones, with 4,705 taken in 2016/17.

In total, thieves on mopeds and scooters stole 7,041 mobiles in the past financial year, compared with 3,210 in 2015/16. In addition, pedal cycle muggers snatched 4,526 last year, compared with 3,044 the previous year.

Police in London are battling an epidemic of moped crime. Officers say it is driven, in part, by demand for mobiles, which can be sold for their parts.

Detectives point to an increase in the value of phone parts, saying some iPhone pieces can now fetch £150 or more. As well as selling phones, gangs are also using them for other criminal activity, such as drug dealing.

Dr Simon Harding, a criminologist at Middlesex University and an expert on gangs, said: "One of the things that is driving this now, apart from the fact many of these phones cost between £500 to £600, is that gang members need four to five separate phones. They Like us on Facebook Follow us on Twitter and Instagram have one to call mum, another for girlfriends and maybe two or three for drugs deals, which are called 'trap phones'.

"There is a constant demand for these phones. I have interviewed gang members and they all have three or four phones on them.

"They have all seen The Wire and other TV programmes and know how they can be tracked by their phone. If the cops chase them the phones get smashed up."

A stolen iPhone can fetch about £100. Some gangs are stealing 20 in an hour.

The figures, obtained via a Freedom of Information request, show that Islington has the highest number of moped mobile thefts in London. Last year 1,592 were recorded, compared with 1,114 in the previous 12 months.

Five boroughs - Isling­ton, Hackney, Camden, Westminster and Tower Hamlets - account for almost three quarters of moped phone snatches in London.

Commander Julian Bennett, the head of the Met police's Operation Venice, which targets moped gangs, said: "These offenders rely on the unwariness of the public to snatch their phones whilst they make calls.

"It is so important that the public is aware of their surroundings at all times and protect their personal property, particularly when emerging from a train or Underground station or anywhere where they might suddenly decide to take out and use their phone. Smartphones are very valuable to these criminals and they can snatch them in an instant."

He said police were employing overt and covert methods to target criminals using mopeds and bicycles to snatch valuables.

In recent weeks the Met has revealed it is trialling "DNA" sprays to mark fleeing suspects so they can be identified later, and stinger devices to punc­ture tyres.

Peo­ple are urged to be aware of their surroundings, not to text while walking, use the phone's security features and keep a record of its IMEI number.

(28th September 2017)



PICKPOCKETS NETTED €1m FROM VISITORS TO DISNEYLAND
(The Times, dated 28th August 2017 author Adam Sage)
www.thetimes.co.uk [Option 1]

A Romanian couple with seven children will go on trial in France tomorrow accused of running a gang of young pickpockets who netted €1 million from tourists at Disneyland Paris.

Police say that the daily takings of one girl in the gang, whose members were aged 12 to 17, was between €500 and €800.

Marian Tinca, 57, and Maria Iamandita, 51, from Craiova, are accused of operating a Fagin's kitchen in which children were trained to steal wallets and phones.

Prosecutors claim that they were housed in poor areas north of Paris and sent out to steal in groups of three or four. In the morning they operated around the big department stores and would arrive at Disneyland in time for the afternoon parade.

One distracted the victims, the second carried out the theft and the others disappeared with the bounty.

Prosecutors will tell the court in Meaux, 25 miles from Paris, that Mr Tinca, who is said to have started the gang after he and his wife divorced, congratulated them when they brought home a lot of money and castigated them when they did not. Mrs Iamandita was in charge of taking the proceeds back to Romania. They will be tried along with ten others accused of being their accomplices.

The gang, whose members came from eight branches of one family, operated between 2014 and last year. Police became suspicious in 2015 when they started to receive a flow of reports from tourists whose belongings had been stolen. The children were arrested frequently but refused to give their names and claimed to be under 13, the age below which they cannot be detained under French law. They were systematicaly placed in foster care but all left within a few days.

The adults accused of running the operation were arrested in February last year after an investigation that involved tapping phones and despatching undercover officers to follow the suspects. The police in Craiova co-operated with their French counterparts.

The prosecution says that the loot was distributed to numerous members of the clan. Some used it to buy houses, a few gambled it away and others spent it on luxury goods.

(28th September 2017)


NEW YORK POLICE SCRAP 36,000 WINDOWS SMARTPHONES
(The Register, dated 28th August 2017 Kieren MacCarthy)

Full article [Option 1]:

www.theregister.co.uk/2017/08/28/nypd_scraps_36000_windows_smartphones/

The New York Police Department will scrap 36,000 smartphones, thanks to a monumental purchasing cock-up by a billionaire's daughter.

The city spent millions on the phones back in October 2016 as part of its drive to bring the police force into the 21st century. And the woman behind the purchase - Deputy Commissioner for Information Technology, Jessica Tisch - praised them for their ability to quickly send 911 alerts to officers close to an incident.

There was only one problem: Tisch chose Windows-based Lumia 830 and Lumia 640 XL phones, and Microsoft officially ended support for Windows 8.1 in July.

Even though those two models are eligible to be upgraded to Windows 10 Mobile, the NYPD will need to redesign more than a dozen custom apps it created to run on Windows 8.1. And every phone will need to be manually updated to the new operating system. In addition, Microsoft is only promising to support upgraded Windows 10 phones through to June 2019.

In other words, the phones are effectively obsolete and so, according to the New York Post, the police department has decided to scrap them altogether and go with iPhones instead.

(28th September 2017)


GANGS USE LINKEDIN TO IMPERSONATE BOSSES AND DEMAND CASH TRANSFERS
(The Times, dated 28th August 2017 author Alexandra Frean)
www.thetimes.co.uk [Option 1]

Criminal gangs are using LinkedIn to perpetrate "CEO fraud", mining the social network for information about job titles and a company's chain of command to impersonate senior executives and give bogus orders to those below them.

The frauds typically involve an email purporting to be from a finance director or chief executive sent to an underling in the company's finance department, ordering them to transfer money quickly to a bank account for a specific reason.

"The attackers use LinkedIn to do corporate reconnaissance. It tells them a lot about who does what in an organisation," said Andrew Nanson, who is director of Corvid, the military cyberdefence division of Ultra Electronics. "The criminals are using social engineering techniques. Most of the time people follow instructions they get on email, especially if its from a boss. If an email looks like it comes from a certain person, why would'nt someone believe it was from them?"

Attackers make an email appear to come from an official company account using simple techniques, such as replacing a character with another similar one. An l may be become an i, so that Barclays appears as Barciay.

"The human brain will try to help you and you will read it as Barclays and your spam filter might not know there is no such thing as Barciay," Mr Nanson said.

He added that attackers also scour corporate press releases for information about new contracts and who is in charge of them, identifying the customer and supplier by name.

"Six months after the announcement [the supplier] sends an email saying, "our account details have changed, please send all future payments to....""he said. It's very, very common. I'm aware of organisations that have lost hundreds of thousands through diversionary payment fraud," Mr Nanson said.

This year the magazine Fortune reported that Google and Facebook were tricked by Evaldas Rimasauskas, a 48 year old Lithuanian, into sending him more than $100 million.

According to the US Justice department, he forged email addresses, invoices and corporate stamps to impersonate a large Asian based manufacturer with whom the tech firms regularly did business.

A report last year from the City of London police's National Fraud Intelligence Bureau showed that £32 milion had been reported lost as a result of CEO fraud in Britain. The actual figure is likely to be far higher, as many may not realise they have been hit. Action Fraud, the cyber crime reporting centre, reported last year that the average loss is £35,000, but one company lost £18.5 million.

Most organisations now train staff to spot phishing attacks. Many cyber security systems can identify malware and malicious websites, but this often fails to stop diversionary payment fraud.

Linkedin declined to comment.

(28th September 2017)


POLICE TAKE 11 HOURS TO RESPOND TO 999 CALLS
(The Times, dated 27th August 2017 author Andrew Gilligan)
www.thetimes.co.uk [Option 1]

Police in parts of London have been taking an average of 11 hours to respond to some 999 calls after a "disastrous" reorganisation by the Metropolitan police.

In June, in three east London boroughs, officers took an average of 28 minutes to respond to the most urgent calls: those graded by police as needing "immediate" emergency assistance. For the next grade down - calls classed as of "significant" urgency - police took an average of 11 hours and 22 minutes to respond.

In the first week of August the three boroughs had an average of 98 emergency calls "outstanding" and "unassigned" at any one time. The peak was on the morning of August 3, when an average of 163 callers waited for police to be assigned to their emergencies.

The figures are given in reports to the crime and disorder subcommittee of the Havering council, one of five boroughs where the new is being piloted.

Darren Rodwell, leader of the Barking council, another of the five boroughs affected by the re-organisation, sadi police response times in his area had "fallen off of a cliff". He said: " We have the second highest number of acid attacks in London. We've had more teenage stabbings in the last six months here than I can ever remember. But despite our keeping raisin our concerns, it did'nt feel like the message was getting through. We need the mayor to help us".

Abdul Hai, cabinet member for community safety at Camdem council, another of the boroughs in the plot, said he had expressed concerns to police about the changes. "The critical, key thing is the response times, " he said. "There was a period when response times went up quite significantly."

In Camdem and Islington, for the week ending July 25, an average of 25 urgent 999 calls were "outstanding" and "unassigned" at any one time, according to figures given to the London Assembly. At th peak, 54 urgent callers were waiting for assistance.

Under the plans, intended to save money by using officers more flexibly, London's 32 borough commands - which carry out local policing, employing the vast majority of officers - would be merged into 12 much larger units. The first two pilots - the east area, covering Barking, Havering and Redbridge, and the north central area, covering Camdem and Islington - have been fully operational since April.

Serving Met officers said the plan was a "disaster" that put them and the public at risk. "Each borough still has its own radio channel, so the risk is you're not on the right channel if you need to call for backup", said one officer. "Then you've got officers going into places without any local knowledge. It just doesn't work.

Last month the London mayor, Sadiq Khan, said the changes aimed to "strengthen local policing" and "improve the overall service to Londoners". However, he admitted last night that performance was "unacceptable" and said he had demanded "immediate Improvements".

Mark Simmons, Met deputy assistant commissioner, said performance had improved since June, with the average response time to "immediate" calls in the east area now just over 12 minutes.

(28th September 2017)


HUNDREDS CAUGHT BY ROADSIDE DRUG TESTS
(The Times, dated 27th August 2017 author Tim Shipman)
www.thetimes.co.uk [Option 1]

Hundreds of motorists a year are being convicted for driving while intoxicated on drugs after a crackdown dramatically raised the conviction rate.

Half of those caught in roadside drug tests were found to be driving under the influence of cocaine, cannabis or both.

In 2015, the latest year for which official figures have been published, 1,442 drivers - about four a day - were convicted of offences that included being in charge of or attempting to drive a vehicle, or causing death, while exceeding the legal drug limit.

Police forces have recently focused on drug driving: Merseyside police reported 109 arrests for offences during a four-week operation in June.

Ministers have now released figures showing that roadside drug tests to detect cannabis and cocaine introduced in 2015, have increased the conviction rate among those stopped from 80% to 98%.

Previously officers would have to gather evidence that the driver was impaired, or would have to get medical opinion, before being allowed to take a blood or urine sample at a police station.

As well as the new roadside tests, officers are able to test for ecstasy, LSD, ketamine and heroin at a police station with a blood test, even if a driver passes the roadside check.

Drivers can also be convicted of drug driving after taking too many prescription drugs such as morphine, diazepam and temazepam.

The justice minister Dominic Raab said: "Our message is that any driver who risks the lives of others by taking the wheel under the influence of drugs will be punished.

(28th September 2017)

CYBER ATTACK ALERT WEEKS BEFORE US WARSHIP CRASHED
(The Times, dated 27th August 2017 author Richard Kerbaj)
www.thetimes.co.uk [Option 1]

Ship owners were warned about the threat of cyber-attacks only weeks before America began investigating the "possibility" that hackers caused the collision between one of its warships and an oil tanker, The Sunday Times can reveal.

The International Maritime Organisation (IMO), a London-based UN-affiliated body that regulates shipping, last month published guidelines urging ship owners to safeguard vessels against the "current and emerging threats" of cyber-hacking.

This weekend Lord West, a former admiral in the Royal Navy, also raised concerns about cyber-attacks, saying he was worried by merchant vessels' vulnerability.

The revelation follows the collision between the American destroyer USS John S McCain and a Liberian oil tanker, Alnic MC, in the South China Sea last week, leaving 10 US sailors dead or missing.

The route of the tanker taken from tracking signals and posted online by the VesselFinder website, shows it making a sudden turn to port just before the collision. Military intelligence officials fear the tanker may have been sent off course by a remote attack on its navigation systems.

It was the fourth time a US warship has been involved in an accident in Asian waters this year, raising questions about possible interference by state-sponsored hackers, sources say.

The US defence department warned in last years annual report about China's use of "electronic warfare" as a way to "reduce or eliminate US technological advantages". It said Beijing's capabilities include "jamming equipment against multiple communication and rada systems and GPS satellite systems.

Zhang Zhaozhong, a rear admiral in China's People's Liberation Army, celebrated the collision of the USS McCain, accusing the ship of "making a lot of trouble in the South China Sea.... what goes around comes around".

The IMO's new guidlines describe "an increasing need for cyber risk management in th shipping industry".

It is the second time it has warned about cyber attacks, after a 2014 paper revealed that "state sponsored hackers, terrorists and other malicious actors have turned towards exploiting weaknesses in cybersecurity".

Peter Roberts, a cyber expert who runs the military sciences unit at the Royal United Services Institute, said: "The offensive use of cyber has tended to follow the doctrine of electronic warfare of old. Competitor states - China, Russia, Iran, North Korea amongst others - continued to develop and invest in their electronic warfare capabilities ... and now [that] means they have a competitive advantage."

###Further information - uaware

https://securityledger.com/2017/08/analysis-there-is-both-means-and-motive-for-cyber-attacks-on-navy-vessels/

(28th September 2017)



HOW HIDDEN CODE HELPS COPS IDENTIFY DRUG DEALERS AND CHILD PREDATORS ONLINE
(CBC News, dated 26th August 2017 author Matthew Braga)

Full article [Option 1]:

www.cbc.ca/news/technology/hidden-code-ip-address-police-dark-web-investigation-1.4263103

When Dutch police took the notorious Hansa marketplace offline last month, they had a message for the underground site's pseudonymous drug dealers: we know who you are. The question, of course, was how.

Hansa existed on the dark web, and required a special web browser called Tor to access. Tor is designed to protect its users' privacy by keeping the true location of their computers anonymous. And yet, police said they would be able to unmask some of Hansa's users all the same.

On Friday, The Daily Beast appeared to have figured out why. It reported that Dutch police may have uploaded a specially crafted Microsoft Excel spreadsheet to Hansa's site, with hidden code inside designed to phone home to police.

When a user opened the spreadsheet, it would silently connect to a server controlled by police. Investigators would receive their real IP address, and not the anonymous IP address they would otherwise be assigned by Tor. Number in hand, there's a good chance they could get that user's real name and address from their internet service provider.

In many cases, police don't have to go to such lengths. Some criminals unwittingly give up their IP addresses. But the technique likely used against Hansa's users is becoming increasingly necessary as criminals get better at covering their tracks.

###"Designed to avoid suspicion"

There are myriad ways for authorities to get the IP addresses of their targets during criminal investigations. Some, such as the approach used by Calgary Police in a 2012 investigation, are relatively simple.

In that case, Detective Sean Joseph Chartrand of the Calgary Police Service entered a Yahoo chat room posing as an underage girl, court filings show. A man named Michael J. Graff, using a pseudonym, started chatting with Chartrand. Graff sent a series of sexually explicit messages and photos, along with an email address, and invited Chartrand - who he believed was named Ashley - to contact him there.

That was Chartrand's in. He used a now-defunct service called SpyPig to hide a tiny invisible image in an email, and sent it to Graff. When Graff opened the email, his computer retrieved the image from SpyPig's server - and in the process, revealed the IP address of his computer to SpyPig and Calgary Police.

"Det. Chartrand's email using the SpyPig code was specifically designed to avoid suspicion and conceal the SpyPig tracking function," reads a filing from the case.

Kent Teskey, the criminal defence lawyer in the case, was unaware of other cases where similar techniques have been used, as were other privacy lawyers and researchers contacted by CBC News.

###Network investigate techniques

The service used by Calgary Police isn't very sophisticated, nor is it exclusively used by police. Internet marketers, for example, have embedded tiny invisible images inside emails for years to track who opens their emails, at what time, and from where.

But in cases where a carefully crafted email or link may be suspicious or impractical, police have turned to more advanced and covert techniques.

In the Hansa drug market investigation, the tracking code was reportedly hidden inside an Excel file listing recent transactions. Similar code was hidden inside a video that contacted an FBI server when played.

But nothing compares in scope or scale to an FBI investigation in 2015, where the agency installed spyware on over 1,000 computers that accessed a child porn site called Playpen. The FBI refers to its hacking tools as network investigative techniques (NIT).

It's unclear whether police in Canada - who typically decline to comment on operational matters - have deployed similar software here.

(28th September 2017)

DVLA BANS OVER 300 POTENTIALLY OFFENSIVE NUMBER PLATES
(BBC News, dated 25th August 2017)

Full article : www.bbc.co.uk/news/uk-wales-41025969

More than 300 number plates have been banned from use when the 67 vehicle registrations are released next week.

The Driver and Vehicle Licensing Agency (DVLA) has withheld them because they are deemed potentially offensive.

Among those are MU67 DER, BU67 GER, DO67 GER, BA67 ARD, MU67 GER, HU67 WLY and OR67 SAM. Other "words" like AF67 HAN and NE67 ECT also make the list.

A DVLA spokesman said it had a responsibility to ensure plates do not "cause upset or offence".

In June, the Swansea-based agency admitted that a plate JH11 HAD "slipped through the net".

Words which look as if they spell the word jihad among the new plates have also been banned, information supplied under the Freedom of Information Act to BBC Wales has shown.

Also on the list are a range of plates that start with the word NO and end with another complete three-letter word (and the 67 is irrelevant), including NO67 DAD, NO67 FUN, NO67 MUM and NO67 SON.

The spokesman said: "The agency applies a clear policy of withholding potentially offensive registration numbers equally to normal issue series and those made available to purchase from our sales team.

"Such numbers are withheld if they are likely to cause offence or embarrassment to the general population in this country on the grounds of political, racial and religious sensitivities or simply because they are in poor taste when displayed correctly on a number plate."

###Cracking the code?

- To certain eyes, or on some deliberately-designed plates, a 6 can look like a "G" or an "S"
- A 7 can be read as a "T" or even an "L"
- And when put together, the number 67 can be read by some as an "R" - but only if you look really, really hard

(28th September 2017)


DON'T EXPECT POLICE TO COME OUT AFTER A CRIME, IF YOU'RE HEALTHY, MIDDLE-AGED AND SPEAK GOOD ENGLISH
(London Evening Standard, dated 25th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/don-t-expect-police-to-come-out-after-a-crime-if-you-re-healthy-middleaged-and-speak-good-english-a3619956.html

Victims of crime in London could be denied a personal visit from police unless they are judged to be sufficiently "vulnerable", one of Scotland Yard's most senior officers has warned.

Deputy commissioner Craig Mackey said the "absolutely feasible" change would see the Met assessing the level of risk faced by a caller when deciding whether to send officers for a "face to face service".

He said members of the public who might be prioritised in future included people with learning difficulties, the elderly and people who did not speak English as their first language.

Healthy middle-aged men such as himself might miss out. Mr Mackey said burglary victims would "probably always get a service" but that "vehicle crime, those sorts of things" were among the types of offence where police might not attend unless the person affected was vulnerable.

He admitted this was a "difficult area" of policy, but said it could be required to help the force cope with major spending cuts over the coming years.

Speaking to the Standard, Mr Mackey also set out how the Met is striving to prevent officers numbers falling below the landmark 30,000 figure in the face of a projected £400 million drop in funding over the next five years.

Looking ahead to how the force will cope with less money and fewer officers, he said: "That's where you get into some of the difficult areas around do you always offer the same service to everyone? Increasingly, as we go forward we will look at things like trying to assess people and crime on the sort of the threat, the harm, the risk, and people's vulnerability.

"It's absolutely feasible as we go forward that if my neighbour is a vulnerable elderly person who has experienced a particular type of crime, that she gets a face-to-face service that I don't get. So we triage things... we assess people's vulnerability.

"Vulnerability can manifest itself in a number of ways: people with learning difficulties, a whole range of things, some people for whom English isn't a first language. That's about how we get those resources focused on the things you can make a difference with. But also as we go forward, as demand grows, you have to have a way of controlling and triaging."

The deputy commissioner said that it was inevitable that the force would become "smaller", despite rising crime, a growing population and the heightened terror threat.

The scale of the reduction will depend partly on future funding decisions and inflation, which was currently above the assumption in the Met's budget, and the exchange rate, which affects technology purchases. Mr Mackey said a sweeping overhaul of its operations would help to minimise the impact on the public.

This includes a property sell-off which will involve the closure of police stations, safer neighbourhood bases, offices and other sites. The use of technology will also be expanded to enable officers to file crime reports on patrol.

Mr Mackey said: "The Met will get smaller over the next four or five years. We are at 30,700 officers now. Realistically, we will be about 30,000 through most of next year. It's almost impossible to predict beyond that.

"It's about how you maximise what you've got. With buildings, you take running costs out and that equates to keeping more officers. Nothing in this changes when people ring us and say, 'Please, please come'. That 999 service is absolutely not changing.

"The reality is that the core part of the service that there's an emergency, please come quick, is what we all joined policing to do, to protect and to make sure it's the best we can possibly do."

In one scheme in west London, Hammersmith police station will get a £60 million upgrade while five other stations, including Notting Hill and Fulham, close. The plan, which will also pay for the refurbishment of Kensington police station, will save £1.25 million a year in running costs, equivalent to the cost of 27 officers, and provide £55 million in one-off capital receipts.

Similar schemes, which will lead to the closure of more than 250 Met buildings, will generate enough savings to pay for the employment of 1,100 officers a year and help fund the modernisation of remaining buildings. Mr Mackey said each borough would retain at least one police station open 24 hours a day. He said many of the buildings that will be shut currently had no public access - and that many of those which did had a low number of people attending.

(28th September 2017)


SMALL BUSINESSES SHOULD INVEST IN CYBER SECURITY
(The Telegraph, dated 23rd August 2017 author Jow Whitwell)

Full article [Option 1]:

www.telegraph.co.uk/business/open-economy/small-businesses-should-invest-in-cyber-security/

The deluge of cyber-attack stories in the news is becoming commonplace. Recorded cyber crime cost the UK economy £10.9bn in 2015/16; and unreported crime could cost magnitudes more. For small businesses alone, the average cost per attack is around £3,000.

Fortunately, the level of attention criminals are paying to cyber crime is more than matched by those fighting against them. But for SMEs with limited budgets, securing themselves can be a tricky job.

"When it comes to cyber security, a little can go a long way"

The risks remain the same of course: DDoS attacks, ransomware, phishing scams or data dumping can lead to a loss of trust or even fines for data breaches - both of which can close companies for good.

With resources strained, the onus is on small-business leaders to invest shrewdly in technology and staff training, alongside their other responsibilities. But when it comes to cyber security, a little can go a long way.

Define your needs


Using a checklist such as the Government's cyber-essentials questionnaire can help to calibrate your thoughts. It will also highlight ways in which you may have undermined your own security without thinking.

Taking a look around you is essential, too: talk to similar companies and study the way they are being affected. Then take steps to mitigate.

Don't overthink


You are not a hacker; you are not a computer expert; you are a just a regular human. But, there are still simple steps you can take that can make a huge difference ­- as Nik Whitfield, chief executive of cyber-security company Panaseer, explains. "Activate firewalls on computers and access points to the internet," he says.

"Maintain good passwords; activate two-factor authentication for hosted software services; remove unused user accounts; and ensure only administrators have full administrative access to computers."

And importantly: "Run a reputable anti-virus product and ensure it automatically updates on a daily basis."

Update regularly

For the next 24 hours, take note of the update messages you get on your digital devices; your operating systems may be out of date.

"Using yesterday's technology is a great big welcome mat, laid out to invite attackers"Dr Mike Lloyd, CTO, RedSeal

As Dr Mike Lloyd, chief technology officer at cyber-security analytics platform RedSeal, puts it: "Operating systems are more like milk than cheese - they get worse rapidly with age, not better.

"The WannaCry attack is a perfect example of the dangers of an out-of-date operating system. Using yesterday's technology isn't just inefficient; it's a great big welcome mat, laid out to invite attackers."

So, the key message is to update - and soon.

Judge a business by the technology it keeps

In the same way you wouldn't let unscrupulous types enter your house, you need a certain degree of diligence around the technology you allow into your business. Introducing compromised technology to your broader system carries risk.

Consider the next person who wants to charge their phone on-site; they may want to charge that phone from their office laptop, which, because it is connected to the rest of your system, could become a problem. You could consider providing staff with mobiles and computers as standard.

Short of that, every business should build a culture of security awareness. Take the load off management and instil a sense of responsibility in your staff around passwords, software updates and navigating the internet with a degree of scrutiny.

There can be no such thing as security perfection; the landscape changes daily. But with the right technology, the right habits and the right mindset, you can defend against the worst.

(28th September 2017)


POLICE OFFICERS SHOULD BE SACKED IF THEY LACK IT SKILLS, REPORT SUGGESTS
(The Telegraph, dated 23rd August 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/22/police-officers-should-sacked-lack-skills-report-suggests/

Police chiefs should be allowed to fire officers whose IT skills are not up to scratch, a new report has suggested.

The think tank, Reform, said being able to get rid of staff who were not computer literate, would mean forces would be in better shape to tackle surging levels of cybercrime.

But serving officers have slammed the suggestions, insisting that the police are already well versed at using technology to fight crime of all descriptions.

According to the report, restrictions preventing serving officers from being made redundant, means Chief Constables are currently "hamstrung" when it comes to tailoring their forces to meet the changing face of crime.

The report said: "Senior managers, officers and staff argued that the ability to fire officers without the necessary skills would allow chiefs to get the skill base to meet digital demand and shift culture."

In 2012 a major review of police pay and conditions recommended the introduction of a system of compulsory severance.

But the proposal was not taken forward, meaning officers kept the right to a job for life.

The new study from Reform, published today, (Wed) has called for the issue to be revisited.

Alexander Hitchcock, co-author of the report, said: "Chiefs should have the ability to make officers redundant if officers' roles have changed because of digital crime, and officers have not been able to develop the IT skills to fill these roles.

"But this will be a small minority of officers. We are arguing that forces should give officers every chance to develop IT skills through apps and university partnerships, as well as have the equipment to help them meet digital demand."

He added: "As people live more of their lives online, they need confidence that the police will help them do this securely.

"Bobbies urgently need the technology, skills and confidence to patrol an online beat."

Studies suggest that almost half of all crime is now either dependent on or enabled by technology, with people now 20 times more likely to fall victim to fraud than robbery.

The report also called for the recruitment of 12,000 IT volunteers to help in the fight against cybercrime, and said the government should invest an extra £450 million in police technology.

But the suggestions were not welcomed by rank and file officers.

Simon Kempton, lead on Digital Policing and Cybercrime, for the Police Federation, said: "It is entirely wrong to suggest that the police service has failed to change; indeed no part of either the public or private sector has gone through as much change as policing over the last decade.

"This report shows a lack of understanding of the regulations governing policing which already allow for the dismissal of underperforming officers through clearly defined processes.

"Policing requires a broad base of expertise and to simply dismiss officers who are less conversant with the digital world (rather than giving them proper training) is to treat with absolute contempt those who are prepared to sacrifice everything for the public they serve."

Four common cyber crimes

1 - Phishing - The aim is to trick people into handing over their card details or access to protected systems. Emails are sent out that contain either links or attachments that either take you to a website that looks like your bank's, or installs malware on your system.

A report by Verizon into data breach investigations has shown that 23% of people open phishing emails.

2 - Identity theft - According to fraud protection agency Cifas, the number of victims rose by 31 per cent to 32,058 in the first three months of 2015. Criminals use online 'fraud forums' to buy and sell credit cards, email addresses and passports.

3 - Hacking - In a Verizon study of security breaches there were 285 million data exposures, which works out to about 9 records exposed every second. 26% of these attacks were executed internally within organisations.

It is estimated that 90% of all data records that were used in a crime was a result of hackers employed by organised crime.

4 - Online harrassment - Over half of adolescents and teens have been bullied online, while 73% of adult users have seen someone harassed in some way online and 40% have experienced it.

(28th September 2017)


IDENTITY FRAUD IN THE UK AT EPIDEMIC LEVELS AS CASES RISE 5%
(The Register, dated 23rd August 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/08/23/identity_fraud_cifas_report/

There were almost 90,000 cases of identify fraud recorded in the first six months of 2017 - 5 per cent higher than the first half of last year, according to data released today.

Fraud prevention firm Cifas, which released the figures, said identity fraud was rising at record levels and now accounts for more than half of all fraud reported by its members.

"We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day," Cifas chief exec Simon Dukes said.

These frauds are "taking place almost exclusively online", he said, with online crime comprising 83 per cent of the total in the most recent figures.

There has also been a shift in the types of product targeted by identity fraudsters this year.

Although plastic cards and bank accounts remain the most common products - with 29,852 and 24,759 reported cases, respectively - these figures represent declines of 12 and 14 per cent.

Meanwhile, there has been a 61 per cent increase in telecoms-related fraud, rising to 9,097, and a 56 per cent increase in online retail, rising to 5,097.

The figures also give an indication of the ages of the fraud victims, although not all cases recorded a date of birth, and some frauds involve an entirely fake identity.

The overall profile of fraud by age group remained the same as in the first half of 2016, with most of the cases in the 31-40 and 41-50 brackets (24 per cent and 23 per cent, respectively).

However, under-21s saw a big increase in identity fraud this year, jumping 50 per cent, from 684 to 1,023 cases in the first half of 2017, compared with 2016.

Glenn Maleary, head of the economic crime division at the City of London police, said the increase in online fraud was "no surprise", adding that increased use of social media allows criminals easier access to a wealth of personal information.

Dukes echoed this statement, noting that the "vast amounts" of data held online - and exposed to breaches - is "only making it easier for the fraudster".

Dukes added: "For smaller and medium-sized businesses in particular, they must focus on educating staff on good cybersecurity behaviours and raise awareness of the social-engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough."

CIFAS article : www.cifas.org.uk/newsroom/identity-fraud-soars-to-new-levels

(28th September 2017)


WHAT SHOULD YOU DO IF YOU ARE BITTEN BY A TICK ?
(The Guardian, dated 22nd August 2017 author Moya Sarner)

Full articles and Photographs [Option 1]:

www.theguardian.com/lifeandstyle/2017/aug/22/bitten-tick-prevention-symptoms-treatment-lyme-disease

The tricky thing is knowing if you have been bitten by a tick. They are hard to find and can be very small when they first attach because they're not full of blood," says Professor James Logan, head of the department of disease control at the London School of Hygiene and Tropical Medicine. There are three sizes of tick, and they all feed on blood: the larvae are tiny, the nymphs are about the size of a poppy seed and are most likely to transmit Lyme disease, while the adults reach the size of a pea when they are full of blood. "If you are out somewhere where there are likely to be ticks - particularly moorland, but anywhere where there are deer - you need to be checking yourself and your kids every hour or so, and especially when you get home. Even Richmond Park in London has ticks with Lyme disease," he advises. Organisations such as Lyme Disease Action and Public Health England have information on where there is a known prevalence of Lyme disease, such as Dartmoor, Exmoor, the Scottish Highlands and some national parks, but, warns Logan: "Technically it could happen anywhere."

Once you find a tick, the key is to remove it as quickly as possible. Use specially made very fine tweezers - "Not the kind you pluck your eyebrows with, those are too big," says Logan - or you can buy claw-shaped tick-removal tools in pharmacies, outdoor pursuit shops and online. If using tweezers, pull the tick directly upwards - do not twist it - and grab it as close to the skin as possible, to ensure you remove the head and mouth. "When the tick bites you, it injects saliva and a kind of cement into your skin, which means it clings on very tightly - if you pull the body, the head will snap off, stay in the skin and you could become infected," warns Logan. If you use the claw-shaped tool, twisting helps to remove the tick. "I carry a tick-removal tool whenever I go on a walk in the countryside," he says.

The next step is to keep an eye on the bite. "In the majority of people, it will disappear, and there will be no consequences," says Logan. But half of those who do get Lyme disease go on to develop what's known as erythema migrans, a bull's eye-shaped rash that looks like a red spot surrounded by normal skin, then a red circle that starts to expand. "If you have that after a tick bite, you probably have Lyme disease," he says - but if you don't see the mark, it doesn't mean you don't have Lyme. It could take a few days, weeks or months to show, and you might also develop flu-like symptoms: feeling tired with achy joints. "If any of those things occur after the bite, then it's worth going to see your GP. The key is to tell them about the tick and where you've been, so they can make their assessment as to whether it's likely to be Lyme disease," says Logan. If it is, they'll prescribe a course of antibiotics, which should clear up the infection. "The consensus is it's not a good idea to take antibiotics 'just in case' - there has to be some evidence that you're ill or have a very high chance of having contracted Lyme disease," he explains.

Some people with Lyme disease describe getting short shrift from their GP, so what should you do if you don't feel you've been taken seriously? Logan says: "Some GPs are very well informed - such as in the Scottish Highlands, where they regularly see people with tick bites - whereas a GP in a city centre is much less likely to see people with tick bites or Lyme disease very often." If you want a second opinion, you can ask to be referred to another GP, and go to the Hospital for Tropical Diseases, where there are specialists. "What I don't recommend is going online and finding a lab that offers to test for Lyme disease - you have no idea if that lab is accredited, and it could give you a fake result." Lyme Disease Action also offers advice, and the website bug-off.org has information about how to protect yourself from ticks.

(28th September 2017)


NEW LAW TO BAN COLD CALLERS FROM TARGETING PENSION CASH
(The Telegraph, dated 20th August 2017 author Ben Riley-Smith)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/19/new-law-ban-cold-callers-targeting-pension-cash/

Cold callers who con elderly Britons out of their private pensions will be fined up to £500,000, ministers have announced as they unveiled an outright ban on the practice.

Fraudsters will also be barred from contacting prospective customers by emails or texts as the Government vows to better protect "vulnerable" pensioners.

The crackdown is designed to end the 250 million cold calls made every year aimed at convincing people to move their pensions savings into fake trusts.

The scams often involve encouraging people to invest in foreign property or wine collections with the lure of higher yearly returns - only for the money to be stolen once transferred.

The crackdown comes after the Telegraph repeatedly exposed the scale of cold calling in Britain and the impact it can have on families and businesses.

Speaking to this newspaper, Guy Opperman, the pensions minister, said the suffering of those caught up in the scams had convinced the Government to act.

"For some people, their private pension is their biggest asset. The loss of that asset is a catastrophic situation," Mr Opperman said.

"The Government believes these changes will provide proper protection for hard-working pensioners who have saved all their lives and want to know we are standing up and protecting them.

"We want to ensure there is no exploitation of the vulnerable or the elderly, because there is some evidence this has happened in the past. We want it to stop."

An estimated eight cold calls are made every second in Britain targeting private pensions - the equivalent of 250 million calls a year.

New figures show people have been conned out of £43 million by pension scammers in the last three years, with the average victim losing £15,000.

Repeated Tory governments have vowed to tackle the problem and hopes were raised of an outright ban when a consultation was announced last year.

There were fears the policy has been ditched when it was not mentioned in the recent Queen's Speech, which lays out what laws the Government wants to bring forward.

However ministers today announce two major changes. The first is an official ban on cold calls targeting private pensions, including text messages and emails.

It will be enforced by the Information Commissioner's Office, with fines of up to £500,000 for those caught breaking the rules.

Businesses will only be exempt from the ban if the individual concerned has expressly requested information or has an existing relationship with the company.

The second change will stop people from transferring their private pensions pots into so-called "dormant" companies, which are not actually investing any money.

Stephen Barclay, the Economic Secretary to the Treasury, said: "It's utterly unacceptable that people who have worked all their lives to build up a pensionpot should be subject to scams which may leave them out of pocket.

"Pensions are often the most valuable asset a person has upon reaching retirement - and that's why we are determined to crack down on scammers and protect our hardworking savers."

This newspaper has repeatedly reported on the blight of cold calling in Britain today, especially revealing those people behind the companies that making vast profits from the enterprise.

Much of the problem is fuelled by technology that can help fraudsters carry out vast numbers of calls automatically, using recorded messages instead of genuine human interaction.

Legislation will be needed to make the changes, with Government sources indicating that it is unlikely they will get on the statute book before Christmas.

Instead it is hoped the ban can come into law in early 2018, once key pieces of Brexit legislation have been passed or made sufficient progress in Parliament.

(28th September 2017)


THINK TWICE, LOOK TWICE AT PEOPLE RENTING VANS
(The Times, dated 20th August 2017 author Mark Hookham and Caroline Wheeler)

Full article [Option 1] :

www.thetimes.co.uk/article/look-twice-at-people-renting-vans-dpb75g3hm

Van hire companies could be forced to share their customers' details with the government so they can be checked against databases of terrorist suspects, it emerged this weekend.

Anti-terror police and government officials have met the vehicle rental firms to discuss how to share data that could indicate people who were trying to hire vehicles to carry out attacks.

The use of a van to mow down pedestrians in Las Ramblas in Barcelona last week is the latest example of an increasingly common tactic.

In June attackers used a Hertz rental van to attack people walking over London Bridge, while just over two weeks later a rented van was driven into a group of people outside a mosque in Finsbury Park, north London.

Toby Poston, director of communications at the BVRLA, the trade body for vehicle rental businesses, said the organisation had met polic and government representatives about sharing information. "They [rental firms] are not going to get a copy of the counter terrorism watchlist, but if we can have some way of cross-referencing reservations systems .... then it gives us a bit more forward warning and the ability for the police to analyse that and use their intelligence to monitor people," he added. Officials are believed to be looking at how firms can share credit card and customer identification information without breaching data protection laws and whether new legislation is needed.

More than 4.6 van rentals take place each year.

Ben Wallace, the security minister, appealed yesterday for car hire rental staff to "think twice, look twice at those driving licences" and to call the government's anti-terrorist hotline if they have suspicions.

(28th September 2017)



SUPERMARKET X COULD HAVE INFECTED THOUSANDS WITH PIG VIRUS

(The Telegraph, dated 20th August 2017 author Francesca Marshall)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/20/supermarket-x-could-have-infected-thousands-pig-virus/

Thousands of people may have been put at risk of contracting Hepatitis E from pork products sold at a leading supermarket.

The virus, which can cause liver cirrhosis and neurological damage, could have infected up to 200,000 people in the UK each year from 2014 to 2014, according to a Public Health England (PHE) report.

By tracing the habits of those infected, the study concluded that only "Supermarket X" was significantly associated with Hepatitis E (HEV), in particular own brand sausages. Only pork products from Europe, mainly Holland and Germany, and not the UK carry the strain.

Both PHE and the Food Standards Agency (FSA) have declined to name the supermarket in question.

A spokesman from PHE said: "We clearly state in the paper that the association with the supermarket does not infer any blame.

"If it was thought there was an immediate public health threat or available preventative measures, we would have taken action."

However, sources told the Sunday Times that the supermarket involved was Tesco. When questioned by The Daily Telegraph, the supermarket giant said it would not be able to comment on the allegations specifically.

A spokeswoman for the retailer added: "We work very closely with the FSA and PHE to make sure customers can be confident in the safety and quality of the food they buy.

"This particular research was carried out six years ago on a small number of people, and although it provided no direct link between specific products and hepatitis E we always take care to review research findings such as this.

"Food quality is really important to us and we have in place an expert team to ensure the highest possible standards at every stage of our supply chain, as well as providing clear information to customers on how to handle and cook pork in the home to minimise the risk of hepatitis E."

The FSA said that they were aware of the findings and "reviewing all aspects of hepatitis E" with other government departments and industry.

(28th September 2017)

POLICE BEEF UP DARK NET OPS TO HEAD OFF VIGILANTES
(The Times, dated 20th August 2017 author James Gillespie)
www.thetimes.co.uk [Option 1]

A new team of undercover police officers will seek to track and trap paedophiles grooming children online in a £20m initiative which is also aimed at curbing the activities of vigilantes.

A 12 month pilot scheme in Norfolk led to 43 arrests and will now be launched across the country.

Senior officers have made it clear that they do not appreciate vigilantes who go online and pretend to be children before arranging to meet and then "arrest" suspected paedophiles.

Dark Justice, a prominent vigilante group, said the police move would not deter them. "The government have had the time to tackle this epidemic for a long time but simply haven't," a spokesman said.

"It has been proven that no more than 30 officers are on line at any one time tackling this problem throughout the whole country, so the public have started chipping in where they can and we are highly passionate about what we are doing to tackle this problem head-on.

" Due to the government cuts the police have become reactive not proactive like ourselves. The only way to tackle this problem is by doing it head-on and not beating around the bush".

Simon Bailey, the Norfolk chief constable and National Police Chiefs Council lead for child protection, said: "This increase in our undercover capability will send a clear message to so-called paedophile hunters: if you have information about child abuse, tell the police. Don't try to take it into your own hands, you could undermine police investigations creating more risk for the children we all want to protect.

"They [paedophile hunters] are taking risks they don't understand and can undermine police investigations.

"There is also the risk of wrongly accusing someone; if someone is wrongly accused of being a paedophile in a hugely public way that makes people who live with them, live near them or work with them assume they have committed the offence.

"The temptation to kill themselves may be just as great even if they are innocent; that is an appalling consequence to contemplate.

"Revealing the identity of suspected paedophiles gives the suspect the opportunity to destroy evidence before the police can investigate them .... and thse people have no way of safeguarding child victims."

A trial in Cardiff collapsed this month when a judge ruled that the evidence given by self-appointed paedophile hunter David Poole, 38, was "at best inaccurate and at worst a lie".

Bailey said the police were arresting more than 400 suspected offenders and safeguarding over 500 children each month.

(28th September 2017)



CALLS TO UK's MODERN SLAVERY HOTLINE DOUBLE IN A WEEK
(The Guardian, dated 18th August 2017 author Sarah Marsh)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/aug/18/calls-uk-modern-slavery-hotline-double-week-national-crime-agency

The number of calls to the modern slavery hotline has doubled in a week after the National Crime Agency's report on the "shocking" scale of the problem.

The helpline, for people to report suspicions of modern slavery, received 150 calls in seven days this week, up from a weekly average of 75.

The surge came after the agency said modern slavery and human trafficking were far more prevalent than law enforcement had previously thought.

In a recent crackdown, the NCA said it had lifted the lid on the "shocking" scale of the crime, with potentially tens of thousands of victims in the UK.

Justine Currell, executive director of Unseen, an anti-slavery and anti-trafficking charity, said the warning had prompted a sharp rise in calls to them.

People were reporting workers at car washes, in construction and nail bars, she said. These workers often received low pay and endured poor living conditions. "[The calls] are still coming in thick and fast, we refer them to the police whenever we can," Currell said.

"Some say they got their car washed in the village and the people doing it looked worn down but they will not tell you where it is … we cannot do anything with that information but we leave it on file and if they contact again then we can add to what we know,.


"Quite often there will be no indicator, someone might just have a bit of a feeling, but we cannot refer 'a feeling' on to the police. Normally we have to work with the person calling and identify if the concerning factors indicate modern slavery."

Caroline Young, deputy director for vulnerabilities at the NCA, said the agency was pleased with the response.

She said: "We launched the campaign because we think the public have an awful lot to offer in terms of assisting us and being able to spot … something peculiar and different going on."

Unseen said since it started operating its helpline last October there had been a steady rise in calls, from 40 a week to about 70-75.

Aidan McQuade, director of Anti-Slavery International, said the growing call numbers suggested the NCA work was helping to raise awareness, which was a "positive step forward".

However, he noted that a key concern was whether there was "appropriate capacity in policing to deal with required level of investigation needed to get a grip in this issue in the country".

McQuade said: "It's important to understand that [this problem] does not emerge in a vacuum - it's not just evil people enslaving vulnerable people it's unscrupulous people taking advantage of gaps in the law and policy or implementation of the law and policy.

"So we do tend to see slavery occurring in uninspected places ... places that are not being inspected by the police and by labour inspectors … places where there are un-unionised work forces."

Young said: "[The police] have got lots of things to deal with … it's part of everyday working life, juggling those priorities but looking after those who report modern slavery is part of their core responsibilities."

Currell said tackling modern slavery was a postcode lottery: "The police are mainly doing their best and there are pockets of good practice as with anything … it can be a postcode lottery but … they are trying to deal with it in way that recognises how complex and hidden it is.

"If you look at places like Greater Manchester police or West Yorkshire and the Met, they have all got trafficking teams and have the resources … they have a single point of contact and have the capability to do that rather than provincial forces who will struggle and not have a bespoke team focused on that particular crime area."

(28th September 2017)


WHERE ARE ALL THE BOBBIES ON THE BEAT ?

(The Telegraph, dated 16th August 2017 author Telegraph Reporters)

Full Article [Option 1]:

www.telegraph.co.uk/news/2017/08/16/bobbies-beat-plummet-public-say-number-people-believe-police/

The number of bobbies on the beat has plummeted, according to the public, as statistics showed the number of people who believe police are "highly visible" in their community has fallen by almost half.

Just one in five (22 per cent) people said they feel officers are highly visible, according to the latest Crime Survey for England and Wales, which looks at the period from April last year to March this year.

This compared with 39 per cent in April 2010 to March 2011, while the percentage of the public who said they "never" see police foot patrols has risen by more than half, from 25 per cent to 39 per cent.

It follows a survey last year, which found that one in three people in England and Wales has not seen a bobby on the beat in their local area in the past year.

The poll carried out for police watchdog HM Inspector of Constabulary (HMIC) found 36 per cent of people had not seen a police officer or PCSO on foot in their areas in the past year - while just under a quarter (23 per cent ) had seen uniformed personnel "once or twice".

The watchdog warned of the "erosion" of neighbourhood policing as police forces are forced to make further financial cuts.

Labour's Shadow Policing Minister Louise Haigh said: "Bobbies on the beat don't just reassure the public they collect vital community intelligence and help to keep us safe. Savage cuts mean this tried and tested bedrock of British policing is being chipped away as police withdraw from neighbourhood policing altogether.

"Police visibility has rarely been lower and the blame lies squarely at the Government's door.

"The Tories shamefully accused the police of crying wolf over police cuts, but now the public are seeing the brutal reality; crime rising and fewer officers on hand to keep them safe."

(28th September 2017)


SPIKE IN THE NUMBER OF CAT THEFTS AROUND THE UK
(International Business Times, dated 16th August 2017 author James Tennent)

Full article [Option 1]:

www.ibtimes.co.uk/pussy-pilfering-spike-number-cat-thefts-around-uk-1635337

A new study from pet insuarnce providers Direct Line has shown a marked rise in the number of cats being stolen around the UK - one figure suggesting the increase has been as high as 40% in the last three years.

The data also shows another shocking statistic for pet lovers around the country. According to data from UK police forces, only 18% of the stolen cats are ever recovered.

In 2016, the research said that 261 cats were stolen around the UK - an increase on 2014 when just 181 cats were thought stolen. Other research highlighted by the company said that the number of cat thefts could in fact be higher, with as many as 360,000 adults believing that a cat in their care was stolen during the past year.

As some pedigree kittens can fetch a large price, the breed of cat seems to matter when analysing cat theft data - though whether there's enough of it is another question. Many police forces do not record the breed of cat involved in thefts though many more do record dog breed.

From the data available, Bengal cats seem to be the most sought after. Bengals are larger than normal domestic cats and have leopard-like markings from being bred to resemble big cats in wild.

Where you live could matter too, with most of the recorded thefts occurring in London, followed by Kent.

Prit Powar, Head of Pet Insurance at Direct Line, said: "If an owner believes their cat is missing, they should first check the immediate vicinity such as in neighbouring gardens or garages as well as asking local people if they have seen it."

Failing that, owners should contact a local animal warden, Powar said, and make sure to keep animals microchipped with the information up to date.

(28th September 2017)


SERIOUS FRAUD OFFICE EARNS TAXPAYERS £517 MILLION IN 12 MONTHS
(London Evening Standard, dated 16th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-serious-fraud-office-earns-taxpayers-517-million-a3612926.html

The Serious Fraud Office earned taxpayers more than £1 million for each of its employees last year after a record run of success, figures have revealed.

The statistics show that £516.8 million was paid into Treasury coffers by the SFO during the 12 months up to the end of the financial year in early April.

That equates to just over £1 million for each of its 500 staff. This year's revenue also equates to more than the SFO's total running costs of £473 million for the past decade and means that it has become one of the Government's most successful earners.

The figures, drawn from an analysis of data in the SFO's annual reports, will heighten the debate about the organisation's future and bolster arguments in favour of its survival. Theresa May had said in the Tory election manifesto that she wanted to abolish it as a separate organisation and hand its functions to the National Crime Agency.

However, senior Conservative MPs, including the former attorney general Dominic Grieve and the chairman of the Commons Justice Select Committee, Bob Neill, have voiced opposition. There was no mention of the idea in the Queen's Speech this summer.

Most of the money earned by the SFO during the past financial year came in a "deferred prosecution agreement" struck with Rolls-Royce in January. The deal, under which Rolls-Royce agreed to pay £497.25 million, followed a four-year investigation into corruption and bribery involving the company in Indonesia, Thailand, India, Russia, Nigeria, China and Malaysia over 30 years.

The earnings last year compare favourably with the £54.6 million cost of running the SFO for the 12-month period. The £516.8 million total also outstrips the £473.2 million operating bill for the organisation over the past 10 years.

In its annual report, the SFO said it had "remained sharply focused on reducing the harm caused by high-level economic crime and preserving the reputation of the UK as a safe place to do business... we remain uniquely well-placed to investigate and prosecute the top-tier of serious and complex economic crime and our operating model underpins our success".

This year's figure of £516.8 million does not include money recovered by the SFO from confiscation orders imposed upon convicted fraudsters.

Nor does it include the £129 million fine paid by Tesco under the terms of another deferred prosecution agreement agreed in April over allegations of false accounting by the retailer. That income will be included in next year's SFO accounts.

(28th September 2017)

FATAL DOG ATTACKS RISE AFTER BAN ON DANGEROUS BREEDS
(The Times, dated 15th August 2017 author Ben Webster)
thetimes.co.uk [Option 1]

The number of people killed by dog bites has almost tripled since the introduction of the Dangerous Dogs Act in 1991, prompting campaigners to call for a change in the law to target behaviour rather than breed.

In the ten years before the act, 11 people were killed, but in the 26 years since there have been 73 deaths - an average of 2.8 a year compared with 1.1 - according to figures from Born Innocent, which wants the act reformed. It said that by focusing on banning specific breeds the act was misleading people into thinking that other dogs were safe and diverting attention from irresponsible owners of any type of dog.

The act bans four breeds : the pitbull terrier, the Tosa and the Brazilian and Argentine mastiffs.

In Calgary there are no ban on breeds but owners are fined C$250 (£150) for not having a licence and up to C$10,000 if their dog attacks someone. The number of bites reported has halved.

Shaila Bux, of Born Innocent, said: " if we go by statistics then current legislation has failed in every area that it was set to tackle. We are at a crossroads with the Dangerous Dog Act in its current format : politicians must be brave enough to admit that the act has failed and implement laws that will reduce dog bites whilst not punishing dogs based on how they look. The law should target irresponsible owners and their dog's behaviour.

She said that figures showed that more people died from bee or wasp stings or being attacked by cows and pigs. There were ten deaths from dog bites in the three years from 2013 to 2015, compared with 14 from stinging insects and 27 by pigs, cows and other mammals.

The RSPCA has also called for the act to be reformed and last year published NHS data showing that hospital admissions after dog bites had risen by 76 percent in a decade in England, from 4,110 in 2004-05 to 7,227 in 2014-15.

Samantha Gaines, the RSPCA's do welfare expert, said" Other countries have moved away from a breed specific approach and have achieved a reduction in dog bites through education and fostering responsible dog ownership."

The Department for Environment and Rural Affairs said: " Prohibiting certain types of dog...is crucial to help deal with the heightened risk they pose. However, any dog can become dangerous if it is kept by irresponsible owners in the wrong environment, which is why the act covers any type of dog that is dangerously out of control."

(28th September 2017)



CITY OF LONDON POLICE CAN'T SHARE BODYCAM FOOTAGE WITH PROSECUTORS
(London Evening Standard, dated 15th August 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/computer-says-no-met-police-cant-share-bodycam-footage-with-prosecutors-because-of-difference-in-it-a3611976.html

Police in the City of London are unable to share footage from body cameras directly with prosecutors because of differences in computer software systems, it was revealed today.

Instead, police have to transfer footage onto DVDs which are then hand-delivered to the Crown Prosecution Service.

The City of London force is one of several across the UK which cannot download video to the CPS, it has emerged. Only the Met is able to share footage digitally with prosecutors, with officers now routinely submitting more than 3,000 clips a month.

The 700-strong City force, which patrols the Square Mile, is rolling out body-worn cameras to all its front-line officers and launched a trial of the system early last year.

Researchers from the London Metropolitan University were employed to examine the effectiveness of the cameras and look at officers' attitudes to the new technology.

The study, released today, found that a big majority, 83 per cent of 149 officers questioned, welcomed the introduction of cameras but several highlighted frustration that they could not share footage with the CPS.

One officer remarked: "The only thing we weren't taught, which still hasn't gone live yet, is how we send data to CPS."

The report by two criminologists headed by Dr James Morgan from the London Met said the failure to synchronise the systems inhibited "successful policing outcomes".

Researchers found that the cameras had not led to more efficient justice in the City, with figures showing only a slight increase in the number of guilty pleas submitted following their introduction.

The study suggested that because technology was not available to send footage to the CPS, the evidence was not routinely available in court. A City police spokesman said: "This is a national issue which affects a number of forces and is currently being addressed, and a system is currently being developed to allow the direct transfer of footage."

Digital policing chief constable Andy Marsh said forces were working on ways to share footage wirelessly.

In other findings the London Met university study recorded that the number of complaints from the public about incivility or oppressive conduct halved during the trial period, though the numbers were small - down from 11 and 10 in 2014 and 2015 to five during the trial period in 2016. All but one of those five complaints were dismissed.

Some officers said having a camera had a calming effect on confrontational situations and backed up their evidence, debunking malicious complaints.

Some said the cameras were also useful in prosecuting minor crimes such as motorists or cyclists breaking red lights when in the past it was often one person's word against another's.

One officer said: "We have all had trouble in proving that someone is drunk, violent, or abusive.

"That is usually what we deal with on Friday, Saturday, Thursday, Wednesday nights even ... with the body camera it will be good to have the footage to back up what I'm saying."

Dr Morgan said: "There have been assumptions about cop culture which see the police as resistant to change but we found a group of officers who very much wanted to have their side of the story told."

(28th September 2017)

BODY CAMERAS FOR POLICE HAVE LITTLE IMPACT ON CRIME
(The Times, dated 15th August 2017 author Fiona Hamilton)
www.thetimes.co.uk [Option 1]

Police forces have spent nearly £23 million on body cameras even though trials have raised questions about their effectiveness and suggested that they do little to reduce crime, according to a report published today.

Big Brother Watch, the civil liberties and privacy organisation, found that 32 of the 45 police forces in the UK had adopted body cameras but that forces were unable to say how often the footage had been used in the courts. Nearly 48,000 cameras have been purchased for use by officers, the group said.

Yesterday the Metropolitan Police announced that armed officers would wear head-mounted cameras for the first time to increase transparency.

Senior police across the country have justified the increasingly widespread use of the technology on the grounds that it helps relations with the public, reduces assaults on officers and improves prosecution rates because the footage provides better evidence.

However, Big Brother Watch found a series of studies cast doubts on what impact the technology had on crime.

An evaluation by North Wales police said it had seen "no increase in detection rates" and that " the current effect of (body worn video) on complaint volumes appears to be very marginal."

A report for Durham Constabulary said it was "unlikely any impact could actually be attributed to body cameras" in regard to a reduction in crime figure.

A Metropolitan Police trial, covering the use of 500 cameras by 814 officers found no overall impact on the number of stop and searches carried out, no effect on the proportion of arrests for violent crime and no evidence
that the cameras had changed the way officers dealt with either victims or suspects.

The three largest forces in the country - the Met, Greater Manchester police and West Midlands police - use cameras that do not feature a front facing screen to make it clear to a citizen that they are being filmed. All cameras show a blinking light when recording.

Using freedom of information requests, Big Brother Watch found that 71 percent of forces had adopted cameras at a total cost of £22.7 million.

Renate Samson, chief executive of the group, said: "Police trials of the technology have proven inconclusive. If the future of policing is to arm all officers with wearable surveillance, the value of the technology must be proven and not just assumed. It is not enough to tell the public they are essential policing tools if the benefits cannot be shown."

Andy Marsh, National Police Chiefs Council lead on body worn video, said: " that they were evaluating its effectiveness and benefits to forces and the public. He said: " Video captured is fully admissible and increasingly used as evidence in court. Ongoing trials and accademic research indicate that the use of body worn video can reduce complaints and help to bring about quicker fairer justice."

(28th September 2017)



IF YOU'VE USED HOTEL WIFI RECENTLY, YOU SHOULD PROBABLY WORRY

(Metro, dated 14th August 2017 author Rob Waugh)

Full article [Option 1]:

http://metro.co.uk/2017/08/14/if-youve-used-hotel-wi-fi-recently-you-should-probably-worry-6850437/

If you've logged in to hotel Wi-Fi on the continent recently, you might want to change your passwords, experts have warned.

Hardcore hackers with suspected links to Russian intelligence have been targeting travellers in Europe, breaking into laptops to steal passwords.

Hotel Wi-Fi is notorious for putting users at risk - and hackers are believed to have used malware to 'sniff' passwords from users in top European hotels.

Guests in eight countries, researchers at security firm FireEye said on Friday.

The espionage group, dubbed APT 28, sought to steal password credentials from Western government and business travellers using hotel wi-fi networks, in order then to infect their organisational networks back home, FireEye said in a report.

The wave of attacks during the first week of July targeted travellers who were staying in several hotel chains in at least seven countries in Europe and one in the Middle East, it said.

Several governments and security research firms have linked APT 28 to the GRU, Russia's military intelligence directorate.

Moscow vehemently denies the accusations.

In the July attacks, FireEye found spear-phishing emails were used to trick hotel employees to download an infected hotel reservation document, which then installed GAMEFISH malware run remotely from internet sites known to be controlled by APT 28.

(28th September 2017)

FARMYARDS ARE BEING TURNED INTO FORTRESSES TO WARD OF BRAZEN THIEVES AMID SURGE IN CRIME IN RURAL AREAS
(The Telegraph, dated 14th August 2017 author Telegraph reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/14/farmyards-turned-fortresses-ward-brazen-thieves-amid-crime-surge/

Farmyards are being turned into fortresses to ward off "brazen thieves" amid a surge in crime in rural areas, figures show.

Insurance claims for rural crime have risen by more than 20 per cent in the six months to June, with insurers warning that emboldened criminals are forcing farmers to take extraordinary steps to protect their property - including the installation of tracking devices on their tractors.

Publishing its annual report on rural crime across the UK, NFU Mutual said that the surge contrasted with a £40m decline in claims last year, adding that the trend was "deeply worrying".

Commenting on the figures, Tim Price, a rural affairs specialist at the firm, said: "While the fall in rural theft in 2016 is welcome news, the sharp rise in the first half of 2017 is deeply worrying.

"Countryside criminals are becoming more brazen and farmers are now having to continually increase security and adopt new ways of protecting their equipment.

"In some parts of the country, farmers are having to turn their farmyards into fortresses to protect themselves from repeated thieves who are targeting quads, tractors and power tools."

Last year England bore the brunt of the criminal activity in rural areas, with total claims totalling just under £34m. Claims in Northern Ireland amounted to £2.5m, whilst those made in Wales came to £1.3m.

Farmers tools and specialist equipment were the most common items targeted, whilst more than £2m worth of quad bikes were stolen during the same period.

However, the costs of illegal cattle and livestock rustling continue to fall, down to £2.2m.

(28th September 2017)


DRUNK AIR PASSENGER ARRESTS UP 50%
(BBC News, dated 14th August 2017)

Full article : www.bbc.co.uk/news/uk-40877229

Arrests of passengers suspected of being drunk at UK airports and on flights have risen by 50% in a year, a BBC Panorama investigation suggests.

A total of 387 people were arrested between February 2016 and February 2017 - up from 255 the previous year.

Meanwhile, more than half of cabin crew who responded to a survey said they had witnessed disruptive drunken passenger behaviour at UK airports.

The Home Office is "considering" calls for tougher rules on alcohol.

The arrest figures obtained by Panorama came from 18 out of the 20 police forces with a major airport in their area.

Trade body Airlines UK said it should be made illegal for people to drink their own alcohol on board a plane.

'Barmaids in the sky'


A total of 19,000 of the Unite union's cabin crew members were surveyed and 4,000 responded, with one in five saying they had suffered physical abuse.

A former cabin crew manager with Virgin, Ally Murphy, quit her job last October after 14 years and told Panorama: "People just see us as barmaids in the sky.

"They would touch your breasts, or they'd touch your bum or your legs. I've had hands going up my skirt before."

In July 2016 the aviation industry introduced a voluntary code of conduct on disruptive passengers, which most of the big airlines and airports signed up to.

The code's advice included asking retailers to warn passengers not to consume duty-free purchases on the plane, while staff are also asked not to sell alcohol to passengers who appear drunk.

Panorama found more than a quarter of cabin crew surveyed were unaware of the code of practice and, of those who had heard of it, only 23% thought it was working.

One anonymous crew member told Panorama: "The code of conduct isn't working… We're seeing these incidents on a daily, a weekly, a monthly basis. It's the alcohol mainly in the duty free that is the significant problem."

Alcohol in the air


- Entering an aircraft when drunk or being drunk on an aircraft is a criminal offence, with a maximum sentence of two years' imprisonment

- Licensing laws which prevent the sale of alcohol outside permitted hours do not apply to airside sales of alcohol at UK international airports. Bars can remain open to serve passengers on the earliest and latest flights - from 04:00 in some cases

- About 270m passengers passed through UK airports last year* and travellers spend an estimated £300m on alcohol at UK airports each year - around a fifth of total retail sales of £1.5bn**

- The Civil Aviation Authority reported a 600% increase in disruptive passenger incidents in the UK between 2012 and 2016 with "most involving alcohol". They say the increase is partly down to improved reporting of incidents

Sources: Airlines UK* and UK Travel Retail Forum**

Manchester Airport is one of the signatories but when Panorama's undercover reporter asked at World Duty Free whether she could open alcohol bought at a duty-free shop to consume on the plane, she was told "officially probably not, unofficially I think you'll get away with it". Another shop in the airport did give the right advice.

World Duty Free said it was committed to dealing with the issue and that it displays "clear advisory notices at till points, on till receipts and on carrier bags that remind customers that alcohol purchases cannot be opened until their final destination is reached".

Airlines UK, which represents carriers such as Virgin, British Airways and EasyJet, wants the government to amend the law to make consumption of a passenger's own alcohol on board an aircraft a criminal offence.

'There for one reason'


Airlines can limit the amount of alcohol sold to passengers on board flights.

Low-cost airline Jet2 has already banned alcohol sales on flights before 08:00 and managing director Phil Ward agreed further action was needed.

"I think they [airports] could do more. I think the retailers could do more as well.

"Two litre steins of beer in bars, mixes and miniatures in duty free shops, which can only be there for one reason - you know, they're items that are not sold on the high street.

"We can't allow it not to change."

A House of Lords committee report earlier this year called for tougher rules on the sale of alcohol at airports.

Committee chair Baroness McIntosh of Pickering said: "We didn't hear one shred of evidence to show the voluntary code was either working now or had any possible vestige of success in working any time soon."

The Home Office said it was considering the report's recommendations, which include revoking the airports' exemption from the Licensing Act, "and will respond in due course".

Karen Dee, chief executive of the Airport Operators Association, said: "I don't accept that the airports don't sell alcohol responsibly. The sale of alcohol per se is not a problem. It's the misuse of it and drinking to excess and then behaving badly."

She said they were working with retailers and staff to make sure they understand the rules.

(28th September 2017)



ARMED MET POLICE OFFICERS TO WEAR HEAD-MOUNTED CAMERAS
(BBC News, dated 14th August 2017)

Full article : www.bbc.co.uk/news/uk-40920095

Armed officers are to be issued with head-mounted cameras in a effort to provide "greater transparency" in police shootings, the Met Police says.

The Met - the UK's largest police force - said officers in its armed response units will have cameras fitted to baseball caps and ballistic helmets.

It will give "a documented and accurate account" of situations, the Met added.

Armed officers had trialled body-mounted cameras, but in 2015 they were criticised as "unfit-for-purpose".

Their introduction followed criticisms of the Met over the death of Mark Duggan, who was shot by armed officers in August 2011, sparking riots across England.

However, the force said it was still examining how cameras could be used in such undercover operations.

'World's largest rollout'


The new cameras will be worn by officers who carry an "overt" firearm.

The police watchdog, the Independent Police Complaints Commission (IPCC), said during the trial the positioning of the cameras on officers' bodies had obscured and impacted on the the quality of some footage.

The Met says it has decided that because of the way armed police operate, head cameras are a better option.

The firearms command will receive around 1,000 cameras, the force added, saying it was part of "the largest rollout of body worn cameras by police in the world".

'Greater transparency'

Commander Matt Twist said armed officers "very much welcome" the cameras.

"It provides a documented and accurate account of the threats officers face and the split second decisions they make," he said.

"The cameras also offer greater transparency for those in front of the camera as well as those behind it."

Body-mounted cameras have already been issued to frontline officers in 30 of the 32 London boroughs, as well as to officers from the roads and transport units, the territorial support group and the dog unit.

The deployment of 22,000 cameras, which do not permanently record, is anticipated to be complete by the end of October, the force added.

The Mayor of London, Sadiq Khan, said cameras were "a huge step forward in bringing our capital's police force into the 21st century and building trust and confidence in the city's policing".

(28th September 2017)


HOW CLOSE IS JAPANESE KNOTWEED GETTING TO MY HOME ?
(BBC News, dated 11th August 2017 author Brian Milligan)

Full article : www.bbc.co.uk/news/business-40899108

Two centuries ago, when Victorian engineers were designing the latest in transport technology, Japanese knotweed sounded like a very clever idea.

A plant that typically colonised volcanoes in Japan was imported to Britain to help hide, or possibly even stabilise, railway embankments.

Since then its spread has caused much unhappiness amongst home-owners and prospective house purchasers.

It can crack tarmac, block drains, undermine foundations and invade homes. Its presence can be enough to cut a property's value by up to 20%, or prevent a mortgage lender approving a loan.

But just as new technology created the problem originally, new technology may help to solve it.

How close is it to me?

Five years ago, the Environment Agency commissioned a new app to track Japanese knotweed, using the crowd-sourcing principle.

More than 20,000 people have now downloaded it, and their data has pin-pointed over 6,000 knotweed locations.

www.planttracker.org.uk/map/knotweed

Note : The App is also available on Apple itunes and Google Play (see full article for links)

"If we can get more people taking an interest and submitting records, so much the better," says Dave Kilbey, director of Natural Apptitude, which designed and launched the app.

"Hopefully it will mean people will become a bit more aware of the problems, and what to look for."

So far the results show a particular concentration of knotweed in South Wales, the Midlands, London, Scotland's central belt and Cornwall - where the plant was also introduced by Victorians into ornamental gardens.

Those looking for a property can use the app to find out if knotweed has been found nearby - but the fact it is not on the map does not mean it is not present; it is simply that no one has reported it.

How to recognise Japanese knotweed


- Dense thickets of green, purple-speckled, bamboo-like stems up to three metres tall

- Heart or shield-shaped leaves

- Alternate leafing pattern along stems

- Completely hollow stems that can be snapped easily

- Tiny creamy white flowers August to October

Rivers and canals

The data provided by the PlantTracker app is also added to the National Biodiversity Network (NBN) atlas, which aims to track the whereabouts of all the UK's plants and animals, from bee orchids to goshawks.

Even though it has only been available to the public since April, and is not yet fully functional, the atlas has further information about Japanese knotweed locations.

The map shows more than 43,000 historical records for the plant, going back to 1900.

But Purba Choudhury, communications officer for the NBN, says that if there are no records in your area, that doesn't guarantee its absence.

"Conversely, the record you are seeing might be an old record, and the Japanese knotweed might have been removed since the record was uploaded," she says.

What if I find knotweed?

Trying to destroy Japanese knotweed by yourself is virtually impossible.

That is because the roots, or rhizomes, spread rapidly underground, and can regenerate from tiny amounts of material. In fact it can grow at the rate of 10cm a day during the summer.

"Digging it out of the ground can just spread it terribly," warns Stephen Hodgson, the chief executive of the Property Care Association (PCA).

"If you've got it in your garden, either leave it alone, or treat it properly."

The advice is as follows:

- Do not try to dig it up: Tiny root fragments can regenerate into another plant

- If you cut down the branches, dispose of them on-site. Compost separately, preferably on plastic sheets

- Do not take it to your local council dump. It needs specialist waste management

- Do not dispose of it in the countryside. This is against the law

- Do not spread the soil. Earth within seven horizontal metres of a plant can be contaminated

- Take advice from the Invasive Non-Native Specialists Association (INNSA) or the Property Care Association (PCA) on local removal contractors. Many treatments don't work.

In an experiment being conducted in South Wales, thousands of plant lice were released last summer, in the hopes that they would help destroy some of the knotweed along river banks.

But otherwise the accepted best-practice treatment is for professionals to inject the plant with industrial-strength weed killer glyphosate.

David Layland, the joint managing director of Japanese Knotweed Control, based in Stockport, says it is the only thing that works.

"Once we inject into it, it transfers into the root system pretty quickly, and then it binds with the roots. Over time, it rots away into the subsoil."

But professional treatment is costly, starting at about £2,500, and going upwards to £30,000 for a major infestation.

Court case

Just as big a worry for many home-owners is the discovery that your neighbour has Japanese knotweed on his or her property, and refuses to do anything about it.

But under the 2014 Anti-Social Behaviour, Crime and Policing Act, local councils or police forces can now issue a Community Protection Notice (CPN), forcing neighbours to take action, and fining them if they don't.

"I think when they are enforced - and they are starting to be enforced - CPNs are very effective," says Stephen Hodgson. "But they are, and should be, a measure of last resort."

In the meantime judges at the Court of Appeal are gearing up to provide an important precedent on who should pay if a landowner allows knotweed to encroach on somebody else's property.

Next year they will rule on the case of Williams v Network Rail - after two homeowners in South Wales were awarded £15,000 to compensate them for knotweed which had spread into their gardens.

(28th September 2017)


TENS OF THOUSANDS OF MODERN SLAVERY VICTIMS IN UK
(The Guardian, dated 10th August 2017 author Jamie Grierson)

Full article [Option 1]:

www.theguardian.com/world/2017/aug/10/modern-slavery-uk-nca-human-trafficking-prostitution

Modern slavery and human trafficking is far more prevalent than law enforcement previously thought, with a recent crackdown lifting the lid on the "shocking" scale of the crime and potentially tens of thousands of victims in the UK, the National Crime Agency (NCA) said.

Will Kerr, the NCA's director of vulnerabilities, said the figures were far higher than those identified by the system set up by the government to identify victims of trafficking, which stood at abut 3,800 in 2016.

"It's likely in the tens of thousands," Kerr said. "The more we look for modern slavery the more we find evidence of the widespread abuse of the vulnerable. The growing body of evidence we are collecting points to the scale being far larger than anyone had previously thought."

There has been a wide range of cases uncovered, from a Romanian organised crime gang making €5m (£4.5m) advertising prostitutes online and laundering the proceeds, to a 12-year-old girl being trafficked into the UK to take children to school.

Victims are predominantly from eastern Europe, Vietnam and Nigeria, with a roughly equal balance between men and women, the NCA said. There were currently more than 300 live policing operations targeting modern slavery in the UK, it added.

In May and June alone, there were 111 arrests related to 130 potential victims in the UK as part of an operation led by the NCA.

The agency has launched a campaign to increase public awareness and encourage people to report suspicions to a modern slavery hotline.

Kerr said examples included those working at car washes and in construction, agriculture and food processing. They receive very little pay and are forced to put up with poor living conditions.

Others sold into slavery could be kept in pop-up brothels, where sex workers who have been promised a better life are left penniless with few clothes other than underwear, while some work in cannabis factories, he said.

"As you go about your normal daily life and as you're engaged in a legitimate economy accessing goods and services, there is a growing and a good chance you will come across a victim who has been exploited in one of those different sectors," he said. "That's why we are asking the public to try and recognise the signs and to report their concerns and suspicions to us."

He cited one example of a 12-year-old girl being stopped at border control, having been bound for a life as a domestic slave. "She was being brought in to work for a family in part of the UK, where she had effectively been sold by her father - or it had been facilitated by her father - and she was being brought in to take this family's children to school and pick them up every day, and clean the house in between," he said.

Kerr said criminal charges were pending against those involved in the case.

"People are being exploited on an hourly and daily basis. The full scale and extent of it, we don't know. But what we have found is that in every medium-to-large town and every city in the UK, we have found evidence of vulnerable people being exploited," he said.

The modern slavery helpline, which launched in 2016, operates 24/7, with fully trained specialist staff. The helpline has so far received 1,799 calls and made 1,051 referrals, with more than 2,000 potential modern slavery victims indicated.

Mark Burns-Williamson, Association of Police and Crime Commissioners national lead for human trafficking and modern slavery, said: "The main point we really need to drive home is that this horrendous crime is happening everywhere and we need our communities help to stop it."

He added: "General indicators of human trafficking or modern slavery can include signs of physical or psychological abuse, fear of authorities, no ID documents, poor living conditions and working long hours for little or no pay.

"Human trafficking and modern slavery destroy lives. They are terrible abuses of human rights, shamefully robbing people of their dignity, causing total misery to the victims, their families and our communities. We all need to work together to stop it."

Philippa Rowen, chaplain to the bishop of Derby, said the Church of England would be launching a three-year project in October to help dioceses respond to modern slavery in their communities. "We need communities that have their eyes open, who are aware enough of their surroundings that they can say when something doesn't look right," she said.

"When the man cleaning their car has no safety equipment, and looks underfed and tired. When their neighbours live-in nanny never seems to leave the house and is too frightened to talk to them. When the holiday let at the end of the road is being visited by different men all through the day and night.

"The Church of England, with a presence in every parish, is uniquely placed to be those eyes and ears, and to spread this message further."

(28th September 2017)

WOMAN FIGHTS TO CHANGE THE LAW AFTER BEING TOLD MAN WHO PUT CAMERA UP HER SKIRT DID NOTHING WRONG
(The Telegraph, dated 9th August 2017 author Helena Horton)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/08/09/woman-fights-upskirting-sexual-offense-told-men-put-camera-skirt/

When a man took a picture up Gina Martin's skirt when she was enjoying herself at a festival, she was sure he could be punished.

However, after being told he did nothing illegal, she has taken things into her own hands and started a campaign which has reverberated across the country - to make 'upskirting' a specific offence under the law.

'Upskirting' is the term for when people put cameras under unsuspecting women's skirts and take a picture of their crotch, usually just before the woman notices what has happened.

On the 8th July 2017, this happened to Ms Martin, who was at the British Summertime Festival.

After seeing the man standing in front of her had an image of a woman's bare legs and crotch on his phone screen, she realised it was of her.

She thought quickly and grabbed the phone, giving it to the festival staff, who called the police.

The police arrived and asked the man to delete the photo. However, five days later, Ms Martin was told the case was closed as the police said the man hadn't broken any laws.

Ms Martin, a 25-year-old writer from London, started a petition to change this.

The campaign to make upskirt photos illegal under the Sexual Offences Act of 2003 has been signed by more than 53,000 people.

"At British Summer Time music festival in London, the two men whose faces I've obscured in the photo above were taking up-skirt photos of my -you know what I mean- without me knowing," she wrote.

"Please join me in calling on the Met Police to reopen my case and help me to get justice by prosecuting the men. "

She said that it is a common practice, and that police should take action.

"This happens regularly to so many women and by putting pressure on the police to prosecute we're also aiming to raise awareness nationwide that this is a crime," she wrote.

"We want the law to specify clearly that this is a sexual offence with a victim, by adding this offence to the Sexual Offences Act 2003."

Men who have taken 'upskirt' photographs have been prosecuted before under different laws.

If Ms Martin had been in a place which would reasonably be expected to provide privacy, such as her home or a changing room, it could amount to voyeurism under section 67 of the Sexual Offences Act.

However, a festival field would not fit under the remit of this law.

'Upskirting' can also come under the criminal offence of "outraging public decency" if two or more people see the photograph - but in Ms Miller's case, no such charge was made.

The Metropolitan Police said in a statement: "The Met takes allegations of voyeurism seriously and does and will investigate them thoroughly. We use a range of policing tactics and deploy officers on specific operations to target this sort of criminal behaviour based on intelligence. We understand that it can be incredibly invasive and distressing for those that this happens to.

"In this specific case we believed the allegation had originally been dealt with in line with the victim's wishes. We have subsequently recontacted the victim and inquiries are ongoing."

Ms Martin also doesn't think it is good enough that it can only fall under outraging public decency to take a photograph up a woman's skirt.

She told the BBC: "I found out that the one law I could charge under was an old common law called "outraging public decency" - a law that states something lewd or indecent happened in public and at least two people saw it. Ironically, it is usually applied to flashers. So, to put it plainly, the only law that protects a victim of upskirting in England and Wales is one that worries about what the public saw, not the victim who's been harassed.

"It's an old law too - victims don't push for it because they don't know about it. If they had known about that law would the police have dealt with my case differently?

"Something has to change here, and that's why I'm campaigning to make upskirt photography a sexual offence. Scotland just did it. So we could too.

"My case has since been reopened and I hope that the men are prosecuted. But this isn't just about my case. My next step is to have the laws amended so that upskirt photos are listed as a sexual offence and a "victim crime", not a public nuisance."

Since she started her petition, the Metropolitan Police re-opened her case.

The Northumbria Police and Crime Commissioner Dame Vera Baird told the Today programme on Saturday that upskirting "needs to be an offence, there is no doubt about it".

(28th September 2017


THIEVES STEAL £20,000 IN SUSSEX SHOPPERS BANK CARD SCAM
(BBC News, dated 9th August 2017)

Full article : www.bbc.co.uk/news/uk-england-sussex-40873724

Two men are suspected of stealing nearly £20,000 from shoppers by watching them enter their Pin codes and then stealing their bank cards.

A CCTV image of the men, believed to be working with others, has been released by Sussex Police.

Victims' purses and wallets were stolen as they left stores and cash withdrawn from nearby ATM machines before they became aware of the theft.

One one occasion they targeted a person in a hospice shop.

There have been 22 such reports in Sussex since November last year, mostly in supermarkets, but also from pubs and fast food restaurants. The amounts stolen vary but have reached as much as £3,500.

The men are described as being of Eastern European appearance, one bald and the other with dark hair.

Investigator Kayleigh Bartup said: "We are working with the large supermarket brands to raise awareness about these incidents among staff and customers.

"Be alert and aware of strangers when shopping and never leave your bag or trolley unattended at any point. Try not to be distracted by strangers, and also be alert for any suspicious activity around your vehicle.

"It appears that these men, and others, may strike up to twice a day in different towns, and then lay low for a while, so we need to maintain awareness even when there are no reports."

Incidents include:

- Tesco in Lewes on 19 November 2016 - £1,360 obtained
- Sainsbury's in East Grinstead on 13 February - £1,749 obtained
- Morrisons in Seaford on 7 March - £1,800 obtained
- Asda in Brighton on 11 March - £1,000 obtained:
- Waitrose in Eastbourne on 12 May - £2,500 obtained
- Sainsbury's in East Grinstead on 26 May - £1,219 obtained
- St Catherine's Hospice shop, East Grinstead on 26 May - £240 obtained
- Waitrose in Burgess Hill on 8 June - £900 obtained
- Waitrose in Hove on 17 June - £3,500 obtained

(28th September 2017)



THE ROYAL MAIL SCAM YOU NEED TO KNOW ABOUT
(Liverpool Echo, dated 9th August 2017 authors Rebecca Koncienzcy and John Fitzsimmons)

Full article [Option 1]:

www.liverpoolecho.co.uk/news/liverpool-news/royal-mail-scam-you-need-13452009

The Royal Mail is warning the public about a scam that is duping people out of money.

It involves missed delivery cards being posted through your letter box, but they are actually FAKE.

The clever con makes the cards look like the 'something for you' cards you typically receive from Royal Mail when you have missed a delivery.

They use the same colour scheme, headings and four-box layout. Indeed, the only clear difference is that the scammers' cards do not have the Royal Mail logo on them.

Recipients are invited to call a number beginning 0208 in order to arrange a delivery, The Mirror reports.

They are then put through to an automated message where they are asked to leave their details and a 'consignment number'. Victims have claimed that calling the number - which isn't registered to Royal Mail - has cost them £45.

A spokesperson for the Royal Mail said that it was looking into the scam as a "matter of urgency", adding that people receiving missed delivery notes should be vigilant and ensure that they contain the Royal Mail's logo.

While this particular version is new, scammers have seen the value in using fake missed delivery notes for some time now.

For example, back in 2015 fraud experts Action Fraud highlighted a scam where postcards were being delivered to homes, claiming that a parcel containing jewellery was waiting to be collected.

The postcards said: "The office is attempting to reach you. To claim this parcel and accept this offer, you must telephone the number below immediately and arrange for a delivery.

"The item is prepaid, but a processing and delivery free of £10 must be remitted. This fee can be paid only by telephone and only with a credit card (VISA or MasterCard). This is your only notification"

Of course, even after the money was paid, no such delivery took place.

There is undeniably something exciting about getting a parcel, rather than a letter. For one thing, at least it won't be a bill!

It may seem obvious, but any time you receive a note through the letterbox about a missed delivery, the first question should be whether you have actually ordered anything.

(28th September 2017)

SECURITY GURU APOLOGISES FOR INVALID PASSWORD TIPS
(The Times, dated 9th August 2017 author Mark Bridge)
www.thetimes.co.uk

Fourteen years ago Bill Burr became the guru of secure passwords.

His advice - to do away with memorable words in favour of garbled strings of letters, numbers and special characters that would be near-impossible for criminals to guess - became accepted as gospel around the world.

The former employee of the US National Institute of Standards and Technology (NIST) has now acknowledged that the guidance he published in 2003 only makes people more vulnerable to hackers.

The trouble, according to security researchers, is that in reality the recommendation caused many people to adopt highly predictable "complex" passwords, such as "Pa$$w0rd", to try to remember them.

Mr Burr also suggested that people should change their passwords regularly and at least every 90 days. This advice, which was adopted by corporations, universities and government bodies, gave individuals grappling with ever-growing numbers of passwords an even greater incentive to adopt easy combinations.

Many people have come to update their passwords by making the simplest tweaks "Pa55w0rd1" becomes "Pa55w0rd2", "Pa55w0rd3" and then "Pa55w0rd4", for example.

Because of the stress surrounding complex passwords, people also tend to use the same or similar credentials on different sites. This means that if log-in details are stolen in a data breach, such as the Yahoo hack, criminals can use the same password to access a victim's accounts on other sites.

To counter these problems, crytography experts have highlighted the merits of long "simple" passwords, made up of strings of ordinary words.

In a widely circulated diagram, the Nasa engineer turned cartoonist and author Randal Munroe calculated that it would take 550 years at 1,000 guesses per second to crack the password "correcthorsebatterystaple", while "TrOub4dor&3" could be cracked in three days.

Mr Burr, 72, who is now retired, told The Wall Street Journal: "much of what I did I now regret. In the end, it was probably too complicated for a lot of folks to understand, and the truth is, it was barking up the wrong tree".

NIST recentl reissued its digital identity guidelines, dropping the advice on passwords expiration and special characters and urging organisations to allow longer passwords that are more memorable.

On the other hand, the document says that they should prohibit obvious passwords such as single dictionary words, the account creator's street, or sequences such as 123456.

It also recommends that companies provide password strength indicators.

Ciaran Martin, head of GCHQ's National Cyber Security Centre, has also criticised the standard advice for passwords. In February he told Radio 4's Today programme that even his own "best Technical People" would struggle to remember complex, changing logins for multiple accounts.

Mr Burr, who programmed US Army computers during the Vietnam War, told The Wall Street Journal that he had wanted to base his guidance on real-world password data, but too little was available in 2003 and he was under pressure to publish quickly.

(28th September 2017)



OVER 1000 SEX CRIMES ON TUBE AND RAILWAYS IN JUST ONE YEAR
(London Evening Standard, dated 9th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-over-1000-sex-crimes-on-tube-and-railways-in-just-one-year-a3607441.html

More than 1,000 sex crimes were committed on the Tube and Overground network last year as the number of offences rose to a new peak, official figures reveal today.

British Transport Police statistics show that there were 1,032 sex offences on Transport for London's rail network in the year to the end of March.

That is up 15 per cent on the previous annual tally and nearly double the total of 567 recorded two years earlier.

Sex crimes were also up in the force's South area, which covers commuter routes from Kent, Surrey, and Sussex into London.

At least part of the rise is thought to be the result of a "Report It to Stop It" campaign to encourage more victims to come forward.

The figures will, however, raise renewed concerns about the activities of sex pests on the Tube and rail network following complaints from campaigners about groping, leering and other unpleasant and potentially illegal conduct by some passengers.

Today's statistics also show a rise of 6.4 per cent in overall crime on the Tube and Overground, pushing the annual total to 11,410 offences.

This included nearly 400 more violent attacks, as well as increases in criminal damage, drug and public order offences. Racially or religiously aggravated crimes "causing public fear, alarm or distress" were also up with 576 offences in the past 12 months, compared with 419 in the previous year. There was also small rise in robbery, but falls in theft and fraud.

The crime rise on London's transport network is mirrored by a similar nationwide rise in offences recorded by British Transport Police.

The force's chief constable Paul Crowther said one reason was that the number of passengers had grown, with an extra 17.5 million journeys nationwide over the year. Stations such as St Pancras had also become "entertainment hubs" drawing "more people to their shops, bars and coffee shops".

He warned, however, that pressures were increasing with the additional problem of protecting the public from terrorism.

"In the last 12 months, BTP officers have been at the forefront of a number of major incidents, including a tram derailment in Croydon in November and critical incidents in Westminster, Manchester and London Bridge and Borough Market," Mr Crowther said.

"Coupled with increasing demand on our services, a growing rail infrastructure and the ever-present threat of terrorism, these are certainly challenging times for police forces. However, I am confident that BTP is in the right position to keep our railways safe."

Crime on the Tube and railways


British Transport Police figures of recorded crime in the Transport for London division. Use the drop down menu to see the stats for different types of crime

2016-17 = n 2015-16 = (n)

Total notifiable crime/offences : 11,410 (10,719)
Sexual crime : 1,032 (894)
Violence against the person : 2,352 (1,963)
Robbery : 103 (97)
Drug crime : 253 (201)
Public order : 1,884 (1,617)
Criminal damage / malicious mischief : 1,005 (736)
Theft of passenger property : 3,901 (4,236)
Line of route crime : 79 (71)
Motor vehicle / cycle crime : 429 (448)
Theft of railway / commercial property and burglary : 171 (194)
Fraud : 131 (186)

(28th September 2017)

FORGET BANKING HEIST, PAYDAY-HUNGRY HACKERS NOW HOLDING "CRITICAL" FACTORIES TO RANSOM
(International Business Times, dated 9th August 2017 author Associated Press)

Full article [Option 1]:

www.ibtimes.co.uk/forget-banking-heists-payday-hungry-hackers-now-holding-critical-factories-ransom-1634218

The malware entered the North Carolina transmission plant's computer network via email last August, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom.

AW North Carolina stood to lose $270,000 (£207,000, €230,000) in revenue, plus wages for idled employees, for every hour the factory wasn't shipping its crucial auto parts to nine Toyota car and truck plants across North America, said John Peterson, the plant's information technology manager.

The company is just one of a growing number being hit by cybercriminals looking for a payday.

While online thieves have long targeted banks for digital holdups, today's just-in-time manufacturing sector is climbing toward the top of hackers' hit lists.

Production lines that integrate computer-imaging, barcode scanners and measuring tolerances to a hair's width at multiple points are more vulnerable to malevolent outsiders.

"These people who try to hack into your network know you have a set schedule. And they know hours are meaningful to what you're doing," Peterson said in an interview.

"There's only a day and a half of inventory in the entire supply chain. And so if we don't make our product in time, that means Toyota doesn't make their product in time, which means they don't have a car to sell on the lot that next day. It's that tight."

He said that creates pressure on manufacturers to make the criminals go away by paying the sums demanded. "They may not know what that number is, but they know it's not zero. So what is that number? Where do you flinch?"

Last August at the 2,200-worker Durham transmission factory, the computer virus coursed through the plant's network, flooding machines with data and stopping production for about four hours, Peterson said.

Data on some laptops was lost, but the malware was blocked by a firewall when it tried to exit the plant's network and put the hackers' lock on the plant's computer network.

The plant was hit again in April, this time by different crooks using new malware designed to hold data or devices hostage to force a ransom payment, Peterson said. The virus was contained before affecting production, and no ransom was paid to either group, he said.

"Top targets globally"

Manufacturers, government and financial firms are now the top targets globally for illicit intrusions by criminals, foreign espionage agencies and others up to no good, according to a report this spring by NTT Security.

A survey of nearly 3,000 corporate cybersecurity executives in 13 countries last year by Cisco Systems found about one out of four manufacturing organisations reported cyberattacks that cost them money in the previous 12 months.

Since 2015, US manufacturers considered "critical" to the economy and to normal modern life, like makers of autos and aviation parts, have been the main targets of cyberattacks - outstripping energy, communications and other critical infrastructure, according to Department of Homeland Security incident response data. The numbers may be imprecise because companies in key industries often don't report attacks for fear of diminished public perception.

But attacks demanding ransom against all US institutions are spiralling higher. The FBI's Internet Crime Complaint Centre received 2,673 ransomware reports in the year ending last September - nearly double from 2014.

Global infections are growing

While manufacturers are increasingly prey to these cyber-stickups, it may just be because criminals are playing the odds and striking as many enterprises of all types as they can across a targeted region, said John Miller, who heads a team at cybersecurity firm FireEye that tracks money-driven online threats.

Attackers "aren't necessarily going after manufacturing to the exclusion of other sectors or with a preference above other sectors. It's more that, 'OK, we're going to try to infect everybody in this country that we can,'" Miller said.

One high-profile example came in May and June, when auto manufacturers including Renault shut down production after they were swept up in the worldwide onslaught of the WannaCry ransomware virus.

But attackers also are increasingly injecting ways to remotely control the robots and other automated systems that control production inside targeted factories.

The threat of computer code tailored to hit specific targets has been around since researchers in 2010 discovered Stuxnet, malware apparently designed to sabotage Iran's nuclear program by causing centrifuge machines to spin out of control.

Stuxnet is widely believed to be a covert American and Israeli creation, but neither country has officially acknowledged a role in the attack.

Malicious software that attacked Ukraine's electricity grid last December was built to remotely sabotage circuit breakers, switches and protection relays, researchers said.

Cyberattacks that reach into industrial control systems have doubled in the past two years in the US to nearly four dozen so far in the federal fiscal year that ends in September, outstripping last year's total, according to DHS data.

"I think the emerging threat you're going to see in the future now is really custom ransomware that's going to be targeted more toward individual companies," said Neil Hershfield, the acting director of the DHS team that handles emergency response to cyberattacks on industrial control systems.

(28th September 2017)


FAILURE TO TACKLE CHILD TRAFFICKERS "LIKE LETTING RAPIST LOOSE IN LONDON"
(London Evening Standard, dated 9th August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/uk/failure-to-tackle-child-traffickers-like-letting-rapist-loose-in-london-a3607511.html

Britain's top law enforcement agency has allowed child traffickers to escape justice by ignoring information which could have stopped them preying on victims, the Government's slavery watchdog warned today.

Kevin Hyland, the independent anti-slavery commissioner, said that important information about modern slavery offences had "sat dormant" on the National Crime Agency's databases because the crime was not being taken seriously enough.

As a result, offenders had not been pursued. Measures to protect other potential victims had also not been taken in a failure which he likened to allowing a rapist to "run around London" without police taking action.

Mr Hyland's comments came in an interview with the Evening Standard in which he also suggested that legislation might be needed to force tech firms to take stronger action to prevent traffickers from using the internet to lure victims online.

He also disclosed that law enforcement officials from Nigeria are to be deployed at British airports to help identify traffickers and victims as they fly into the country.

His most striking remarks, however, came as he expressed concern about the failure of law enforcers to act on information about victims logged via the "national referral mechanism" and held by the NCA.

A total of 3,805 victims from 108 countries were recorded via the system last year after being identified as slaves forced into labour exploitation, prostitution or domestic servitude.

Mr Hyland said recent improvements taken in response to his complaints meant the information was now being used more consistently.

But there had still been too many occasions - including cases involving child slavery victims - on which the data had not been used to track down criminals and prevent further crimes.

He said: "We understand that lots of victims perhaps don't want to see the police, but once the state has got that information they need to do something about it - see if there are other victims, if there are prevention opportunities.

"Also, even without the victim you can sometimes arrest the offender, as in murder or domestic abuse.

"If we knew there was a rapist running round a part of London and the victims didn't want to come forward you would hope that the police would take some sort of action with the information that was there.

"Yet with modern slavery we have had information like that, which has included cases involving children, where there is no proactive response, where the information has just sat there dormant in the National Crime Agency's databases."

Mr Hyland said that the Home Office had agreed to examine the system in response to his complaints and insisted that trafficking should in future be tackled in the same way as other forms of serious organised crime.

He emphasised that there had been a "sea change" in the NCA's approach in recent months with the "beginning of a professional response". But he remained concerned.

"I want to make sure that all the processes that are there for other crimes are adhered to - that this is seen as equally serious," he added.

"We know this is crime where somebody operates one minute in eastern Europe, the next minute they are in London, then Birmingham, then Manchester, and unless we bring all that information together and assess it in the correct way we are going to miss opportunities to stop it."

Mr Hyland also expressed concern about the number of British children being used as slaves, including for activities such as smuggling drugs, with 255 juvenile trafficking victims from this country recorded last year.

He also called on tech firms to do more to stop their services being used by traffickers and warned that legislation might be needed.

"If you look online, adverts are posted overseas and the promises that are made, you can see some of the jobs are false and they are just luring people over. We need the companies involved to take responsibility."

Official figures show that forced labour is the most common form of slavery, but there are also many victims of sexual exploitation and domestic servitude. One third of cases recorded last year involved children.

The National Crime Agency said in a statement: "The NCA takes action on every referral it receives. We pass information to police forces so it can be acted on, and rigorously analyse all intelligence, in order to co-ordinate the most effective response against criminals who try to profit from the exploitation of vulnerable people."


Doctor made woman a domestic slave

The problem of modern slavery was highlighted earlier this summer when a London GP and her husband were jailed for trafficking a woman to the capital to exploit her.

Ayodeji Adewakun, 45, a doctor, and her husband Abimbola Adewakun, 49, a nurse, both from Bexley, brought the 29-year-old from Nigeria and used her as a domestic slave in their home for more than two years. Their victim was contracted to work from 7am to 5pm from Monday to Saturday looking after the pair's children for £500 a month. But they paid her nothing and, after being confronted by the woman, only handed over £350.

She never received a day off, worked night and day, and suffered health problems. After protesting, she was banned from using the family bathroom and made to wash her clothes by hand.

At Southwark crown court Dr Adewakun was sentenced to six months' imprisonment for trafficking for the purpose of exploitation. Her husband was jailed for nine months for the same offence.

(28th September 2017)



THERE IS A SIMPLE NEW WAY TO FIND OUT IF HACKERS ALREADY HAVE YOUR PASSWORD
(Science Alert, dated 8th August 2017 author Peter Dockrill)

Full article [Option 1]:

www.sciencealert.com/there-s-a-simple-new-way-to-find-out-if-hackers-know-your-passwords

Passwords suck. They're hard to remember, we all have about a million of them, and they're not supposed to be anything easy or memorable like your cat's name (sorry Furball1).

Worst of all, when massive data breaches happen to the companies we actually trust with our online credentials, our usernames and passwords can become totally exposed - but luckily, there's now a simple way to find out if you've been compromised like this.

Troy Hunt is an Australian security researcher and the man behind Have I Been Pwned (HIBP), a website that lets people check if their email addresses and usernames have been involved in some of the biggest data breaches ever - involving companies like Myspace, LinkedIn, Adobe, Dropbox (and sadly hundreds more).

Have I been Pwned website : https://haveibeenpwned.com/

Now, Hunt has approached the same problem from the opposite perspective, building a new tool called Pwned Passwords that does the same kind of thing, but this time it lets you enter just your passwords to see if they've been leaked in any of the aforementioned hacks.

There's a staggering 320 million leaked passwords stored in this database, and if you're wondering whether it's maybe irresponsible to collect them all in one place like this, there are a couple of things to bear in mind.

One, none of the passwords here are stored alongside the email addresses or usernames that they pair with, so if any people are still using these long-exposed passwords, their anonymised listing here shouldn't make things any easier for hackers.

Two, Hunt's whole point with Pwned Passwords is to draw attention to the issue of how just how many of our passwords have been outed by hackers up until now - by letting people check if one of their passwords is out there on the big bad internet.

Again, all of these passwords are already out in the wild - some have been for a long time - so hopefully most users have already changed them.

There are two ways of using Pwned Passwords: an online search tool on the website itself, and by downloading the whole list of 320 million leaked passwords, which are stored across three separate text files (note: you're looking at more than 5GB in total, as the list is very long).

Before we go any further, a word of warning. You really shouldn't type any active passwords you're currently using in to the online search tool, because it goes against the whole principle of never sharing or distributing your passwords, even if it's with a website set up by a professional security researcher.

As Hunt explains on his blog:

- "It goes without saying (although I say it anyway on that page), but don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't.

- The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it's not one they should be using any more."

What this means is that if you want to see if any of your current passwords have been exposed, you really ought to download the whole list and search through it from the privacy and security of your own device.

It's an extra step of hassle, sure, but it's worth it, guys, and it's still a pretty simple thing to do.

For extra security - and to protect anybody still using these leaked passwords - the passwords in the list files have been encrypted with SHA-1 hashes, so you'll need to generate the hash of your password before you search for it in the list (instructions for generating SHA-1 hashes are easily found online).

Hopefully, whichever way you choose to use the service, you'll find that none of your passwords have been leaked, but if they are, now's as good a time as any to change them - and if you don't already, you should really consider using a password manager to store and generate your passwords.

For more on how to make the most of Pwned Passwords, check the instructions on the site, and have a read of Hunt's blog post introducing the service.

One last thing, if searching the service doesn't bring up any of your passwords, that's good news for sure, but it doesn't necessarily mean your password hasn't been leaked at some point - just that it's not included as part of this database.

"One quick caveat on the search feature: absence of evidence is not evidence of absence," as Hunt explains, "or in other words, just because a password doesn't return a hit doesn't mean it hasn't been previously exposed."

Stay vigilant, folks!

(28th September 2017)


FACING THE AXE, POLICE FRONT COUNTER THAT COST £500,000 JUST TWO YEARS AGO

(London Evening Standard, dated 8th August 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/facing-the-axe-police-front-counter-that-cost-500000-just-two-years-ago-a3606461.html

A police "front counter" which opened in south London after £500,000 restoration work two years ago has been earmarked for closure under new cost-cutting plans.

Residents have condemned the move to close the premises as a "waste of public money" in a growing protest over police station cuts.

The front counter was opened in February 2015 in a former shop in Streatham High Road as a replacement for the local police station which was closed in the last round of cutbacks.

Now Mayor Sadiq Khan has announced plans to axe 40 stations as well as dozens of neighbourhood officers and public "contact points" in libraries and supermarkets in an effort to meet £400 million of government savings.

Senior police officers and the Mayor argue few people visit the buildings and that most people want to report crime over the phone or online.

The Mayor has proposed there should be one 24-hour police station in every borough while local ward officers should hold "community contact sessions" in "convenient locations".

However, the plans are meeting increasing resistance from residents and politicians. In Streatham, Julian Heather, chairman of a safer neighbourhood panel, said: "People were furious when they closed the original police station. The front counter was supposed to be a replacement and they spent about eight years and half a million pounds bringing it back into use as a police front counter and local neighbourhood base.

"Shutting it after just two or three years is a monumental waste of money, it is squandering public money."

He added: "People want a proper focus in the community where they know the police are based." In Wimbledon, residents are campaigning to save their local police station - which is earmarked for closure, while neighbouring Mitcham will stay open.

Local Tory MP Stephen Hammond said: "Wimbledon police station is integral to the local community, there is a vibrant night-time economy and a large transport hub which needs policing. If you are going to close a station it makes sense to close the one with less contact with the community which is Mitcham. This also strikes me as a deeply political move, since Mitcham is Labour and Wimbledon Conservative.

"The Mayor needs to make sure that he is policing London correctly and there is a good need for a police station at Wimbledon."

Meanwhile, the leaders of 20 Labour- run boroughs around London have declared their opposition to further police station closures.

In an open letter coordinated by Lambeth leader Lib Peck, they called on the Government to scrap planned cuts to the police service and work with the Mayor to keep stations open.

A total of eight are earmarked for closure in Lambeth, with only Brixton remaining open. A spokeswoman for the Mayor's Office for Policing and Crime said the plans were still open for consultation. The Mayor said recently that government cuts left him no choice but to take drastic action.

He said: "We will still be able to maintain a 24/7 front counter service in every borough and are improving the telephone and online services that Londoners value so highly.


How cash could have been spent

Annual salary for 12 detective constables

19 fully kitted police cell vans

333 new X2 model Tasers

28,000 handcuffs

(28th September 2017)

BOY ATTACKED BY BLOODTHIRSTY SEA FLEAS
(The Times, dated 8th August 2017 author Bernard Lagan)
www.thetimes.co.uk

There are many creatures, big and small, to be feared in Australia but strolling on a suburban beach in a few feet of water should have been safe enough.

Yet when Sam Kanizay, 16, decided to paddle in the sea near his home in Melbourne his legs became covered in blood and both he and hospital staff struggled to stem the bleeding. Doctors were left puzzled by the "pin-sized holes" in his legs and feet through which the blood seeped out, many of which required stitches.

Scientists eventually identified his attackers as tiny carnivorous creatures, half a centimetre to a centimetre long, known as sea fleas and found in many inshore waters.

"I didn't feel anything untoward when I was in the water," Sam said: "It was cold, so I expected my legs to go numb. Blood covered both my feet nd I was leaving little pools of it everywhere. I thought I had maybe stood on a rock, but the amount of blood quickly told me it wasn't it."

Genefor Walker-Smith, a marine scientist, told The Age newspaper that the number of bites inflicted on the teenager was highly unusual and it appeared that he had been attacked by a swarm of sea fleas. She said it was possible she said it was possible that he had disturbed a dead fish on which they were feeding.

Like leeches, sea creatures release an anticoagulant, which stops blood from clotting.

"It probably made it worse that Sam was standing still - they may not have been ablet cling on too tightly if he had been moving through the water," Dr Walker-Smith said.

Officials in the state of Victoria warned swimmers in Port Phillip bay to wear a wetsuit with boots.

(28th September 2017)


THIS HOUSEHOLD ITEM COULD HELP YOU STAY SAFE ON YOUR TRAVELS
(Cosmopolitan, dated 4th August 2017 author Katie Jones)

Full article [Option 1]:

www.cosmopolitan.com/uk/entertainment/travel/a11437600/doorstop-security-device-hotel-rooms/?src=socialflowTW

Hotel room safety is often a big concern for tourists, particularly for those who are travelling alone. And while the doors to most hotel rooms are fairly secure, there's one tip that globetrotters have shared when it comes to protection from intruders.

The Mirror points out that when asked to advise on the best security device to pack in hand luggage, frequent traveller David Klain said he never goes on holiday without a doorstop.

"Believe it or not, this is one of the best security devices anyone can have when travelling!" he explained on Quora.

"When staying in a hotel, you can put that doorstop under the door preventing someone from breaking in (the chain on the door will stop no one). In the case of a terrorist attack or lone gunman/active shooter incident, typically they will go through all rooms but, if they can't get the door open, move on to other rooms before working their way back to the doors that wouldn't open. This buys you time for you to get away/police to respond/etc."

Klain isn't the only seasoned traveller to advocate the household item as a safety measure. Former police officer and expedition leader, Lloyd Figgins, also recommended it to Wanderlust as a "simple and effective" way of preventing even those with a key from entering a room.

"Once you are in your room, simply lock your door and push the wedge under it. For added security, simply place more wedges under the door," he explained.

There are a number of precautions travellers can take while on trips abroad. To help you prepare for a holiday, use the government's foreign travel checklist for advice and safety tips :

www.gov.uk/guidance/foreign-travel-checklist

(28th September 2017)


POLICE RISK PROSECUTION OVER CRIME CHASES
(The Guardian, dated 4th August 2017 author Rowena Mason)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/aug/04/police-risk-prosecution-over-moped-chases

Police are unable to properly pursue members of organised gangs on mopeds because they risk being prosecuted for dangerous driving, the shadow policing minister has said.

Louise Haigh called for a review of police driving laws after officers were warned by the Police Federation not to carry out emergency manoeuvres that would be illegal for any other "careful and competent" driver.

The federation has called for the law to be changed after rulings that the police should be held to the same rules as other motorists, with the exception of the speed limit, even though they are trained to a higher level. Police are allowed to ignore road traffic signals, such as red lights, if this does not endanger anyone, but there are legal concerns that this exemption is meaningless because driving a vehicle on a road always carries a risk of danger.

Writing for the Guardian, Haigh said that without changes to the law the government risked "handing over our streets to criminals".

"[Officers] should be assessed based on their special training and circumstances, not compared to how you and I might normally drive. That, in turn, requires legislative change and for the government to stop dragging its feet," said Haigh, who is a member of Diane Abbott's shadow Home Office team.

"We need to have confidence that the police will enforce the law. The police need to have confidence that the law itself allows them to do so. If we don't tackle this we will hand our streets over to criminals and it will be the poorest communities that will suffer the most."

She said officers were at significant risk if prosecuted because their driving behaviour would be assessed on the same basis as any "competent and careful driver"; there were no specific exemptions for emergency manoeuvres beyond "disapplying" the speed limit.

"That is hampering the ability of the police to apprehend very serious offenders and take them off the streets. Bikers who have progressed well beyond petty crime into much more serious gang-related activity, to the point where the Met police has now classified moped-enabled crime as serious organised crime," Haigh said.

Figures obtained under freedom of information laws show moped-enabled crime has risen 10-fold in London since 2011 to more than 5,000 incidents a year.

In June, the federation warned all of its 120,000 members in 43 force branches that emergency manoeuvres in pursuit of suspects could land them in trouble.

Tim Rogers, the federation board member for roads policing, said: "Legal advice has recently highlighted that police response and pursuit drives are, in most circumstances, highly likely to fall within the definitions of careless and/or dangerous driving. There are no exemptions to the offences of careless or dangerous driving to permit emergency driving … Officers have a sworn duty and must uphold that duty. Officers should drive in a way which is lawful and does not contravene the laws of dangerous or careless driving. Officers are advised not to undertake any manoeuvre which may well fall outside the standard of the careful and competent non-police driver."

A Home Office spokesman said: "All emergency services, including the police, are exempt from speed limit, traffic light and sign violations when undertaking an emergency service response. However, they remain subject to the general law on motoring in the same way as members of the public - including the law on careless and dangerous driving. Decisions on the management of pursuits and response driving are an operational matter for forces."

(28th September 2017)


CO-OP ATM THIEVES TO BE SPRAYED WITH LONG-LASTING TRACEABLE GEL
(The Guardian, dated 3rd August 2017 author Rupert Jones)

Full article [Option 1]:

www.theguardian.com/business/2017/aug/03/co-operative-atm-cash-machine-thieves-sprayed-traceable-gel-crime

An invisible traceable gel that stays on skin and clothes for years will be sprayed on anyone who tries to break into a Co-operative cash machine as part of a hi-tech initiative to combat ATM crime.

The Co-op group has teamed up with forensic technology company SmartWater to roll out the deterrent. The gel was invented by former West Midlands police officer Phil Cleary and his chartered chemist brother Mike.

The technology is being installed at about 2,500 cash machines at Co-op food stores across the UK, after a pilot scheme in 2016 resulted in a more than 90% reduction in ATM crime.

The Co-op revealed industry figures that showed north-west England was the number one UK hotspot for ATM crime, accounting for almost 29% of attacks carried out between January and June this year. London was in second place at 19%.

SmartWater has adapted the technology to ensure that criminals who attack ATMs, and any cash they manage to steal, are marked with the water-based gel.

"Invisible to the naked eye, an amount of gel the size of a speck of dust can provide the solution for scientists to undertake a successful analysis and help police with identification, with the forensic signature guaranteed to last five years," the firm said. The gel glows neon yellow under UV light and is "difficult for criminals to remove".

The Metropolitan police has a partnership with SmartWater aimed at cutting the number of burglaries in London. "As a result, all custody areas have suitable detectors fitted, with prisoners routinely scanned, and hundreds of patrol staff have been equipped and trained to detect it," said DCI Iain Raphael, Enfield borough commander. "We welcome any crime prevention initiative such as this … Criminals contemplating attacks on Co-op ATMs should take note."

The Co-op said the technology was effective regardless of how a cash machine was targeted. It added that gas attacks - where gas was piped into the machine from cylinders and ignited from a distance - were in decline.

ATM raids involving a saw or angle grinder are most common in the north-west, while black box attacks are a particular problem in London. The latter involves an unauthorised device being fitted to cash machines that causes them to dispense all their cash. Another method involves thieves trying to remove an ATM with a rope or heavy machinery such as a digger.

Chris Whitfield, director of retail and logistics at the Co-op, said: "ATM crime impacts customers and communities - it can also have a disproportionate impact on rural police force areas where cash dispensers are more of a lifeline for residents and the local economy."

(28th September 2017)


POLICE USE FORCE AGAINST SUSPECTS 138 TIMES A DAY IN LONDON
(London Evening Standard, dated 1st August 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/police-use-force-against-suspects-138-times-a-day-in-london-figures-show-a3601176.html

Police used force against suspects and individuals more than 100 times a day in London, according to data released for the first time today.

It showed the number of cases where officers used tactics ranging from handcuffs and physical restraint to Tasers and firearms.

In the three months to the end of June, individual officers recorded "incidents of force" 12,605 times, or an average of 138 cases a day.

Nearly half - 5,397 - were described as "compliant handcuffing" while other common tactics included the use of "unarmed skills", restraint and "tactical communications" to defuse situations.

However, the data also showed that Taser stun guns were deployed on 1,102 occasions, although they were only fired 100 times.

Firearms officers aimed weapons on 281 occasions, police used batons 46 times and controversial spit guards were used 25 times.

The figures record armed police firing weapons on only two occasions, believed to be the incidents involving a raid on suspected terrorists in Willesden, when a woman was shot, and the terror attack in Borough Market when three extremists were shot dead.

The statistics record that force was used 10,925 times against men, 1,643 against women and 37 against transgender individuals.

Most incidents, 6,404, were against men aged between 18 and 34 years, although there were 17 children under the age of 10 who were subject to the use of force.

However, police say children could have been restrained by an officer for their own safety or to detain them, incidents which would have been recorded as force.

The data revealed that 45 per cent of those who were subject to force were white, 36 per cent were black and 10 per cent from the Asian community.

Around 14 per cent were believed to have mental health issues.

Police dogs were deployed 24 times - and people were bitten by the dogs on 17 occasions. CS spray was drawn 87 times and used on violent suspects 68 times.

The figures were released after hundreds took to the streets in London to protest over the deaths of two black men after they were apprehended by police officers.

Rashan Charles, 20, died last month after being restrained by officers in Dalston, while Edson Da Costa, 25, from East Ham, died after contact with the police five weeks earlier.

The figures showed 655 suspects were injured, 11 seriously.

Commander Matt Twist said of the figures: "Our officers face the most dangerous situations every day. The use of force techniques are there to stop violence and danger, protecting not only the officer making an arrest but the public at the scene, and the person being arrested.

"It is important to recognise the type of force used with the most common being the use of compliant handcuffs.

"These figures will ensure transparency to the public who will get a better idea of what officers face on a day-to-day basis."

He added: "We can see from the data that on 643 occasions officers were injured in this period."

The figures include the first data on the use of spit guards after they were deployed to all custody suites across London.

Westminster officers recorded the most use of force followed by Lambeth, Croydon, Hackney and Wandsworth.

Commander Twist added: "It is really important to note that this first three month period is very early data and not comparable against anything else.

"It will take time for us to ensure officers comply with filling out this form after every use of force interaction becomes routine or second nature.

"We know that there will be instances of force used in this period which have not been recorded, but having scrutinised the data we have already seen a steady increase in the number of online recording.

"We have been training officers on the new form through officer safety training and briefings."

Officers are asked to record "tactical communications" as "force" to show where their attempt to defuse situations by talking failed and they had to resort to more robust tactics.

(28th September 2017)



HUGE HUMAN TRAFFICKING RING FLYING HUNDREDS OF MIGRANTS, INTO UK SMASHED BY POLICE
(London Evening Standard, dated 3rd August 2017 author Martin Bentham)

Full article [Option 1]:

www.standard.co.uk/news/crime/huge-human-trafficking-ring-flying-hundreds-of-migrants-into-uk-smashed-by-police-a3603156.html

A huge human trafficking ring that has been flying hundreds of Iranian migrants, some as young as five, into Britain has been smashed after the arrest of more than 100 people by European law enforcers and the Met.

The alleged leader of the criminal gang was detained at Heathrow as he tried to escape justice by flying to Brazil. Another 14 gang members were held in Malaga, southern Spain, where the smuggling operation was based.

The EU's law enforcement agency, Europol, said that more than 200 people a year had been smuggled by the gang for around 10 years. Most were flown into Britain, although some were sent to other European countries.

Europol said the gang had run a "perfectly structured" criminal operation in which each migrant was charged around £22,000 and provided with accommodation, transfers and flights.

There was no immediate information from the Home Office about how many Iranians have managed to enter Britain illegally or whether any of those detained have been removed from the country.

But the discovery of the operation will raise renewed concerns about the security of Britain's borders and the ability of traffickers to use fake or legitimate documents from other EU countries to smuggle illegal migrants into the country.

Announcing the successful operation against the gang today, Europol said that Spanish National Police had "dismantled an international criminal network involved in smuggling Iranian nationals into the UK on commercial flights" on an "action day" across Europe.

As the well as the alleged ringleader arrested at Heathow, another 14 members of the trafficking ring were arrested in Spain, along with 42 Spanish citizens suspected of selling their documents to help the gang carry out is smuggling operation.

A total of 44 Iranians were also detained at airports across Europe carrying forged passports. Seven other Iranians, including a child aged five, were also found during searches carried out by Spanish police. Passports, more than 400 blank identity cards, firearms, cash, computers, printers and a "high-end vehicle" were also seized during the searches.

Europol said that law enforcers had become aware of the gang, which was operating out of Malaga in southern Spain, after seven Iranian citizens were caught a year ago using fake passports to board a lane flying to this country from Germany.

Investigations found that the flight tickets had been bought at travel agnecy in Malaga and realised that there was "a migrant smuggling network operating in the city".

"The criminal group was perfectly structured and each member had a defined role, ranging from recruiting the irregular migrants in their country of origin, to facilitating the transfers, hosting them in safe houses in Spain, and supplying the travel documents," Europol said.

"The network operated from Málaga and used Spain as a transit country. In total, 101 individuals were arrested. The Spanish National Police arrested 14 members of the criminal group in Málaga, as well as another 42 individuals accused of selling their Spanish documents to the members of the organisation for prices ranging from 500 euros (£445) to 3000 euros (£2,680).

"Another 44 individuals of Iranian nationality were intercepted at different European airports carrying forged passports. The leader of the criminal group was arrested by the Metropolitan Police at Heathrow airport, after a European Arrest Warrant was issued by the Spanish authorities. The suspect intended to take a flight to Brazil to evade justice."

Europol added that searches of safe houses in Spain had led to the discovery of seven other Iranians, including a five-year-old child, as well as 40 authentic Iranian and Spanish passports and other equipment used by the criminal gang.

A spokesman for Europol added that it was difficult to estimate the exact number of the numbers trafficked into Britain by the gang but that "around 200 Iranians were smuggled per year, most of them to the UK but not all". He added that the gang had been operating for "various" years before it was detected but that it was not possible to give a "concrete" length of time.

(28th September 2017)

500 IDENTITIES STOLEN A DAY IN ID FRAUD EPIDEMIC
(Which, dated August 2017 author Gareth Shaw)

Full article [Option 1]:

www.which.co.uk/news/2017/08/500-identities-stolen-a-day-in-id-fraud-epidemic/

Identity fraud has reached 'epidemic' levels, according to fraud prevention service Cifas, with almost 500 cases of ID fraud a day being reported in the first six months of the year.

There were 89,000 cases of identity frauds recorded between January and June 2017, up 5% on the previous year - a record high. More than four in every five (83%) cases of identity fraud were perpetrated online.

Cifas' figures suggest a sharp rise in fraudsters applying for loans, telecoms and insurance products, although the majority fraud attempts have been against bank accounts and credit cards.

The fraud body said that the 'vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating.'

Indeed, yesterday we reported the story of a company director who fell victim to ID fraud an incredible 29 times.

West Midlands and Scotland see surge in ID fraud

Cifas' data suggests that while London remains the capital for ID fraud, with more than 26,000 cases reported in the first half of the year, the West Midlands and Scotland have seen 30% increases over the past six months

ID FRAUD VICTIMS ACROSS THE UK

East of England : 8673 (-7%)
East Midlands : 4647 (-2%0
Greater London : 26177 (-3%)
North East : 1968 (+22%)
North West : 7556 (-12%)
South West : 3839 (+25%)
South East : 12721 (+8%)
Scotland : 3507 (+30%)
Wales : 1696 (-2%)
West Midlands : 7355 (31%)
Yorkshire and Humber : 6069 (+20%)

This follows an investigation carried out by Which? research in June, which revealed the fraud capitals of the UK. The majority of victims are aged between 31 and 40, but as the table below shows, the number of victims aged under 21 has doubled in the past year, albeit from a low base.

Which June investigation article : www.which.co.uk/news/2017/06/revealed-the-fraud-capitals-near-you/

Age of victim : Number of victims of impersonation : (% change between 2016 and 2017)

Under 21 : 1023 (49.6%)
21 - 30 : 12303 (5.6%)
31 - 40 : 18916 (1.5%)
41 - 50 : 18338 (1.4%)
51 - 60 : 15940 (4.3%)
Over 60 : 13294 (-6.2%)

Source : Cifas

What is Cifas?

if you've been a victim of fraud, you can pay for Cifas' 'Protective Registration'. This will place a flag alongside your name and personal details in their secure anti-fraud database, and helps retailers see you're at extra risk of fraud and prompt to take extra steps to verify your identity. Applying for financial products and services might take a little longer, as companies may see the flag and request further details, but you can be reassured that your details are being protected. Registration costs £20 and lasts for two years.

Huge spike in insurance ID fraud


Incidents of insurance ID fraud have reportedly risen from just 20 cases last year to more than 2,000.

The Insurance Fraud Bureau, which captures and shares information on insurance fraud, said that while the amount lost to insurance fraud (£1.3bn) has fallen over the past year, the rise could be attributed to an increase in 'application' fraud and people buying cheap or fake insurance from 'ghost brokers'.

Ghost brokers tend to advertise online, on social media and popular selling websites, offering people the opportunity to get cheap insurance. They impersonate the person looking for cover and fraudulently apply for insurance with inaccurate and misleading information to reduce the cost of cover. Sometimes, ghost brokers produce fake policy documents to sell insurance to a consumer.

Ben Fletcher, director of the Insurance Fraud Bureau, said that a third of all open investigations the body is conducting are concerning ghost brokers and application fraud. The Bureau has a 'cheat line' which allows people to report potentially fraudulent insurance brokers and dodgy practices.

The Association of British Insurers stated that 'using someone else's details to try to save money on a policy, or to sell fraudulent insurance policies… are both crimes which come with serious consequences', and that the insurance industry was involved in a number of initiatives to combat fraud and 'help keep prices down for the majority of honest customers.'

(28th September 2017)



JULY 2017

WHITE COLLAR CRIME PROSECUTIONS FALL AS OFFENCES RISE
(The Register, dated 31st July 2017 author out-law.com)

Full article [Option 1]: www.theregister.co.uk/2017/07/31/white_collar_crime_prosecutions_fall/

The number of white collar crime prosecutions in the UK fell by 12 per cent between 2015 and 2016, despite a 4 per cent increase in the number of reported offences.

Figures sourced by Pinsent Masons, the law firm behind Out-Law.com, show a trend of falling white collar crime prosecutions since 2011.

Pinsent Masons' corporate crime expert Barry Vitou said the decrease raised questions over the funding of enforcement bodies such as the Serious Fraud Office (SFO) to pursue white collar criminals.

"More money and time needs to be spent ensuring regulators, agencies and police forces can deal with new threats effectively, and follow-up with any intelligence. There is clearly no shortage of leads," said Vitou. "Government support and adequate funding is the lifeblood of any organisation fighting white collar crime."

White collar crime prosecutions fell from 9,489 in 2015 to 8,304 last year. Since 2011, when there were 11,261 prosecutions, there has been a 26% drop in prosecutions.

Meanwhile the number of reported fraud offences increased 4% in the last year, to 641,539 in 2016 up from 617,112 in 2015. Since 2011 the number of reported crimes has risen nearly four-fold, from 142,991 offences.

White collar crime includes corruption, bribery, insider dealing, computer fraud, and false accounting practices. Online fraud was the most commonly-reported offence last year and according to a recent National Audit Office report, cost private sector businesses an estimated £144 billion last year and individuals £10bn.

Recent high-profile white collar crime prosecutions included a £497 million deferred prosecution agreement (DPA) agreed between Rolls-Royce and the SFO in January and a £129m DPA between Tesco and the SFO in March.

According to Pinsent Masons these high-profile cases came despite the downward trend in mainstream white collar crime enforcement, which is the task of the police and the National Crime Agency (NCA)

During the recent general election campaign the Conservative party manifesto pledged to merge the SFO with the NCA. Vitou, who has previously predicted that the election result put these plans into doubt, said there needed to be an end to uncertainty over the future of the SFO.

"It is also time, once and for all, to lay to rest the constant speculation about the future of the SFO and to guarantee its future as a stand-alone agency," Vitou said.

(21st September 2017)



STEALTHY REVIVAL OF STOP AND SEARCH
(Sunday Times, dated 30th July 2017 authors Tom Harper and Arthi Nachiappan)
www.thetimes.co.uk [Option 1]

Two of Britain's biggest police forces have quietly stepped up their use of controversial stop-and-search powers in the face of a surge in violent crime.

Officers in Greater Manchester and Surrey detained more people in the first four months of this year on suspicion of carrying knives and drugs than in the same period last year. It is the first official sign of a reversal after a dramatic fall since 2014 prompted by Theresa May.

As home secretary, May insisted all stop and search had to be intelligence-led and not random. She was concerned by data showing black people were seven times more likely than white people to be stopped. The number of searches fell to 387,448 last year, the lowest since 2002.

The reforms have been blamed for the largest rise in recorded crime in a decade. Total recorded crime in England and Wales rose by 10% last year with violent crime up by 18%, including a 20% rise in gun and knife crime, according to the Office for National Statistics (ONS).

The biggest increase in knife crime was in London. The Sunday Times revealed in May that Cressida Dick, the Metropolitan Police commissioner, had decided to increase stop and search in response. Twelve Londoners had been fatally stabbed in just three weeks.

Now a Sunday Times analysis of College of Policing statistics show that two forces have followed Dick's lead.

In Surrey the annual rise in total recorded crime is 8% and in violent crime 12%. Stop and search rose 78% in January to April compared with the same period last year : officers detained 193 people suspected of carrying offensive weapons.

Greater Manchester officers used stop and search 958 times in that period, a rise of 7%. The force almost doubled its use to detain people suspected of carrying offensive weapons.The force saw a 29% rise in violent crime year on year.

However, Richard Garside, director of the Centre for Crime and Justice Studies, said:"Ramping up stop and search is unlikely to have a meaningful impact on crime levels while doing much to antagonise innocent members of the public."

What's happening on the street (from graph within article)

Whilst stop and search dropped from 1,017,542 to 387,448 between 2012 and 2016. The amount of violent crime rose from 601,141 cases in 2012 to 992,366 cases in 2016.

(21st September 2017)


NIGERIAN AGENTS TO SNARE SLAVERS AT UK AIRPORTS
(The Sunady Times, dated 30th July 2017 authors Jon Ungoed-Thomas and George Arbuthnott)
www.thetimes.co.uk [Option 1]

Nigerian anti-trafficking officials have been posted at British airports to combat gangs trading human slaves.

They started work with Border Force officers at Gatwick and Heathrow last week after new figures revealed a sevenfold increase in the number of Nigerian women and unaccompanied minors on a key trafficking route into Europe since 2014.

Speaking from Nigeria, Kevin Hyland, the UK's independent anti-slavery commissioner, said officials from Nigeria's National Agency for the Prohibition of Trafficking in Persons (Naptip) would help identify victims of trafficking.

"There are criminal networks operating with impunity and they are earning a fortune trading in people lives," said Hyland. "We are now working with Nigeria to stem this at source and en route."

At least £5m from Britain's overseas aid budget is being spent in Nigeria to combat modern slavery. MI5 and MI6, GCHQ and Interpol are also involved after a report in204 found that in the UK there were between 10,000 and 13,000 potential victims of slavery, from all countries.

In 2016, 243 Nigerians were identified as potential victims through the governments national referral mechanism, which provides support and protection. Nigeria was the third most common foreign country of origin.

One of the hubs of the trafficking route is Edo state in southern Nigeria. Women are trafficked north to Libya before embarking on the perilous journey across the Mediterranean to Italy.

The number of young women arriving in Italy by sea increased from 1,454 in 2014 to 11,009 in 2016. In the same period, the number of unaccompanied minors arriving jumped from 461 to 3,040. About 80% of women and girls arriving from Nigeria are potential victims of sexual exploitation.

Another route is by air from Nigeria to London. Woman and children travel on genuine visas or are given false documentation. The women may be forced to work in brothels and children as unpaid household servants. Victims are often coerced into travelling by using witchcraft rituals.

Julie Okah-Donli, director general of Naptip, said in a message to traffickers:" If we miss you here in Nigeria at departure, we will not miss you as you arrive at your destination".

(21st September 2017)


GANGS POSE AS RETAIL BUYERS TO DUPE SUPPLIERS
(The Times, dated 29th July 2017 author John Simpson)
www.thetimes.co.uk [Option 1]:

Fraudsters posing as supermarket buyers are tricking suppliers into delivering vast quantities of food and drink then stealing it on arrival, industry leaders say.

The thieves have developed cunning scams in which they rent warehouses and send realistic emails that appear to come from supermarket chains. They are netting goods worth tens of thousands of pounds ranging from tinned tuna to wine.

Police have warned of a growing spate of thefts through "supplier fraud" and industry figures have estimated a global loss of as much as £5 billion to brands worldwide. The gangs generally target European suppliers, which have to ship the order in. Once the delivery arrives it is swiftly broken up and moved.

Recent cases of fraudsters posing as Iceland supermarket executives led to the theft of about £250,000 worth of tinned tuna from a Portugese supplier, and more than £20,000 of wine from Germany.

Last year, Action Fraud received 237 reports of this type of crime, which it refers to as distribution fraud. As a result, 138 investigations were launched across the country.

Detective Inspector Chris Felton, of City of London police, said in the Grocer magazine: " You're often trying to chase after shadows because once the goods are delivered they're very quickly broken up and moved to other storage venues. "Where the goods are delivered is only going to have a very tenuous connection to the criminals anyway, because they've deliberately chosen somewhere that won't leave any easy trial. Where we have results, like the recent Greater Manchester case, they're down to really good detective wok and beavering away at this. Unless you get lucky they're not at all easy to piece together. These are not individual crimes and each report potentially has bits of information that (when) built up together gives us enough for a successful operation. These are organised groups doing it again and again."

Duncan Vaughan, legal director at Iceland, told The Grocer that the company had "endless lever-arch files full" of incidents and losses.

Brakes, a food wholesaler, has reported a "significant" number of thefts and attempted thefts. The company's legal counsel said:" Sadly, in the event of an actual fraud we tend to find out too late, which is normally when the supplier requests payment".

Tomasz Nowowiejski, the chief executive of Mutalo Group, a Polish company that makes energy drinks, said that it had nearly shipped two containers of goods worth about £45,000 to a group of scammers posing as Iceland. "Everything was spot on", he said. We've had many attempts at a scam where someone has sent an email claiming to order a big aount of merchandise, but usually they're ver poorly done and if someone's been woking in the field for a couple of years they'll recognise it".

(21st September 2017)

ALMOST A QUARTER OF SHOPS "ILLEGALLY SELL KNIVES TO UNDERAGE PEOPLE"
(The Guardian, dated 29th July 2017 author David Connet and Haroon Siddique)

Full article [Option 1]:

www.theguardian.com/membership/2017/jul/29/almost-a-quarter-of-shops-illegally-sell-knives-to-underage-people

Nearly one in four shops is breaking the law on under-age knife sales, with blades sold to children as young as 12, trading standards officers have warned.

In test purchases carried out for the Local Government Association, implements including a machete, a nine-inch serrated knife, razor blades and craft knives were sold to underage teenagers across England and Wales. Major supermarket chains were among the offenders.

The results, which the LGA said were alarming, follow widespread concern at police-recorded crime figures, which found a 20% rise in knife offences to 34,703 incidents - the highest level in seven years.

Responding to the new crime figures, the head of parliament's youth violence commission said that 2017 could be a new low point for knife deaths in the UK, calling for an "urgent, united and societal response" to the problem.

"Indications so far suggest that knife crime and knife-related deaths will be much higher in 2017 than in previous years," said Labour MP Vicky Foxcroft, who established the commission last year after a spate of killings of young people in her Lewisham constituency in south-east London.

Foxcroft suggested that the number of incidents was likely to be higher because many people who went to hospital with stab wounds did not go to the police. "We need to have much more accurate reporting." she said.

This year the Guardian has launched Beyond the Blade, a reporting project that will mark the deaths of children and teenagers in the UK who are killed by knives in 2017. There is no publicly available national data on the number of victims in this age group.

Foxcroft's intervention was echoed by Simon Blackburn, chair of the LGA Safer and Stronger Communities Board, who said the trading standard tests demonstrated "shocking abuses of the law" by retailers across the country. The LGA called for greater fines and tougher sentences for shop owners who break the law banning the sale of knives to people under 18.

In test purchases in one area alone, one teenager was sold a machete, another a lock knife and a third a nine-inch serrated knife.

In London, where knives have been behind a spate of murders, 96 out of 725 test purchases carried out saw knives and blades sold to children as young as 13 including a national supermarket chain.

One 16-year-old bought a pack of craft knives from a major high street store without being asked for proof of age at the self-service checkout. In another instance, a 17-year-old police cadet bought a pack of double edge razor blades from a supermarket chain self-service point.

That picture was not confined to the capital. In purchases undertaken by Devon, Somerset and Torbay Trading Standards in cooperation with police, seven out of 29 shops - including two major supermarkets - sold knives to under 18s.

At one shop in Bristol, a 14-year-old girl was sold a nine-inch serrated knife. Afterwards she commented: "It's scary how easy it is to buy a knife."

Blackburn said knife crime had risen significantly last year and people accessed knives from different places but it was "important to make sure the retail supply of knives is managed robustly across all sales points".

He added: "Knives are lethal weapons in the wrong hands and it's vital that shops do all they can to prevent them falling into the hands of young people."

In London, 19 traders were prosecuted or have cases pending. Others received official warnings or provided with compliance advice. Trading standard officers warn that cuts to frontline staff and funding have made enforcing knife sale laws increasingly difficult.

Foxcroft said that the level of knife crime revealed by the police-recorded figures could underplay the real picture, suggesting that the number of incidents is likely to be higher as many people who attend hospital with stab wounds do not go to the police.

"We need to have much more accurate reporting," she said. Pointing to the death of four teenagers in a week just before the election, she said: "Now, more than ever, we need an urgent, united and societal response to tackle the epidemic of violence affecting young people across the country."

Foxcroft welcomed proposed new anti-knife crime measures including banning the delivery of knives to private addresses and police powers to confiscate banned weapons found in people's homes. However, she said they failed to go far enough.

Improved retail display of knives was important, she said. "The commission spoke to lots of different people. One of the things they said was in terms of them being so freely available, on display in shop counters. If a kid is willing to use or carry a knife, are they going to think anything of stealing one? Should [the knives] be behind counters, locked up?"

The four young people killed in nine days as the election campaign drew to a close were Matthew Cassidy, 19, in Deeside, north Wales; Abdirahman Mohamed, 17, in Peckham, south London; Koy Bentley, 15, in Watford, Hertfordshire; and Osman Sharif, 17, in Tottenham, north London.

Since the four deaths, another 18-year old, Mahad Ali, was killed following a party in Park Royal, west London on June 29. Mahad was stabbed several times in the chest by a number of attackers. Three men were arrested after his death. Two have been released and third is on police bail.

Together, the deaths bring the count of children and teenagers killed this year by violence involving knives to 21.

(21st September 2017)


GANGSTERS USING YOUNG PEOPLE AS "MONEY MULES", POLICE WARN
(The Telegraph, dated 28th July 2017 authors Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/28/young-people-used-money-mules-police-warn/

Cases involving young people who are targeted to become "money mules" by letting criminals use their bank accounts have reportedly almost doubled.

Police in London are warning parents to monitor their children's accounts amid concerns they could be falling victim to such crime either through force or when offered payment, the Times said.

Figures from fraud prevention service Cifas, reported by the paper, show the number of "misuse of facility" frauds involving a person under 21 has risen year-on-year.

Cifas said there were 4,222 such cases in the first half of 2017, compared with 2,143 in the first part of last year.

It also reported that 65% of the 17,040 incidents of that type in the UK in the first six months of this year were committed by people aged under 30.

This kind of fraud usually sees the person allowing their bank account to be used to move criminal money, Cifas said, making it harder for the authorities to track.

The Times said a letter sent to schools from the Metropolitan Police's fraud unit urged them to support officers by educating young people that they should not let their accounts be used in this way.

(21st September 2017)



UNDERCOVER POLICE SPIED ON MORE THAN 1000 POLITICAL GROUPS

(The Guardian, dated 27th July 2017 author Rob Evans)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/27/undercover-police-spied-on-more-than-1000-political-groups-in-uk

Undercover police officers who adopted fake identities in deployments lasting several years spied on more than 1,000 political groups, a judge-led public inquiry has said.

It is the first time that the number of political groups infiltrated by the undercover spies over more than four decades has been made public. The list of groups that were infiltrated has not been published by the inquiry. However, it is known to include environmental, anti-racist and animal rights groups, leftwing parties and the far right.

The number of infiltrated political groups has been released by the public inquiry that was set up by Theresa May, while she was home secretary, to examine the conduct of the police spies since 1968.

May ordered the inquiry following revelations that the spies had gathered information about grieving relatives such as the parents of murdered teenager Stephen Lawrence, deceived women into forming long-term relationships and stolen the identities of dead children.

The inquiry disclosed the figure after campaigners who were spied on asked how many political groups were known to have been infiltrated.

The campaigners have been pressing the inquiry to publish a list of the groups and the names of the fake identities that were used by the police spies during their covert missions.

At least 144 undercover police officers have been deployed to spy on political groups since 1968. It appears that they gathered information on more than one group.

The spies developed elaborate false identities, often based on dead children and supported with fake documentation such as driving licences provided by the state.

They spent long periods, usually five years, pretending to be political activists while they fed back to their superiors information about the activities of campaigners and the protests that were being organised.

Sixteen of the spies have been identified following investigations by campaigners and journalists, giving some idea of which groups were spied on.

The initial groups infiltrated by the spies in the late 1960s and 1970s included campaigns against the Vietnam war and apartheid, and leftwing organisations such as the International Marxist Group. The operation was later expanded to target the extreme right.

In the 1980s, Bob Lambert, an undercover officer, masqueraded as an activist in the Animal Liberation Front and an environmental group, London Greenpeace.

In the 1990s, Peter Francis, an undercover officer who became a whistleblower, was deployed to spy on anti-racist groups such as Youth Against Racism in Europe, and the Socialist party. Another spy, Jim Boyling, was embedded in environmental groups such as Reclaim the Streets. His colleague Mark Jenner infiltrated the Colin Roach Centre, a group in London that sought to expose police corruption.

Andy Coles spied on animal rights campaigns, including the London Boots Action Group. In May, he resigned as the deputy police and crime commissioner for Cambridgeshire after he was accused of deceiving a 19-year-old political activist into starting a sexual relationship while undercover in the 1990s. He is currently under pressure to resign as a Tory councillor in Peterborough.

Since the turn of the century, Mark Kennedy and Lynn Watson have been sent to spy on environmental campaigns, while Marco Jacobs infiltrated the Cardiff Anarchist Network and Simon Wellings an anti-capitalist group, Global Resistance.

On Tuesday, the Home Office confirmed that the public inquiry was now being headed by a new judge, Sir John Mitting. He replaced Sir Christopher Pitchford, who stepped down after being diagnosed with motor neurone disease.

The inquiry has been delayed as the police are arguing that most of its proceedings should be held in private in order to protect the spies and their techniques. The police are submitting legal applications that would, if granted, keep secret the identities of their spies.

(21st September 2017)

THREE HUNDRED UK CHARITIES HIT BY GLOBAL CRACKDOWN ON ILLEGAL FUNDS
(Reuters, dated 27th July 2017 author Lawrence White)

Full article [Option 1]:

www.reuters.com/article/us-banks-charities-idUSKBN1AC0FH

More than 300 UK-based charities have had their bank accounts closed in the last two years after being caught up in a global crackdown on illegal money flows, forcing the government to explore how to allow them easier access to the financial system.

Thousands more charities have had operations disrupted by delayed payments causing financial losses and risks to employees, Britain's Charity Finance Group, that helps to organize charity financing, told Reuters. Major charities Oxfam and Save the Children say they were amongst those hit.

The government is setting up a panel of charity executives, bankers and officials to meet in the coming months to "drive new policy thinking" to allow legitimate charities to operate unhindered, an official told Reuters.

The decision to assemble the working group comes ahead of a review by the inter-governmental Financial Action Task Force (FATF) next March of Britain's efforts to tackle money-laundering and financing of militant groups.

At the FATF meeting, Britain could face criticism of its failure to tackle the problem of charities losing access to the banking system, charity sector analysts said.

The FATF has recorded over 100 cases worldwide of alleged abuse of charities for terrorist finance. In one example in the city of Birmingham in 2011, three people were convicted of impersonating Muslim Aid charity workers to fund a bomb attack.

But legitimate charities say they have been cut off from the financial system because banks have been alarmed by billion-dollar fines meted out for breaching sanctions, anti-terror financing and anti-money laundering rules.

Charity officials say the clamp-down on charities by banks is causing government-backed aid efforts to fail, humanitarian workers to be put at risk and potential recipients to suffer.

"Save the Children believes a more aligned approach between governments, regulators, and NGOs will help to reduce financial crime, whilst ensuring critical and life-saving humanitarian work continues," the group said in a statement for this article.

HSBC and Co-Operative Bank closed the most charity bank accounts in the last two years, according to a Reuters survey of more than 30 case studies. Both banks, along with other big institutions, said they were taking action to better understand the needs and internal governance of charity clients.

HSBC SETS UP TEAM

In the last two years, HSBC hired some 35 staff to work in a team dedicated to the charity sector, according to a source familiar with the hirings. The specialists aim to ensure charities comply with global financial rules.

A problem that hit mainly smaller Muslim-related charities after September 11, 2001 attacks in America accelerated in the last few years to involve thousands of charities.

"Delayed and declined payments have become a regular recurrence in the sector with charities experiencing disruption to their objectives on a daily or weekly basis," a director at UK-based umbrella group Muslim Charities Forum, Monowara Gani, told Reuters.

Many British charities affected were reluctant to speak on the record about their experiences because they were worried that other banks might cut them off, or that donations could dry up if their banking problems were publicized.

One small human rights charity funded by Britain's Foreign Office, which did not want to be identified, closed down this year after being unable to open a bank account, two sources familiar with the situation said.

This illustrated the problem posed to British international aid policy by the banks' fear of being punished for breaching regulations, said the sources who declined to be named.

Around 20 per cent or nearly $1 billion a year of the government's bilateral assistance funds distributed by the Department for International Development are channeled through charities, according to government data.

"We continue to engage with humanitarian organizations to understand and discuss what impact the wider security context may be having on their operations overseas in conflict-affected states," said the government official, who confirmed a panel had been set up to engage with the issue.

RISK RULES

"The humanitarian sector is struggling with a policy vacuum, leaving commercial organizations such as banks to set the risk rules for delivery of publicly-funded aid," said Mike Parkinson, policy adviser for Oxfam UK, which has encountered delays in opening bank accounts overseas.

Some banks are responding to the problem, but others are reluctant to serve a sector deemed to have a "medium-high" risk of terrorist financing in a 2015 British government report.

"We feel like banks used to be competing for charity business, but now they are pushing us away," said Tim Boyes-Watson, executive director of British-based Mango which specializes in helping charities manage their finances.

Boyes-Watson said Mango is working on creating a certification system that would aim to make approved charities easier for banks to work with, but that implementing and regulating such a scheme could prove costly.

In addition to hiring a team dedicated to the charity sector, HSBC in April sent a guide called "Keeping your Charity Safe" to 11,000 charity and non-profit customers.

"We will continue to work with the UK government and industry bodies to support the not-for-profit sector," a spokeswoman for the bank said in an email.

Co-Operative Bank has closed accounts for dozens of organizations in the last few years including branches of the Cuba Solidarity Campaign and the Nicaragua Solidarity Campaign.

Amnesty International UK in December 2016 published a report criticizing the bank's handling of those closures, which were often abruptly communicated to the charities. The bank said it was unethical not to comply with legal and regulatory rules.

A spokesman for the bank said it has introduced a new "exit forum" to manage closures of charities' accounts better and will soon publish a summary of its account closure data.

UNDERSTANDING CHARITY CLIENTS

Barclays has sent a mandatory questionnaire to all of its charity clients in recent months asking them how they deal with financial crime and sanctions-related issues.

"The idea is that if we understand charity clients better and get confident in their internal governance, we should be better placed to make payments for them," said David McHattie, head of the charities team at Barclays.

McHattie said no customers have lost their accounts as a result of unsatisfactory answers to the questionnaire, but that the bank has asked some clients to improve their processes.

While Britain's government, banks, and charity officials take steps to tackle the problem, aid workers say the consequences of losing access to banking are getting worse.

"I've been talking to banks for over a year and still don't have an account, so I'm having to send money for life-saving care through Western Union which is expensive and time-consuming," said the head of one medical aid organization operating in Syria who did not wish to be named.

Other aid organizations without bank accounts are resorting to more primitive, risky methods.

"A number of organizations I know are back to throwing bags of cash over the border into Syria," said Lisa Reilly, executive coordinator at the European Interagency Security Forum which works to improve the safety of aid workers.

(21st September 2017)


HORSEMEAT TRIAL SHINES LIGHT ON KEY PART OF INTERNATIONAL FRAUD
(The Guardian, dated 26th July 2017 author Felicity Lawrence)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/26/horsemeat-trial-shines-light-international-fraud

The conviction of three men in London for conspiracy to defraud by selling horse mislabelled as beef marks the end of the UK police operation to identify the criminals in its jurisdiction behind the horsemeat scandal of 2013.

Operation Boldo, run by the City of London police's specialist fraud division, tracked just one of the trails of dodgy meat that were exposed when the Food Safety Authority of Ireland (FSAI) published tests at the beginning of 2013.

These showed that burgers and ready meals on sale in leading retailers and fast food outlets contained undeclared horse and pig DNA. The FSAI report sparked testing across Europe, which exposed industrial-scale adulteration of the food supply.

Investigations that followed in the UK led to others being charged with or convicted of regulatory offences relating to horse slaughter or selling beefburgers containing undeclared offal, and a conviction for labelling goat as lamb but, four and a half years on, this is the first UK conviction for selling mislabelled horsemeat.

The trial shone a light on how one key part of the transnational fraud worked.

The three convicted men were from two companies. One was a meat trading operation called FlexiFoods, based in Hull and run by the Danish businessman Ulrik Nielsen and his administrator Alex Beech. The other was a cold store and sausage processing plant called Dinos in Tottenham, north London, run by a Cypriot called Andronicos Sideras. Nielsen was described by police as the "brains" behind the UK part of the fraud.

The court heard how he traded meat on paper across countries and contracted others to move it. He kept meticulous records, which enabled the authorities to pin down how and where horse had been mislabeled as beef. Sideras was the "hands" of the fraud and it was at his site, according to the prosecution, that beef and horse were mixed and forged beef labels were applied before they were supplied to manufacturers via other traders.

The beef products adulterated with horse were mostly bottom-of-the-range bargain lines. At the time of the scandal, discount frozen burgers were typically being sold for around 25p per quarter pound when the market price for real beef of the grade suitable for burgers was 43p per quarter pound.

When processing to meet the low prices set by the supermarkets, manufacturers generally put out a call to traders to supply blocks of frozen meat at the cheapest price possible. By substituting much cheaper horsemeat, the traders on trial were able to increase their profits by 30-40%, according to a police investigator.

Some of the beefburgers that tested positive for horse DNA had been manufactured in an Irish factory called Silvercrest that was part of a giant beef processing company, the ABP group. They had been sold in leading supermarkets. Some contained traces of equine DNA, which might have come from contamination from previous batches on the production line, but Tesco burgers from Silvercrest tested as 29% horse, suggesting lumps of horsemeat had been added.

ABP said rogue Silvercrest managers had strayed from specifications in buying some meat from an Irish trader, Martin McAdam, based nearby in County Monaghan. He and ABP insisted they were victims of the fraud and had no idea they had ever handled horse. McAdam had in turn bought from FlexiFoods.

Separately, environmental health officers (EHOs) in Newry, Northern Ireland, had received a tip-off that undeclared beef hearts were being used for manufacturing at a factory in their area called Freeza Meats. Freeza Meats was a large supplier of burgers to Asda. An EHO went to inspect and found a suspicious load of meat that was not properly labelled so she detained it.

It was found to contain different batches of meat, some Polish beef, some Polish beef mixed with Polish horsemeat, and some Irish horse. During the gruesome job of defrosting and examining it, police found the microchips of three registered riding horses. Wiktor and Trak had been ponies owned in Poland; Carnesella Lady had once been a valued hunter and broodmare kept in Galway.

The detained meat was owned by McAdam, who said he had bought the load from FlexiFoods for another Irish burger manufacturer, Rangeland, who had rejected it because it was the wrong size for its machines, which was why it was being kept in Freeza Meats's cold store. Freeza Meats denied any knowledge of the contents of the load. It later pleaded guilty to selling undeclared beef hearts in Asda burgers and was fined. It had bought 653 tonnes of beef hearts for processing between January 2012 and April 2013.

Police following the horse trail back through traders were led by FlexiFoods' records for the detained load to Dinos. While they were able to physically test the rejected load, other loads had already been eaten. So the prosecution examined the invoice and shipping evidence for seven orders that had gone through FlexiFoods and Dinos and ended up at Silvercrest and Rangeland, accounting for 83 tonnes of adulterated meat.

On paper, FlexiFoods placed orders for horse with an Italian meat trader, the court heard. The Italian company then bought horsemeat for FlexiFoods, again on paper, from an Irish cold store that owned large quantities of Irish-slaughtered horse. The Irish horse, labelled as horse, was then delivered to Dinos in London where it was mixed with imported Polish beef and sent back to Ireland labelled as 100% beef, the prosecution said.

Meat processors in Europe must be licensed and each has its own official health stamps to prove traceability. Sideras made new labels with faked stamps for the mixed loads.

Dinos had also done business with a Dutchman who has been charged and is due for trial in November in the Netherlands in connection with the 2013 horsemeat scandal. He was arrested again earlier this month in Spain as part a huge operation by the Spanish authorities and Europol, which suggested that horse frauds continue. He cannot be named for legal reasons but Europol said he had been charged along with 65 others with crimes including animal abuse, document forgery, money laundering, and being members of a criminal organisation.

ABP sacked its Silvercrest managers and sold the factory in 2013. Freeza Meats was closed. Silvercrest, Rangeland and McAdam's company were fully investigated in 2013 by the Irish department of agriculture, which said there was no evidence that any of them had knowingly bought or used horsemeat.

(21st September 2017)


ANTI-SEMETIC HATE INCIDENTS SOAR TO RECORD HIGH IN UK
(International Business Times, dated 27th July 2017 author Isabelle Gerretsen)

Full article [Option 1]:

www.ibtimes.co.uk/anti-semitic-incidents-soar-by-over-200-decade-1632098

Anti-Jewish incidents rose to a record high in the UK in the first six months of 2017, a new report by Britain's anti-Semitism watchdog has revealed.

There were 767 acts of anti-Semitism recorded nationwide between January and June this year, a 30% increase compared with 2016, according to research by the Community Security Trust (CST), a charity monitoring anti-Jewish acts in the UK. This is the highest total ever recorded across a six-month period and a 212% rise on the same period a decade before, when there were 246 incidents.

In 2016, the year of the bitter Brexit referendum, anti-Semitic instances rose 42% in a year, with 1,309 incidents recorded, compared with 924 the previous year.

The authors of the CST report acknowledge that "improvements in reporting of anti-Semitism" may have contributed to the overall increase, but say that this alone does not explain "the scale or breadth" of the problem.

A spokesperson for the CST, Dave Rich, told IBTimes UK that there is "no simple answer" why the number of incidents is so high.

"Previously when we have seen record totals they have usually been linked to particular events such as wars in Israel and Gaza, but that is not the case this year," he said.

"Nor is it down to better reporting from what we can tell. It seems that there is simply more anti-Semitic hate crime happening.

"Perhaps this is because anti-Semitism has been a prominent issue in the media and politics over the past year or two, or because of wider divisions and tensions in society that have led to increases in other types of hate crime as well."

Eighty of the incidents involved physical assaults, almost 80% more than the previous year. There were 568 instances of abusive behaviour against Jewish people, with the majority involving damage to property, verbal aggression and abuse on social media.

Jewish Labour MPs, including Ruth Smeeth and Luciana Berger, were also targeted by online trolls last year. Smeeth has said that she was called a "CIA/MI5/Mossad informant" and a "f*****g traitor" on Twitter.

Simon Johnson, CEO of the Jewish Leadership Council, said more should be done to tackle "vile and disgusting anti-Semitic online abuse" and called on social media companies such as Twitter, Facebook and YouTube to ramp up efforts to police their platforms.

MPs condemned the "worrying rise" in anti-Semitism and vowed to do more to tackle "bigotry and hate" in Britain.

"One such incident is one too many," Home Secretary Amber Rudd said. "[The government] will continue to do everything we can to stamp out the division and hatred that blights our communities. That is why we are providing £13.4m to protect Jewish sites and made available £900,000 to tackle various types of hate crime."

Communities Secretary Sajid Javid said the record number of anti-Semitic incidents was "completely unacceptable" but added that it was "encouraging" that "Jewish communities are more confident in coming forward."

(21st September 2017)


WOMEN NOT REPORTING CHEMICAL ASSAULTS DUE TO FEAR OF REPRISALS
(London Evening Standard, dated 26th July 2017 author David Churchill)
www.standard.co.uk [Option 1]

A campaigner in one of the Boroughs worst hit by acid attacks today said she fears cases were being "under reported" by female victims who feared reprisals.

Rabina Khan, 44, is an independent councillor in Tower Hamlets, Scotland Yard figures showed men were twice as likely to be victims but Ms Khan said that the number of women was likely to be higher.

She said acid was used in "honour" crimes and domestic abuse, adding: " I would say there is under-reporting that we need to be looking at and which is one of the biggest worrying factors. People may be afraid or scared to report - that's what we've seen.

"What we want to do is make sure that it's particularly women talking about this because the victims are usually women and tend to be afraid of reprisals, with some not coming forward".

Since 2010 there have been more than 1,800 reports of attacks involving corrosive fluids in the capital. Between 2011 and 2016 there were 398 acid attacks in Newham, 134 in Barking and Dagenham and 84 in Tower Hamlets.

Ms Khan, who runs End Acid Attacks in London, said the crimes should be recorded seperately from other forms of violence. She joined calls for people to able to be prosecuted for " carrying an offensive weapon" if caught with corrosive substances.

(21st September 2017)


THESE CHEAP PHONES COME AT A PRICE - YOUR PRIVACY
(CNET, dated 26th July 2017 author Alfred Ng)

Full article [Option 1]:

www.cnet.com/uk/news/these-cheap-phones-are-costing-you-your-privacy/

Cheap phones are coming at the price of your privacy, security analysts discovered.

At $60, the Blu R1 HD is the top-selling phone on Amazon. Last November, researchers caught it secretly sending private data to China.

Shanghai Adups Technology, the group behind the spying software on the Blu R1 HD, called it a mistake. But analysts at Kryptowire found the software provider is still making the same "mistake" on other phones.

At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it.

"They replaced them with nicer versions," Ryan Johnson, a research engineer and co-founder at Kryptowire, said. "I have captured the network traffic of them using the command and control channel when they did it."

An Adups spokeswoman said that the company had resolved the issues in 2016 and that the issues "are not existing anymore."

Kryptowire said it has observed Adups sending data without telling users on at least three different phones.

This year's Black Hat conference comes against the backdrop of a year's worth of reports about Russian hacking and its intrusion into the 2016 presidential race, as well as news in the last few months about ransomware attacks that hijack people's computers, to be unlocked (if you're lucky) for a fee.

People have enough to worry about when it comes to privacy on their personal devices. Between government surveillance and security vulnerabilities, preinstalled software on the phone itself is an unexpected breach of both trust and privacy for millions of owners who are just looking for an inexpensive phone.

Blu, which says it disputes the notion that Adups is spyware, said it "has several policies in place which take customer privacy and security seriously," and says there have been no breach with its devices. The company also cites Kryptowire vice president Tom Karygiannis as saying the data collection does not constitute any wrong doing.

Karygiannis, however, told CNET: "I did not authorize them to make a public statement on my behalf."

A huge invasion of privacy'

Having access to the command and control channel -- a communications route between your device and a server -- allowed Adups to execute commands as if it's the user, meaning it could also install apps, take screenshots, record the screen, make calls and wipe devices without needing permission.

"It does seem like a huge invasion of privacy," Johnson said.

Kryptowire looked at more than 20 pieces of firmware from low-end Android devices, all which had vulnerabilities that allowed for spyware apps and all of which had a MediaTek chipset. The chipset always came with a preinstalled app called MTKLogger, which allowed for surveillance of data like your browsing history and GPS location if it were hijacked.

MediaTek said it resolved the issue in November, but researchers at Kryptowire found out last week that the Blu Advance 5.0 still ships with a vulnerable version of the app. The phone, which is the third best-selling phone on Amazon, does not have a firmware update available to stop a potential exploit, Johnson said.

It works through something called privilege escalation, which gives advanced permissions to certain apps far beyond what you would like it to have. Kryptowire has not found any cases yet in which the MTKLogger has been hijacked, but the vulnerability still exists.

Kryptowire originally discovered Adups' spying nature last October. After it had been revealed, Adups removed its data tracking on devices like the Blu R1 HD and the Blu Life One X2, two phones that are popular on Amazon for their cheap prices. For those two devices, Adups stopped sending text message and call logs to China since.

A widespread problem


Johnson only found Adups' secret data funneling to China because it was the top-selling phone on Amazon -- but the issue remains prevalent on low-profile devices, he said. In May, he purchased a Blu Grand M from Best Buy, which goes for between $60 and $75.

Six months after Adups said it made a mistake with its data tracking, Johnson discovered that it was still happening on the Blu Grand M. In May, he found the phone was sending data to China containing a list of apps installed, the apps used, unique phone identifiers like the MAC address and IMEI, the phone number, and cell phone tower ID.

It doesn't track your phone's GPS, but cell phone tower data is close enough to be admissible as evidence in murder trials and has raised massive debates on digital privacy.

"It can generally locate a person, presuming they're in an urban area," Johnson said.

Adups' spying intensity varies based on the phone, but it comes preinstalled on up to 700 million devices, including cars and other connected devices. Some of the more aggressive spying would send a person's browsing history and bookmarks.

Johnson said he hasn't found the spyware on any phones that cost more than $300, as Adups is mostly installed on cheaper devices. It's not only on Blu devices, as Johnson in May found data exfiltration on the Cubot X16S as well.

The Chinese phone, which sells for between $90 and $110, was sending call logs, browser history and location data behind users' backs. Cubot did not respond to requests for comment.

"It seems pretty widespread around lower-end phones," Johnson said.

Johnson tested the Cubot X16S's software again on Monday, and found that Adups had quietly removed the backdoor app on the device -- shortly after CNET reached out to the company.

It's still unclear what happens with the data once it's on servers in China. When Johnson contacted Adups, the company said it would just delete the data. Kryptowire was able to track the data to where it ended up, but not what was done with it.

(21st September 2017)


OVER HALF OF (Scottish) COUNCILS AND HEALTH BOARDS ATTACKED IN PAST THREE YEARS
(i, dated 24th July 2017 author Deborah Punshon)
www.independent.co.uk [Option 1]

Almost 60 per cent of Scottish councils and over half of health boards logged attempted or successful cyber attacks in the past three years, the Johnston Press Investigations unit has discovered.

Data produced from Freedom of Information requests showed only half of local authorities reported incidents to the police.

Ransomware - both attempted and successful - was among the most common type of attack experienced by Scottish public bodies.

Data shows that 19 of Scotland's 32 councils experienced over 50 no table incidents in the past three financial years. Of the incidents logged, only nine authorities reported any to police though no data was stolen or lost.

Between 2014 and 2017, Aberdeen City Council suffered 12 successful cyber attacks, including six ransomware incidents, and had its webpage defaced. None of the council's data was compromised during any of the incidents.

The data also shows that over half of Scotland's health boards have been targeted by cyber criminals since 2014.

Apart from the WannaCry attack in May which affected 11 of Scotland's 14 health boards, incidents were not reported to Po­lice Scotland despite at least nine breached systems.

NHS Greater Glasgow and Clyde was subject to four cyber breaches in 2016. Files became inaccessible after being encrypted by ransomware. All data was recovered and the ransoms were not paid.

A Scottish Government spokesman said: "Scotland's public sector bodies take cyber security seriously and implement a wide range of mea­sures to ensure basic security standards. Ministers expect to receive recommendations from the National Cyber Resilience Leaders' Board shortly."

(21st September 2017)


LONDON POLICE GIVEN 1,000 ACID RESPONSE KITS AFTER SURGE IN ATTACKS
(The Guardian, dated 24th July 2017 author Holly Watt)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/24/london-acid-attacks-police-given-1000-emergency-response-kits

Police officers in London are being issued with 1,000 acid attack response kits after a rise in the number of crimes involving corrosive liquids. Rapid response police cars will now carry the kits, which include protective gear and five-litre bottles of water, to allow officers to give immediate treatment to victims sprayed with acid.

The London fire brigade will respond alongside police, because the service is able to provide large volumes of water rapidly. Pouring water over a victim can help prevent further damage to skin, but speed is critical.

Police in east London will also carry kits to allow them to test for acid and other corrosive liquids. At the moment it is not illegal to carry such substances, meaning that police have to show there is intent to cause harm.

Stephen Timms, the Labour MP for East Ham, has called for carrying acid to be made a crime. Criminals who carry out acid attacks can be prosecuted for grievous bodily harm and jailed for life.

A number of attacks have taken place in east London recently, particularly in Newham. At the moment, police cars in east London carry the attack response kits, but they will now be rolled out to all cars in the capital.

A spokesman for the Metropolitan police said the force was working closely with the London fire brigade, the ambulance service, the Home Office and hospitals on how to deal with the issue.

Acting Det Supt Mike West, the Met's lead officer for corrosive-based crime, told the Evening Standard: "These are life-changing injuries. While the volumes in comparison with knife and gun crime are small, the injuries are a life sentence for victims.

"I am confident that we are stepping up our response to this crime and we are looking for a safer way to identify some of the substances on the streets. So you might be walking down the street with what appears to be a bottle of Lucozade, but officers will now be testing you to establish what is in that bottle."

A London fire brigade spokesperson said: "Our firefighters are specialists in dealing with a full range of incidents involving hazardous materials. If our crews are called to the scene and someone is suffering from the affects of a corrosive substance, we will assist our colleagues from the London ambulance service and Metropolitan police in treating the casualty, primarily by helping to flush the affected area with copious amounts of water."

The number of crimes involving acid or other "noxious substances" has more than doubled in London over the past three years. In 2016, there were 455 crimes in the city where a corrosive substance was used or threatened to be used.

Experts have linked the rise in acid attacks to a crackdown on knives and guns, saying street gangs have started using corrosive substances because they are more readily available.

Police say there is anecdotal evidence that young criminals are carrying acid following legislation introduced in 2015 that means an immediate jail term for a repeat offence of carrying a knife.

(21st September 2017)


CENTRAL BANK WARNS CONSUMERS AS FRAUDSTERS CLONE DETAILS OF IRISH REGISTERED COMPANIES
(Irish Independent, dated 24th July 2017 author Louise Kelly)

Full article [Option 1]:

www.independent.ie/business/irish/central-bank-warns-consumers-as-fraudsters-clone-details-of-irish-registered-companies-35961561.html

Consumers have been warned to be aware of financial fraudsters as an unauthorised firm has cloned the details of an Irish registered company.

The Central Bank have discovered that Baradero Global Transfer Limited (www.baraderoglotrans.tk) has been operating as a payment institution and/or as a money transmission business here without appropriate authorisation.

According to the bank, this unauthorised firm cloned the details of a company called Baradero Limited, a company registered with the Irish Companies Registration Office (CRO) which does not deal in financial services.

"It should be noted that there is no connection whatsoever between Baradero Limited, which is a company registered with the CRO and the unauthorised entity Baradero Global Transfer Limited (www.baraderoglotrans.tk) that has cloned its details," read a Central Bank statement.

Meanwhile, Park Projects Investments Limited (www.parkprinvest.eu.pn), has been operating as a retail credit firm without authorisation, cloning the details (name and Irish registered address) of a company called Park Projects Investments Limited.

"Fraudsters are increasingly using legitimate firms' details to add an air of legitimacy to their fraud. The fraudsters will 'borrow' all of the legitimate information of an authorised/legitimate firm for the purpose of this fraud.

"They may quote authorisation numbers/company registration numbers and links to seemingly legitimate websites and even provide the real address of an authorised/legitimate firm."

The Central Bank said that it is a criminal offence for an unauthorised firm to provide financial services in Ireland and has advised consumers should be aware that, if they deal with a firm which is not authorised, they are not eligible for compensation from the Investor Compensation Scheme.

Consumers have also been advised to check the Central Bank's register to verify a firm's details and to call the firm back directly using its advertised phone number.

(21st September 2017)


BRITS MUST NOW REGISTER VIRTUALLY ALL NEW DRONES AND UNDERGO SAFETY TESTS
(The Register, dated 24th July 2017 author Gareth Corfield)

Full article [Option 1]:

www.theregister.co.uk/2017/07/24/uk_mandatory_drone_registration_rules_floated/

New British drone owners will have to register their craft with the state and pass a mandatory safety test, according to a government announcement sneaked out over the weekend.

The plans are a response to the perceived danger of amateur drone operators cavorting around the skies willy-nilly, causing headaches for airliner pilots and air traffic controllers alike.

"Like all technology, drones too can be misused. By registering drones, introducing safety awareness tests to educate users we can reduce the inadvertent breaching of airspace restrictions to protect the public," said aviation minister Lord Callanan in a statement.

The rules will apply to all new drones weighing more than 250 grams, with the move being intended "to improve accountability and encourage owners to act responsibly".

Though the government's intention is clearly to force all new users of items other than kids' toys to register, the details have not yet been worked out. We are told: "Users may be able to register online or through apps, under plans being explored by the government," though the mandatory test will cover "safety, security and privacy regulations".

"There is no time frame or firm plans as to how the new rules will be enforced," noted the BBC.

Chinese drone maker DJI, the pre-eminent market supplier, welcomed the move. Brendan Schulman, a veep at the firm, said in a statement: "The Department for Transport's proposal appears to strike a sensible balance between protecting public safety and bringing those benefits to the UK's businesses and the public at large."

Schulman also sounded a warning note over the scheme's sketchiness: "We expect the government to work closely with industry leaders to ensure progress and promote technological innovation... The key will be maintaining this balance in the next round of deliberation."

Hackers have circumvented software restrictions on off-the-shelf DJI drones, bypassing height limits and so-called geofences around areas that governments would rather the public couldn't see inside. Earlier this year DJI imposed its own mandatory registration scheme, limiting flight performance if users chose not to bother.

The EU announced its own set of "draft" regulations on drones earlier this year, with industry figures expecting them to become mandatory with few or no changes.

Nobody has kept track of how many consumer drones have been sold up until now, meaning there are potentially thousands of people with drones weighing 250g or more who will not be affected by the registration scheme - or tested on their knowledge of aerospace regulations.

Was the study justifying this move a fair test?

Key to the government's published justification for this is a study carried out by British miltech boffinry outfit Qinetiq (PDF, 18 pages) which showed that drones colliding with aircraft cause significant damage. Commissioned by the Department for Transport, the Military Aviation Authority (a branch of the Ministry of Defence) and the British Airline Pilots' Association, a trade union, the study found "drones can cause significantly more damage than a bird of equivalent mass at the same speed... due to the hard metallic components present in drones."

Some in the drone community immediately questioned the study's validity because of the drone and payload used. Qinetiq testers decided to strap a hand-held Nikon DSLR camera underneath the drone. This is not typical of how most camera-equipped drones operate; the vast majority have integral cameras of about the size and weight of an external webcam.

"It's important for the drone industry, with both hobbyist and commercial interests, that any regulations that are agreed on, or legislation that is enacted, should be based on sound studies which global drone experts agree are accurate and based on real life like use cases," Ian Hudson, a CAA-approved drone pilot, told The Register. "The photographed device appears to be a collection of parts barely passable as either a consumer or professional drone. The camera alone is the weight equivalent of a DJI Mavic and DJI Spark taped together."

During the tests, the drone and its components were fired into a sample of airliner and helicopter windscreens and a computer model derived from the gathered data.

(21st September 2017)


MONEYSUPERMARKET FINED £80,000 FOR SPAMMING SEVEN MILLION CUSTOMERS
(The Register, dated 21st July 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/07/21/moneysupermarket_fined_80000_for_spamming_seven_million_customers/

Price-comparison darling Moneysupermarket.com has been fined £80,000 for sending 7.1 million emails to customers who had opted out of receiving direct marketing emails.

The UK's data protection watchdog stepped in to compare the firm's behaviour with the law - and found that it had attempted to circumvent rules on direct marketing. Between 30 November and 10 December 2016, Moneysupermarket.com sent out a batch of emails to people who had asked not to be contacted, with 6.8 million successfully received.

The message was audaciously dressed up as an invitation asking people to accept promo material. Folks who had previously insisted they'd rather not be receiving end of marketing bumf were asked if if they'd like to reconsider. The missive read:

We hold an e-mail address for you which means we could be sending you personalised news, products and promotions. You've told us in the past you prefer not to receive these. If you'd like to reconsider, simply click the following link to start receiving our e-mails
.

In a move that anyone - apart from, it seems, Moneysupermarket - should have predicted, customers weren't pleased, and one reported it to the Information Commissioner's Office.

On investigation, the ICO said that Moneysupermarket.com had broken Privacy and Electronic Communications Regulations, and slapped it with an £80,000 fine. Head of enforcement Steve Eckersley said in a statement:

"Organisations can't get around the law by sending direct marketing dressed up as legitimate updates.

"When people opt out of direct marketing, organisations must stop sending it, no questions asked, until such time as the consumer gives their consent. They don't get a chance to persuade people to change their minds.
"

He added that emails sent by companies "under the guise of 'customer service', checking or seeking their consent, is a circumvention of the rules and is unacceptable," and that the ICO would continue to take action against them.

The watchdog last month gave Morrisons supermarket a £10,500 fine for a similar breach, in which the chain sent more than 200,000 emails to people who had previously opted out.

(21st September 2017)


MET POLICE PUT UNDERCOVER OFFICERS ON BICYCLES TO CATCH DANGEROUS LONDON DRIVERS
(Independent, dated 21st July 2017 author Tom Bachelor)

Full article [Option 1]:

www.independent.co.uk/news/uk/home-news/met-police-london-drivers-undercover-officers-bicycles-dangerous-driving-roads-a7852951.html

Undercover police officers will be deployed on London's roads using unbranded bicycles to catch dangerous drivers who pass cyclists too closely.

Plain clothes officers wearing video cameras will be dispatched to accident black spots in a bid to tackle bad driving under the "space for cyclists" scheme.

The new tactic is designed to reduce the number of deaths and injuries on the capital's roads.

Drivers caught making close passes, tailgating or cutting up cyclists by making unsafe left or right turns across bike lanes will be targeted.

The latest figures for cycling deaths and injuries show that 18,844 cyclists were hurt or killed on Britain's roads in 2015.

Bike-mounted officers will be sent to any location based on police intelligence and complaints from the public. Once a driver is witnessed driving dangerously, a nearby marked police motorcycle rider will be alerted.

Bad drivers will be required to pass a roadside eyesight test, have their vehicle checked for roadworthiness and have the Highway Code explained to them. The most serious offenders will face a court appearance.

The first car stopped under the scheme on Friday morning had no insurance, MOT or tax, and was impounded.

A bus driver was also recorded passing less than 30cm from the cycling officer.

The Highway Code states drivers overtaking cyclists must give at least give as much space as they would a car.

Cyclist smashed off his bike by driver following mobile phone row

Duncan Dollimore, senior road safety officer at Cycling UK, told The Independent: "When the Metropolitan Police pulled over drivers in Peckham this morning for overtaking cyclists too close, it was no surprise to discover that some of those spoken to were also driving untaxed vehicles with no insurance.

"Other forces conducting similar operations have experienced exactly the same, showing that a small investment of time and resources in a simple enforcement operation can prove really effective."

?Ashok Sinha, chief executive of the London Cycling Campaign, added: "Drivers passing too close is terrifying and off-putting to people cycling.

"Most people cite road danger and near misses as major reasons why they don't cycle.

"The Highway Code requires drivers give safe space to cyclists when overtaking.

"This welcome operation on close passes will send a message to drivers in London to obey the Highway Code and stay wider of the rider."

A spate of cycle deaths in London earlier this year put pressure on the Mayor of London, Sadiq Khan, to improve safety for cyclists by providing more segregated cycle lanes.

In one case, a cyclist in his 30s was dragged at least 20 yards under the wheels of a lorry before the driver was alerted by other motorists to the mangled bike in his wheels.

City Hall defended its record on road safety, saying the cycling budget for 2016/17 was £127m - eclipsing the average yearly spend under the previous mayor, Boris Johnson, of £79m.

London's injured cyclists


Will Norman, London's Walking and Cycling Commissioner, expressed support for the police initiative and said the mayor's office was "working hard to build high-quality safe routes to encourage even more people to cycle".

Sergeant Andy Osborne, of the Met's Cycle Safety Team, said: "This tactic is about education and encouraging motorists who do not comply with the rules of the road to start doing so - for everyone's safety and protection - theirs included.

"There is a lot of traffic in the capital and we all need to share the roads and be mindful of other road users. In its simplest form, it's about being courteous to one another.

"By all road users obeying the Highway Code, collectively we can help lessen incidents of people being killed or seriously injured on the roads."

Efforts by the Met to reduce road casualties follow a similar scheme introduced by West Midlands Police, which deploys undercover officers on bicycles to monitor dangerous driving.

(21st September 2017)


UK HOUSEHOLDS HIT BY 1.8m COMPUTER MISUSE OFFENCES IN A YEAR
(The Register, dated 20th July 2017 author Rebecca Hill)

Full article [Option 1]: www.theregister.co.uk/2017/07/20/uk_computer_misuse_statistics/

The number of incidents of computer misuse in England and Wales reached 1.8 million in the year up to March 2015, according to official crime statistics released today.

The Office for National Statistics data, based on a household survey of around 17,000 people, reveal 1.19 million cases of computer viruses.

There were a further 603,000 incidents where someone gained unauthorised access to personal information, which includes hacking.

The data suggests people don't tend to bother reporting computer viruses to the police, with just 3.7 per cent of people informing law enforcement.

However, more people thought cops should know when someone had access their personal info - 11.8 per cent said they reported such incidents.

Some 18 per cent of people surveyed said they fell victim to computer misuse crimes more than once during the year.

Of the overall total, 6 per cent said they had suffered three or more incidents (El Reg wonders whether they were simply unlucky or might need to do something about their security measures).

These computer misuse stats are experimental - they only got added into the official crime survey back in October 2015, which means that until there are two years of data there isn't a previous set to compare them against.

The ONS also added in questions on fraud at the same time, and the data shows that, in the 12 months up to March 2017, there were 3.4 million incidents.

Not all of these resulted in financial loss - 31.9 per cent didn't - and just 0.5 per cent resulted in a loss of £20,000 or more. Nearly half (45.4 per cent) resulted in a loss of between £50 and £1,000.

Of these cases, 57 per cent were classed as cyber crime - defined by the ONS as being those that involved the internet or any kind of online activity. Somewhat unsurprisingly, 97 per cent of computer misuse cases fell into this category.

The survey also looked at offences recorded as online crime by the police in England and Wales, finding that there were almost 50,000 such cases.

Of these, harassment and stalking was the most prevalent, with 29,570 recorded cases.

But obscene publications were more likely to involve the internet - 43 per cent of all obscene publications were classed as online crime, while just 14 per cent of harassment and stalking took place online.

The other incidents most often reported as online crime were child sexual offences (5,710 cases) and blackmail (2,114).

Overall, the crime survey showed 11 million incidents of crime in the year up to March 2017, including these experimental figures. Without them, there were 5.9 million incidents, which was a 7 per cent drop on last year's survey.

(21st September 2017)


SHOTGUN CRIME HAS GONE UP 44% IN THE UK IN A SINGLE YEAR
(International Business Times, dated 20th July 2017 author Josh Robbins)

Full article [Option 1]:

www.ibtimes.co.uk/uk-sees-23-rise-gun-crime-20-rise-knife-crime-just-one-year-1631201

Dramatic rises in gun crime and knife crime have been recorded by British police in the year between April 2016 and March 2017, according to the Office for National Statistics (ONS).

There were 6,375 firearms offences during the period, up 23% from the year before. Meanwhile, the number of crimes involving knives or sharp instruments rose 20% to 34,703.

These developments were at the extreme end of a wider trend that saw all recorded crime rise by 10% - the biggest spike for a decade.

"This government is failing in its duty to keep our streets safe," Liberal Democrat MP Ed Davey told The Guardian.

"The Conservatives have utterly disrespected the police by freezing their wages and cutting their budgets time and again".

Sexual assaults committed with a knife or sharp instrument rose by a staggering 50% to 180 while rapes aided with a knife rose 25% to 416.

Shotgun crime was up 44% to 592 while handgun offences rose by 24% to 2685.

John Flatley, from the ONS, warned that some of the increases were driven by improvements in the way police now record crime.

However, he added that this did not account for all the data and that crime had undoubtedly risen in the last year.

A separate national crime survey, also released today, called The Crime Survey of England and Wales (CSEW) found that overall crime had fallen by 7%.

The ONS figures relate to police recorded crime whereas the CSEW figures are derived from surveying the general public.

He made explicit reference to weapon-related crime, arguing that the ONS's figures, which showed sharp rises, were more accurate.

"Some of the increases recorded by the police are in the low-volume, but high-harm, offences such as homicide and knife crime that the crime survey [CSEW] is not designed to measure," he said.

Labour's shadow home secretary, Diane Abbott, said: "The Tories have cut police officer numbers again in the latest 12 months and now there are well over 20,000 fewer than in 2010.

"The Tories simply aren't allowing the police to protect the public. Labour in government will tackle rising crime."

(21st September 2017)


CRIME RISE IS BIGGEST IN A DECADE - ONS FIGURES SHOW
(The Guardian, dated 20th July 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/20/official-figures-show-biggest-rise-crime-in-a-decade

Police-recorded crime has risen by 10% across England and Wales - the largest annual rise for a decade - according to the Office for National Statistics.

The latest crime figures for the 12 months to March also show an 18% rise in violent crime, including a 20% surge in gun and knife crime. The official figures also show a 26% rise to 723 in the homicide rate, which includes the 96 cases of manslaughter at Hillsborough in 1989.

More alarmingly, the statisticians say the rise in crime is accelerating, with a 3% increase recorded in the year to March 2015, followed by an 8% rise in the following year, and now a 10% increase in the 12 months to this March.

The accelerating rise in crime comes as Home Office figures show a further fall of 924 in the past year in the number of police officers, to 123,142 in England and Wales. This is the fewest officers in England and Wales since 1985. Police numbers have fallen by 20,592 since 2010.

Ministers will also be concerned that the country is becoming increasingly violent in nature, with gun crime rising 23% to 6,375 offences, largely driven by an increase in the use of handguns. Knife crime has also jumped by 20% to 34,703 incidents - the highest level for seven years. The largest increase in knife crime came in London, which accounted for 40% of the rise.

There has been a particular increase in the number of robberies at knife point to nearly 13,000 incidents. Rape or sexual assaults at knife point also show large percentage increases, although the numbers remain low with a total of 142 offences.

The 10% rise in police-recorded crime to nearly 5m offences include increases in burglary and vehicle theft, suggesting that the long-term fall in these higher volume offences may be coming to an end.

In contrast to the ONS figures, the official Crime Survey of England and Wales (CSEW), also released on Thursday, asked 35,000 households if they had been a victim of crime in the previous year. It is not designed to measure high-harm but low-volume offences such as murder and knife crime, and showed a 7% fall compared with the previous year, excluding fraud and computer misuse offences. If online is included, the number of crimes estimated by the survey rises from 5.9m to 11m.

The policing minister, Nick Hurd, said that crime, as measured by the crime survey, was down by a third since 2010 and by 69% since its 1995 peak.

"The Office for National Statistics is clear that much of the rise in violent offences recorded by police is down to better recording by forces but also believes some of the increases may be genuine and clearly there is more we must do to tackle the violent crimes which blight communities," said the Home Office minister.

"We recognise that crime is changing and we are determined to get ahead of new and emerging threats to the safety and security of our families and communities. Our latest action, announced in the past week, includes urgent work to bear down on acid attacks and proposals to strengthen the law to get knives off our streets."

The shadow home secretary, Diane Abbott, said the figures were a damning indictment. "The Tories have cut police officer numbers again in the latest 12 months and now there are well over 20,000 fewer than in 2010," she said. "The Tories simply aren't allowing the police to protect the public. Labour in government will tackle rising crime." She added that Labour would bring back 10,000 officers when in power.

The Liberal Democrats' Ed Davey said the figures had exposed the Conservative record of failure on crime. "This government is failing in its duty to keep our streets safe," he said. "The Conservatives have utterly disrespected the police by freezing their wages and cutting their budgets time and again."

John Flatley, head of crime statistics and analysis at the ONS, said: "The latest figures show the largest annual rise in crimes recorded by the police in a decade. While ongoing improvements to recording practices are driving this volume rise, we believe actual increases in crime are also a factor in a number of categories.

"Some of the increases recorded by the police are in the low-volume, but high-harm, offences such as homicide and knife crime that the crime survey is not designed to measure. If the increases in burglary and vehicle theft recorded by the police continue, we would expect these to show up in the survey in due course. We will continue to monitor these trends and investigate the factors driving any changes."

The 10% rise in police-recorded crime - an increase of 458,021 offences - was largely driven by increases in violence against the person (up 175,000 offences), theft (up 118,000), and public order offences (up 78,000).

There were smaller volume increases in criminal damage and arson (24,000), sexual offences (up 14,000), burglary (up 10,500), and robbery (up 8,000).

The 26% rise in the homicide rate to 723, an increase of 149, cover the 96 cases of manslaughter at Hillsborough in 1989, which were included in the annual figure as the inquests were finally concluded. Without the Hillsborough deaths, the number of homicides rose by 9%.

All forces across England and Wales, except Cumbria and North Yorkshire, recorded an annual increase in their latest figures.

Official statisticians say that although police-recorded crime figures lost their national statistics status in 2014 because of quality issues in changes in recording, they say the year-on-year increases represent actual increases in crime. The 10% rise in police-recorded crime contrasts with a 7% fall in the official crime survey.

Alexa Bradley, deputy head of crime statistics at ONS, explained why the CSEW and police records data appeared to show different trends. "It is important to remember that the sources differ in the population and offences they cover," she said.

"At least half of the increase in police-recorded crime series is in offences not covered by the survey, including shoplifting, public order offences and possession of weapons."

(21st September 2017)


BRITISH SILENCE ON PUBLIC TRANSPORT "MAKES IT HARDER TO STOP SEXUAL ASSAULT"
(The Telegraph, dated 20th July 2017 author Olivia Rudgard)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/20/british-silence-public-transport-makes-harder-stop-sexual-assault/

British silence on the rail network is making it harder for women to speak up about being sexually assaulted, campaigners have said.

Figures obtained by BBC Radio 5 Live Investigates show that the number of reported sexual offences on trains has doubled in five years from 650 in 2012/13 to 1,448 in 2016/16.

The data, which was released by the British Transport Police following a freedom of information request, shows that the majority were sexual assaults on females aged over 13.

Campaigners said the figures, which cover England, Scotland and Wales and include the London Underground, showed that women were more comfortable reporting incidents to the police, but added that commuters needed to do more to look out for each other.

Rachel Krys, co-director of the End Violence Against Women Coalition, said: "As many times as you hear a good story about someone intervening to help, you hear another one about nothing happening.

"People don't interact on the Tube and this does take all of us interacting a little bit better and taking some responsibility for each other.

"We need to say we want a different type of transport system."

She said the organisation's research had showed that most incidents take place at rush hour when carriages are busy.

"It's an opportunistic crime in many ways and when the Tube is really full these perpetrators play on that, in that a woman is not really sure whether it's happened to her."

Busy carriages made it even more difficult for others to intervene, she added.

"Women are also thinking 'is this actually assault, what's actually happening' so it's really hard for a stranger to see what's happening.

"The likelihood of them saying something is very low. We could all be looking out for each other a bit more."

Many of the reported assaults involve men pressing up against or groping a victim, often in a busy carriage.

In 2015 Labour leader Jeremy Corbyn, who at the time was campaigning for the leadership, was criticised for suggesting that women-only carriages could be considered to reduce attacks.

Ms Krys called the idea "extremely problematic". "Some men feel like they have more right to the space than women", she said.

"We need equal spaces - we need freedom for women," she added.

Detective Chief Inspector Darren Malpas from the British Transport Police said: "Tackling all forms of unwanted sexual behaviour on public transport is a priority for British Transport Police and we have worked hard in recent years to send a clear message to victims that they will be taken seriously and we will investigate offences."

(21st September 2017)


RUSSIAN HACKERS OFFER COURSES IN CREDIT CARD THEFT ON THE DARK WEB
(The Times, dated 19th July 2017 author John Simpson)
www.thetimes.co.uk [Option 1]

Russian hackers are offering sophisticated training on how to steal up to £10,000 a month through credit-card scams, researchers have found.

Operating through encrypted forums on the dark web, the online marketplace for illegal goods, the gangs give lectures and comprehensive guides to evading detection, often with the strict rule that course participants do not target Russian credit cards.

Undercover monitoring of the dark web by Digital Shadows, an online risk management company, found student reviews bragging of purchases made using stolen card details with images of cameras, games consoles and beach holidays.

The company's analysts investigated hundreds of criminal forums and found card details for 37,000 UK bank account holders on just two of the more popular dark web sites. The report warned that payment card fraud was expected to be worth as much as £18.5 billion globally by the end of 2018.

Digital shadows said that there was a growing trend for the six-week online fraud course, which are offered in the Russian language.

In exchange for 45,000 roubles (£575) plus about £150 course fees, aspiring cybercriminals were told they would make £9,200 a month, working a 40 hour week using stolen card details. The average wage in Russia is about £530.

Where PINs were necessary to steal from a victim, the course offered "automated services which call cardholders in the UK in an attempt to scam their details using social engineering techniques", the report found.

Scammers were also offered detailed coaching on social engineering and confidence fraud techniques for targeting victims over the telephone. One instructor advised the class to use conversation about the news and current events because they "play beautifully".

The research identified a hierarchy of linked individuals forming organised crime networks online.

Payment card data harvesters did the "dirty work" of intercepting the card data, whether physically running a "skimmer" over them or using computer viruses to steal them.

The details were then passed to distributors - who earned the lion's share of the wealth - to repackage and sell on to fraudsters who used the stolen or cloned cards to buy goods. A forth layer is made up of the criminals who are tasked with re-selling items and services bought with the stolen data.

Students were also given a guide and tools for hacking other people's PayPal accounts.

The company witheld the names of the many of the dark websites used by the hackers for fear of advertising new strategies to would-be fraudsters, but among the was Alphabay, which has had various iterations over the years and was recently taken offline.

Another site, Fraud.cat was used to test the strength of an IP address (the unique identifying code of a computers internet connection) against detection techniques.

Rick Holland, vice-president for the strategy at Digital Shadows, said:" The card companies have developed sophisticated anti-fraud measures and high-quality training like this can be seen as a reaction to this. Unfortunately, its a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem.

"However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust the defences accordingly."

(21st September 2017)


SCOTLAND YARD URGES RETIRED OFFICERS TO RETURN TO WORK DUE TO STAFF SHORTAGES IN "CHALLENGING TIMES"
(The Telegraph, dated 18th July 2017 author Victoria Ward)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/18/scotland-yard-urges-retired-officers-return-work-due-staff-shortages/

Scotland Yard has asked former detectives to return to work as it struggles to cope in the wake of a string of terror attacks and the Grenfell Tower disaster.

The force has sent a letter to hundreds of retired detectives in a desperate bid to solve an apparent staffing crisis.

In the letter, deputy commissioner Craig Mackey, notes that recent incidents have required a "significant policing response" and that certain skills were in "high demand".

He acknowledges that that they are facing "challenging times" and that it is a "significant ask" of former employees who have long since left the force.

Since the Grenfell tragedy and terror attacks in Westminster, London Bridge and Finsbury Park, the force has also had to deal with an increase in knife crime, motorbike thefts and a spate of acid attacks.

Controversial budget cuts have also left it having to find savings of £400million in the next three years and it has struggled to maintain staff levels.

The letter, obtained by Sky News, is understood to have been sent to some 400 detective constables, who were either recently retired or on a career break.

It says officers are working extremely hard to support the victims and families of those affected by recent events.

"The nature of the response is placing certain skills in high demand, particularly across the investigative, counter terrorism and firearms commands," it adds.

"If you have considered the scope for a time-limited return to the Met in any capacity - either as a police officer, civilian investigator or volunteer (either warranted or non-warranted) - we would of course be open to discussions with you.

"Whether this be for a limited time or for the longer term, your support would be greatly appreciated during these unprecedented times."

Mr Mackey says the letter was prompted by other retired officers who had already offered to return to work.

Meanwhile, it has emerged that residents of Grenfell Tower were experiencing power surges in the weeks leading up to the deadly blaze that may have caused the fire.

Residents have claimed there were problems with electricity spikes in the flats, expressing concerns about safety and wiring.

A fire expert said the surges could have been the issue that caused the fire to start in a fridge freezer on the fourth floor.

At least 80 people are thought to have died as the blaze rapidly took hold and engulfed the tower in June

Joe Delaney, spokesman for the Grenfell Action Group, told the BBC: "There's been lots of issues with the electrics. There seemed to be a litany of problems."

In 2013, dozens of Grenfell Tower residents suffered electricity power surges so strong their appliances exploded, overheated and emitted smoke.

At the time, 25 residents successfully claimed compensation from the council.

But some have now revealed that the electricity problems persisted much more recently, suggesting they were never properly resolved.

Geoff Wilkinson, a building inspector and fire expert, told the BBC: "Certainly the issue with electricity spikes could well have been an issue which led to the fire in the first instance.

"If you're getting appliances overheat as a result of that then that could be an initial ignition source but that itself would not have led to the spread.

"I think it clearly concerns anyone that if you hear that there are 20 appliances in one day, there is something that is clearly wrong."

(21st September 2017)


UK.GOV PREPARES FOR MANDATORY PORN CHECKS
(The Register, dated 17th July 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/07/17/gov_mandatory_adult_site_pr0n_checks/

The government is poised to usher in mandatory porn checks this week, with reports it will require users to provide details from a credit card to prove they are over 18.

The legislation was introduced in the Digital Economy Act in April, and will require websites serving up adult content to verify users' ages or be blocked by ISPs.

According to the Mail On Sunday, porn sites will have to use the same method as gambling websites to verify users are over 18. Sites could also face £250,000 fines if they fail to comply, it said.

The government is also expected to announce plans to appoint a regulator to police the sex websites, with the intention that all online porn sites have age verification controls by April 2018.

Digital Minister Matt Hancock said: "We are taking the next step to put in place the legal requirement for websites with adult content to ensure it is safely behind an age-verification control.

"All this means that while we can enjoy the freedom of the web, the UK will have the most robust internet child protection measures of any country in the world."

Hancock is expected to make a statement to the House of Commons today.

Information Commission Elizabeth Denham, meanwhile, has raised concerns that age checks could lead to the collection and retention of information that could be misused "or attractive to disreputable third parties".

The Liberal Democrats have previously opposed the plans, having describing the measures as something the "Russian or Chinese governments" would impose.

The party's spokesman Ed Davey said the rules will have limited success, while creating huge databases of those over 18 accessing legal adult content.

"This data is a practical treasure trove of information for hackers and criminals and the Government have failed to deal with this flaw," he said today.

"At the time we forced the government to accept a review of how these provisions function. I hope that ministers will be monitoring whether age-verification actually works rather than being content with passing legislation that sounds tough but fails to meet its objectives."

(21st September 2017)


POLICE BODYCAMS COULD SPOT CRIMINALS WITH REAL-TIME ARTIFICIAL INTELLIGENCE
(International Business Times, dated 17th July 2017 author Alistair Charlton)

Full article [Option 1]:

www.ibtimes.co.uk/police-bodycams-could-spot-criminals-real-time-artificial-intelligence-1630689

Police officers could soon be wearing body-mounted cameras programmed to spot criminals and missing people in real-time, using artificial intelligence.

The cameras, built by Motorola and similar to those already used by some US police forces to record an officer's point of view, could also help find missing objects like a stolen car, thanks to machine learning.

A prototype of the AI camera is already being developed by Motorola and Neurala, a deep learning startup based in Boston, Massachusetts that recently added its software to drone cameras to help track poachers in Africa.

The smart camera will learn while it is used and "automatically search for persons or objects of interest, significantly reducing the time and effort required to find a missing child or suspicious object in environments that are often crowded or chaotic," Motorola and Neurala said in a joint statement.

"We see powerful potential for artificial intelligence to improve safety and efficiency for our customers, which in turn helps create safer communities," said Paul Steinberg, chief technology officer of Motorola Solutions. "But applying AI in a public safety setting presents unique challenges. Neurala's 'edge learning' capabilities will help us explore solutions for a variety of public safety workflows such as finding a missing child or investigating an object of interest, such as a bicycle."

Using a system called 'at the edge' learning, the high-tech camera learns the appearance of the person or object being searched for, without lengthy training. This process, also known as incremental learning, is claimed to reduce the risk of "catastrophic forgetting", which occurs when a neural network forgets its previous training. This technique also enhances accuracy and reduces latency so the camera can be used to scan for a person in a crowd in real time.

Steinberg continues: "In the case of a missing child, imagine if the parent showed the child's photo to a nearby police officer on patrol. The officer's body-worn camera sees the photo, the AI engine 'learns' what the child looks like and deploys an engine to the body-worn cameras of nearby officers, quickly creating a team searching for the child."

(21st September 2017)


THIS WHAT CAN HAPPEN IF YOU USE THE SAME PASSWORD OVER AND OVER
(The Telegraph, dated 16th July 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/can-happen-use-passwords/

The typical person has 26 online log-ins - with the associated passwords and other ID - so it is no wonder that most of us use the same passwords for more than one service.

But this can be dangerous.

Kristy Jasper, 28, had almost £4,000 stolen from her business account by fraudsters 18 months ago and police told her the likely cause was her use of identical passwords for numerous online accounts. These included PayPal, Amazon, LinkedIn, Facebook and a website used to buy office supplies.

Upon checking her accounts she noticed nine online payments totalling £3,800 had been made to high street retailers such as Argos and Currys.

The crime was reported to the police and Metro Bank, the account provider, straight away.

"We couldn't understand how this had happened," said Ms Jasper.

"The police suggested it may have had something to do with our passwords plus other information the criminals found about us on social media."

The police never fully explained how the fraud occurred. Metro Bank repaid the money - so it ultimately bore the cost.

Angela Sasse, professor of human-centred security at University College London and director of the UK Research Institute in Science of Cyber Security, said most consumers were unaware of the data accessible via login details.

She said: "Our emails alone could contain plenty of financial information. How many of us have sent our bank details to friends, business partners or guesthouses?"

But that's not the extent of it.

If you've got the same password for your social media accounts, fraudsters could glean personal information from friends and contacts, enabling them to develop a more detailed personal profile.

This would enable them to impersonate you or "steal your identity".

Once criminals have your password and username for one service, they can check to see if they've been reused on other sites using free online software known as "credential stuffers", said Chris Underhill, chief technical officer at Equiniti, the cyber security firm.

"Fraudsters enter millions of emails and passwords into this software. Once they click 'go', the software starts to build a database of other sites they can access with your information," he said.

Your details can then be sold on or traded, broadening the risks to which the original owner is exposed.

The prize for the criminals is to be able to access bank accounts or other payment accounts, including PayPal, where payments can be made or money transferred.

In another twist, fraudsters could take over your email or social media account and ask your contacts to send you money, perhaps because you are abroad or have lost your cards, said Nick Mothershaw, director of fraud and identity solutions at Experian, the credit reference agency.

Ms Jasper and her business partner have since changed their passwords and have different ones for each of their accounts.

"It's a huge lesson to learn and we won't be making the same mistake again," she said.

How do the fraudsters get your password?


Emails that appear to be from genuine firms are often able to garner personal information from recipients by suggesting their accounts have been compromised or that they need to verify their identification.

These messages may also contain links to sophisticated copycat sites, such as an online banking page, which asks for consumers to enter their security details, such as passwords and account details.

Fraudsters also send out "malware" via email which, when accidentally installed by an unknowing user, could access passwords saved on your computer.

"All it takes is one click in a cleverly disguised email, one promoting a special offer, for example, and the malware is downloaded without you realising," said Mr Mothershaw.

Data breaches are another way criminals access your information.

Millions of MySpace, Adobe and LinkedIn users had their details compromised when the firms were breached between 2008 and 2016.

You can check if your credentials have been compromised in large-scale leaks on haveibeenpwned.com.

Making it easier to memorise "strong" passwords


Research by Experian showed that the "younger generation" rarely have more than five unique passwords for online accounts while a quarter of those aged over 55 have at least 11.

"We may well have reached 'peak password'," said Mr Mothershaw.

Few people can hope to remember scores of unique and complex passwords, so prioritise your email, work accounts and your online banking.

Eight characters is the ideal minimum for passwords - try using short, random words with a combination of lower case and upper case letters and a sprinkling of numbers and symbols.

Bruce Schneier, an American cryptographer and computer security professional, suggested making a memorable sentence into a password.

For example, "no man is an island" could become "N0mI5aI" and "two wrongs don't make a right" could be "2Wdm1R".

Don't keep records of passwords on your computer, in an email or in notes on your smart phone.

Prof Sasse said "the safest way" is to write them down on a pad of paper and "keep this locked away".

(21st September 2017)


BRITISH JEWS SUFFERING "INTOLERABLE" ABUSE AS ANTI-SEMITISM REACHES RECORD LEVELS
(International Business Times, dated 16th July 2017 author Paul Wright)

Full article [Option 1]:

www.ibtimes.co.uk/british-jews-suffering-intolerable-abuse-anti-semitism-reaches-record-levels-1630479

British Jews are said to be suffering "intolerable levels" of abuse in the UK, with anti-Semitic crime at the worst level on record after rising for the third year running.

Home Secretary Amber Rudd vowed to investigate the surge after figures also showed less than 2% of all reported anti-Jewish crime last year saw a prosecution and almost half of police forces failed to bring a single charge.

The figures were compiled from data received via Freedom of Information requests submitted to all UK police forces by the Campaign Against Antisemitism (CAA).

The organisation said the problem had become so bad some members of the Jewish community may soon leave Britain, should the situation not improve.

Last year there were 1,078 anti-Semitic crimes reported to the police - a rise of about 15% from 2015, and of 45% from 2014.

Almost two thirds of incidents last year were reported in London and Manchester, home to the largest Jewish communities in the UK.

The CAA said its own monitoring of court proceedings found that despite 10% of anti-Jewish crimes reported in 2016 being classed as violent, there was just one prosecution.

In total, just 15 (1.4%) of anti-Semitic crimes reported last year led to court action, while just 89 crimes led to charges - a drop of about a third compared to the previous two years.

The CAA said a consistently elevated level of anti-Semitic crime "has become the new normality for British Jews" and followed broken promises from the authorities to clamp down on the issue.

Gideon Falter, chairman of CAA, said: "2016 was the worst year on record for antisemitic crime, yet instead of protecting British Jews, the authorities prosecuted merely fifteen cases of antisemitic hate crime, including one solitary violent crime. The failure of police forces and the Crown Prosecution Service to protect British Jews is a betrayal.

"The solutions are simple, but whilst the right promises are being made, little has been implemented. The result is that British Jews continue to endure intolerable levels of hate crime."

Falter went on to say that while Britain "has the political will to fight antisemitism and strong laws with which to do it" those in charge are "failing to enforce the law".

He added: "There is a very real danger of Jewish citizens emigrating, as has happened elsewhere in Europe, unless there is radical change."

The CAA, which has called for police and prosecutors to be given more training on hate crime, claimed anti-Semitic incidents had also worsened in the initial months of 2017.

This includes the firebombing of kosher restaurants in Manchester last month and an incident in May during which a man allegedly chased Jews down a London street while brandishing a meat cleaver.

Home Secretary Amber Rudd said in response to the CAA's report: "Hate crime of any type is not acceptable. Everyone in this country has the right to be safe from violence and persecution.

"We are working together to tackle antisemitic hate crime in all its forms and using the full force of the law to protect every person in the UK. Our Hate Crime Action Plan has encouraged further action against hate crime across the police and criminal justice system.

"This includes encouraging more victims to report incidents to the police. We will consider the report's recommendations carefully as we develop new ways to rid the country of this sickening crime."

(21st September 2017)


BRITAIN'S COLD CALL NUISANCE IS THE WORST IN EUROPE
(The Times, dated 14th July 2017 author Andrew Ellson)
www.thetimes.co.uk [Option 1]

Britain is the worst country in Europe for cold calling and the nuisance is growing, researchers say.

The number of spam calls has increased by 180 per cent in the past ten months with Britons collectively being bombarded with 2.6 million calls a month despite new rules to try to limit the problem.

In Europe, only the Italians come close to receiving as many unwanted calls as British people. The French are pestered less than half as much.

The research identifies the claims management industry as the main reason why British households receive more calls than their European neighbours. It said that one in four unwanted calls came from companies trying to persuade people to make payment protection insurance claims.

The study appears to vindicate consumer groups which warned the City watchdog that setting a deadline for making these claims would result in a surge of unwanted calls as claims managers intensified their efforts to find new claimants before in became too late. In March the Financial Conduct Authority ignored these warnings and set a deadline of August 2019.

The figures also suggest that new government rules to ban cold callers from hiding their identity behind withheld numbers has failed to stem the rising tide of calls.

Since April all marketing companies have been made to display their telephone number or face heavy fines. The idea was to make it easier for people receiving unwanted calls to complain to the Information Commissioners Office (ICO). However, call centres, particularly those overseas, are now bulk buying UK telephone numbers from telecoms providers and splitting their spam calls equally between them, so that no single number gets a significant enough number of complaints for the ICO to investigate.

Nick Larson, of Truecaller, the call blocking service that conducted the study, said: "Across all markets we see that nuisance calls are still a problem on the rise. Despite good initiatives in the UK by the government, making the legislation tougher and issuing record fines, the offenders keep finding ways around this."

"With more homes becoming mobile-only, the spam callers have found new target group that is always reachable, making it crucial not only to block nuisance calls on your landline but also on your mobile phone."

The research found that more than one in ten spam phone calls came from telecoms operators trying to persuade their customers to upgrade or push promotional offers to the public at large.

It said that almost one in ten calls came from fraudsters, with the most common type being the "Microsoft Windows support scam", and one in 50 from market research companies.

Other countries have an even bigger problem. In America the average household receives more than twice as many unwanted calls each month than in the UK. India has the worst cold calling problem, with each houshold receiving 23 calls a month compared with 9 in the UK.

(21st September 2017)


MOTORCYCLIST CAUGHT USING "JAMES BOND" LICENSE PLATE GADGET TO AVOID SPEEDING FINES
(International Business Times, dated 12th July 2017 author James Billington)

Full article [Option 1]:

www.ibtimes.co.uk/motorcyclist-caught-using-james-bond-license-plate-gadget-avoid-speeding-fines-1630069

A motorcyclist has been caught using a 'James Bond' style gadget to hide his license plate from police in order to avoid speed cameras.

Traffic police in Spain discovered the modified license plate fitted to the bike of a Swiss national had the ability to flip up at the press of a button in order to conceal it from police and traffic cameras. The unlawful addition is akin to that seen on Sean Connery's Aston Martin DB5 in Goldfinger whereby the secret agent's plate could revolve to reveal another.

According to a report on the Catalan police website, using the secret gadget led to the motorcyclist's downfall after the Mossos d'Esquadra (police squad) in the Girona region noticed the rider was travelling without a license plate.

After pursuing and pulling the motorcyclist over they noticed the number plate had mysteriously re-appeared. A swift search of the vehicle resulted in officers finding the activation switch to move the license plate up and down, so as to thwart any speed camera traps.

The rider was found guilty of violating Article 77 of the Law on Road Safety that prevents a vehicle having any systems, mechanisms or radar jammers fitted designed to interfere with traffic monitoring systems. As a result six points were added to the rider's license and they received a €6,000 (£5,300) fine.

Any motorists thinking of masterminding an evil plan to conceal their own license plate might want to think twice. Despite kits being readily available on eBay, known as 'stealth number plates', for as little as £95 that can cover number plates at the press of a button, in the UK it could land drivers with up to two years in prison if found using it.

(21st September 2017)


SCAM OR FRAUD ? BANKS MINCE WORDS AS THEY LIMIT PAYOUTS TO VICTIMS
(The Telegraph, dated 10th July 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/scam-fraud-banks-mince-words-limit-payouts-victims/

Banks can refuse to offer to claw back remaining funds when their customers fall victim to scams because of a "gap in consumer protection", according to consumer experts.

Months after Telegraph Money demanded banks develop clear procedures to help those who are tricked into paying money to fraudsters, victims continue to face confused or conflicting advice from their banks.

HSBC told one of its customers, who fell victim to a fake business loan operation, that because she was the victim of a "scam", rather than "fraud", it could not help her.

What is the difference?

Banks view as "scams" those situations where the victim has been tricked into authorising a payment to a fraudster. A "fraud" is where a payment is made without the authority of the customer, according to banks' typical stance.

"It's vital that the industry does more to protect consumers when they are tricked into transferring money to a fraudster, regardless of whether it meets a technical definition of a 'fraud' or 'scam'"Gareth Shaw, Which?

However, in practice the terms are imprecise and often used interchangeably.

Consumer groups warn that this confusion gives banks room to do little or nothing to help genuine victims.

In particular, where the victim's bank refuses to ask for a recall of funds from the fraudster's bank, the victim is often left with no recourse. The recipient bank is unlikely to release the funds without such a request.

Lesley Thompson, 51, found herself caught between HSBC - her own bank - and Nationwide when she fell victim to a fraudster and transferred £3,000 to a Nationwide account.

Ms Thompson, who runs a children's nursery, was tricked by a sophisticated ruse in which she was promised a £7,000 "government-backed grant". To qualify she would have to contribute £3,000 of her own money to a nominated account to ensure the funds were "used wisely".

But two weeks later, when the card and Pin for the promised account failed to arrive, Ms Thompson realised something was wrong. She tried to contact the firms involved but the businesses had been closed.

After looking online, Ms Thompson realised she hadn't been the only victim of the scam.

She reported it to her bank HSBC, the north Yorkshire police and Action Fraud, the national fraud and cybercrime reporting service on June 12.

Ms Thompson also spoke to Nationwide, and claims staff there indicated there were "partial funds remaining" in the account. For the money to be released, however, HSBC would have to make a formal request to Nationwide - something it refused to do.

The bank told Telegraph Money that it had queried the transaction before it was made. A spokesman said bank staff had called Ms Thompson asking her to check she was sending the money to a legitimate source.

It said: "During the same calls we let her know that once the payments were released, HSBC is no longer liable for any subsequent loss. We also notified both beneficiary banks of the fraud as soon as Ms Thompson told us it was a scam."

As a result, it insisted it would be treating Ms Thompson's "dispute" as a scam to which there was no "protection available to recall or reimburse funds".

It advised her to "seek legal advice."

"HSBC was basically saying it was not going to ask for the money back, end of story", she said.

Gareth Shaw from Which?, the consumer group, said while people assume their banks will help them when they've become a victim of a fraud, it's not always the case.

He said there is "still a substantial gap in consumer protection when it comes to these types of scams."

Mr Shaw said that banks were relying on "semantics" to shirk their responsibilities toward certain victims.

He said: "It's vital that the industry, regulator and government act quickly to do more to protect consumers when they are tricked into transferring money to a fraudster, regardless of whether it meets a technical definition of a 'fraud' or 'scam'.

"Failure to do so will continue to leave consumers paying the price."

The Payments System Regulator said it is working to develop a best practice standards that sending and receiving banks should follow when customers fall victim to bank transfer scams. This includes indemnity agreements between banks.

How the 'business grant' scam unfolded

The ruse began with an email sent to Ms Thompson, who owns her own nurseries, from "Melanie Williams", an administration assistant at a company called Business Grants at the start of May this year.

The email explained there was a "new multi-purpose government grant available for nurseries and pre-schools" up to £25m that Ms Thompson qualified for.

"Melanie" offered to match Ms Thompson up with the available grants and suggested she would have most success with a firm called Midas Funding UK.

It signposted her to a PDF grant brochure and the short application form which it claimed would take just five minutes.

The company literature was well put together, grammatically sound and Ms Thompson said she had no reason to doubt its legitimacy.

The fraudsters even included the registered company numbers of real firms they were purporting to be along with the contact details of the genuine firms.

The criminals told Ms Thompson was told she qualified for a £10,000 grant which she wanted to build a small farm on her grounds for the children and to develop a forestry school.

Applicants were asked for a 30pc contribution of the total grant which would ensure "the funding is used wisely" and Ms Thompson transferred her £3,000 to the firm's Nationwide account on May 26.

She was told this would be loaded onto a "Business Mastercard" along with the £7,000 from Midas Funding so they could monitor her spending.

Once she had made her contribution, she was told she would receive a prepaid card and Pin.

This was yet another layer to an incredibly sophisticated scam.

The fraudsters had cleverly created a fake "Business Mastercard" website where Ms Thompson could login with her personal details and view her recent transactions.

When she made her transfer on May 26, she could see Midas Funding UK had paid in £7,000 two days earlier.

But after getting nowhere with HSBC and Nationwide, Ms Thomspon approached this newspaper for help.

Nationwide told this newspaper that contrary to what Ms Thompson was told, her money had left the account by the time it was contacted.

It said the account was not fraudulent but belonged to a genuine customer who had also been scammed.

Nationwide refused to give specific details of how its customer was involved in the scam but said they were elderly and were defrauded after being "requested to withdraw the funds".

A spokesman said customers should be cautious about requests to transfer money. It said it "cannot always prevent individuals from withdrawing cash from their accounts after receiving a recent credit".

Mastercard it is taking action to have the fake website closed.

Do other banks define scams and fraud differently?


RBS/NatWest said a scam generally involves a customer who has been "persuaded to authorise a transaction through engagement with a third party."

It said with "fraud" cases the victim is not likely to be explicitly involved in the transaction. The banking group said where victims reported having made payments to suspected fraudsters, it would not automatically recall the funds from the recipient bank.

Lloyds Banking Group took a similar line. It said a "fraud" was where a customer had not authorised the transaction, and they would be likely to be entitled to a refund. Where payments were authorised refunds would not be granted.

TSB said it views frauds and scams on case-by-case basis. A spokesman said it always chases funds when a victim reports fraud, and claimed it requested a return of funds "where appropriate".

Santander said: "Any customers reporting fraud and scams will have their accounts protected and we will instigate the recovery of funds as quickly as possible."

(21st September 2017)


HOMEBUYERS DESPERATE TO KNOW WHO REALLY OWNS THEIR FREEHOLD
(The Guardian, dated 8th July 2017 authors Emma Lunn and Patrick Collinson)

Full article [Option 1]:

www.theguardian.com/money/2017/jul/08/homebuyers-who-owns-freehold-housebuilders-sold

A pass-the-parcel nightmare sees freeholds sold by major housebuilders to obscure companies which demand huge sums

Buyers who purchased new properties direct from some of the UK's biggest builders have been left in the dark as investment companies play pass-the-parcel with the land their homes stand on.

Take Joanne Darbyshire, 46, and her husband Mark, 47. They bought a five-bedroom house in Bolton from Taylor Wimpey in 2010, and are among thousands of unfortunate leaseholders put on "doubling" ground rent contracts that in extreme cases have left their properties almost worthless, with mortgage lenders refusing loans to future buyers. The only way to escape the escalating payments is to buy the freehold. But in Darbyshire's case, Taylor Wimpey sold it to Adriatic Land 2 (GR2) in 2012.

In January 2017 that company transferred it to Adriatic Land 1 (GR3), while some of Darbyshire's neighbours have seen their freeholds transferred from Adriatic Land 2 (GR2) to Abacus Land Ltd. "You have no idea who owns the land under your feet," says Darbyshire. "Your dream house is traded from one offshore company to another for tax reasons, or who knows what else?"

Paul Griffin (not his real name) bought a property from Morris Homes in Winsford, Cheshire, in November 2014. By last year, when he decided to add a conservatory, his freehold was in the hands of Adriatic Land 3 and managed by its fee-collecting agents HomeGround. Young was horrified to discover he had to pay £108 just to look at his file.

Although the conservatory didn't need local authority planning permission and was not subject to building regulations, HomeGround then demanded £1,200 for a "licence" for the work to go ahead. This was broken down into solicitors fees (£480), surveyors (£360), and its own fee of £360. On top of this it demanded numerous official documents at Young's expense totalling about £400.

Helen Burke (not her real name) in Ellesmere Port, meanwhile, was shocked to discover that after Bellway sold her freehold to Adriatic, the cost of seeking consent for a small single-storey extension rocketed. Initially, she had applied to Bellway - the freeholder at the time - and it wanted £300. But after putting off the work for a few months she discovered that Bellway had sold the freehold to Adriatic Land 4 (GR1) Ltd.

HomeGround then demanded £2,440 for consent. That is not planning permission, which householders must obtain separately from the local authority. It is simply a fee charged without any material services provided.

"It's daylight robbery," says Burke. "The most disgusting thing is the developers like Bellway think they are doing nothing wrong selling the freeholds on and state that our T&Cs don't change. Yes, the lease terms don't change, but for a permission fee to increase from £300 to £2,440 in a matter of months is disgraceful and it should absolutely be pointed out to new homeowners, up front, that this might happen if they don't buy the freeholds."

Burke said she was quoted £3,750 to buy the freehold off Bellway, but once it was sold to Adriatic the price quadrupled to £13,000. After a long legal battle she has acquired it for £7,680.

All the leaseholders who contacted Guardian Money are united in their frustration at finding out who is really behind the money extracted from them once their freehold is sold on.

In Darbyshire's case, Adriatic Land 1 (GR3) is registered at Companies House with an address at Palmer Street in the heart of Westminster, London. The documents show that one of its directors until late 2013 was "The Honourable William Waldorf Astor", the half brother of David Cameron's wife, Samantha. Astor runs fund manager Long Harbour, which invests in residential freeholds, and is also director of HomeGround management, which administers freeholds on behalf of various landlords, including the Adriatic Land vehicles.

Since 2013, Adriatic Land 1 (GR3) lists its directors as individuals based in Dublin, and says its ultimate controlling party is Jetty Finance DAC, registered in Dublin. Its last reported accounts show that the company had £19m in property assets and earned an income of £1.9m, on which it made a profit of £1.3m. In the year to March 2016 it paid zero corporation tax. The year before, on a profit of £870,000, it paid £3,000 in tax.

There are numerous other Adriatic Land companies registered at Companies House. Burke's freeholder, Adriatic Land 4 (GR1), has £27m-worth of property, with its immediate parent company listed in Guernsey in the Channel Islands.

Griffin's freeholder, Adriatic Land 3, says it has £18m-worth of freeholds, with a turnover of £4.9m and a profit of £4.1m. Its ultimate controlling party is Boardwalk Finance DAC, another Dublin-registered company sharing the same address as Jetty Finance DAC. It paid no corporation tax in either 2015 or 2016.

Guardian Money put a number of questions to HomeGround, which acts as the agent for Adriatic. It says: "Housebuilders periodically sell off large portfolios of freehold properties and they usually do so within a company structure rather than as individual freeholds.

"Buying groups of freeholds in companies is an easier and more efficient way of buying these property assets. It does not alter the ability of leaseholders to buy their freeholds. When there is a change of name of the company, or a change of landlord within the same group, the leaseholder is informed as is required under the legislation.

"Administration fees for dealing with applications for landlord's consent for matters specified in the lease are subject to a test of 'reasonableness' in accordance with statutory regulation.

"The HomeGround team is made up of law graduates who are all overseen by a fully qualified property solicitor. The cost of the work they carry out compares very favourably with any fees charged by any firm of solicitors, even those outside of London. It is easily forgotten that these are often variations to leases and are property transactions. These must be done in accordance with the legislation and need to be carefully and properly considered.

"HomeGround's fees are also regularly benchmarked against other companies providing similar services. In addition to ensuring the fees are transparent, reasonable and justifiable, HomeGround's aim is to be in the lower quartile of fees charged by market peers."

But Labour MP for Ellesmere Port & Neston, Justin Madders, is not convinced. He plans to spend part of parliament's summer recess investigating the whole business of freehold ownership. "Once the developers sell the rights on, they can be transferred on many times, going through complicated ownership structures with no transparency," he says.

"It is far from clear whether all the ultimate beneficiaries are UK taxpayers, nor why there are so many names that keep cropping up."

(21st September 2017)


AA FINALLY COMES CLEAN ON SECURITY BREAKDOWN
(The Register, dated 8th July 2017 author Chris Williams)

Full article [Option 1]:

www.theregister.co.uk/2017/07/08/aa_apology_security_breach/

UK car insurance and driving school giant The AA has at last admitted it accidentally spilled its customers' personal information all over the web.

In an astonishing U-turn, the motoring biz confessed on Friday that people's names, postal addresses, phone numbers, and email addresses were exposed to the internet - and, in some cases, hashed account passwords and partial payment card numbers. This affects those who have shopped online for car equipment and other gear at TheAA.com.

The admission comes after it emailed folks at the end of June telling them it had reset their passwords: soon after it said it hadn't, and blamed the mass alert on an IT blunder while insisting that customer "data remains secure."

Then it emerged this week that TheAA.com account records plus expiry dates and the final four digits of some payment cards had been accidentally made accessible to the public in a 13GB database backup on The AA's website. Roughly 120,000 accounts were in the bundle, including shoppers' IP addresses and lists of stuff purchased.

That cockup was discovered and reported to the motoring corp in April and quietly rectified with no announcement or warning, just the files disappearing from view - leading to security researchers accusing the biz of a cover up.

Amid an ongoing probe by the UK's data protection watchdog, the ICO, plus an internal investigation, and after giving journalists the silent treatment for days, AA president Edmund King has written to customers apologizing for the kerfuffle. He also blamed an IT supplier for the privacy leak.

"It has taken us a long time to sort this issue out as it was more complex than we thought," King told The Register in an email.

"However we are now contacting all our customers. The process to really find out what happened was difficult, although that's no excuse."

Below is The AA's statement in response to the security fumble.

We're sorry.

We are aware of concerns that we fell short in our handling of reports that some personal data from the AA Shop online had been compromised. We accept the criticism that the issue should have been handled better. We are grateful for the support of the information security community in flagging issues to us.

Some of our customers' personal data, given to us when they shopped online at our AA shop, became insecure when our service provider made an error with its computer systems leaving backup data exposed. We took steps to correct this when we were notified of this issue and then commissioned an investigation by external experts. This is ongoing, but we can now share the following information:

- We have notified the relevant authorities.

- We have emailed all of the customers affected with more details. Some emails may still be going through.

- The data affected in all cases included names, addresses, phone numbers and email addresses.

- For some customers who shopped with us prior to October 2014 it will also have included partial payment card information.

- We do not believe customers who only shopped with us after January 2017 to have been affected at all.

- Some encrypted passwords were included in the data. Whilst we do not believe that customer accounts at our AA shop were accessed, we are reminding customers of industry advice that they should consider changing their password if they used it on other sites. We will offer support to our customers. Similarly, while there is no information from customers or our specialist advisors that any data has been used for fraudulent activity, we have reminded customers that they should always look out for phishing and other scams.

- This incident originated from third party systems outside our own network and did not affect main AA systems such as those processing insurance or membership information.

- Nonetheless, it is clear that our supplier's security safeguards in this instance fell short of the high standards that we and our customers rightly expect.

We know that our customers and the information security community expect and trust us to keep information safe and secure, and apologise wholeheartedly for what has happened. We will continue to work hard to keep customer data as safe as possible.

We again thank those of you with an interest in these important matters for your cooperation in helping us improve our data security.

(21st September 2017)


SICK SEXUAL ABUSE FORUM WITH 87,000 MEMBERS LET USERS MAKE APPOINTMENTS WITH CHILDREN
(International Business Times, dated 7th July 2017 author Jason Murdock)
Full article [Option 1]:

www.ibtimes.co.uk/sick-sexual-abuse-forum-87000-members-let-users-make-appointments-children-1629367

A pan-European investigation into a child abuse website hosted on the dark web, dubbed Elysium, has resulted in the arrest of 14 suspects this week following an intensive probe by Germany's Federal Criminal Police Office and EU crime fighting agency Europol.

Law enforcement arrested the individuals on suspicion of "serious sexual abuse of children" and "distribution of large amounts of child abuse material online". Police said a dozen of those arrested are suspected of having "actively taken part" in the exploitation of minors.

Elysium, which popped up on the dark web at the end of 2016, was designed as a forum and reportedly had more than 87,000 members worldwide.

It was used to exchange illicit material and "make appointments" for members to sexually target children, Europol said in a release on 7 July 2017.

The chat rooms featured languages including German, French, Spanish and Italian. The servers of the website, which was only accessible with the use of special software, have been seized by German police.

The main suspect in the case, a 39-year-old German national, was arrested on 12 June after his apartment was searched and his servers taken offline, the Associated Press (AP) reported on 6 July.

He is suspected of being the administrator and technical manager of the platform.

Another individual, a 61-year-old man from Bavaria, is suspected of production and dissemination of child abuse material alongside the sexual abuse of two children aged five and seven years. The victims were reportedly the children of another Elysium forum member.

An additional arrestee, a 56-year-old from Baden-Württemberg, is accused of being the forum's moderator. In Austria, a 28-year-old male was arrested under suspicion of "severely" sexually abusing his two children and facilitating the abuse of his own children by other suspects.

All of the accused, who remain anonymous, are alleged to have met and communicated via Elysium. Europol, which aided regional authorities by streamlining the exchange of operational data, said more arrests are expected shortly in Germany and other European countries.

Steven Wilson, head of the European Cybercrime Centre (EC3) at Europol, said: "The action [...] has resulted in the arrest of individuals involved not only in the physical abuse of children but the takedown of a platform, Elysium, used to distribute large amounts of child abuse material.

"This is a highly significant action in safeguarding children from abuse."

(21st September 2017)


"SPYDEALER" ANDROID MALWARE STEALS DATA FROM FACEBOOK, WHATSAPP AND SKYPE APPS
(International Business Times, dated 7th July 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/spydealer-android-malware-steals-data-facebook-whatsapp-skype-apps-1629441

An advanced strain of Android malware with the ability to snoop on text messages and record phone calls is now being used by hackers to steal personal user data from more than 40 mainstream applications including Facebook, WhatsApp and Skype and WeChat.

Researchers from Unit42, the cybersecurity division of Palo Alto Networks, branded the malware 'SpyDealer' as it has a slew of sophisticated surveillance features such as "recording phone calls and surrounding audio, recording video, taking photos and capturing screenshots."

The malware is only 100% effective against devices running Android versions between 2.2 and 4.4, the experts wrote in a blog post, published on 7 July 2017.

This represents roughly 25% of all Android devices in the wild, leaving a massive 500 million phones and tablets potentially at risk in the worst-case scenario.

The malware relies on a commerical "rooting" tool which gives users greater control over devices - a process also known as jailbreaking. SpyDealer also abuses Android Accessibility (a feature designed to help disabled users' communicate) to steal data, Unit 41 said.

"SpyDealer makes use of the commercial rooting app 'Baidu Easy Root' to gain root privilege and maintain persistence on the compromised device," Unit 42 stated after analysing 1,046 separate samples. "SpyDealer employs a wide array of mechanisms to steal private information.

"At the same time, it accesses and exfiltrates sensitive data from more than 40 different popular apps with root privilege. With Accessibility Service, this malware is also capable of extracting plain-text messages from target apps in real time."

The team said SpyDealer remains under "active development".

The top 10 applications it targets are Facebook, WeChat, WhatsApp, Skype, Line, Viber, QQ, Telegram, Ali WangXin, and Kik. The services are exploited with the use of root privilages and malicious code, the popular services are not individually compromised in any way.

The data stolen from each service varies, but it includes databases, personal messages, chats, personal preferences and usernames.

There are currently three versions of SpyDealer spreading around third-party app stores and the majority are posing as Google Update software, the experts warned.

New strains of SpyDealer were created this year but evidence suggests older versions stretch back to October 2015.

There is nothing to suggest it is active on the official Google Play Store, the team said.

It remains unknown how many devices have been infected globally but analysis suggested that some Chinese users had been infected through compromised wireless networks.

Like most well-designed malware samples, SpyDealer automatically connects to the culprit's command and control (C&C) server, a place where they can send malicious prompts to the targeted device and steal files, documents, pictures, recordings and much more.

In some ways, it is the perfect spy tool. Once the malware notices an active call it can record the conversation (and background audio) before sending it to the hacker. It can also record video for up to 10 seconds and - if a Wi-Fi connection is available - upload it to the criminal.

Users are advised to only download applications from the official Google application store, always check reviews before using software and ensuring all devices have the latest security updates installed. Third-party stores may give you free apps, but they could leave your data exposed.

(21st September 2017)


ONE COMPLAINT EVERY MINUTE IN FIRST 24 HOURS OF HOTLINE TO REPORT CHARITIES THAT PESTER DONORS FOR CASH
(The Telegraph, dated 6th July 2017 author Christopher Hope)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/06/one-complaint-every-minute-first-24-hours-charity-pester-hotline/

More than 1,300 complaints about charities were made in the first 24 hours of a new 'pester' hotline that allows donors to block them

The Fundraising Preference Service, which was launched on yesterday by the Fundraising Regulator, saw 1,312 total requests for "suppression notices" from 614 people on its first day of operation.

The rate works out at one complaint every minute.

The service, which went live at 5am this morning, enables members of the public to block phone, email, text and direct mail communications from named charities.

If an individual continues to receive direct marketing communications 28 days after a complaint, the charity can be reported to the information watchdog which can levy fines running into tens of thousands of pounds.

The service is available online or by phone. Family members are also able to use it on behalf of a friend or relative.

Stephen Dunmore, the regulator's chief executive, said: "The launch of the FPS is a big moment for the Fundraising Regulator and a crucial step in ensuring that the trusting relationship between the sector and the public is rebuilt.

"The high sign up numbers indicate a clear desire from members of the public to have greater control over which charities contact them and how they do it.

"The figures also indicate that many charities have some way to go in how they communicate with individuals.

"That said, we are very encouraged by the progress that is being made by the charity sector in ensuring that fundraising is ethical and respects the wishes of the donor."

The Fundraising Regulator was established after a 2015 cross party review of fund raising and is funded by a voluntary levy which just under 2,000 charities have been asked to pay.

But Sir Stephen Bubb, the former chief executive of the Association of Chief Executives of Voluntary Organisations, defended charities' fund-raising activities.

He said: "It is not wrong for charities to ask people for money indeed it is essential otherwise charities cannot do their job.

"Frankly these are not large numbers of complaints - the vast majority of charities do their fund-raising very responsibly."

The regulator is currently weighing up whether to name charities which receive complaints from members of the public.

This would allow donors to study rankings of the charities which are most complained about every year.

The hotline comes two years after Olive Cooke, 92, took her own life after receiving 466 mailings from 99 charities in a single year. The Bristol resident had 27 standing orders to different charities at one stage.

Her family insisted the charities, while "intrusive", did not cause her to take her own life and she had suffered from depression - previously attempting suicide in 2009.

A friend said that while the "pestering" was not entirely to blame for her death, she had been put "under pressure" by persistent charity fundraisers.

Lord Grade of Yarmouth, the chairman of the regulator, said: "Sadly this wasn't an isolated case, and as a result of that high-profile tragedy it was clear that there was bad practice across many charities."

Writing in the Daily Telegraph Lord Grade added that "too many charities are proving to be laggards" in upping their game.

He said: "The slow rebuilding of trust between charities and the public could yet all be undone by another wave of high-profile cases of bad behaviour.

"The extraordinary and long-term generosity of the British public needs to be sustained. It cannot be taken for granted."

(21st September 2017)


STALKING AND HARASSMENT CRIMES ROUTINELY BADLY HANDLED, UK REPORT SAYS
(The Guardian, dated 5th July 2017 author Owen Bowcott)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jul/05/stalking-and-harassment-crimes-routinely-badly-handled-uk-report-says

The full extent of stalking and harassment in England and Wales is unknown because police and prosecutors often do not recognise the crimes, or record them incorrectly.

A highly critical report by a joint inspectorate team has found that victims' complaints are frequently not investigated and are dismissed by informal police information notices (PIN) being issued to perpetrators. In one case, a PIN was used after a violent domestic abuser armed with a knife threatened to cut the throat of a victim.

Out of a sample of 112 cases of stalking and harassment examined by HM Crown Prosecution Service Inspectorate and HM Inspectorate of Constabulary, none were found to have been dealt with well. More than 60% showed no evidence of a risk management plan being prepared to protect victims.
Guardian Today: the headlines, the analysis, the debate - sent direct to you
Read more

In 95% of the case files reviewed, care for the victim was deemed to be inadequate; three-quarters of the cases were not even handled by detectives.

"Harassment and stalking are crimes of persistence," the report says. "It is the unrelenting repeat behaviour by the perpetrator ... which seems inescapable and inevitable, that has such a detrimental effect on the victim."

One stalking victim recalled her pursuer telling her: "I will stay in your life for ever ... I will make sure nothing in your life or your family's ever runs smoothly."

The number of recorded offences has, nonetheless, been rising. There were more than 1,200 cases of stalking and more than 5,000 cases of harassment in the three months to December 2016.

Almost anyone can become a victim of stalking, the report warns. The crime survey for England and Wales estimates that 15% of adults aged 16 to 59 had been victims of some form of stalking or harassment during their life.

Harassment became an offence in 1997 and stalking was added to the criminal statute book in 2012. Police and the Crown Prosecution Service frequently struggled to separate the two, the inspectorate report said.

"We found that stalking in particular was misunderstood by the police and the CPS," the study said. "As a result, it often went unrecognised. The police sometimes mis-recorded stalking offences, or, worse, did not record them at all. Prosecutors on occasions missed opportunities to charge stalking offences, instead preferring other offences, particularly harassment."

The absence of a single accepted, consistent definition of stalking is said to be a "very significant contributory factor to the unacceptably low number of recorded crimes and prosecutions".

Many cases involve online stalking, sometimes through accounts created under fictional names spreading baseless allegations. Victims are sometimes afraid to turn on their computers.

"We found that if an investigation was started, victims were often badly let down throughout the criminal justice process," the inspectorate report concludes. "One reason for this was the failure to impose bail conditions on perpetrators, which sometimes left the victim at risk of further offending.

"The increasing prevalence of the use of digital media gives perpetrators another easily accessible method by which to torment victims."

PINs should be withdrawn from use immediately, the report recommends. The government's commitment to introduce a stalking protection order (SPO) to target offenders is welcomed.

"We found compelling evidence in some cases that the use of PINs meant no thorough investigation had taken place and there had been little positive action to protect the victim," the report says.

Laura Richards, the founder and director of Paladin, a stalking advocacy service, said: "These cases are what I call murder in slow motion. In all cases that I have reviewed, there was stalking, threats to kill, high levels of fear, and women not being believed.

"These are the most dangerous of cases, yet more resources are dedicated to burglaries and robberies than public protection, and there is little investment in specialist-led training."

Clive Ruggles, whose daughter Alice was murdered by an obsessive ex-boyfriend, said: "Her stalker had a history of abuse, was issued a police information notice that was not enforced when breached, and we believe Alice's fear was dismissed due to her polite and respectful demeanour.

"We have to stop this from continually happening. It seems clear to me that the warning signs are there in many cases, and there are stark lessons to be learned."

Alison Saunders, director of public prosecutions, said: "We know that, compared to other types of threatening behaviour, perpetrators of these crimes are significantly more likely to escalate their behaviour.

"The CPS has made significant strides over recent years in identifying, understanding and successfully prosecuting these cases and I am pleased to note that the report highlights many instances of good practice.

"In order to drive forward improvement in our performance we will be taking a range of steps, including the introduction of mandatory stalking and harassment training for all prosecutors."

Harry Fletcher, director of the Digital-Trust and one of the drafters of stalking laws, said: "The report underlines what victims of stalking have been saying for the last four years. The police are not properly trained and still do not take stalking complaints seriously. This puts victims at risk of further harm. Now is the time for a major change of attitude."

(21st September 2017)


UK's NEW CYBER NERVE CENTRE TACKLED 480 MAJOR INCIDENTS IN ITS FIRST 8 MONTHS
(International Business Times, dated 5th July 2017 author Jason Murdock

Full article [Option 1]:

www.ibtimes.co.uk/uks-new-cyber-nerve-centre-tackled-480-major-incidents-its-first-8-months-1629077

The UK's new National Cyber Security Centre (NCSC) had a busy first eight months of operation contending with a total of 480 major incidents, from global ransomware outbreaks to smaller breaches at British businesses. Officials say the pace shows no sign of slowing.

Launched in October 2016, the NCSC is a fork of British intelligence agency GCHQ tasked with investigating hacking, malware outbreaks and data leaks. It serves as the nerve centre for tech savvy analysts who aim to combat online crime, terror groups and nation-state adversaries.

The existence of the NCSC has coincided with a spike in the reporting of digital crimes over the past few months, John Noble, a director of incident management at the agency, told attendees at the Cyber Security Summit in London on Tuesday 4 July.

"This increase in major attacks is mainly being driven by the fact that cyberattack tools are becoming more readily available, in combination with a growing willingness to use them," he said, as reported by ComputerWeekly. He warned that too many firms are still "not getting the basics right".

The foundation of online security, including the use of anti-virus software, routine vulnerability patches and the management of administrator controls, is still lacking, Noble asserted.

The NCSC director revealed the majority of incidents the agency responded to - 451 to be exact - were lower level attacks typically related to a single organisation. The rest, classified as "C2-level attacks", demanded more attention alongside a "cross-government" response.

The one incident which almost veered into a top-level (C1) attack was WannaCry, a ransomware pandemic that spread to hundreds of thousands of computers in more than 150 countries back in May. In the UK, it caused widespread disruption at the National Health Service (NHS).

Most recently, the NCSC was forced to respond to an attempted hack against the British parliament, with attackers using brute-force tactics to try and force their way into politicians' email accounts.

It was ultimately stopped, but not before up to 90 inboxes were ransacked.

In its first month of operation alone, the NCSC responded to nearly 70 hacking incidents including seven cases of ransomware. Conservative MP Mike Penning said at the time the UK is "regularly targeted by criminals, foreign intelligence services and other malicious actors".

In February this year officials revealed the UK was being hit with roughly 60 significant cyberattacks every month. Ciaran Martin, head of the NCSC, told The Sunday Times in an rare interview that some of the incidents involved state-sponsored hackers vying for government secrets.

"There has been a step change in Russian aggression in cyberspace," he said at the time. "Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations and that's all very well evidenced by our international partners."

Martin was speaking a month after US intelligence published its analysis of the hacking campaign that targeted the 2016 US presidential election, believed to be the work of two cybercrime units, dubbed Fancy Bear (APT28) and Cosy Bear (APT29), each with alleged links to Russian spies.

(21st September 2017)


MIND GAMES : 7 WAYS SCAMMERS WIN YOU OVER
(Which ?, dated 5th July 2017 author Stefanie Garber)

Full article [Option 1]:

www.which.co.uk/news/2017/07/mind-games-7-ways-scammers-win-you-over/

More than a quarter of Brits have fallen prey to online scammers - even though a majority of victims thought there was something fishy going on. How do scammers convince you to go against your gut instinct? New research from online marketplace Gumtree shows 27% of British adults have fallen for a scam online, losing on average £63.76 each. But the bad news may not have come as a surprise for everyone - up to 55% of victims reported they thought the transaction might be suspicious early on, but continued anyway. As online shopping becomes more popular, fraudsters are becoming more sophisticated in their techniques. Which? explains the top tactics scammers use to convince you to go ahead with a transaction and how you can avoid taking the bait.

1. The bargain is too good to pass up

The Gumtree survey found that scammers used low pricing to entice targets, even those who might otherwise be skeptical. Of the victims who reported having suspicions about the transaction, 35% said they went ahead anyway because it involved a small sum of money while 29% felt the bargain was worth the risk. Items priced significantly below their normal market value could be an online trap for bargain hunters. If a deal seems too good to be true, it probably is. Always question why an item is significantly discounted and ask yourself whether the price seems realistic.

2. The decision has to be made quickly

Scammers know that time is of the essence. The longer their target thinks about the transaction, the more likely they are to spot red flags. The survey found that 27% of scammers tried to rush through the transaction, while 17% tried to get payment before the item was viewed. If a seller is putting pressure on you to move quickly, consider whether they are trying to pull a fast one

3. Fake ads look real


In some cases, fraudulent ads are obvious, with terrible spelling, bad photoshop or information that is flat-out wrong. Often though, people can't tell a fake ad from a real one. In an exercise where Brits were shown eight ads and asked to identify frauds, just 7% were able to correctly spot all of them. A major warning sign is ad copy that seems generic or is lifted from somewhere else, with 24% of scammers using this approach. But bear in mind that even a legitimate-seeming ad might be a con, and keep an eye out for any other signs that the seller is not above board.

4. Sellers weave a tale

Scammers know that if buyers trust them, they are less likely to take the same precautions to protect themselves. Around 21% of scam victims said they went ahead because they trusted the seller. In around 15% of cases, scammers offered up a compelling story, with dramatic twists designed to distract from their ploy. When dealing with strangers on the internet, wariness should be your default. No matter how trustworthy the person seems, take all normal measures to verify their authenticity.

5. Communications go offline


Many online platforms have systems in place to detect fraud, or to compensate buyers who get defrauded. To bypass these security measures, scammers will often encourage you to contact them outside of the platform, either by mobile phone or email. If a seller seems eager to deal with you outside of the normal communications channels for that platform, be cautious. Communicating via the platform is often the safest way to protect yourself and may help you get your money back.

6. Victims are reluctant to come forward


For many people, there is a sense of shame that comes with being scammed - especially if they acted against their better judgement. Around 39% of victims reported 'feeling stupid' while 28% blamed themselves. This leads to under-reporting of fraudsters, with up to 15% of victims choosing not to report the incident to the online platform or the police. Scammers rely on this sense of shame to keep operating with impunity. Anyone can get scammed - but reporting the scammer helps prevent other people from falling into the same trap.

7. Buyers take short-cuts

As buying and selling online becomes commonplace, some buyers are failing to protect
their own best interests. Around 26% of online buyers said they 'rarely' or 'never' asked for paperwork to verify that the product or service they are receiving is genuine. Almost one in five don't attempt to compare the ad to others on the site for authenticity, and 15% take no steps to check if an item is real. When it comes to money, buyers are savvier, with 67% always paying by credit card or Pay Pal so they can claim back any payments. No matter how often you buy online, keep doing your due diligence and remember that you never know who is on the other side of the transaction.

(21st September 2017)


HOME OFFICE AND POLICE FAILED CONSUMERS EXPOSING THEM TO RAMPANT ONLINE FRAUD
(The Independent, dated 5th July 2017 author Kate Hughes)

Full article [Option 1]:

www.independent.co.uk/money/spend-save/online-fraud-consumers-expose-home-office-police-report-scams-awareness-month-nao-national-audit-a7824746.html

A damning report has criticised police for failing to act on online fraud - the majority part of the most common crime in England and Wales - because the amounts being stolen are too modest.

As Scams Awareness Month gets under way this July, an investigation by the National Audit Office (NAO), which scrutinises public spending for Parliament, has highlighted a lacklustre response by the Home Office, which is also failing to get banks and other important stakeholders to take action.

"For too long, as a low-value but high-volume crime, online fraud has been overlooked by Government, law enforcement and industry," says Sir Amyas Morse, head of the National Audit Office, which describes current action as "disproportionate to the threat".

"It is now the most commonly experienced crime in England and Wales and demands an urgent response. While the department is not solely responsible for reducing and preventing online fraud, it is the only body that can oversee the system and lead change."

"The launch of the Joint Fraud Taskforce in February 2016 was a positive step, but there is still much work to be done. At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective."

Through the Taskforce, the Home Office is seeking to raise awareness of online fraud, reduce card not present fraud and to return money to fraud victims. But it faces challenges convincing other partners such as banks and law enforcement bodies to take on responsibility for preventing and reducing fraud, the report has found.

And without accurate data, the NAO warns that the department has no clear idea whether its response is sufficient or adequate.

"Not only is online fraud underreported, but where data is available, there is a lack of sharing of information between Government, industry and law enforcement agencies," says Sir Amyas. "There is, for example, no formal requirement for banks to report fraud or share reports with Government.

"Measuring the impact of campaigns and the contribution Government makes to improving online behaviours is challenging. The growing scale of online fraud suggests that many people are still not aware of the risks and that there is much to do to change behaviour.

"In addition, different organisations running campaigns, with slightly different messages, can confuse consumers and reduce their effectiveness."

Nor can Government and industry simply pass on responsibility for online fraud prevention to consumers and businesses, the report asserts. The NAO found the protection banks provide varies, with some investing more than others in educating customers and improving their anti-fraud technology. The ways banks work together in responding to scams also needs to improve.

Though examples of how to go about preventing people from becoming victims of these crimes are out there, such as Sussex Police's initiative to help bodies such as banks and charities identify potential victims, the nature of online fraud makes it difficult to pursue and prosecute criminals.

There are also concerns about the sentences fraudsters receive.

Responding to the report, a Home Office spokesperson said: "Tackling online fraud demands a collaborative and innovative response to keep pace with the emerging threat.

"That is why we launched the Joint Fraud Taskforce - which sees the Government, law enforcement and industry working together to tackle some of the toughest fraud issues that a single organisation cannot address alone.

"The NAO has said that the creation of the Joint Fraud Taskforce is a positive step - but we know that there is more to do to successfully prevent, disrupt and prosecute fraudsters.

"The Joint Fraud Taskforce is now working to develop a cross-industry strategic plan to specifically tackle fraud where a person's bank card is being fraudulently used online or over the phone.

"We are also working together to identify what makes a person susceptible to falling victim to fraud in order to reduce an individual's vulnerability to this."

Although the Government wants the police and judiciary to make greater use of existing laws, the NAO found that stakeholders had mixed views on the adequacy of current legislation.

The international and hidden nature of online fraud makes it difficult to pursue and prosecute criminals because of the need for international cooperation and an ability to take action across borders.

"Although the banking industry has started to raise awareness of fraud, banks are still placing too much responsibility on consumers to spot and protect themselves from sophisticated online scams," says Gareth Shaw, Which? money commentator.

"We've heard from many people who have lost life-changing amounts of money through bank transfer fraud, but who have seen little swift action to help them.

"The Government now needs to set out an ambitious agenda to tackle fraud, publish an update on the progress of the Joint Fraud Taskforce and outline what action it will urgently take to safeguard consumers from scams."

5 ways to protect yourself from financial fraud


1. Never disclose security details, such as your PIN or full banking password
2. Don't assume an email, text or phone call is authentic
3. Don't be rushed - a genuine organisation won't mind waiting
4. Listen to your instincts - you know if something doesn't feel right
5. Stay in control - don't panic and make a decision you'll regret

(21st September 2017)


ONLINE BARGAIN HUNTERS "BUY EVEN IF THEY THINK IT MAY BE A SCAM"
(The Telegraph, dated 4th July 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/07/03/online-bargain-hunters-buy-even-think-may-scam/

Online shoppers are so desperate to bag a bargain that they will go ahead with a purchase even if they think it may be a scam, a study has found.

More than a third of scam victims questioned in a survey said even if they thought an advert may be a fraud, they still went ahead.

The research also found that more than a quarter of Britons have been the victim of an online marketplace scam, losing £63.76 on average in each incident.

Popular categories targeted by online fraudsters include items for sale, vehicles, jobs, services and property. The desire to grab what looks like a cheap deal often overrides people's instincts when shopping online, according to the survey.

The report, from trading website Gumtree, found that the top reasons people fell victim to scams included that something was perceived to be a good deal, while one in five were willing to take the risk because they really wanted something.

In some cases, a fraudster appearing to be kind and trustworthy - for example, offering to travel to the victim's home to make a transaction - lulled them into a false sense of security.

Items subject to scams tended to be slightly cheaper than others available for sale, but not so keenly priced as to arouse suspicion - making victims think they had spotted a good deal.

The embarrassment factor meant that, after being scammed, one in six victims did not tell anyone.

Morten Heuing, general manager at Gumtree, said the research showed "users of online marketplaces can be lulled into a false sense of security".

"Whilst millions of people use these websites safely and successfully, the reality is that fraudsters are out there exploiting honest users," he added.

Researchers also showed eight adverts to people and asked them to identify the scams. Only 7 per cent correctly identified all the bogus adverts - while 93 per cent of people could not spot all the scams.

Those who spotted fake adverts said giveaway signs included spelling mistakes, pictures looking "dodgy", a lack of detail and factual errors in the description.

The findings from the Psychology of Scamming report coincide with Scams Awareness Month, which sees Citizens Advice and Trading Standards Services leading activities throughout the month of July.

Gumtree said it is working with various organisations to tackle online fraud and help keep people safe. Scam victims were also asked what tactics had been used against them.

More than a quarter (27 per cent) had been put under pressure to complete the transaction quickly, 17 per cent had been encouraged to pay for the item without seeing it first and 15 per cent had been persuaded to continue their discussion off the website they were using.

While 17 per cent of those scammed said they thought they were getting a bargain, the same proportion also said they thought the advert was convincing.

Victims of scams in Gumtree's research said they had learned to physically see and test items out before making a purchase and avoid websites where they have had a bad experience.

They also said they would look for guarantees when making payments and pay more attention to consumer reviews and seller ratings.

The report included research among 2,000 people from across the UK and a further 1,000 scam victims.

(21st September 2017)


AGGRESSIVE CHARITY FUNDRAISERS FACE FINES
(BBC News, dated 4th July 2017)

Full article : www.bbc.co.uk/news/uk-40490936

Charities with "extremely aggressive" fundraising practices could be fined up to £25,000 if they do not crack down on nuisance calls, emails and letters.

Fundraising Regulator chairman Lord Grade said "such terrible practices" could not be tolerated.

He said trust in the UK charity sector had been "sorely tested" in recent years and must be restored.

Organisations must comply with new data protection legislation and provide marketing opt-outs from Thursday.

Lord Grade, a former BBC and ITV executive, said stories of aggressive fundraising and its consequences shocked Britain after the suicide of poppy seller Olive Cooke.

'Not an isolated case'

In 2015, the 92-year-old took her own life after receiving 466 mailings from 99 charities in a single year.

The Bristol resident had 27 standing orders to different charities at one stage.

Her family insisted the charities, while "intrusive", did not cause her to take her own life and she had suffered from depression - previously attempting suicide in 2009.

A friend, though, said that while the "pestering" was not entirely to blame for her death, she had been put "under pressure" by persistent charity fundraisers.

Speaking on the BBC's Today programme, Lord Grade said: "Sadly this wasn't an isolated case, and as a result of that high-profile tragedy it was clear that there was bad practice across many charities."

The Fundraising Standards Board found that 70% of the charities who contacted Mrs Cooke had acquired her details from third parties.

The new data protection legislation should prevent fundraising companies from sharing personal data or potential donation targets.

Fundraisers must also clearly provide an opt-out for marketing on all communications (texts, letters and phone calls) to potential contributors.

The Fundraising Preference Service (FPS) was set up after a cross-party review into the self-regulation of charity fundraising. The review was called by David Cameron after Mrs Cooke's case.

Announcing the new body, Lord Grade said: "You go online through our website or through a charity's website and you can send a message that you do not want to hear from any charities, or you only want to hear from charities you select."

He added that people with no access to a computer could opt out by phone.

The Fundraising Regulator would then notify the charity and give them 28 days to stop communications.

If charities do not adhere to the request, they will be referred to the Information Commissioner's Office and could be prosecuted under the Data Protection Act 1998.

Lord Grade added: "Many [charities] have embraced the new world, but charities have to understand that the fabulous generosity in the wallets of the British public cannot be taken for granted."

(21st September 2017)


ROYAL FREE BREACHED UK DATA LAW IN 1.6m PATIENT DEAL WITH GOOGLE'S DEEPMIND
(The Guardian, dated 3rd July 2017 author Alex Hern)

Full article [Option 1]:

www.theguardian.com/technology/2017/jul/03/google-deepmind-16m-patient-royal-free-deal-data-protection-act

Information Commissioner's Office rules record transfer from London hospital to AI company failed to comply with Data Protection Act.

London's Royal Free hospital failed to comply with the Data Protection Act when it handed over personal data of 1.6 million patients to DeepMind, a Google subsidiary, according to the Information Commissioner's Office.

The data transfer was part of the two organisation's partnership to create the healthcare app Streams, an alert, diagnosis and detection system for acute kidney injury. The ICO's ruling was largely based on the fact that the app continued to undergo testing after patient data was transferred. Patients, it said, were not adequately informed that their data would be used as part of the test.

"Our investigation found a number of shortcomings in the way patient records were shared for this trial," said Elizabeth Denham, the information commissioner. "Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

"We've asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people's data is being used."

The ICO ruled that testing the app with real patient data went beyond Royal Free's authority, particularly given how broad the scope of the data transfer was. "A patient presenting at accident and emergency within the last five years to receive treatment or a person who engages with radiology services and who has had little or no prior engagement with the Trust would not reasonably expect their data to be accessible to a third party for the testing of a new mobile application, however positive the aims of that application may be," the office said in its findings.

While privacy campaigners were hoping the ruling would touch on the continued use of patient data for the production version of Streams, the ICO was muted on the live use of Streams in a clinical environment, but warned that "concerns regarding the necessity and proportionality of the use of the sensitive data of 1.6 million patients remain".

The Royal Free has been asked to commission a third-party audit of the trial following the ruling, complete a privacy assessment, set out how it will better comply with its duties in future trials and establish a proper legal basis for the DeepMind project.

In a statement, the hospital trust said: "We are pleased that the information commissioner … has allowed us to continue using the app which is helping us to get the fastest treatment to our most vulnerable patients - potentially saving lives.

"We accept the ICO's findings and have already made good progress to address the areas where they have concerns. For example, we are now doing much more to keep our patients informed about how their data is used. We would like to reassure patients that their information has been in our control at all times and has never been used for anything other than delivering patient care or ensuring their safety."

The ruling does not directly criticise DeepMind, a London-based AI company purchased by Google in 2013, since the ICO views the Royal Free as the "data controller" responsible for upholding the data protection act throughout its partnership with Streams, with DeepMind acting as a data processor on behalf of the trust.

In a blogpost, the company said: "We welcome the ICO's thoughtful resolution of this case, which we hope will guarantee the ongoing safe and legal handling of patient data for Streams.

"Although today's findings are about the Royal Free, we need to reflect on our own actions too. In our determination to achieve quick impact when this work started in 2015, we underestimated the complexity of the NHS and of the rules around patient data, as well as the potential fears about a well-known tech company working in health.

"We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better."

The company highlighted a number of changes it had made since the launch of Streams, including a significant increase in transparency, and the creation of a independent health review board.

Streams has since been rolled out to other British hospitals, and DeepMind has also branched out into other clinical trials, including a project aimed at using machine-learning techniques to improve diagnosis of diabetic retinopathy, and another aimed at using similar techniques to better prepare radiotherapists for treating head and neck cancers.

(21st September 2017)


RANSOMWARE ATTACKS - HALF OF ALL ORGANIZATIONS HIT BY RANSOMWARE SUFFER MULTIPLE ATTACKS
(International Business Times, dated 30th June 2017 author AJ Dellinger)

Full Article [Option 1]:

www.ibtimes.com/ransomware-attacks-half-all-organizations-hit-ransomware-suffer-multiple-attacks-2560086

A new survey has revealed a startling statistic for governments and businesses that rely heavily on computer systems: organizations that have been hit by a ransomware attack are more likely to suffer from multiple attacks.

The data comes as part of the Annual Ransomware Report conducted by cloud data protection and information management firm Druva, which polled 830 information technology professionals in a number of industries.

Thirty-eight percent of respondents said they were hit by two to three ransomware attacks, while 12 percent reported falling victim to 4 or more attacks, indicating that recovering from a ransomware attack doesn't guarantee an organization is prepared for or immune from another in the future.

The majority of attacks that have hit organizations stem from endpoints-often devices used by individuals within a company who fail to follow proper security protocol and allow vulnerabilities to exist on their machine, which leads to the network becoming infected.

While 60 percent of all ransomware attacks have come from endpoint infections, one-third of all attacks target corporate servers, which can result in attacks that are far more compromising than an endpoint attack.

South Korean web hosting company Nayana recently fell victim to a server-targeted ransomware attack that took down more than 150 of its servers that hosted thousands of websites. Nayana paid the largest known ransom ever-over $1 million-just to recover from the attack.

In most cases of ransomware attacks, it is not just a single device that is affected. The survey found that 70 percent of the time, multiple devices are hit.

This is because an attack can often go unnoticed or unaddressed until it has already spread to other machines. Those surveyed said 40 percent of the time, the ransomware was unaddressed for two hours or longer. In 11 percent of instances, it took more than eight hours for IT to be alerted to the issue.

While ransomware attacks are undoubtedly a pain, there is respite for those who are hit if they are prepared. In 82 percent of cases, organizations were able to recover from an attack simply by keeping a backup that they could restore their systems from. Ten percent lost their data completely while 5 percent paid the ransom to regain access to their data.

"It's no longer a question of if an organization will be the victim of a ransomware attack, but when. [This report] underscores the importance of planning. Simply put, protecting data protects your bottom line," Jaspreet Singh, CEO of Druva, said.

With widespread ransomware attacks like WannaCry and Petya hitting computer systems around the globe, companies will assuredly find themselves dealing with attempts to hold their data hostage. Being prepared for such an attack-especially with secure backups-will make the experience much less painful.

--------------------------
RANSOMWARE ATTACK IS COVER FOR SOMETHING FAR MORE DESTRUCTIVE
(CNET, dated 1st July 2017 author Alfred Ng)

Full article [Option 1]:

www.cnet.com/uk/news/ransomware-attack-goldeneye-petya-cover-data-destroy-nation-state/

As odd as it sounds, the ransomware attack that swept across the world over the past few days wasn't about the money.

GoldenEye, also known as NotPetya, swarmed computers on Tuesday, locking up devices at multibillion-dollar companies including FedEx, Merck, Cadbury and AP Moller-Maersk.

Combined, these four companies are worth about $130 billion -- big targets with fat wallets. You'd think the hackers would ask for more than $300 per hijacked computer.

But now experts believe nation-state attackers are using ransomware as a screen, tempting victims to blame faceless hackers instead of the countries allegedly behind the attacks. The real goal was to get at and destroy data.

The revelation is a surprising new aspect of an escalating cyberwar between countries that has already compromised infrastructure, elections and businesses. North Korea leaked Sony emails in a display of power, hackers shut down Ukraine's power grids during a conflict with Russia and the US is still reeling from Russian interference in the 2016 presidential election.

Using ransomware as a cover for national attacks has serious implications not just for governments. Innocent people end up in the crossfire of these massive cyberattacks. Whether it's hospitals, universities, supermarkets, airports or even a chocolate factory in the firing line, the mess eventually trickles down to you. It could mean not being able to get your medicine because Merck's data is compromised or having flights grounded at a hacked airport.

"Sabotage often has collateral damage," said Lesley Carhart, a digital forensics expert. "Nothing new. Just digitized."

Flawed ransoming

The biggest tipoff that something was awry came from how the hackers planned to collect the ransom. The Posteo server shut down the email address that victims were supposed to use to contact the hackers, suggesting that aspect of the operation wasn't well thought out.

"If the authors of this malware's primary purpose was to make money, they certainly had the technical and strategic offensive skill set to successfully make way more than they did," Carhart said. "The actual 'ransoming' to get money was flawed and inefficient."

When a ransomware attack hit a South Korean web-hosting company earlier this month, the victims paid $1 million -- the largest known payout ever. Two days after GoldenEye hit, it had made only about $10,000.

The WannaCry attack, which struck last month, had reaped roughly $132,000 as of Wednesday.

GoldenEye the destroyer

Researchers from both Comae Technologies and Kaspersky Lab found that GoldenEye was a wiper, designed to destroy data. It used as its base a form of ransomware called Petya (hence the NotPetya name) to encrypt crucial files, steal login credentials and seize your hard drive, too.

Even though the ransomware promised you'd get your data back if you paid up, Comae founder Matt Suiche noticed that GoldenEye actually ended up destroying several blocks of data. The original Petya encrypted files, but there was always a way to reverse that, he noted.

Researchers from Kaspersky called this the "worst-case" scenario for the victims.

"I wouldn't be surprised if they're trying to shut down a couple of facilities that they're targeting," said Amanda Rousseau, a malware researcher at Endgame.

GoldenEye started as an attack on a single organization, with the ransomware attaching itself to a software update for MeDoc, Ukraine's most popular tax-filing software. From that one victim, it spread to multibillion-dollar companies that were using it. (The companies all have branches in Ukraine.) About 60 percent of the attacks happened in Ukraine, according to Kaspersky Lab. GoldenEye, like WannaCry before it, used a technique from the National Security Agency to get into one PC and took advantage of Windows sharing tools to spread to every other computer on the same network.

Ukraine has been rife with alleged cyberattacks from Russian state-sponsored hackers, as a testing ground for global hacks on major infrastructure.

Beyond Ukraine, the collateral damage continues after more than 200,000 computers around the world were infected. The attack showed hackers don't even have to target countries directly to get the job done.

If they can attack companies and infrastructure that help everyday life run smoothly, they've won.

"It's the equivalent of shutting down your power," Rousseau said.

--------------------------
(21st September 2017)


JUNE 2017


ICO FINES MORRISONS FOR EMAILING CUSTOMERS WHO DIDN'T WANT TO BE EMAILED
(The Register, dated 16th June 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/06/16/ico_fine_morrisons_unsolicited_emails/

Supermarket chain Morrisons has been fined £10,500 by the UK's data protection watchdog for sending marketing emails to people who had unsubscribed from marketing bumf.

The Information Commissioner's Office (ICO) said the company had broken the law when it deliberately sent more than 200,000 emails to people who had previously opted out of receiving such emails.

The emails, sent between October 24 and November 25 2016, were titled "Your account details" and went out to Morrisons More loyalty cardholders that had opted out of, er, Morrisons More card marketing.

According to the ICO, the message told cardholders that they had opted out of such emails - then asked them to change their preferences to start receiving coupons and points.

It also helpfully "provided directions on the steps to follow to opt back in to receive marketing".

The email was sent out to 236,651 people, but only 130,671 emails were successfully received.

In an unsurprising twist, one of the recipients was irritated that they received the email despite having unsubscribed from Morrisons' direct marketing - and shopped the chain to the ICO.

The ICO's investigation found that the email in question "would be in itself sent for the purposes of direct marketing, and so is subject to the same rules as other marketing emails".

In deliberately sending the emails, the ICO said, Morrisons had deliberately contravened the Privacy and Electronic Communications Regulations, and issued it with the fine, to be paid by July 13.

Deputy commissioner Simon Entwisle said: "It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing.

"These customers had explicitly told Morrisons they didn't want marketing emails about their More card. Morrisons ignored their decision and for that we've taken action."

The watchdog also pointed out that the impending General Data Protection Regulation - which comes into force next May - "sets a high bar for the consent organisations must obtain from customers before using their personal data for marketing".

A Morrisons spokesperson told The Register: "We sent out an information message to a small percentage of our customers that aimed to provide some helpful information about our service. We did this with the best of intentions and we're disappointed that this was deemed to be 'marketing material'."

Earlier this year, the ICO fined Flybe and Honda £80,000 and £13,000 respectively for emailing customers who had said they didn't want to receive marketing emails to ask whether they would consent to future marketing.

uaware comment

This law also applies to unsolicited text messages where you did not give prior permission.

(1st September 2017)


WHAT HAPPENS WHEN YOU CALL 999
(BT News, dated 30th June 2017)

Full article [Option 1]:

https://home.bt.com/tech-gadgets/what-happens-when-you-call-999-the-secrets-of-the-emergency-services-number-11364191315763

We hope we never have to call the emergency services, but when we do, it's reassuring to know the highly-trained men and women on the other end of the phone are waiting to help us.

The 999 service was set up in 1937 - with help from the GPO, BT's forerunner - and was the first emergency services number in the world.

On June 30, 2017, it will be 80 years since the service came into effect. A lot has changed in that time, but not the dedication of the emergency services. Here's what happens when you call 999, from when you speak to the operator to the moment the emergency services arrive to help you.

First point of contact


When you dial 999, you don't get put straight through to the emergency services. Instead, you speak to an operator who asks which service you require: ambulance, fire, police or coastguard.

They will identify your approximate location, which, if you're calling from a mobile phone, they can detect by identifying which phone mast your mobile is connected to. Most Android smartphones can be located to an area less than half the size of a football pitch using GPS signal and wi-fi location data, thanks to Advanced Mobile Location (AML), which was developed with BT. If you're calling from a landline, they can consult a database of addresses linked to phone numbers.

Once your location has been determined, the operator will patch you through to a call handler at the service closest to you.

What happens next varies depending on which service you require, and where you are in the UK.

"All police forces use different computer systems," says Mark Rothwell, a call handler at Devon & Cornwall Police.

"At Devon & Cornwall, when the BT operator passes the call on, it's forced onto the call handler - we have no choice but to answer it. It beeps, and the first voice we hear is the BT operator, who passes on the telephone number of the caller.

"This can be a bit confusing for the caller because to begin with it's basically a three-way conference call, and they might think the BT operator is talking to them."

This isn't the case in every force, however. Some use a data exchange system called EISEC - this stands for Enhanced Information Service for Emergency Calls, and is provided using the BT ISDN access network. It means the BT operator doesn't have to speak, as it enables the call handler to retrieve the information automatically.

For forces without EISEC, the BT operator is vital to ensuring a good response time.

"Often we can't get the caller's location, because they're distressed and don't know where they are, or maybe they can't speak because they don't want to be overheard by a perpetrator," says Rothwell.

"If that's the case, we can ask the BT operator where the call is coming from. The role of the BT operator can't be overstated - sometimes we manage a 999 call purely by speaking to them."

Determining the urgency

Once the call handler knows what the call is about, they have to decide how urgently officers should respond. "Most 999 calls are graded as 'immediate', which means police should arrive on the scene within 20 minutes - that's a target set by the Home Office," says Rothwell.

The next rating down is 'prompt', which has a response time of 60 minutes, and then 'routine', which is 24 hours. "It all depends how immediate the danger is," Rothwell says.

The call handler inputs the information about the call into the command and control system - Devon & Cornwall's is called Storm, and is made by a company called Sopra Steria. "It's the backbone of the whole operation," according to Rothwell. They then send this to a radio operator, who is the one who dispatches the police officers.

If the radio operator disputes the urgency of a call, they can question it with the call handler, and if they can't agree, it goes to the senior officer in the contact centre - an inspector, or one of their sergeants if they're otherwise engaged - who has the final say.

Getting emergency services to the scene

The radio operator contacts the police officers on the ground via a direct link to their body-worn radios. While the officers are on their way to the incident, the radio operator reads them the risk assessment that the call handler has carried out - this includes research on the people and vehicles involved, so the officers know what to expect.

All the officers' radios have GPS, so they can be followed on the mapping system, which interfaces directly with the command and control system. Each radio also has a big red button - if the officer is in trouble, they press it, and it creates an emergency incident log called Code Zero. The control room can then determine what's happened and how to respond.

"The officer could find themselves outnumbered 10 to one," says Rothwell. "In those situations, Code Zero can be a lifesaver."

(1st September 2017)


RUTHLESS ONLINE ROMANCE SCAMS TARGET LONELY HEARTS ON INDUSTRIAL SCALE
(International Business Times, dated 30th June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/ruthless-online-romance-scams-target-lonely-hearts-industrial-scale-1628494

Online fraudsters using fake identities on dating websites and social media networks to trick victims out of their money has become a lucrative underground industry and is only set to grow over the next 18 months.

The fraud, known as a romance scam, is being bolstered by leaks from major dating and pornography websites which can reveal a victim's intimate secrets, according to the UK National Crime Agency (NCA). Data breaches, for example at Ashley Madison and AdultFriendFinder, can lead to blackmail and extortion, it added.

It is "almost certain" that the UK will be targeted with more romance scams and highly targeted email compromise campaigns over the next 18 months, the agency warned in its National Strategic Assessment, released to the public on Thursday 29 June.

"Social engineering is highly likely to continue to rise as an attack vector, originating most notably from West Africa," it added.

In these social engineering attacks, which often rely on direct messages and grooming tactics, victims believe they are talking to a genuine person.

How romance scams work


The online fraudster orchestrating a romance scam plays the long game and will work to earn the trust of their victim over time. Once this is gained, the culprit pretends to experience a life-threatening or heartbreaking event before asking the victim for financial aid.

Once a payment is sent, the scheme then becomes more relentless as the scammer attempts to bleed as much money as possible by creating more fake situations - be it the death of a loved one or being stranded in a foreign country after being robbed. The statistics show it works.

Figures released in January by the National Fraud Intelligence Bureau revealed there were 3,389 victims of romance fraud in 2016, losing a combined total of more than £39m ($50m).

This was a rise from the previous year, when 3,363 victims lost a total of just under £26m ($33m). Meanwhile, in 2016, the average loss for each victim was £11,500 compared with £7,731 in 2015. At least 39% of those who were tricked are men, the figures suggested.

The victims are mounting

There are numerous victims who have spoken out about being fooled by romance scams over the years - and for some the personal consequences are more severe that financial ruin.

In March this year, 54-year-old Pam Wareing was taken to court after allegedly stealing more than £500,000 from her employer, a UK solicitor, to send to a conman she met online. That case was referred to a higher court and remains under investigation.

Another high-profile case was that of 68-year-old Judith Lathlean, a university professor who fell victim to a romance scam in 2015 via an online dating website. Lathlean lost a total of £140,000 after a man using the name John Porter online convinced her to send it to him.

"Porter" claimed his house had been broken into, resulting in the loss of his passport and phone. He claimed to have a vast fortune of £10m that was suddenly available but only if someone could go to Amsterdam and pay a fee to release the money. It was a complex web of lies.

"A lot of the online dating fraudsters we know are abroad," Steve Proffitt, deputy head of Action Fraud, told the BBC earlier this year. They're in West Africa, Eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

Luckily, there are a number of steps you can take to protect yourself from romance scams, as well as a number of key signs to look out for if you are suspicious of someone online. The advice comes courtesy of Action Fraud, the primary UK reporting centre for scams and cybercrime.

If you have struck up a relationship with someone online, you should be concerned if they are asking a lot of personal questions but never interested in talking about themselves, Action Fraud said. Additionally, it is advised to reverse image search their picture to make sure it's not stolen.

"What is striking from this year's assessment are the themes running through the crime types," NCA deputy director general Matthew Horne said in a statement at the release of the report. "Organised criminal networks are using online methods to defraud and extort," he warned.

How to protect yourself:


- Avoid giving away too many personal details when dating online. Revealing your full name, date of birth and home address may lead to your identity being stolen.

- Never send or receive money or give away your bank details to someone you've only met online, no matter how much you trust them or believe their story.

- Pick a reputable dating website and use the site's messaging service. Fraudsters want to quickly switch to social media or texting so there's no evidence of them asking you for money.

(1st September 2017)


ONLINE FRAUD COST PUBLIC BILLIONS BUT IS STILL NOT A POLICE PRIORITY
(The Guardian, dated 30th June 2017 author Press Association)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jun/30/online-costs-public-billions-but-is-still-not-a-police-priority-says-watchdog

Police forces are not doing enough to tackle the growing threat of online fraud, a public spending watchdog has found.

The National Audit Office (NAO) said the issue was "not yet a priority" for all local police forces and the problem had been overlooked by government, law enforcement and industry.

The report said the overall cost of all forms of fraud in 2016 was £10bn to individuals and £144bn to the private sector, arising from almost 2m cyber-related fraud incidents.

The NAO's chief, Sir Amyas Morse, said: "For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry. It is now the most commonly experienced crime in England and Wales and demands an urgent response."

He said the Home Office, while not solely responsible for tackling the issue, was the only organisation that could oversee the system and lead change.

The Home Office's joint fraud taskforce, launched in February 2016, was a positive step "but there is still much work to be done", he said. "At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective."

In the year to 30 September 2016 there were 1.9m estimated instances of cyber fraud, or 16% of all crimes.

The report said: "Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. Yet fraud is not a strategic priority for local police forces and the response from industry is uneven."

The report said one idea being considered by the banking industry to tackle online fraud was to make the security codes on the back of debit and credit cards change every hour.

"This is a positive step, as the redesign may help to stop an increase in online card fraud," the NAO said. "However, such a plan requires all card providers to participate."

------------------------

BANKS CONSIDER CHANGING SECURITY CODES ON DEBIT AND CREDIT CARDS EVERY HOUR TO FOIL ONLINE FRAUDSTERS
(The Telegraph, dated 30th June 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/06/29/banks-considering-adopting-debit-credit-cards-security-code/

Banks are considering adopting debit and credit cards where the security code changes every hour, to keep ahead of online fraudsters.

UK financial institutions are looking at the technology which has unveiled in France last year.

The new cards replace the printed three-digit security code on the back of the card with a mini screen which displays a random code that changes automatically every hour.

The development is encouraged today in a National Audit Office report that warns police forces are not doing enough to tackle the growing threat of online fraud.

The NAO said new cards with changing numbers could be "a positive step, as the re-design may help to stop an increase in online card fraud. However, such a plan requires all card providers to participate."

The NAO said the issue was "not yet a priority" for all local police forces and the problem had been overlooked by government, law enforcement and industry.

Almost two million cyber-related fraud incidents were estimated to have taken place in a year and the cost is likely to run into billions of pounds, the NAO said.

NAO chief Sir Amyas Morse said: "For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry.

"It is now the most commonly experienced crime in England and Wales and demands an urgent response."

He said the Home Office, while not solely responsible for tackling the issue, was the only organisation that could oversee the system and lead change.

The Home Office's Joint Fraud Taskforce, launched in February 2016, was a positive step "but there is still much work to be done", he said.

"At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective."

The report said that the overall cost of all forms of fraud in 2016 was £10 billion to individuals and £144 billion to the private sector as a whole.

In the year to September 30 2016 there were 1.9 million estimated incidents of cyber fraud, some 16% of all crime incidents.

The report said: "Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response.

"Yet fraud is not a strategic priority for local police forces and the response from industry is uneven."


Five tricks hackers use to steal your bank details


- Using fake "free" WiFi networks to steal passwords
- Guessing obvious passwords like "123456"
- Social media stalkers who find out when you're on holiday, using Facebook
- Dodgy apps that trick you into giving away data using in-app permissions
- Fake emails pretending to be from well-known brands - like Amazon or eBay

What is the NCA's advice to UK internet users?

Members of the public are reminded they should be vigilant and not open documents in emails, or click on links, if they are unexpected or if they are unclear about its origin.

If any internet users think they have lost money through malware such as Dridex, they should report their concerns to Action Fraud and alert their respective banks.

Users are urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.

(1st Septemeber 2017)


CIVIL RIGHTS WARRIORS GET GREEN LIGHT TO CHALLENGE UK MASS SURVEILLANCE
(The Register, dated 30th June 2017 author Rebecca Hill)

Full article [Option 1]:

www.theregister.co.uk/2017/06/30/liberty_gets_green_light_to_challenge_snoopers_charter/

The High Court in London, England, has given Liberty permission to challenge parts of the UK's Investigatory Powers Act.

The act, which was passed into law last year, offers the state unprecedented powers to monitor the population en masse, and to collect and retain bulk personal and communications data.

It has been roundly condemned by privacy and civil liberties groups, as well as opposition MPs - the Lib Dems branded it "Orwellian" and promised to roll back the law if they gained power in the last election.

Liberty launched its legal challenge after a landmark EU ruling stated that access to retained data must only be given in serious crime.

That case, brought by Labour MP Tom Watson, was heard in the European Union's Court of Justice.

The court stated that governments could only collect data in a targeted way - and not collect and retain data indiscriminately on a population scale.

Liberty has today announced the High Court has granted it permission to challenge part of the Investigatory Powers Act.

Martha Spurrier, director of the advocacy group, said: "We're delighted to have been granted permission to challenge this authoritarian surveillance regime.

"It's become clearer than ever in recent months that this law is not fit for purpose. The government doesn't need to spy on the entire population to fight terrorism. All that does is undermine the very rights, freedoms and democracy terrorists seek to destroy."

She added that recent cyber-attacks that took "businesses and public bodies to their knees" made the government's "obsession with storing vast amounts of sensitive information about every single one of us look dangerously irresponsible".

The UK's High Court has also allowed the group to seek permission to challenge three other parts of the Act, which it can do when the government publishes further codes of practice for the legislation or in March 2018, whichever is later.

These parts are: bulk interception of communications content; bulk personal datasets; and thematic hacking - which would see state actors covertly access, control and alter electronic devices if their owners are suspected of involvement in crime.

The group - which is crowdfunding the case, and has so far raised more than £53,000 - is now waiting on its application for a costs capping order, which sets the upper limit of costs in the case. If that is granted, the case will be listed for a full hearing in due course.

uaware comment

The main question about the outcome of this appeal is how much light does Liberty want to shine on the operation of the UK Security Services.Their existence is to lurk in "dark places" obtaining information because that is where the bad guys are. The main problem is who also can use the same surveillance laws; in the past there were comments that local councils could use them to check what waste materials residents throw away. The sheer fact that an Act has been passed to describe what the Secret Services are doing or are going to do puts them in enough light. Are Liberty and their supporters naive enough to believe that the Secret Services have not been carrying out the "Acts described actions" already for years. The Act describes formally what they have been doing.

How many terrorist atrocities would have taken place if our appropriate authorities were not allowed to snoop ?

(1st September 2017)


NHS WANNACRYPT POSTMORTEM - OUTBREAK BLAMED ON LACK OF ACCOUNTABILITY
(The Register, dated 29th June 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/06/29/nhs_wannacry_report/

A lack of accountability and investment in cyber-security has been blamed for the recent WannaCrypt virus that hobbled multiple hospital NHS IT systems last month in England, a report by The Chartered Institute for IT concludes.

The report, published today, comes following a similar, but more limited attack against UK-based companies as the result of the spread of the NotPetya ransomware earlier this week.

Whilst doing their best with the limited resources available, the Chartered Institute for IT report suggests some hospital IT teams lacked access to "trained, registered and accountable cyber-security professionals with the power to assure hospital Boards that computer systems were fit for purpose".

The healthcare sector has struggled to keep pace with cyber-security best practice thanks in large part to a systemic lack of investment. The WannaCrypt attack was an accident waiting to happen, according to David Evans, director of community & policy at The Chartered Institute for IT.

"Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the WannaCrypt ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future," Evans said.

The Chartered Institute of IT has joined forces with the Patient's Association, the Royal College of Nursing, BT and Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber-attack. Employing accredited IT professionals tops the list. The NHS board is being urged to ensure it understands its responsibilities, and how to make use of registered cyber security experts. The number of properly qualified and registered IT professionals needs to be increased, the report recommends.

Almost 50 NHS Trusts were hit by the WannaCrypt cyber-attack that left infected computers with encrypted files and at least temporarily unusable in many areas of the health service. The outbreak led to operations and appointments being cancelled or postponed.

The issue of how to improve security in the NHS following the WannaCrypt outbreak has been raised in Parliament. In response to a written question, junior Department of Health minister Jackie Doyle-Price said a review of the cyber attack was under way. Emergency measures specifically allocated to deal with last month's NHS ransomware attack cost £180,000. The government is making cyber-security a requirement of health service contracts, she added.

**********************************
We have changed the National Health Service standard contract to include, from April 2017, cyber security requirements.

Evidence shows that the use of unsupported systems is continuing to reduce in health and care, as organisations replace older hardware. Latest estimates suggest the usage of Windows XP in the NHS has reduced from 15-18% at December 2015, to 4.7% of systems currently.

The 12 May 2017 ransomware incident affected the NHS in the United Kingdom. It is standard practice to review any major incident in the NHS. Further, the Chief Information Officer for health and care is undertaking a review into the May 2017 cyber-attack which is expected to conclude in the autumn.

The identifiable cost of emergency measures put in place to specifically address the NHS ransomware attack on 12 May 2017 was approximately £180,000. These costs were borne by NHS Digital and NHS England from internal budgets. Information relating to any expenditure incurred by individual local NHS trusts or other NHS organisations is not collected centrally.

***********************************

There was a lot of focus on the NHS's reliance on obsolete Windows XP systems in the aftermath of the WannaCrypt outbreak. However post-hack technical analysis revealed that Windows XP systems were more likely to crash than get infected. Some Win XP systems did nonetheless get pwned, but in any case they weren't a vector in the spread of the cyber-pathogen. Windows 7 systems left unpatched against the leaked EternalBlue NSA exploits at the centre of the outbreak were a much bigger problem, it transpired.

The state of preparedness for online attacks in the NHS reflects those of the public sector more generally. Just over half (53 per cent) of local authorities across the UK are prepared to deal with a cyber-attack, according to a separate survey of over 100 council leaders by management consultancy PwC. Only a third (35 per cent) of local authority leaders are confident that their staff are well equipped to deal with cyber threats.

(1st September 2017)


BREXIT MIGRATION CRACKDOWN MAY THWART CRIME GANGS SAYS NATIONAL CRIME AGENCY
(International Business Times, dated 29th June 2017 author Ian Silvera)

Full article [Option 1]:

www.ibtimes.co.uk/brexit-migration-crackdown-may-thwart-crime-gangs-says-national-crime-agency-1628335

The UK's split from the EU could help police by "hampering" organised crime gangs as tougher immigration rules are put into force, the National Crime Agency (NCA) said on Thursday 29 June.

The organisation, which replaced the Serious Organised Crime Agency in 2013, made the claim in its 2017 National Strategic Assessment of serious and organised crime in the UK.

"Criminals are not constrained by geographical or jurisdictional boundaries and are inherently opportunistic," the report said.

"We expect that many will strive to take advantage of the opportunities that Brexit might present. However, some of the impacts of Brexit could work in favour of law enforcement.

"For example, post-Brexit restrictions on the freedom of movement from EU countries to the UK may hamper the ability of crime groups to use false and fraudulently-obtained documents to facilitate entry and leave to remain in the UK."

The comments come as the British government continues the two-year-long divorce talks with the EU. Prime Minister Theresa May has promised to end free movement of EU nationals to the UK in a bid reduce net migration, currently at more than 248,000, to "tens of thousands".

The Conservative premier plans to split from the EU's single-market to achieve the election manifesto pledge. Jeremy Corbyn's Labour Party have also conceded that EU free movement will have to end for the UK after Brexit.

The NCA, the UK's equivalent to the FBI, also warned that there are more than 5,800 organised crime groups, made up of over 39,000 individuals, operating in Britain. UK nationals made up more than 60% of those individuals, while Romanians made up 1.5%, Pakistanis 1.2%, Polish 0.9%, Albanians 0.8% and Nigerians 0.8%.

"The NCA has a pivotal role in leading the UK's fight to cut serious and organised crime; this assessment provides us and our policing and law enforcement partners with a sound understanding of the threats we face," said Matthew Horne, the deputy director-general of the NCA.

"What is striking from this year's assessment are the themes running through the crime types. Organised criminal networks are using online methods to defraud and extort, but also facilitate the abuse of children and advertise the victims of human trafficking and modern slavery.

"Similarly, the threat from corruption encompasses a huge range of sectors and professional enablers, from bank insiders and accountants involved in high end money laundering, through to port workers and delivery drivers facilitating drug trafficking.

"Criminal networks themselves are diversifying and it is not uncommon to find the same groups involved in trafficking people or illicit commodities, using the same methods or infrastructure."

(1st September 2017)


MET POLICE LAGGARDS STILL HAVE 18,000 WINDOWS XP MACHINES IN USES
(The Register, dated 28th June 2017 author Gareth Corfield)

Full article [Option 1]:

www.theregister.co.uk/2017/06/28/met_police_running_18k_windows_xp_machines/

Thousands of Metropolitan Police computers are still running Windows XP more than a year after the force promised to upgrade them, mayor Sadiq Khan has admitted in response to a Greater London Assembly question.

Moreover, just eight London police machines are running Windows 10, the latest version of the operating system.

Of the Met's 32,751 desktop and laptop computers, 18,000 are still running Windows XP. The force originally set itself a target of March, 2016 to get them all onto Windows 8, a target that has vanished into the cold case files of history.

Though the force appears to have met its revised target of getting 14,000 machines running Windows 8.1 - 14,450 are now running the OS - another 2,458 are still running XP, 7, 8.1 and 10. These are said to not be networked, and police sysadmins are apparently unable to separate out which ones are running what.

It appears that several thousand machines have also been junked: in August last year the force had 35,640 on charge.

Steve O'Connell, the Conservative London Assembly spokesman for policing and crime, said in a statement: "The Met is working towards upgrading its software, but in its current state it's like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications."

Yesterday afternoon that exact scenario came to pass as the "NotPetya" ransomware wreaked havoc across large chunks of the globe just weeks after the WannaCry/WannaCrypt ransomware locked up, amongst other things, the NHS. Another government department, the Ministry of Defence, has come under fire for installing XP aboard the Royal Navy's brand new aircraft carrier.

Police chiefs planned to bypass Windows 7 and go straight to 8 in 2014, when the "escape from XP" plan, codenamed Next Generation Desktop, was first hatched. Since then the force has dragged its heels, in spite of Microsoft ending general support for XP three years ago.

The situation is better with Windows 8; although mainstream support for the OS comes to an end on 9 January, 2018, it will still get security updates for five years after that. Extended support for the OS ends January 10 2023.

We have contacted the Met for comment and will update this article if it replies. The force has consistently stonewalled our previous requests for an explanation over the years.

Labour mayor Sadiq Khan has been an outspoken critic of the Conservative-led government's funding cuts to police forces. The news comes just weeks after Met Commissioner Cressida Dick publicly demanded more cash for the force, an unusual move for a senior policewoman to make three days before a general election.

Back in April the London mayor set up an "online hate crime" unit at a cost of £1.7m.

(1st September 2017)


LADBROKES COULD FACE INQUIRY AFTER BETTING ADDICTS DETAILS FOUND IN BIN BAG
(The Guardian, dated 27th June 2017 author Rob Davies)

Full article [Option 1]:

www.theguardian.com/business/2017/jun/27/ladbrokes-betting-addicts-bin-bag-gambling-commission

Ladbrokes could face an investigation from the gambling regulator over an incident in which confidential information about betting addicts, including photos, names and addresses, was found in a bin bag on the street.

The Gambling Commission said it was looking into the bookmaker's compliance with data protection laws after a passer-by found the sensitive documents outside a branch of Ladbrokes in Glasgow.

The data included personal details of customers who signed up for the betting industry's multi-operator self-exclusion scheme (Moses), which allows problem gamblers to ban themselves from placing bets voluntarily.

ookmakers carry information about customers who have signed up to the Moses system to help shop staff identify customers who should not be allowed to bet.

The information includes their names, addresses, photographs and information about why they have chosen to exclude themselves but does not include bank account numbers or detailed information about their betting history.

The Gambling Commission said it was looking into why such sensitive data was not disposed of in a way that ensured customer's personal information was protected.

"Customers trust that their personal data will be collected carefully and then protected properly," said the Gambling Commission executive director, Tim Miller.

"We expect gambling operators to adhere to all data protection laws or regulations, which are enforced by the Information Commissioner's Office (ICO).

"In an instance where personal data has been breached, we would expect operators to do whatever they can to mitigate any harm caused."

Ladbrokes usually collects such data from its stores and disposes of it securely through a company-wide procedure.

A statement on the Moses website reads: "Your personal details are kept confidential and only shared with the participating bookmakers their group companies' and the central team administrators."

Ladbrokes did not say how the information ended up in a bin bag on the street. But a spokesperson said: "We are taking this extremely seriously and [are] undertaking a full investigation."

Ladbrokes is understood to have written to all of its shops reminding them of the need to dispose of sensitive information in the right way.

It has also begun an internal investigation to be sure that its procedures are as watertight as possible, according to the Scottish Sun.

Marc Etches, chief executive of leading charity GambleAware, said: "We really hope this situation does not put anyone off using self-exclusion, as research we published in March found that 83% of those who have used it found the scheme to be effective, although we would always recommend professional treatment alongside such measures.

"Self-exclusion is often a last resort for those already suffering from a gambling addiction and it's important we identify those who are at risk as early as possible and prevent problems developing."

Individual bookmakers have their own self-exclusion scheme but also use the industry-wide scheme Moses, managed by a responsible-gambling body called the Senet Group, founded by four major bookmakers in 2014.

Gamblers can voluntarily self-exclude for a year, a binding decision that cannot be reversed during the period.

At the end of the year, the self-exclusion will remain in place automatically for six months, unless the customer requests otherwise.

(1st September 2017)


ALL SECONDARY SCHOOLS IN LONDON TO BE OFFERED KNIFE DETECTORS
(The Guardian, dated 27th June 2017 authors Sally Weale and Richard Adams)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jun/27/all-secondary-schools-in-london-to-be-offered-knife-detectors

All secondary schools in London are to be offered knife detectors to check pupils for weapons as part of a major crackdown on growing knife crime in the capital.

Secondary schools across the city are being invited to apply for a metal detecting "wand" to screen students. In addition every school will get its own "safer schools" police officer as part of a package of measures announced by London's mayor on Tuesday.

The wands are already being used by about a dozen schools in the capital, according to the mayor's office. The plan is to extend their availability to other schools, particularly in areas where knife crime is most prevalent.

Announcing the crackdown, the London mayor, Sadiq Khan, said: "Every death on the streets of London is an utter tragedy, and I am deeply concerned about the rise in knife crime on London's streets.

"Dozens of families have been bereaved; many more have seen their loved ones severely injured. We need to send a strong signal that carrying and using knives is totally and utterly unacceptable.

"And we need to do more to educate young people around the dangers of carrying knives if we are to cut injuries and deaths."

According to the mayor's office, 24 Londoners under the age of 25 have been fatally stabbed on London's streets so far this year. Attacks with bladed weapons rose by 24% last year in London

But headteachers said the final decision on the use of security screening should be left up to individual schools.

"Knife wands may be a useful measure in preventing weapons being brought on to school premises, and school leaders are best placed to judge if, when and how to use them," said Geoff Barton, general secretary of the Association of School and College Leaders that represents many secondary school leaders.

"We would reassure the public that schools already have robust policies and procedures in place to protect their pupils, and that schools are supremely safe places."

Schools will be invited to apply to the mayor's office for a knife wand and will use them in consultation with both the mayor's team and the Metropolitan police. A high-risk school may choose to use its detector regularly to screen students entering the premises, or at individual school events.

Cressida Dick, the Met police commissioner, said: "Despite everything that has been happening in London in recent weeks - knife crime remains a top priority for me and the Met.

The reason for this is simple - far too many people are carrying knives, too many are committing crimes with those knives and too many are getting injured or killed."

The mayor will spend an additional £625,000 on new knife and gang crime projects, taking total spending to £7m. Launching the new strategy, he called on the government to reverse cuts to youth services in the capital.

Between 2010 and 2016, youth service spending went down by £400m across the country. In London, £22m has been lost because of cuts to council funding, resulting in the closure of 30 youth centres - seen as central to helping in the fight against youth crime - and the loss of almost 13,000 places.

Khan said: "Young Londoners have lost tens of millions of pounds in funding for youth services since 2011 and this simply has to stop.

"The only way we can truly beat the scourge of knife crime on our streets is by properly funding youth services - the government needs to step up, reverse these cuts and help provide the services we need to tackle knife crime."

Detailed figures available from 24 police forces across England and Wales found that 500 knives were among 700 weapons seized in schools in 2016-17 alone.

(1st September 2017)


HOW THE UK PARLIAMENT HACK HAPPENED
(International Business Times, dated 26th June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/how-uk-parliament-hack-happened-these-are-password-security-rules-mps-ignored-1627821

In the wake of a "sustained and determined" cyberattack targeting parliamentary email accounts last week (23 June), a number of security experts have reflected on how the incident could have been avoided, lambasting UK politicians for failing to meet basic cyber hygiene.

The British government revealed hackers probed MP accounts to identify those with weak security and said "fewer than 90" inboxes were compromised. Ultimately, officials blamed the number of successful intrusions on "the use of weak passwords that did not conform to guidance."

That guidance (here) asks staff to keep passwords at a "minimum of eight characters including upper and lower case letters and a number", says they must "not be based upon easily guessed words" and that credentials "should not be written down unless absolutely necessary."

It seems basic advice was ignored on dozens of accounts. Additionally, based on statements from the UK House of Commons, it appears multi-factor authentication - used to add an extra layer of protection to accounts - was not required on politicians' inboxes.

Questions have also been asked about why passwords were even allowed to "not conform" to official guidance - was there no system in place to enforce the rules?

"There is still more work to be done on the most basic level of security - password protection," said Neil Larkins, co-founder of security firm Egress.

"Unfortunately, we cannot trust MPs to always make the best security choices," he contined.

"There has to be a system in place to enforce a minimum requirement of password security, and provide more comprehensive training and incentives for staff to adopt better security practices."

The hackers reportedly used "brute force" tactics to crack as many accounts as possible - luckily less than 1% of the total 9,000 on the network.

Yet politicians were given ample warning that their credentials may have already been traded on the criminal underground following an article in The Times on the same day as the attack.

The newspaper exclusively reported that MP email information, pilfered from previous leaks at MySpace, LinkedIn and Yahoo, was listed as 'for sale' on the dark web.

So what went wrong?

"The key problem is that many of the passwords that have been exposed through external social media sites are the same passwords used for every day duties. This would contravene best practice and guidance," said Andrew Clarke, director at security firm One Identity.

He said the government could overcome password reuse by introducing multi-factor authentication. "To access a system, the user has to not only provide the password but also the second factor - which may be for example a code that has been sent via SMS," Clarke elaborated.

"If passwords need to be used, then a password manager tool would help on a number of fronts. Firstly, it would help re-enforce policies and data security standards and if a password is tried unsuccessfully then the system access is actually locked out."

The official government guidance requests that all "confidential documents" be separately password protected by the user.

But it remains unknown if documents or secret material was compromised. The government said an investigation is now underway.

"It's worrying that members of parliament do not seem to be clued up on the security risks of weak passwords," said James Romer, an expert at cybersecurity firm SecureAuth.

"The hackers specifically probed for those who were not following government protocol."

"This leaves the door wide open for hackers," Romer continued. "Individuals, especially those in governmental positions, need to have security more front-of-mind and realise that even the most trivial security weakness can be exploited to gain access."

The culprit behind the hack remains unclear. Speculation from unnamed security sources in British media have suggested the involvement of hackers aligned with Russia, however experts maintain it is still too early to reach any conclusion on attribution, urging scepticism.

The UK National Cyber Security Centre (NCSC), a strand of signals intelligence agency GCHQ, is spearheading the probe. On its website, it reiterated password advice following the incident.

"To help people improve their password practices and manage the many passwords they need, we recommend the use of password managers," it stated.

"We advise against the regular changing of passwords where there is no indication or suspicion of compromise. However, the advice has always been clear that where there is evidence that your password has been compromised it should be changed quickly."

(1st September 2017)


FRAUDSTERS BEHIND £12m UK-WIDE SCAM JAILED
(BBC News, dated 26th June 2017)

Full article : www.bbc.co.uk/news/uk-england-40412399

Fraudsters who conned NHS hospitals, councils and a government out of more than £12m have been sentenced.

Ten conspirators were given sentences at Leicester Crown Court of up to 10 years in prison.

In each case forged letters, emails or faxes were sent to the 22 targeted organisations, pretending to be from a legitimate firm already carrying out contract works.

The biggest victim was the Guernsey government, which lost £2.6m.

In one case, a £1.28m payment to build a mental health unit at Lincoln's St George's Hospital was diverted when NHS trust staff failed to check the new bank details supplied.

It was only when an employee of the building firm Costain saw the bogus letter, with its logo out of place, a fake reference number and signatures, that the alarm was raised.

Lincolnshire Partnership NHS Foundation Trust then called in the police at the end of 2011, sparking a lengthy investigation, led by Lincolnshire Police with support from NHS Protect.

After sentencing on 23 June, Det Sgt Mike Billam, said: "I am pleased to say that with the assistance of law enforcement in Dubai, Poland and other countries, this investigation has got to the heart of this conspiracy and has disabled what was clearly an international organised crime group."
'Sophisticated'

The fraudsters took advantage of the fact that public sector contracts were freely available to see, under financial transparency rules.

In sentencing, Judge Philip Head said: "This was a sophisticated and widespread fraud in its conception and execution", adding, "these bodies were selected because it was hoped their accounting processes would be vulnerable."

"The loss falls necessarily on those who are not able to pay it, ultimately the members of the public whose taxes fund these bodies," he said.

However, what the judge called the "prime-mover", identified in court as Nigerian national Bayo Awonorin, was still at large, having failed to answer to police bail.

Two other men, John Woodhatch, then 56, and Adrian Taylor, 44, have already been jailed for a total of 11 years at Southwark Crown Court in September 2015, for money laundering and acquiring criminal property.

Among the conspirators was a former nightclub toiletries' seller, company directors and a newsagent.

Those sentenced

The sentences were given on 23 June, but reporting restrictions were in place at the time.

An additonal 11 people were involved in the fraud; with charges ranging from conspiracy to defraud, conspirancy to launder money and perverting the course of justice. Sentences ranged from 22 weeks to 10 years.

The targets

- States of Guernsey Government was defrauded of the largest single amount, £2.6m, and the cash funnelled into seven separate accounts

- Lincolnshire Partnership NHS Foundation Trust lost £1.28m, which was laundered through eight separate bank accounts

- The Royal College of Art paid out £1.26m but all the money was recovered

- Royal Free Hampstead Hospital paid out £1.43m to the fraudsters, but the cash was returned

- St Paul's School, in Barnes, Middlesex, was cheated out of £937,015, but all money was recovered

- Kingston University transferred £1.75 million, however the money was returned

- North Essex Partnership NHS Foundation Trust was defrauded of £896,700, with £536,966 was recovered

- Goodmans Logistics, in Solihull, West Midlands, was targeted and paid £1.052m, which ended up being laundered by crooks through 15 separate accounts: £255,000 was recovered

- Dundee City Council was asked for £396,977, but the fraud was identified shortly afterwards and the cash recovered

- Falkirk Council was targeted but the request was ignored

- Middlesbrough Council paid out £236,477, although £197,718 was recovered

- Derby University paid out £314,438, with £173,818 of the money later recovered by the bank

- Norfolk and Suffolk NHS Foundation Trust ignored the fraudulent request

- Galliford Try PLC were defrauded of £187,703, of which £12,569 was recovered

- Freebridge Community Housing in Norfolk, received a fraudulent request by fax, but ignored it

- Sheffield Teaching Hospitals NHS Foundation Trust were targeted but did not respond

- Tees, Esk and Wear Valley NHS Foundation Trust, paid £261,260. All the money was lost

- Greenfield Housing Association ignored the fake bank account details and paid nothing

- Clackmannanshire Council in Scotland ignored the letter it received from fraudsters

- Derwent Valley Holdings PLC was targeted but ignored the bogus letter it received

- Northumberland, Tyne and Wear NHS Foundation Trust also ignored the bogus email they received

- Plymouth University was targeted but never responded to the fake communication

(1st September 2017)


SHOCKING RISE IN VIOLENT AND SEX CRIMES IN LONDON BARS AND NIGHTCLUBS
(London Evening Standard, dated 25th June 2017 author Jonathan Mitchell)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-shocking-rise-in-violent-and-sex-crimes-in-london-s-bars-and-nightclubs-a3572126.html

Police have seen a spike in the number of violent and sexual crimes in London's nightclubs, bars and pubs, the Standard can reveal.

Met Police statistics showed that officers were called out 9,598 times in 2016, including 1,706 cases of serious wounding and 55 rapes.

About 26 incidents were dealt with by police every day, according to the figures obtained by the Standard.

The number of violent and sexual crimes has risen by 2,409 since 2012 but charges or warnings were only issued for 68 more cases - a rise of just three per cent.

The statistics, obtained through Freedom of Information rules, showed a rise in rapes, sexual assault, weapons reported and even murders in licensed premises across the capital.

The figures lay bare the huge task facing the Met and City Hall in combating crime in London's nightlife hotspots.

Scotland Yard put the rise partly down to victims feeling "more confident" to report assaults, but acknowledged that the figures are a "concern to everyone".

Of the 9,598 cases reported to the Met last year, only 1,957 resulted in criminal proceedings - just more than 20 per cent.

In 2016, there were 27 more reported rapes, 188 more sexual assaults and 959 more cases of serious wounding than in 2012.

Of all the figures obtained, only the number of robberies decreased.

The Good Night Out campaign was set up by a group of women to offer training to staff in licensed venues on how to deal with and prevent harassment and sexual assaults.

So far the group has worked with venues including the iconic Fabric nightclub among others.

Jen Calleja, of the Good Night Out campaign, told the Standard: "It's not surprising but it's always shocking.

"These types of harassments and assaults - it's not going away any time soon.

"This type of harassment has always existed and part of the reason why it may seem it's on the rise is because it's less socially acceptable now."

"We've been backlogged with venues that have contacted us saying 'we want in and we need this training.

"It's about making people who work in the bars feel comfortable."

The capital's clubbing scene has been rocked by a series of high-profile police incidents over the last 12 months.

In April, two victims were left blind in one eye following an acid attack at Mangle nightclub in east London.

Arthur Collins, the former boyfriend of TOWIE star Ferne McCann, is due to face trial in October over the attack.

Two teenagers also died after taking drugs at Fabric in June last year, an incident that nearly closed down the nightclub and sparked worries over door security at venues across London.

Met Police spokesman said: "London has a thriving night-time economy with a wide range of licensed premises across the Capital. We work closely with venue owners to help keep Londoners safe while enjoying the city's nightlife.

He added: "We know some of the reason for these rises are an increase in confidence meaning people are more willing to report offences to the police and better recording by the officers.

"However, we are continuing to explore other possible reasons for these rises which are, of course, of concern to everyone, not least the police, we are working hard to combat this and keep people safe."

Last year, London Mayor Sadiq Khan appointed Amy Lamé as the capital's Night Czar and tasked her with turning the London into a safe, thriving 24-hour city.

Since her appointment, she has pledged to combat after-dark sexual assaults, particularly on London's expanding Night Tube.

City Hall's Deputy Mayor for policing and crime, Sophie Linden, said: "London's police work incredibly hard to ensure the safety of everyone, but we also need to ensure people from across London's night time industry - venue owners, local authorities, transport workers are playing their part.

"We are working with the police, councils and businesses to tackle crime and antisocial behaviour hotspots in the night-time economy - through measures such as targeted patrols, Pubwatch schemes and more consistent and effective licensing."

(1st September 2017)


CHILDREN AS YOUNG AS 10 INVOLVED IN MOPED GANG CRIME ACROSS LONDON
(London Evening Standard, dated 25th June 2017 author Sean Morrison)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-children-as-young-as-10-involved-in-moped-gang-crime-across-london-a3571876.html

Children as young as 10 are rapidly becoming more involved in moped gang crime, as worrying figures reveal a spike in youngsters targeting Londoners.

The Metropolitan Police has recorded a dramatic 1,500 per cent rise in under-16s who faced convictions for crimes carried out using a scooter in the past five years.

Over the same period, the latest data shows a spike of over 450 per cent in that age group who were suspected but never convicted of a motorcycle-enabled crime.

In the last five years, 14 10-year-olds were reportedly involved in a crime involving a two-wheeled vehicle in the capital - and all but one of those was carried out last year alone.

The number of 12-year-olds involved in the same type of offence has also gone up, with an increase of 900 per cent since 2012.

The Standard has previously reported how moped-enabled crime reached epidemic levels in London, with a rise of 1,600 per cent in the same five-year period.

Last year, 8,300 crimes were carried out by thugs using a motorcycle. Five years earlier the figure was just 317.

There were over 5,500 moped-enabled crimes in the first four months of this year, more than the overall total for 2011, 2012, 2013 and 2014 combined.

The scale of the crime wave was revealed after horrifying footage of several incidents involving moped gangs emerged from both the public and police.

In one recent attack, a scooter gang sprayed a fire extinguisher in the face of motorcyclist before attempting to steal his cycle in broad daylight.

And in May, a woman was dragged down the street by a thug riding a moped after she refused to let go of her handbag.

Police officers face a struggle targeting scooter gangs due to strict rules on pursuits.

The Met's pursuit policy means officers have to adhere to strict guidelines before chasing them at speed.

Superintendent Mark Payne previously told the Standard suspects occasionally take off their helmets in a bid to force police to abandon chases.

He said: "If a rider takes his helmet off, that's a result for us. They will drive past five or six CCTV cameras and we will have his face. We know who they are and there is no point in pursuing them.

"We will bang on their door at 3am when it is low risk, why should we bother chasing them through the streets of London."

Restrictions on pursuits were enforced more strictly after the death of 18-year-old Henry Hicks, who was killed when his moped crashed as he was being chased by police in December 2014.

(1st September 2017)


PARLIAMENT CYBER-ATTACK "HIT UP TO 90 USERS"
(BBC News, dated 24th June 2017)

Full article : www.bbc.co.uk/news/uk-40398696

Up to 90 email accounts were compromised during the cyber-attack on Parliament on Friday.

Fewer than 1% of the 9,000 users of the IT system were impacted by the hacking, said a parliamentary spokesman.

The hack prompted officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.

The spokesman said the attack was a result of "weak passwords" and an investigation is under way to determine whether any data has been lost.

Both Houses of Parliament will meet as planned on Monday and plans are being put in place to allow it to resume its wider IT services, said officials.

A number of MPs confirmed to the BBC they were unable to access their parliamentary email accounts outside of the Westminster estate following the hacking.

'Passwords for sale'

The spokesman said the parliamentary network was compromised due to "weak passwords" which did not conform to guidance from the Parliamentary Digital Service.

They added: "As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way."

The incident comes just over a month after 48 of England's NHS trusts were hit by a cyber-attack.

International Trade Secretary Liam Fox said: "We have seen reports in the last few days of even cabinet ministers' passwords being for sale online.

"We know that our public services are attacked so it is not at all surprising that there should be an attempt to hack into parliamentary emails.

"And it's a warning to everybody, whether they are in Parliament or elsewhere, that they need to do everything possible to maintain their own cyber-security."

The latest attack was publicly revealed by Liberal Democrat peer Lord Rennard on Twitter as he asked his followers to send any "urgent messages" to him by text.

The National Cyber Security Centre and National Crime Agency are investigating the incident.

(1st September 2017)


RUSSIAN HACKERS SELLING LOGIN CREDENTIALS OF UK POLITICIANS AND DIPLOMATS
(The Register, dated 23rd June 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/06/23/russian_hackers_trade_login_credentials/

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats.

The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still presents a potential problem.

An investigation by the paper found two massive lists of stolen credentials were put up for sale or traded on Russian-speaking hacking sites. The purloined cache included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials.

The purported details include key members of Parliament such as education secretary Justine Greening and business secretary Greg Clark.

This might sound bad, but security watchers reckon the trade largely covers old or otherwise depreciated credentials, minimising the potential for harm.

Noted password security expert Troy Hunt, the security researcher behind the haveibeenpwned site, shrugged at the trade in purloined credentials. "Business as usual on the internet," he told The Register.

Pete Banham, cyber resilience expert at Mimecast, commented: "This latest password cache appears to be recycled from old breaches. It is however a prime example of how important it is for individuals, especially those in a position of political power right now, to take more responsibility for password strength and reuse between consumer and business services.

"Once credentials are compromised, cybercriminals can implement highly targeted spear-phishing and social engineering attacks, putting confidential data at risk of being stolen," he added.

Even though the data is old, meaning passwords have likely been changed and accounts closed, it hold clues in the data that could allow hackers to profile targets and launch phishing attacks designed to snaffle more up-to-date login credentials.

Mark James, security specialist at ESET, said that a "small amount of data could be the next piece of the jigsaw in your online profile".

"Once that profile is large enough to be useful, it may be offered for sale on the web. This data could then be used to access other accounts if you reuse passwords, or if it's access to email accounts then they now have an excellent base to start a targeted phishing attack that would seem to come from someone you know or already do business with," he concluded.

Rashmi Knowles, EMEA field CTO at RSA, commented: "This story shows just how important it is that people change all their passwords in the wake of a breach. People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for years; this means that when these credentials are harvested, as we can see in this instance, it can have serious repercussions."

(1st September 2017)


SADIQ KHAN TO SHUT 50 PER CENT OF POLICE STATION FRONT COUNTERS
(London Evening Standard, dated 22nd June 2017 author Pippa Crerar)

Full article [Option 1]:

www.standard.co.uk/news/london/sadiq-khan-to-shut-50-per-cent-of-police-station-front-counters-in-a3570731.html

Sadiq Khan is planning to close half of London's remaining 73 police station front counters, it emerged on Thursday.

The Mayor's officials are drawing up a blueprint to keep just one 24-hour police station open to the public in every borough.

Four additional front counters would be retained across central London - including a new one at Paddington Green - that would open during office hours.

The Met Police and Mayor's Office for Policing and Crime have been looking at police station closures for more than six months.

Leaked emails seen by the Standard show that sites have already been identified.

The Mayor's staff has even looked into conducting polling on how best to sell the idea of closing police stations to the public.

The Met has already made £600 million in government cuts since 2010 and faces finding another £400 million of savings by 2021.

When Boris Johnson cut police station front counters in 2013, Mr Khan criticised the move and suggested Londoners could be forced to report crime at police "contact points" in McDonald's restaurants.

Mr Khan's plans include an increase in the locations where neighbourhood officers can meet residents in informal settings such as cafés, supermarkets and libraries.

But they will remain controversial as many experts feel that victims of crime should be able to report them, and seek advice, privately and locally.

Met Police chief Cressida Dick appeared to confirm the move to the London Assembly yesterday, saying: "We will be reducing the number of police stations, yes".

Mr Khan confirmed the plans, which he blamed on central government cuts to the Metropolitan Police.

He said: "The reality is this - if the Government proceeds with its cuts we will have to close half the police stations in London, which could lead to each borough having only one 24-hour, seven-days-a-week, police station open to the public. The busiest boroughs may have another one."

The revelation comes weeks after Mr Khan warned that if the Conservatives won the general election the Met would have "no choice" but to close up to half of local police stations. He added: "Londoners' safety is on the ballot paper at this general election".

Tory leader on the London Assembly, Gareth Bacon said: "Sadiq Khan has attempted to profit politically from the public's security concerns in the wake of two major terrorist attacks. In reality, he and his team have been planning in secret to close half of London's police stations and front counters for over six months."

(1st September 2017)


GENERAL DATA PROTECTION REGULATION
(TechTarget, dated June 2017)
www.techtarget.com [Option 1]

(GDPR) is a directive that will update and unify data privacy laws across in the European Union. GDPR was approved by the EU Parliament on April 14, 2016 and goes into effect on May 25, 2018.

GDPR replaces the EU Data Protection Directive of 1995. The new directive focuses on keeping businesses more transparent and expanding the privacy rights of data subjects. Mandates in the General Data Protection Regulation apply to all data produced by EU citizens, whether or not the company collecting the data in question is located within the EU, as well as all people whose data is stored within the EU, whether or not they are actually EU citizens.

Under GDPR, companies may not store or use any person's personally identifiable information without express consent from that person. When a data breach has been detected, the company is required by the General Data Protection Regulation to notify all affected people and the supervising authority within 72 hours.

In addition, companies that conduct data processing or monitor data subjects on a large scale must appoint a data protection officer (DPO). The DPO is responsible for ensuring the company complies with GDRP. If a company does not comply with the GDPR when it becomes effective, legal consequences can include fines of up to 20 million euros or 4 percent of annual global turnover.

Under the General Data Protection Regulation, data subject rights include:

Right to be forgotten

- data subjects can request personally identifiable data to be erased from a company's storage.

Right of access

- data subjects can review the data that an organization has stored about them.

Right to object

- data subjects can refuse permission for a company to use or process the subject's personal data.

Right to rectification

- data subjects can expect inaccurate personal information to be corrected.

Right of portability


- data subjects can access the personal data that a company has about them and transfer it.

Some critics have expressed concern about the United Kingdom's upcoming withdrawal from the EU and wonder whether this will affect the country's compliance with the GDPR. However, because companies in the U.K. often do business with customers or other organizations in EU member states, it is expected that businesses in the U.K. will still need to comply with the General Data Protection Regulation.

uaware - further information on the EU GDPR

http://searchdatabackup.techtarget.com/tip/Being-GDPR-compliant-is-not-just-a-concern-for-the-EU?utm_medium=EM&asrc=EM_NLN_79003797&utm_campaign=20170622_Word%20of%20the%20Day:%20General%20Data%20Protection%20Regulation&utm_source=NLN&track=NL-1823&ad=915090&src=915090

(1st September 2017)


MORE PENSIONERS CAUGHT DRINK DRIVING BECAUSE THEY THINK THEY CAN DRIVE SAFELY
(The Telegraph, dated 20th June 2017 author Olivia Rudgard )

Full article [Option 1]:

www.telegraph.co.uk/news/2017/06/20/pensioners-caught-drink-driving-think-can-still-drive-safely/

More elderly people are getting caught for drink-driving because they believe they can still drive safely when drunk.

New figures suggest that pensioners are still getting behind the wheel after a drink - while teenagers are less likely to risk it.

The number of under-19s caught drunk at the wheel has plummeted over ten years while the number of over-65s has risen.

Data released by the Ministry of Justice following a Freedom of Information request shows that 1,436 under-19s were caught drink-driving in 2015, compared to 6,744 in 2005.

The overall number of people convicted of drink driving has fallen from 84,540 in 2005 to 45,970 in 2015.

But pensioners have bucked the trend, with the number of over-65s convicted of the offence rising from 1,295 in 2005 to 1,435 in 2015.

However, just three over-65s have been convicted of causing death by careless driving while drunk or under the influence of drugs in the past ten years.

Accidents involving drivers who had been drinking also fell over the same period, from 10,080 in 2005 to 5,740, according to separate figures from the Department for Transport, with the number of fatal accidents falling from 470 to 180.

Expensive alcohol means young people are less likely to be driving home drunk from bars and clubs, according to a spokesman for the AA.

He added that older drivers have a misguided view that they can still drive well after having had a drink.

He said: "For the younger drivers, the cost of alcohol in pubs and nightspots will have put downward pressure on drink-drive statistics in their age group.

"However, there is a need for targeted policing of places with late night drinking.

"Although the majority will heed the warnings, it is the minority who flout the law and still pose a high risk.

"They are called the hard core - a cross-over group that includes elderly drink drivers and others from all age groups.

"Hard core older drink drivers will have developed bad habits over years, probably got away with it in the past and believe they can still drive safely when half-cut."

Drink-driving can result in three months' imprisonment, a £2,500 fine or a driving ban.

He added that the figures suggested that "morning-after" enforcement designed to catch drinkers going to work still drunk was not working.

"What is surprising is that, with more of the enforcement done the morning after to catch the home boozers, the number of elderly drivers caught has gone up.

"With less likelihood of retirees needing to get up early to go to work, the chances of getting caught at that time of day must be lower," he said

(1st September 2017)


HACKER EXPOSED BANK LOOPHOLE TO BUY LUXURY CARS AND FACE TATTOO
(The Register, dated 20th June 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/06/20/face_tattoo_bank_hacker/

A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months.

Unemployed James Ejankowski, 24, of Bridlington, squandered his ill-gotten gains by splurging on a BMW and a Range Rover, and getting his face tattooed (as shown in a story in the Teeside Evening Gazette here). He lied to some members of his family, claiming he'd won the money on a scratchcard while attempting to hide his criminality by funnelling the money through his partner's account.

Prosecutor Shaun Dryden told Teesside Crown Court that Clydesdale and Yorkshire Banking Group had closed the loophole which had allowed Ejankowski to commit fraud last December.

Ejankowski had reportedly discovered that if he used software to transfer notional funds between his current account and his savings account between midnight and 1:00am in the morning, the transaction would go through even though he didn't have adequate funds and without prompt reconciliation.

Dryden told the court: "For one hour there was a credit balance in his account even though he did not have any money."

Ejankowski used the loophole to fraudulently rack up funds which he subsequently transferred to his partner Charlotte Slater's Natwest account. He also used the money to pay off debts and to send funds to other relatives. This money carousel was never going to last long though - as even Ejankowski realised - prompting him to turn himself in to police on Boxing Day.

Banking officials have recovered £34,000, leaving losses approaching £100K.

Ejankowski had already served a community punishment for an earlier ruse involving the fraudulent sale of items online back in May 2015. This meant Ejankowski was jailed for 16 months even after he pleaded guilty to fraud. His partner Charlotte Slater received a suspended sentence over her supporting role in the offending.

A staffer at the Teeside Crown court listing office confirmed that Ejankowski was sentenced to 16 months' imprisonment for fraud.

A spokesperson for Clydesdale Bank told The Register : "This was a one-off isolated incident. We take fraud very seriously and note the court's decision."

(1st September 2017)


WHY DO WE HAVE DATA PROTECTION LAWS ?

The following article provides a reason why we need data protection laws. Have a think, do you have a supermarket or pharmacy loyalty card. Do you know the reason why companies have these cards ? They don't just do it for your "loyalty", they do it so that they can create a data profile on you, your likes and dislikes, your age, your health, when is your insurance due, do you have a car etc. Information that (in theory) companies cannot collect by you swiping your credit or debit card.

The following article describes the data collection within the US, but these companies through subsiduries often operate in the UK.

-------------------------------------------------------------

HOW A COMPANY YOU HAVE NEVER HEARD OF SENDS YOU LETTERS ABOUT YOUR MEDICAL CONDITION

(Gizomodo, dated 19th June 2017 authors Kashmir Hill and Surya Mattu)

Full article [Option 1]:

http://gizmodo.com/how-a-company-you-ve-never-heard-of-sends-you-letters-a-1795643539

In the summer of 2015, Alexandra Franco got a letter in the mail from a company she had never heard of called AcurianHealth. The letter, addressed to Franco personally, invited her to participate in a study of people with psoriasis, a condition that causes dry, itchy patches on the skin.

Franco did not have psoriasis. But the year before, she remembered, she had searched for information about it online, when a friend was dealing with the condition. And a few months prior to getting the letter, she had also turned to the internet with a question about a skin fungus. It was the sort of browsing anyone might do, on the assumption it was private and anonymous.

Now there was a letter, with her name and home address on it, targeting her as a potential skin-disease patient. Acurian is in the business of recruiting people to take part in clinical trials for drug companies. How had it identified her? She had done nothing that would publicly associate her with having a skin condition.

When she Googled the company, she found lots of people who shared her bewilderment, complaining that they had been contacted by Acurian about their various medical conditions. Particularly troubling was a parent who said her young son had received a letter from Acurian accurately identifying his medical condition and soliciting him for a drug trial-the first piece of mail he'd had addressed to him besides birthday cards from family members.

Acurian has attributed its uncanny insights to powerful guesswork, based on sophisticated analysis of public information and "lifestyle data" purchased from data brokers. What may appear intrusive, by the company's account, is merely testimony to the power of patterns revealed by big data.

"We are now at a point where, based on your credit-card history, and whether you drive an American automobile and several other lifestyle factors, we can get a very, very close bead on whether or not you have the disease state we're looking at," Acurian's senior vice president of operations told the Wall Street Journal in 2013.

Yet there's some medical information that Acurian doesn't have to guess about: The company pays Walgreens, which uses a privacy exemption for research, to send recruitment letters to its pharmacy customers on Acurian's behalf, based on the medications they're using. Under this arrangement, Acurian notes that it doesn't access the medical information directly; the customers' identities remain private until they respond to the invitations.

And that is not the entire story. An investigation by the Special Projects Desk has found that Acurian may also be pursuing people's medical information more directly, using the services of a startup that advertises its ability to unmask anonymous website visitors. This could allow it harvest the identities of people seeking information about particular conditions online, before they've consented to anything.

If you're suddenly thinking back on all of the things you've browsed for online in your life and feeling horrified, you're not alone.

AcurianHealth has created dozens and dozens of generic sounding websites for the trials they're recruiting for: www.trialforCOPD.com, www.studiesforyourarthritis.com, and www.kidsdepressionstudy.com are a few examples of the many websites they own. The sites all feature stock images of people in distress, sometimes include AcurianHealth's logo, and include promises of up to $1,000 for participating, depending on the study.

Out of view, some of these sites include something else: code from a company called NaviStone-which bills itself as a specialist in matching "anonymous website visitors to postal names and addresses." So if a person is curious about one of those letters from Walgreens, or follows one of Acurian's online ads, and visits one of Acurian's generic disease-specific sites, their identity could be discovered and associated with the relevant condition.

This tracking function undermines what's supposedly a formal separation between Walgreens customer data and Acurian's recruitment. If Walgreens sends out a bunch of letters to customers taking certain medications, and those customers then visit the generic website controlled by Acurian provided in the letter, Acurian can infer its wave of new visitors are taking those medications-and, if NaviStone delivers on its promise to identify visitors, Acurian can see who they are.

Walgreens gives itself permission to use customers' health information for "research" purposes, which would include clinical trials, in its privacy policy. It's been working with Acurian since at least 2013, and in 2015, Walgreens announced it was "leveraging" its 100 million customer database to recruit patients directly for five major drug companies.

When asked about its partnership with Acurian, Walgreens spokesperson Scott Goldberg pointed me to a Walgreens FAQ page about clinical trials. It states that Walgreens doesn't share health information with third parties without permission, but that a third party may "receive your information if you contact the web-site and/or toll-free number in the letter to seek more information about the clinical trial."

The question is whether users will know that one of Acurian's websites has received their information-even if they haven't necessarily agreed to submit it. NaviStone, an Ohio-based business spun out from the marketing firm CohereOne last year, claims to be able to identify between 60 and 70 percent of anonymous visitors to the websites that use its services.

When we contacted the firm last month to ask how it does this, Allen Abbott, NaviStone's chief operating officer, said by phone that talking about how its technology works is "problematic."

"A lot of our competitors would love to know how we made it work," Abbott said. "We have an advantage that we would be silly to reveal."

We asked whether the company had thought about the privacy implications involved in identifying people visiting a website for sensitive reasons, and whether there were certain customers the company wouldn't work with.

"Our business is almost entirely e-commerce, helping retailers sell to their customers," he said. "There was one site that came into our radar that was adult-related material that we decided not to pursue."

We then described what Acurian does.

"We don't work with anyone like that," he said.

We explained that the call was because we'd found NaviStone's code on AcurianHealth sites.

"It's possible," he then said. "We have a lot of customers."

But Abbott insisted that NaviStone had found a "privacy compliant way" to identify anonymous website visitors-again saying he couldn't describe it because it was a proprietary technology.

When we analyzed the NaviStone code on Acurian's sites, we found one way that NaviStone's technology works: It collects information as soon as it is entered into the text boxes on forms, before the person actually agrees to submit it. When we typed a test email address in the "Join Us" page on Acurian's site, it was immediately captured and sent to the company's servers, even if we later chose to close the page without hitting the "Send" button on the form.

In fact, the information was collected before we got to the part of the form that said, "Your privacy is important to us. By selecting this box, you agree to our Privacy Policy and Terms of Use, and agree that we contact you by phone using automated technology or other means using the information you provided above regarding research studies."

"If I haven't hit send, what they seem to be doing almost seems like hacking," said Lori Andrews, a law professor at the Chicago-Kent School of Law. "It's similar to a keystroke tracker. That could be problematic for them."

Ryan Calo, a law professor at the University of Washington, said this clearly violates a user's expectation of what will happen based on the design of the site. "It's not that they lied to you with words, but they've created an impression and violated that impression," said Calo who suggested it could violate a federal law against unfair and deceptive practices, as well as laws against deceptive trade practices in California and Massachusetts. A complaint on those grounds, Calo said, "would not be laughed out of court."

When we followed up with NaviStone's Abbott by email, he insisted that the company doesn't send any data to Acurian.

"We don't send any email for Acurian, or pass along any email addresses to them or use their email addresses in any way or manner," said Abbott by email. "If we are indeed inadvertently collecting email addresses, we will fix immediately. It's not what we do."

But when the Special Projects Desk reviewed dozens of other companies' websites that were using NaviStone's code, they were also collecting email addresses. After a month of repeated inquiries to NaviStone and to many of the sites using its code, NaviStone last week stopped collecting information on the site of Acurian and most of its other clients before the "Submit" button was pressed.

"Rather than use email addresses to generate advertising communications, we actually use the presence of an email address as a suppression factor, since it indicates that email, and not direct mail, is their preferred method of receiving advertising messages," said Abbott by email. "While we believe our technology has been appropriately used, we have decided to change the system operation such that email addresses are not captured until the visitor hits the 'submit' button."

Asked about its partnerships with Walgreens and NaviStone, Acurian declined to be interviewed.

"As a general policy based on our confidentiality agreements with our business partners, I hope you will understand that Acurian does not discuss its proprietary business strategies," said Randy Buckwalter, a spokesperson for PPD, the corporate parent of Acurian, by email.

Buckwalter told us Acurian would provide a fuller response to what is reported here, but never provided it.

Kirk Nahra, a partner at the law firm Wiley Rein who specializes in health privacy law, said there's nothing really wrong with Walgreens sending out letters to customers on Acurian's behalf. "But that second situation, where I go to look at the website and at that point they have some way of tracking me down, their ability to track me down at that point is troubling," Nahra said.

Nahra said there was a potential legal issue if the company fails to disclose this in its privacy policy, and that it could lead to a class action lawsuit. Acurian's privacy policy only talks about getting information from "data partners" and collecting expected information from website visitors, such as IP addresses-which can be used to track someone from website to website, which is why it's a good idea to use technology that obscures your IP address, such as Tor or a VPN.

The ability to identify who is sick in America is lucrative. Acurian offers a collection of case studies to potential customers in which it discloses what it bills: $4.5 million for recruiting 591 people with diabetes; $11 million for 924 people with opioid-induced constipation; $1.4 million for 173 teens with ADHD; and $6 million for 428 kids with depression.

Acurian claims to have a database of 100 million people with medical conditions that could be of interest to drug companies, and it says that all of those people have "opted-in" to be contacted about trials. In addition to internet complaints suggesting otherwise, the Federal Trade Commission has received more than 1,000 complaints over the last 5 years from consumers who say the company has contacted them without consent; some complainants also wanted to know how the company had found out about their medical conditions.

Acurian has also faced a slew of class-action lawsuits in Florida, Texas, and California from plaintiffs who say the company had illegally robocalled them about clinical trials, placing multiple automated calls to their home without getting their permission first, a violation of federal law. Acurian denied wrongdoing in court filings, saying its calls are not commercial in nature and that the plaintiffs had opted in, but settled all the suits out of court.

Alexandra Franco certainly didn't opt in to be contacted for clinical trials. She doesn't have psoriasis or any prescriptions for a skin condition. When she looked back at her browsing history, it appeared that the only website she visited as part of her search was the mobile version of WebMD.com.

"While Acurian had purchased display advertising from WebMD in 2010, we have never hosted a program for them in which personal information was collected or shared," said WebMD in a statement. "Under our Privacy Policy we do not share personal information that we collect with third parties for their marketing activities without the specific consent of the user. In this case, it appears that the user did not even provide any personal information to WebMD."

"Doing a search on your mobile device means you are incredibly re-identifiable," said Pam Dixon of the World Privacy Forum, referring to the fact that a mobile device provides more unique identifiers than a computer typically does.

Franco doesn't understand exactly how Acurian got her information, but said that the letter was sent to her home addressed to "Alex Franco," a version of her name that she only uses when doing online shopping. When she sent an inquiry to Acurian, the company told her it got her name from Epsilon, a data broker, "based on general demographic search criteria."

"Epsilon specializes in compiling mailing lists based on generally available demographic information like age, gender, proximity to a local clinical site and expressed interests," said the company in an email. "We sincerely regret any distress you may have experienced in thinking your privacy may have been compromised, and we hope this letter has assured you that nothing of the kind has occurred."

Franco didn't feel particularly assured. Epsilon lets consumers make a request to find out what information the data broker has on them; in response to her request, Epsilon told Franco by letter that it has her home address and information about her likely income, age, education level, and length of residence, as well as whether she has kids-none of which would seem to indicate dermatological issues.

At the end of our investigation, we still don't know exactly how Franco was identified as possibly having a skin condition. Given the many players involved and the fact that we can't see into their corporate databases means we can only make reasonable assumptions based on the outcome.

It's the online privacy nightmare come true: a company you've never heard of scraping up your data trails and online bread crumbs in order to mine some of the most sensitive information about you. Acurian may try to justify the intrusion by saying it's in the public interest to develop new drugs to treat illnesses. But tell that to the person shocked to get a letter in the mail about their irritable bowels.

Yes, we found that person. Bret McCabe complained about it on Facebook. He got the letter in 2012 after regularly buying both anti-diarrhea medicine and laxatives at Walgreens and Rite-Aid for a family member dealing with chronic pain issues.

"The creep factor of the specificity is what I found particularly grating," said McCabe by phone. "It's one thing to get spam about erectile dysfunction or refinancing your car loan but in this case, it seemed like they specifically knew something about me. It was meant for me and me only."

The privacy scholar Paul Ohm has warned that one of the great risks of our data-mined society is a massive "database of ruin" that would contain at least one closely-guarded secret for us all, "a secret about a medical condition, family history, or personal preference... that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm."

Acurian has assembled one of those databases. As with all big databases, the information doesn't even have to be accurate. So long as it gets enough of its letters to the right people, the recruitment company doesn't need to care if its collection efforts misidentify Franco as a psoriasis patient or otherwise incorrectly link people, by name, to medical conditions they don't have.

This is the hidden underside of the browsing experience. When you're surfing the web, sitting alone at your computer or with your smartphone clutched in your hand, it feels private and ephemeral. You feel freed to look for the things that you're too embarrassed or ashamed to ask another person. But increasingly, there is digital machinery at work turning your fleeting search whims into hard data trails.

The mining of secrets for profit is done invisibly, shrouded in the mystery of "confidential partnerships," "big data," and "proprietary technology." People in databases don't know that dossiers are being compiled on them, let alone have the chance to correct any mistakes in them.

(1st September 2017)


MET CHARGES 2709 PEOPLE WITH CARRYING KNIFE IN JUST ONE YEAR
(London Evening Standard, dated 19th June 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/met-charges-2709-people-with-carrying-a-knife-in-just-one-year-a3567986.html

Police have charged more than 2,700 people with possessing knives in the capital in the past year, Scotland Yard said today.

The figure was revealed as the Met launched a new crackdown on criminals and gangs carrying knives in London.

Officers will conduct weapon sweeps and operations to confiscate knives and target hundreds of known knife carriers.

The Met said that since May last year, a total of 2,709 individuals had been charged with possessing knives - about 85 per cent of the number arrested for the offence.

A total of 474 people were given cautions for possession. Police did not give further details of why they were not charged.

Police also released an image of a so-called zombie knife, a type of weapon which is now banned from sale, which was seized in Lambeth.

Last month, police launched a 100-strong taskforce to combat a 24 per cent increase in knife crime in London over the 12 months to April. Specialist squads were deployed to outbreaks of violence.

This week, in the latest phase of the Operation Sceptre initiative, the taskforce, a mix of detectives and uniform officers, will be out in force in areas with high rates of weapon attacks.

Acting Detective Chief Superintendent Sean Yates, the deputy head of Operation Sceptre, said: "We need to change attitudes to carrying knives and are encouraging key people in positions of influence to drive this messaging forward.

"The introduction of the taskforce, working closely with boroughs, allows us to create a more co-ordinated and consistent approach to reducing knife crime by carrying out intense weapon sweeps, intelligence-led stop and search and tackling those offenders who are wanted in connection with knife-related offences and violent crime.

"This type of activity is essential and has a real impact; however it will only ever be part of the solution."

He added: "We are starting to see a mobilisation from the community against knife crime and we need this to continue."

Earlier phases of the operation led to the seizure of 29 knives, one electric shock baton, knuckle-dusters, ammonia spray and one firearm.

City of London and British Transport Police will also be taking part in Operation Sceptre for the first time this week.

(1st September 2017)


UNNATURAL DEATHS OF WOMEN ARE MUCH MORE LIKELY TO BE IGNORED
(International Business Times, dated 15th June 2017 author Maxwell McLean)

Full article [Option 1]:

www.ibtimes.co.uk/unnatural-deaths-women-are-much-more-likely-be-ignored-1626395

Half a million people die every year in England and Wales. According to the Office for National Statistics (ONS), 257,207 males and 272,448 females died in 2015. The biggest killers are cancer, heart disease and lung disease. However, each year, a small but significant number of people die an unnatural death. The Ministry of Justice (MOJ) coroners statistics reveal that in 2016, 24,542 people (16,694 males and 7,848 females) died an unnatural death, generally through accidents, suicide or failure in a medical or surgical intervention.

Unnatural death is the domain of the coroner. Under the Coroners Act 2009, the coroner has a duty to investigate any unnatural death, or death where the cause is unknown. However, there are way more inquiries into deaths of males than females.

When I analysed ten years' worth of data from the ONS and MOJ, I discovered that deaths of women were less likely to be reported to the coroner for investigation than deaths of men (38% of all deaths versus 49%). The data also revealed that, having been reported to the coroner, deaths of females were less likely to proceed to an inquest than deaths of males (8% versus 16%). And female deaths had a third of the chance of a male death of being confirmed as an unnatural death (2% versus 6% of all deaths) (see figure below).

There is no statutory duty to report a death to the coroner. Each year, doctors issue medical certificates detailing the cause of death for just over half of all deaths, without any coroner involvement. The legal duty to investigate deaths which are violent, unnatural or of unknown cause lies with the coroner.

The coroner's judicial independence - they are appointed by local authorities - has resulted in inconsistency and varied local practice in reporting regimes and decision-making. Nevertheless, they perform a crucial role in recognising unnatural deaths, providing answers for the bereaved and preventing similar deaths in future.

Yet there are stark differences in whether the deceased is male or female. In every coroner area, over the ten-year period, more deaths of males were reported to the coroner than deaths of females as a proportion of their registered deaths, and all areas took proportionally more deaths of males to inquest than females.

So why are women dropping out of the death investigation process? Is it because women live longer than men and are therefore more likely to die of natural causes? Age may be a factor, but it becomes more unlikely as an explanation as you move along the coroner process from reporting to inquest to outcome.

You can imagine that if a doctor has recently attended to an elderly patient, he or she may be more confident that the patient died of natural causes, so reporting the death to a coroner would seem unnecessary. But it's more difficult to see why age would affect the decision to go on to inquest, where, after initial enquiries, there may still be something peculiar in the death. To turn it around, more women who are reported to the coroner will be denied an inquest because the coroner will be satisfied that the death was natural.

Male dominated profession

The problem may be this - the coroner service is a relic of a bygone age. It has been an entirely male profession for the best part of its 800-year history, and shaped more recently by industrialisation and the growing possibility of unnatural death, predominantly in men.

Of the current 92 coroner areas in England and Wales, just 28 senior coroners are women (several having been appointed in recent times). Indeed, it took precisely 757 years for the first female coroner, Lilian Hollowell of Norfolk, to be appointed in England in 1951 (the office of coroner having been created in 1194). The first woman coroner in Wales, Mary Hassall, was appointed as recently as 2005. So, until the middle of the 20th century, only men determined what an unnatural death was.

Not only has the coroners office, for most of its history, been male dominated, it has also been male focused. Almost all (95%) unnatural deaths are categorised in one of six ways, known now as "conclusions" (previously "verdicts"). They are accidental death/misadventure; narrative verdict (where a "narrative" explaining the death is preferred to a shorter categorisation); suicide; industrial disease; drugs/alcohol related; and open verdicts. Yet even today, seven out of ten unnatural deaths of women are accounted for by just two inquest conclusions: accidental death and a narrative verdict, a severely limited categorisation that does nothing to help us understand how women die in unnatural circumstances. Deaths of men are much more evenly spread across the other categories and of course they dominate the numbers in all those other categories.

Deaths of men and women are treated differently across the coroner investigation process. Fewer women cross the thresholds of being reported to the coroner, having an inquest or confirming an unnatural death. When they do cross those thresholds, the existing list of verdicts does not serve women well. As it stands, coroners are vulnerable to the accusation that men's deaths are given a higher status than women's.

Note : Maxwell McLean, University of Huddersfield

(1st September 2017)


A&Es TREAT YOUNG KNIFE VICTIMS UP TO 5 TIMES BEFORE THEY DIE IN ATTACK
(London Evening Standard, dated 13th June 2017 author Justin Davenport)
www.standard.co.uk [Option 1]

Victims of serious or fatal knife attacks have usually attended local A&E units up to "four or five times" before with less serious injuries, a charity leader warned today.

John Poyton, chief executive of Redthread, called for earlier intervention by agencies to catch young people before they become involved in serious violence.

His charity deals with about 200 young people a month who are treated at London's four major trauma centres for serious assault injuries, mostly from gun or knife violence.

Its youth workers meet victims, mostly aged 16 or 17, as they are brought in by ambulance or helicopter and, if the patient survives, try to help them turn their lives around.

Mr Poyton said: "By the time a kid comes in as a major trauma patient having been stabbed they will have attended four or five times at their local A&E with a number of previous injuries and, anecdotally, those injuries will be rising in severity."

He said he feared that early stages of violence were being missed or ignored when young people walk into hospitals with more minor injuries. "We should be asking have they had a beating or have they got involved as a perpetrator of violence," he said. "We see lots of broken knuckles, for instance, there is an anecdotal spiral of violence."

The charity hopes to expand to more A&Es in London in an effort to intervene earlier.

Police have seen a 24 per cent rise in knife crime in the capital in the past 12 months, and nine youngsters have died in stabbings this year.

Redthread youth workers operate in shifts at the four trauma centres: St Mary's in Paddington, St George's in Tooting, King's College in Denmark Hill, and with the St Giles Trust at the Royal London in Whitechapel.

Mr Poyton said the youth workers engage with victims and can also help the doctors and nurses who are treating them: "This cohort of patient, adolescent men, are often quite a difficult group to treat because they are scared, worried, and that can come across as angry, possibly abusive."

But he said the youngsters are often in a "teachable moment" when they are seriously injured in a hospital.

"We find young people who are known to services such as the Westminster Gangs Unit and have been offered support for years but have refused to engage. But when they are aware of their own vulnerability they are more open to how they can change their lives."

The charity has seen a rise in youngsters with knife injuries, many arriving at hospital in school uniform.

Mr Poyton welcomed police statistics showing that 75 per cent of young people carrying knives were not involved in gangs. "These are children who are doing normal things but getting caught up in violence," he said.

(1st September 2017)


TOP TORIES URGE MAY TO DROP MANIFESTO PLAN TO AXE SERIOUS FRAUD OFFICE
(London Evening Standard, dated 13th June 2017 author Martin Bentham)
www.standard.co.uk [Option 1]

Theresa May was today urged to abandon her plans to abolish the Serious Fraud Office as senior Tories warned it was a "bad idea" that would fail to get through parliament.

The Prime Minster had promised in the Conservative manifesto to scrap the SFO as a standalone crime fighting body and hand its functions instead to the National Crime Agency.

The proposal - prompted by Mrs May's concern about some high profile prosecution failures - had already attracted criticism from leading lawyers who said that it would harm the country's fight against fraud and corruption.

The Prime Minister had been expected to ignore those concerns. But senior Tories to­day said that her failure to secure a majority meant her plan to abolish the SFO was unlikely to command enough Parliamentary support.

Bob Neill, the Conservative MP for Bromley and Chislehurst who chaired the Commons Justice Select Committee during the last Parliament, said that Mrs May's proposal was doomed.

"It was a bad idea in the first place and now is a good time to reconsider," he said. "Breaking up the SFO is not something I could support and I know that a num­ber of other col­leagues have serious misgivings. I don't think she could get it through the Commons and certainly not the Lords. So don't trip up when you don't have to."

Mr Neill added: "It is very important for our international reputation not just to have effective crimefighting but also to have proper separation between independent prosecutors and the decision making authorities. This proposal risked muddying the waters.

"I would have thought there are much higher priorities. The SFO under David Green has been performing much better and if it ain't broke, don't fix it."

Dominic Grieve, the MP for Beaconsfield and a former Attorney General, said he also opposed Mrs May's plans: "Nobody has persuaded me that it's a good idea and I don't understand the reasons behind it. It was put in the manifesto without any consultation.

"The SFO has been put on a much better footing. The work of the SFO is very discrete and deals with City financial crime London and the UK as a financial centre - and I don't see that matches well with the NCA.

"My second concern is that we now have a clear distinction between prosecutors in the SFO and the police-led NCA and I would be concerned that we would lose that. It might not be an insurmountable problem but I don't think it would be a comfortable fit."

The Serious Fraud Office was set up 30 years ago and tackles the most serious cases of serious or complex fraud, bribery and corruption. It has around 400 staff and about 60 cases under way at any one time.

It had been heavily criticised over a series of failed investigations and a tendency to strike behind the scenes deals with firms instead of taking court action.

Its latest director, David Green, has adopted a more ro­bust approach and secured several major successes. These have in­cluded the conviction of Libor trader Tom Hayes and "deferred prosecution agreements" with Rolls-Royce and Tesco.

Rolls-Royce paid £497 million plus costs for corruption and failure to pre­vent bribery in In­dia, China and other markets. Tesco agreed to pay a £129 million fine and a further £106 million in compensation and costs for overstating its profits in 2014.

Mrs May had originally sought to secure the merger of the SFO into the National Crime Agency when she was Home Secretary. The proposal was blocked then but revived in her illfated Tory manifesto last month.

(1st September 2017)


THIS SICK NEW WAY SCAMMERS ARE TRYING TO HACK YOUR COMPUTER
(International Business Times, dated 13th June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/this-sick-new-way-scammers-are-trying-hack-your-computer-1626128

Security researchers have uncovered a sick new form of computer-locking ransomware that lures in victims by posing as an appeal to help starving toddlers. With a note titled 'Save Children', the malware will encrypt personal files and demand cryptocurrency for their return.

The variant first came to light this week (12 June) after the ransom demand was uploaded to ID-Ransomware, an online platform which helps identify known malware strains. Threat researcher Lawrence Abrams has warned on a support page it is "not decryptable at this time."

The ransom note displays a well-known image of Anja Ringgren Lovén, founder of an African aid foundation, providing a drink to an emaciated young child who had been abandoned by his family in Nigeria.

"Congradulations! (sic) Now you are a member of GPAA (Global Poverty Aid Agency)," it reads.

"We need bitcoins, our crowdfunding goal is to get 1000 BTCs. 1 BTC for 1 CHILD! Your important files are encrypted. It means you will not be able to access them anymore until they are decrypted."

Of course, the GPAA is not a real organisation. Nevertheless, the culprit is attempting to force victims into paying 1.83 Bitcoin (£3,900, $4,970) to regain control over their files. "When the goal is achieved, you will get the decrypt program. Use your phone to pay it," the note reads.

Researchers found the ransomware targets dozens of file types, including 7z, mp3, mp4, jpg, zip and rar. After encryption takes place, file names are scrambled and changed to have a .cerber6 extension, a reference to the particularly nasty form of ransomware with the same name.

"It's bad enough that these developers are hurting people and their business by encrypting their files, but to spout complete BS while taking advantage of the horrible misfortunes of others to earn money is just disgusting," Abrams wrote in a post on Bleeping Computer this week.

"Please restore from backups or try restoring from shadow volume copies if at all possible so you do not have to pay these people," he added.

Ransomware has become a major problem for businesses and web users, with one strain called "WannaCry" recently causing a global outbreak by infecting machines across 150 countries.

It can impact both Microsoft Windows and Apple Mac systems. Experts admit ransomware is often difficult to combat as it spreads in a variety of ways, mainly via attachments in phishing emails.

Researchers advise keeping all systems up-to-date and creating regular back-ups.

(1st September 2017)


RSPCA PLUNGED INTO FRESH TURMOIL AFTER CHARITY WATCHDOG THREATENS ACTION
(The Telegraph, dated 13th June 2017 author Robert Mendick)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/06/13/rspca-plunged-fresh-turmoil-charity-watchdog-threatens-action/

The RSPCA is being so badly governed it is damaging public confidence, the official watchdog said yesterday in an unprecedented attack on one of Britain's best known charities.

The animal welfare charity now faces "further regulatory action" which could include the imposition of new management unless it makes urgent changes to the way it is run.

The intervention of the Charity Commission follows the sudden departure of Jeremy Cooper, its chief executive, after a little over a year.

Mr Cooper is understood to have clashed with members of its 25-strong governing council after apologising for the adversarial style of the previous management and saying future fox hunting prosecutions would be "very unlikely" in the future.

Mr Cooper, a pragmatist and moderniser, was appointed to the £150,000 a year post last April, promising reforms after a barrage of criticism.

A 20-page internal report into the RSPCA has made a series of recommendations with sources saying it has highlighted serious failings in the governance of the £140m-a-year charity.

In a statement the Charity Commission said last night: "The governance of the RSPCA remains below that which we expect in a modern charity and we are concerned about the impact on public confidence.

"This has been brought into focus by the departure of the CEO and the clear recommendations of the charity's independent governance review, which the Commission requested the charity carry out."

It added: "We will consider what further regulatory action may be required should improvements not be made with the necessary urgency."

Among extreme measures, the Charity Commission could appoint an interim manager to run the charity if changes are not made.

Mr Cooper quit the charity suddenly on Friday without working out his notice period, according to sources. One source claimed he had been asked to leave 'immediately' - just a fortnight before the RSPCA's annual general meeting on June 24.

Bill Oddie, the RSPCA's vice president and former BBC wildlife presenter, admitted Mr Cooper's departure did not look good for the charity and described the ruling council as "unwieldy".

Mr Cooper apology for the charity's abrasive style came after the RSPCA had attracted widespread criticism for the £330,000 prosecution of the Heythrop Hunt and for being too aggressive towards some pet owners, whose animals had been seized and euthanised.

But Mr Cooper's comments are understood to have angered more militant members of the RSPCA's governing council as well as its active membership.

Penny Little, a prominent RSPCA member who began a petition to have Mr Cooper removed from his post a year ago, said she now hoped the RSPCA would take up more fox hunting prosecutions - although she accepted the law made it difficult to secure convictions.

Ms Little, who gathered evidence against the Heythrop Hunt, said: "When you have a chief executive come in and make comments he did at the time you could be forgiven for thinking he had been allowed to be intimidated."

The RSPCA's council is made up of 25 volunteer trustees, of whom 15 are elected by its membership. They include a number of 'radicals' including Peta Watson-Smith, who has likened farming to the Holocaust, and Dr Richard Ryder, a former RSPCA council chairman, who coined the term 'speciesism', to describe discrimination against 'non-human animals'.

Another long standing trustee Joe Piccione, who first became a member of the RSPCA's governing council in 2003, replied "no comment" when asked if he was saddened by Mr Cooper's departure.

Mr Oddie said: "It's not a good thing changing chief executives. I have sympathy with the RSPCA because they have to tread so carefully. There are a lot of members and council members who are very sensitive about its image. I would think he [Jeremy] didn't play well with the council members. I have never associated the RSPCA with anything embarrassing so I don't know why he was saying sorry.

"It is not good they are going through chief executives so quickly."

One source claimed there were "irreconcilable differences" between Mr Cooper and the governing council. "The council is utterly dysfunctional," said the source.

Third Sector, a website covering the charity industry, claimed Mr Cooper had been asked to leave 'immediately' last week although the RSPCA insisted he had chosen to move on.

Mr Cooper's LinkedIn page shows he has set up a consultancy. Mr Cooper said: "I've always wanted to do something in consultancy and this was a great opportunity. Sometimes it's just time to move on and try something new."

Michael Ward, the RSPCA's interim Chief Executive, said: "I would like to reassure members that at the society it is very much business as usual. Some media reports have been incorrect: Jeremy leaves us on a sound financial footing and finances have improved in recent years due his work and that of our trustees.

"We will continue to implement our ambitious five year strategy, which sets out how we will seek to improve animal welfare and prevent animal cruelty by continuing to modernise our organisation.

"Having been at the society for seven years, serving as its head of finance and later of director of resources, I am very proud of the great work our staff across England and Wales do to help animals and people. Continuing that work successfully with the support of the public remains our prime focus."

"Regarding the review of the Society's governance, the trustees are working closely with the Charity Commission and the findings will be published shortly."

(1st September 2017)


LOOKING AT TERROR ATTACKS "PER CAPITA" SHOULD MAKE US RETHINK OUR BELIEFS ABOUT LEVELS OF RISK
(Business Insider, dated 11th June 2017 author Michael Jetter and David Stadelmann)

Full article [Option 1]:

http://uk.businessinsider.com/terror-attacks-per-capita-is-a-more-accurate-way-to-perceive-risk-2017-6?r=US&IR=T

Recent events in London, Manchester and elsewhere highlight that Western societies are vulnerable to terrorist attacks - and political decision-makers need to find solutions.

Two key questions to consider are:

1. How likely are you to fall victim to terrorism?

2. What increases or decreases that likelihood?

Our natural way of thinking about the first question should be similar to considering crime (murder or robbery, for instance), mortality (infant mortality at birth, or cancer), car accidents, or other threats. And the salient point is not so much the total number of murders in a large country, but rather the total number in relation to the size of the population.

Put simply, we should consider the number of affected people on a per-capita basis - that is, murder rates, or mortality rates.

For example, from a policy perspective, it makes sense that ten murders in a populous country like China (which has 1,371,000,000 citizens) would be much less significant than ten murders in a tiny country like Liechtenstein, with its 37,000 citizens.

Terror per capita vs total terror

However, when it comes to terrorism, almost all the knowledge that drives policy decisions comes from studies analyzing the total number of terror casualties in a given country and year.

India is a good example. It ranks fourth on the list of terror-prone countries since 1970, with 408 deaths from terrorism in an average year.

But the average Indian need not be particularly worried about terrorism. The country is home to 1.27 billion people, and terrorism kills only one in 2,500,000 people - or 0.0000004% of the population - per year, once we translate total terror deaths to terror deaths per capita. The likelihood of dying from crime or in a road accident is far higher.

India ranks only 82nd in the world when we compare terrorism victims per capita.

So, although India has a relatively high number of terrorist attacks, an individual's likelihood of dying in such an attack is minimal - because India has such a large population.

Once we switch from focusing on total terror deaths (or attacks) per country to terror deaths per capita, relevant conclusions about what drives terrorism change dramatically. And thus potential policy reactions also change when focusing on terror deaths per capita.

Democracy, Muslims and terrorism

A somewhat baffling conclusion from a long list of research articles states that terrorism is more likely to emerge in democracies, rather than non-democracies. This idea is difficult to reconcile with our intuition of democracy giving people political (and usually religious) freedom - so why should we see terrorism in such free countries?

It turns out that once we analyze terror per capita, democratic nations are less likely to witness terrorism. Again, take India, a large democracy that, at first glance, suffers a lot from terrorism. But, in per-capita terms, terrorism becomes less important.

Another popular belief states that countries with a sizeable Muslim population - such as Pakistan, Indonesia, Bangladesh or Nigeria - are experiencing more terrorism than non-Muslim countries. This is true when looking at the total numbers of deaths.

But that result is also overturned once we consider terror per capita. A larger share of Muslims in a given country relates to marginally less terrorism. Pakistan (202 million people), Indonesia (258 million), Bangladesh (156 million) and Nigeria (186 million) all feature exceptionally large populations.

This result is informative for the current policy debate. More caution is needed before classifying certain countries as more prone to terrorism based on their religion.

Another - admittedly simplistic - way of considering the link between Islam and terrorism comes from comparing the share of terror attacks conducted by Muslim groups with the share of the world population identifying as Muslim. If Muslims were more likely to be terrorists, we should expect the latter figure to be lower.

Approximately 23% of the world population identifies as Muslim. But, since September 11, Islamist groups have conducted about 20% of terrorist attacks worldwide. Thus, terrorist attacks are - historically and today - less likely to be conducted by a Muslim than by a non-Muslim group.

Where to go from here?


Our results suggest it may be time to rethink the way we approach terrorism.

On an average day, terrorists kill 21 people worldwide. On that same average day, natural or technological disasters kill 2,200 people - or more than 100 times as many.

The likelihood of dying at the hands of a terrorist is comparable to the odds of drowning in one's own bathtub.

This does not mean we should be afraid of bathtubs, nor does it mean terrorism is not among the problems that need to be solved with a high priority.

Rather, in the fight against terrorism, seemingly easy conclusions may be drawn too quickly - and we should not forget other matters that affect people's lives far more than terrorism does.

uaware comment

Well now you have seen the "math" do you feel any better about the potential risk in going about your daily life ?

The article is just that, it shows the "math", the chance, the risk. A terror attack affects people, there is no such thing as acceptable collateral damage regardless of age, nationality, gender or religion.

Keep safe and respect everyone who crosses your path.

(1st September 2017)


HOW A CRIPPLING SHORTAGE OF ANALYSTS LET THE LONDON BRIDGE ATTACKERS THROUGH
(The Guardin, dated 11th June 2017 author Mark Townsend)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jun/10/london-bridge-attackers-intelligence-overload

Last Tuesday, in the wake of the latest terror atrocity to strike Britain, the former head of MI5 Dame Stella Rimington recalled just how primitive intelligence gathering used to be. Addressing a conference of security officials in west London - four miles from London Bridge where the terror attack had taken place three days earlier - Rimington recounted an anecdote about how her spy training in the 1970s involved infiltrating a local pub to eavesdrop on targets.

Over the four decades since then, intelligence gathering within Britain's security services has evolved beyond comparison. Eking out a lead is no longer an issue - instead extraordinary volumes of information are relentlessly harvested electronically. The worry, according to experts, is whether they are acquiring too much.

The information-collecting machine grew even larger when the Investigatory Powers Act passed with little fanfare last November, handing UK intelligence agencies a comprehensive range of tools for snooping and hacking unparalleled in any other country in western Europe, and even the US.

What is already clear following last Saturday's attack, during which three attackers killed eight people and injured almost 50 in an eight-minute rampage, is that Britain's security services had collated a surfeit of reliable, well-sourced material on the perpetrators. Of the London Bridge attackers, Khuram Butt, 27, had been reported to the anti-terror hotline in 2015 and investigated by MI5 for his highly public ties to the banned al-Muhajiroun network.

Another, Youssef Zaghba, 22, was interrogated by Italian police, who told UK intelligence he was at risk of radicalisation. He was also added to the Schengen Information System, an EU-wide database that gives UK police details of 8,000 jihadis in Europe.

The pattern was repeated in the two attacks that preceded the latest atrocity. The suicide bomber Salman Abedi, 22, who carried out the Manchester attack was known to MI5 and categorised under its prioritisation matrix as P4 - priority 4 - which denotes suspects who might be at risk of re-engagement but are deemed not to be planning an attack and therefore downgraded as a security risk.

Khalid Masood, 52, who carried out March's Westminster Bridge attack using an almost identical modus operandi to the London Bridge attack, was also classified in the P4 tier at the time, essentially regarded as an Islamist but not a threat.

So why did they all slip through the net? Some security experts warn of an analytical deficit in the heart of the government's intelligence infrastructure, claiming a lack of human resources to decode and contextualise the myriad snippets of information, terabytes of chatter, tipoffs, sightings and wiretaps that cumulatively help to form the modern intelligence picture.

Although the immediate political fallout of the London attack focused on Theresa May's cuts to policing, reductions in the number of staff who analyse intelligence is perhaps the area most deserving of scrutiny. Professor Philip Davies, director of the Brunel Centre for Intelligence and Security Studies, believes the UK's security apparatus is suffering from what those in signals intelligence call information overload.

Davies said: "The good news is we've got lots of information, but the bad news is that we have got lots of information. We've always known GCHQ [Britain's electronic surveillance agency] struggled with information overload but I think we're going to have to be realistic that MI5 and SIS [MI6] are being confronted with information overload in terms of scale and complexity.

"We have been cutting national analytical capability for 20 years. The collection of information has increased but if you cut back on analysis you get overload. If you have tens of thousands of reports, thousands of subjects of interest, you're going to need a lot of Mark 1 human brains making sense of this who can get inside the mind of an adversary who has a different worldview. It's about getting inside the enemies' doctrinal loop. What are they thinking? How are they planning?"

Although a detailed breakdown is difficult to ascertain, less than a quarter of MI5's 4,000 staff are believed to be involved in analysis, and a far smaller number are sited among the 2,500 staff of MI6 - as few as 100, according to Davies. Although it is true that most of the 8,000 employees in GCHQ can be categorised as analysts, they have to evaluate a vast daily data stream that runs to countless terabytes. A single terabyte is the equivalent of 1,024 gigabytes, with a gigabyte the equivalent of 1.5 million WhatsApp messages

According to Davies, the number of analysts within defence intelligence, which has a counter-terrorism component, has been cut from 600 to 400 since the end of the cold war even as the terror threat has increased following UK military involvement in Afghanistan, Libya and Iraq. The number of analysts inside the Cabinet Office's Joint Intelligence Organisation, which "leads on intelligence assessment and development of the UK intelligence community's analytical capability", currently stands at only 35.

Salvatore Sinno, global chief security architect at Unisys, which has worked on counter-terrorism with UK, European and US government institutions for more than 30 years, said that even with the combined might of algorithms, artificial intelligence technology and advanced data analytics to assist, calling the shots on potential terror suspects remained a daunting challenge. "The intelligence service deals with hundreds of phone submissions a week alone, and if you combine this with search engine and social listening analysis - a monumental data set begins to form."

John Chirhart, federal technical director of the US security firm Tenable, warned that the human touch should never be underestimated when assessing intelligence. "Humans are still a vital part of the process because they provide something computers can't - context."

Paul Calatayud, chief technology officer of the US security intelligence company Firemon, said that despite the constantly evolving technological landscape that means more communications can be gathered and examined quickly, making sense of the material itself remains a primary obstacle to security.

"The biggest challenge facing intelligence agencies is the vast amount of information they have to process. Data is siloed and collected at various stages; it has to be moved before it can be processed. Limited talent and resources also play a role. Collecting is the primary challenge, but when this information is collected, the real work begins."

In other words, the process of prioritisation. Another shared fact from this year's three UK attacks is that at some stage an active decision was taken to downgrade the perpetrators to the lowest of the four tiers that rank MI5's current list of 3,000 subjects of interest. At the apex of the pyramid of cases known to the intelligence agencies is the category P1 - priority 1 - which is reserved for individuals linked to information indicating "attack planning". These cases - rarely more than two dozen at a time - require mammoth resources, typically 24/7 covert surveillance. New leads are picked up, the behaviour of a suspect changes. Individuals are moved up and down the chart depending on the intelligence received, a perpetual process of review that is officially discussed each Monday at Thames House, the headquarters of MI5.

In the wake of the London Bridge and Borough Market rampage, MI5 has announced it will review its handling of events to ascertain whether lessons can be learned. The attack in Manchester had, according to sources, already prompted intelligence agencies to examine procedures for prioritising suspects.

Sources say that the internal inquiry will forensically look at what was known during the build-up to the London attack, whether the prioritisation structure is sufficiently flexible and what clues can be gleaned from the behaviour of the three attackers before the outrage.

Raffaello Pantucci, director of international security studies at the Royal United Services Institute, believes the intelligence agencies should re-examine their prioritisation mechanisms in relation to the ever-expanding pool of suspected assailants. Beyond the 3,000 currently on the list, a pool of around 20,000 individuals are categorised as former subjects of interest whose risk remains subject to review by MI5 and its supporting agencies.

Pantucci raised the possibility of an external panel being created to evaluate prioritisation decisions taken by the intelligence agencies on a case-by-case basis. "I wonder if a unit needs to be developed that focuses on those changes, with a range of people looking at the decisions - someone from the policing side, someone from welfare, that evaluates the judgment made."

The data is there. But, on at least three fateful occasions, the expert analysis has gone missing.

(1st September 2017)


ELECTION RESULTS 2017 : THE MOST DIVERSE PARLIAMENT YET
(BBC News, dated 11th June 2017 author Cherry Wilson)

Full article : www.bbc.co.uk/news/election-2017-40232272

Asked to describe an average MP, many will imagine a privately-educated, straight, white man. But the make-up of the Commons is changing, with record-breaking strides being made in the 2017 general election.

The vote delivered the most diverse House of Commons ever with a rise in the number of women, LGBT and ethnic minority MPs elected.

There has also been an increase in MPs who went to state school as well as a boost for disabled representation.

How it breaks down :

LGBT MP's BY PARTY

45 out of 650 MP's
19 Conservative
19 Labour
7 SNP

There are 45 MPs who openly define themselves as lesbian, gay, bisexual or transgender (LGBT), according to senior government equality advisor John Peart.

That is a 40% increase from the 2015 election - when there were 32 - and includes 19 from Labour, 19 from the Tories and 7 from the SNP.

Prominent LGBT MPs include Scottish Secretary David Mundell, Education Secretary Justine Greening, and shadow defence secretary Nia Griffith.

Ms Griffith publicly revealed her sexuality when she posed for a photo of 28 LGBT MPs and peers for the Independent on Sunday in 2016.

Writing in Pink News, she said: "Visibility matters, and it makes it easier for young people in particular to know that they can go just as far whether they are gay or straight."

Stonewall, an LGBT rights charity, says the rise in the number of LGBT candidates "demonstrates how much progress Britain has made".

Bex Stinson, head of trans inclusion at the charity, added: "Having LGBT people visible in public life also helps foster an inclusive society, and provides strong role models for those who don't yet feel able to be themselves and for young LGBT people."

However, she said more needs to be done to increase transgender representation after none of the nine transgender candidates who stood were elected.

ETHNIC MINORITY MP's


2015 Election : 41 of 650
2017 Election : 52 of 650

The general election of 1987 saw the first ever black MPs voted into the House of Commons.

Fast forward 30 years and the 2017 result has seen 52 ethnic minority MPs elected, says think tank British Future.

Of those, 32 are Labour, 19 Conservatives and one Lib Dem.

It is an increase from 41 in 2015 and the highest number ever.

They include Preet Gill, the first female Sikh MP, shadow home secretary Diane Abbott, who became the first ever black female MP in 1987, and Manchester's first Muslim MP Afzal Khan.

Operation Black Vote said many more ethnic minority candidates won in non-urban areas which showed the UK was "comfortable with its multicultural society."

Director Simon Woolley said: "More talented BME faces will help transform Parliament and inspire many more to believe that we all have a voice and a place in our society."

Steve Ballinger, director of communications for British Future, said: "It's got to be good for politics that gradually Parliament is getting closer to looking a bit more like the electorate that it serves."

He said the majority of the MPs from ethnic minorities would be sitting on Labour benches, which was partly due to the Tories not choosing enough ethnic minority candidates.

"I know there are calls within the Conservative Party to do better in that respect."

FEMALE MP's


2015 Election : 191 of 650
2017 Election : 208 of 650

There is more gender equality than ever before in Parliament after a record 208 women were elected in Thursday's vote.

Nearly 100 years after the law was changed to allow women to become MPs, they now make up 32% of the Commons.

The number of women MPs has increased by almost 9% since the 2015 election, when 191 were voted into Parliament.

Labour has the most women with 119, while the Tories have 67, the SNP 12 and the Lib Dems 4.

But with females making up more than 50% of the UK population, the Commons still has a way to go to truly represent the make-up of the country.

The Fawcett Society, which campaigns for women's rights, says progress has stalled.

Chief executive Sam Smethers said: "The time has come for a legally enforceable target to achieve the radical and sustainable change we need."

DISABILITY

While there are no definitive figures on the number of disabled MPs, it appears there has been an increase in the 2017 Parliament.

Labour has two new MPs in the Commons who have disabilities.

Marsha de Cordova, who represents Battersea, is registered blind and used her victory speech to champion disabled rights.

Jared O'Mara, who has cerebral palsy hemiparesis, took Sheffield Hallam from former Deputy Prime Minister Nick Clegg.

He has previously written about the importance of political parties having a strong representation of disabled candidates.

Lib Dem MP Stephen Lloyd, who is hard of hearing, returns to Parliament after losing his seat in the 2015 election.

Conservative MP Robert Halfon, who was born with mild cerebral palsy and has since developed osteoarthritis, was re-elected.

He is joined in Parliament by fellow Tory Paul Maynard, who also has cerebral palsy.

Scope's chief executive Mark Atkinson said it was encouraging to see an increase in the number of disabled politicians elected.

"Whilst there is more work to do, this is a positive step forward in combating the under-representation of disabled people in public life."

EDUCATION - SCHOOL BACKGROUND OF MP's, 2015 (n) v 2017 [n]


Independent : (32%) [29%]
Selective : (19%) [18%]
Comprehensive : (43%) [51%]

David Cameron, Boris Johnson and George Osborne are just a few of the notable past and present MPs to have received a private education.

But 2017 has seen a shift in educational background, with more than half of those elected having been to state schools.

Analysis by the Sutton Trust found that 51% of MPs in the new Commons went to comprehensive schools, while 29% went to private school and 18% selective states.

In 2015, the figures were 43%, 32% and 19% respectively.

The analysis found 45% of all Conservative MPs elected in 2017 were privately educated, compared to 14% of Labour MPs and 6% of SNP MPs.

The figures do not include MPs who were home schooled or educated abroad.

Sutton Trust chairman and founder Sir Peter Lampl said the "landscape of British politics has changed considerably".

But he said the number of MPs attending private school was still far higher than the general population which stands at 7%.

He added: "If parliament is to truly represent the nation as a whole, able people from all backgrounds should have the opportunity to become MPs."

(1st September 2017)


A GRIM PATTERN IN EUROPEAN ATTACKS : MISSED CHANCES TO PINPOINT TERRORISM SUSPECTS BEFOREHAND
(LA Times, dated 11th June 2017 authors Laura King, Alexandra Zavis and Erik Kirschbaum)

Full article [Option 1]:

http://www.latimes.com/world/europe/la-fg-europe-terror-suspects-2017-htmlstory.html

Note : This is a "perception" of affairs from the USA.

In ancient capitals and bustling provincial cities across Europe, whenever the first sketchy reports begin surfacing of a terror attack - a truck strike, a stabbing rampage, a bombing - the investigators who spend their days and nights sifting through tens of thousands of potential security threats feel a sense of dread beyond their horror over the immediate event.

Will a perpetrator turn out to be someone well known to them? Someone whose extremist views or suspicious travels or damning personal associations had been documented but fell short of grounds for arrest or other restrictions?

Could the latest atrocity, they ask themselves, have been averted?

That agonizing question is being asked in London, where a vehicle-and-knife attack June 3 in the heart of the capital killed eight people and cast a shadow on a consequential British election.

In the London Bridge attacks, authorities had previously been told that two of the three assailants had shown extremist tendencies - echoing a pattern in other terrorist strikes.

But tracking terrorism suspects and heading off attacks - even when someone has come under suspicion - has become increasingly difficult.

European nations have built massive watch lists of potential terrorists. But the lists are so extensive that it is often unclear who poses the most serious threats and thus merits close surveillance, which is both expensive and labor-intensive.

That is especially true because more and more terrorists are acting alone or in small groups, limiting opportunities for authorities to intercept communications, and are using low-tech methods that allow them to get close to their targets without attracting attention.

Further complicating counter-terrorism efforts are concerns about religious and civil liberties, which make it hard in a Western democracy to act against potential terrorists without evidence proving a crime or specific plans to commit one.

"The fact is, the threat remains mostly unpredictable," said Jean-Charles Brisard, chairman of the Center for Analysis of Terrorism, a Paris-based think tank. "We are dealing with individuals who are acting in an improvised way, using very unsophisticated weapons - cars, knives, whatever."

"They are not in communication with foreign organizations or fighters abroad," he said. If there is such communication, he said, "they do it at the last minute … through encrypted messaging services" that are very difficult for intelligence services to penetrate and monitor.

Major attacks of recent years, including carefully choreographed large-scale strikes in Paris and Brussels, were orchestrated from outside those countries by Islamic State.

But several recent attacks - including last summer's truck rampage in Nice, a knife attack in southern Germany and perhaps the June 3 assault in London - were carried out by terrorists acting alone or in small groups.

Keeping track of even a single potentially dangerous person is an extraordinary drain on time and resources, as governments throughout Europe have found.

Of the 23,000 people deemed subjects of interest by British security services, fewer than 10 are reported to be considered dangerous enough to merit formal measures such as overnight curfews, electronic monitoring and restricted Internet use.

In France, about 17,000 people are on the "Fiches S." - for security - watch list. Given that putting a single suspect under 24-hour surveillance can involve up to 30 agents, Brisard said, "a couple hundred at best" receive that kind of attention.

Italy, which draws on monitoring methods honed in its fight against the Mafia, keeps track of about 300 potential terrorism suspects. The Italian government has recently ramped up the expulsion of foreign nationals on its watch list, 49 so far this year.

Cross-border security cooperation, long a stumbling block, remains a significant weakness, analysts say. Intelligence agencies among various countries - and even within them - do not always share what might prove to be vital information, or act appropriately when such tips are provided.

One case in point: Italian intelligence officials had informed their British counterparts that Youssef Zaghba - a 22-year-old Italian national of Moroccan descent who had moved to London and was working as a waiter - had tried to travel to Syria via Turkey, apparently to join Islamic State, the Italian newspaper Corriere della Sera reported.

But neither Scotland Yard nor MI5, the main domestic intelligence services in Britain, deemed him a subject of interest, police said in a statement.

Then Zaghba turned out to be one of the attackers at London Bridge.

That underscores another big problem: Nearly every European country is coping with large numbers of their citizens who have aspirations of joining the jihadists in Syria, Iraq or Libya - or who actually made it to the battlefield and back.

As Islamic State loses territory, those followers are increasingly turning their attention to targets at home.

In Germany, the BKA - its equivalent of the FBI - says that roughly 920 citizens went to Iraq and Syria to join Islamic State, with about one-third returning home. Of the 840 French nationals thought to have headed off to join Islamic State or other jihadist groups, approximately 140 are believed to have come back to France.

Gauging threats requires the investigative calls that detectives of all stripes are used to making: when to trust your gut, how coincidences add up, when to give the benefit of the doubt, whose information to trust.

But those calls can also be influenced by larger concerns about civil liberties, social assimilation and democratic values.

In Britain, the London attack put Prime Minister Theresa May on the defensive in the final days of campaigning on behalf of her Conservative Party. Her opponents pointed out that as home secretary, the country's top domestic security job, May oversaw the cutting of thousands of police jobs.

Seeking to establish her security bona fides, May has proposed what would once have been considered draconian measures, such as making it easier to deport foreign terrorism suspects and "restrict the freedom and movement" of those considered dangerous, even on the basis of evidence insufficient for a court prosecution.

"And if human rights laws stop us from doing it, we will change those laws so we can do it," she said Tuesday.

Terrorism was also a major issue in the recent French election, in which the far-right candidate, Marine Le Pen, advocated for harsh action against anybody on the country's watch list: expulsion for foreigners, revocation of French citizenship for dual nationals and jail for French citizens.

The new French president, Emmanuel Macron, is setting up a special counter-terrorism task force that he said will report directly to the presidential palace rather than to individual ministries, in order to reduce delays in intelligence-sharing and decision-making.

Terrorism attacks in sleepy locales in France and elsewhere across Europe have also raised concerns about whether enough resources are being devoted to the hinterlands.

One of the two radicalized teenagers who murdered a Roman Catholic priest celebrating Mass in the provincial French city of Rouen last summer had been fitted with an electronic bracelet and was only allowed out of his home at certain times of the day. He carried out the attack during his unsupervised hours.

Every attack in which authorities realize in retrospect that an individual had slipped through the cracks is a source of immense frustration. In one of many such instances, the Kouachi brothers, Said and Cherif, who carried out a deadly attack in January 2015 at the Paris offices of the satirical magazine Charlie Hebdo, killing 12, were on France's watch list.

The pattern surfaced again June 3. One of the slain London Bridge attackers, Khuram Butt, was also known to authorities. He had been reported to an anti-terrorism hotline in 2015 and was even featured last year in a television documentary about homegrown jihadists.

Some would-be assailants, aware they are being monitored, know that if they avoid trouble for a year or two, they are likely to be removed from the watch lists.

In Germany, Anis Amri had been on a "danger to the state" list but was removed from the list in May 2016.

Germany rejected his application for asylum and moved to deport him to his native Tunisia. But the deportation was delayed because he hadn't yet been issued a Tunisian passport. Meanwhile, Moroccan intelligence service warnings that he dangerous went unheeded.

On Dec. 19, he plowed a stolen truck into one of Berlin's famous Christmas markets and killed 12 people.

The documents that would have been needed to deport him came through two days later.

(1st September 2017)


7 COMMON SECURITY MISTAKES YOU'RE PROBABLY MAKING
(Cnet, dated 9th June 2017 author Matt Elliott)

Full article [Option 1]:

https://www.cnet.com/uk/how-to/online-security-mistakes-youre-probably-making/

I get it, staying safe online is inconvenient. The alternative, however, is worse. Here are seven common mistakes you might be making online. Better to correct these mistakes now then wait until after you get hacked or otherwise compromised.

1. Using weak passwords

Sure, a simple password is quick to enter and easy to remember. It's also easy to crack. Avoid using a short word for your password. And don't use the same password for multiple accounts because if one of your logins gets hacked, then hackers can access your other accounts.

2. Not using a password manager


Using a password manager is a win-win. It makes your online life more secure and easier. A password manager stores the passwords for your various online accounts and profiles, across all your devices, and saves you from having to remember and enter each one each time you visit a password-protected site. Instead, your passwords are encrypted and held by your password manager, which you then protect with a master password.

Since you are saved from having to remember all of your passwords, you will be less tempted by the dangerously poor idea of using the same password for all of your accounts. With a password manager, you can create strong passwords for all of your accounts and keep all of them saved behind a stronger master password, leaving you to remember just one.

3. Not using two-factor authentication

If you are using strong passwords and a password manager, then take the extra step of setting up two-factor authentication to add an extra layer of security to your online accounts. The most common form of two-factor authentication when logging into an account is the process of entering your password and then receiving a code via text on your phone that you then need to enter. The second layer in two-factor authentication means a hacker would need to steal your phone along with your password in order to access your account.

4. Making online purchases with your credit card


Most credit cards offer fraud protection, but a mobile payment system is safer and will save you the hassle of filing a claim if your credit card does, in fact, offer fraud protection. A mobile payment system like Android Pay or Apple Pay features something called tokenization, which creates a one-time-use credit card number for each purchase instead using of your real credit card number so it can be kept hidden and secure. PayPal also offers tokenization. And Apple Pay can be used on Macs.

5. Clicking links, opening attachments from sketchy emails


If you receive an email from your bank, the IRS, PayPal, Facebook or another reputable institution that says there's a problem with your account and immediate action is needed, do not click the link included in the email. Instead, go to the site directly and log into your account to see what's up. Odds are your account is fine and that the email you received was part of a phishing scam trying to trick you into revealing sensitive information like your username and password or bank account or credit card number.

6. Treating public Wi-Fi like it's private


Hopping on Wi-Fi at Starbucks or the airport is generally safe, but not if you're logging into your bank account to check your balance or pay a few bills. You should treat all public Wi-Fi spots as insecure and easier than your home network for someone to see what you're doing online. Also, hackers and other nefarious individuals set up Wi-Fi networks that look like a coffee-shop network or another public Wi-Fi hotspot to steal your information. Make sure you're connecting to the right network and not a spoof set up to grab your information -- steer clear of any random open networks you don't recognize. And when connected, avoid banking or logging into other sensitive accounts.

7. Not updating your OS

Apple, Google and Microsoft update their operating systems regularly with security patches. These patches fix known vulnerabilities that hackers like to exploit, the most recent example being the WannaCry ransomware attack that hit outdated Windows machines. Don't ignore those updates-are-available notifications; keep your laptop and phone up to date and make yourself a tougher target for hackers.

(1st September 2017)


LEADING UNIVERSITIES "REFUSE TO SUPPORT COLD-CALLING CRACKDOWN"
(The Times, dated 9th June 2017 author Greg Hurst)
www.thetimes.co.uk [Option 1]

The days of "wild west" charity fundraising techniques are over, the regulator's chairman has claimed, as it prepares to launch a service to stop unwanted cold calling and direct marketing.

Lord Grade of Yarmouth said that a minority of "rogues and cowboys" working for third-party companies threatened the reputation of the sector and that they must stop "invading people's space".

In an interview with The Times, he predicted any loss in income suffered by charities as a result of the new service would be short-lived and that they would reap longer-term benefit by restoring public confidence.

He also hinted that some of Britain's best-known universities were among 600 that had refused to pay a voluntary levy to support the Fund raising regulator, putting at risk the system of self regulation set up by the voluntary sector.

Next month the watchdog will launch its main programme, a fund raising preference service to let people opt out of receiving calls, texts, letters or emails from charities that they name by contacting the regulator. Relatives or friends will also be able to block charities on behalf of vulnerable people.

There was an outcry two years ago over cases such as those of Olive Cooke, 92, a poppy seller who took her life after being bombarded by charity mailshots, although she also suffered depression, and Samuel Rae, 87, who had dementia and was tricked out of £35,000 after charities sold his data to conmen.

"Those bad cases showed something was wrong," Lord Grade said. "The idea of not doing anything and letting it be a wild west of fundraising is not tenable".

The new service will allow people only to block charities that they name.

After pressure from the charity sector the regulator backed away from letting people block all charities, the so called "big red button" option. Lord Grade said that its consultation showed this reflected donors' wishes.

"In our consultation a lot of people said "I am very happy to hear from the lifeboats or the donkey sanctuary, whatever it is, I am very happy to hear from them", he said. "If we had done a blanket, what they called the "big red button", that was not acceptable to a lot of donors. They just want to hea ffrom the ones they want to hear from.

"People don't like being harassed. One of the techniques that people use on the phone is, It's very kind of you to donate £5 a month; could you make it £10 ? They try and get you into a negotiation. It's horrible. You have ben generous enough to donate once a year or monthly, whatever - go away, thank you, be grateful."

Charity trustees are only now beginning to get to grips with their duty to monitor private fundraising companies that they use, he said. Many were diligent, but some were "rogues" and "cowboys". The regulator is also launching an accreditation scheme, giving a tick to companies that follow an ethical fundraising code.

All charities in England and Wales that spend £100,000 or more a year on fundraising have been asked to pay a levy towards the regulator's costs but 600 of the 1900 eligible have not done so. "There is a tail of those who haven't answered, those that are refusing on principle, and say if its voluntary why should we pay?" Lord Grade said. Some are well known, he said, and hinted that they included prominent universities, some of which raise millions a year from alumni.

Pressed several times to name some who had not paid, he smiled and three times replied "Academe".

Victims of the "wild west" operators

- Olive Cooke, 92, from Bristol who sold poppies for the Royal British Legion for 76 years, jumped to her death in 2015. She had received 267 charity letters in one month and had 27 direct debits, but also suffered depression.

- Samuel Rae, 87, from Cornwall who had dementia, mentioned a pet cat in a lifestyle survey. Two animal charities bought and sold on his details. He was contacted 700 times by fundraisers and fraudsters, handling over £35,000 by 2015.

- NEET Feet, an agency used by charities including Save the Children, Unicef and Action for Children, closed after it emerged that it had employed criminals and drug users as chuggers - "charity muggers" - to intimidate vulnerable people for donations.

- GoGen, an agency hired by British Red Cross, Macmillan Cancer Support, NSPCC and Oxfam, was rebuked in 2016 for targeting vulnerable donors over the phone.

- Fundraising initiatives Ltd, used by the RSPCA and Battersea Dogs and Cats Home, went into administration after a complaint that employees pretended to be raising awareness of the charities work as a cover for soliciting donations.

(1st September 2017)


GERMANY FEARS HUGE LOSSES IN MASSIVE TAX SCANDAL
(BBC News, dated 9th June 2017 author Jenny Hill)

Full article : www.bbc.co.uk/news/world-europe-40199259

An international group of bankers, lawyers and stockbrokers - reportedly with links to the City of London - appears to have fiddled the tax system, employing practices which were at best unethical, at worst illegal.

Ultimately they may have deprived the state of nearly €32bn (£28bn; $36bn). As the German broadcaster ARD wryly noted, that would have paid for repairs to a lot of schools and bridges.

The newspaper Die Zeit adds that the sum would more than cover the cost of the refugee influx for a year.

Prosecutors have been investigating for some time. And gradually it is emerging that large-scale tax avoidance was taking place right under the noses of the authorities.

And that - in some cases - they turned a blind eye to practices employed, not just by individuals out to make a fortune, but by some of the country's biggest banks and respected businesses.

Creative accounting

We may never really know the full extent of those practices; largely because they involved fiendishly complex transactions, which German media broadly divide into two kinds.

In the first type, German banks and stockbrokers bought and sold shares for foreign investors in a way which allowed them to claim a tax refund for which they were not eligible. Many question the legality of the practice.

In the second (a more complicated variation), investors and banks bought and sold shares just before and just after dividends were paid. With a bit of imaginative paperwork, and by exploiting a procedure which allows more than one person or institution to simultaneously own a share, they were able to claim numerous tax refunds. The practice was outlawed in 2012.

Whistleblowers

German prosecutors are investigating a number of banks - among them institutions which were bailed out by the state - and individuals.

But in the meantime, a group of German journalists has been researching too, working alongside an expert from the University of Mannheim.

Their investigations, broadcast on Thursday night, reveal that, despite a warning from State Commissioner August Schäfer in 1992 and the testimony of five whistleblowers, the practices continued and were widespread.

They involved 40 German banks and scores of other financial institutions around the world.

And, as those German reporters reveal, in the end it wasn't a national authority, a finance minister or the justice system who finally exposed the practice.

It was a young administrative assistant in Germany's central tax office, who noticed that she was receiving claims for huge tax rebates from a single US pension fund.

Anna Schablonski (a pseudonym) dug further and, despite threats, began to uncover other cases. She is modest about her role - even though 30 colleagues are now dedicated to trying to recover some of the money, and prosecutors are building their cases against some of those involved.

She does not want to be cast as a hero, she says. She was just doing her job.

(1st September 2017)


GOVERNMENT ISSUES "CROWDED PLACES GUIDANCE" TO BUSINESSES ON PREVENTING TERRORIST ATTACKS
(City AM, dated 8th June 2017 author Lucy White)

Full article [Option 1]:

www.cityam.com/266256/government-issues-crowded-places-guidance-advise-businesses

The UK government today issued a 174-page "Crowded Places Guidance" booklet to help businesses mitigate the risk of a terror attack.

The interactive online document offers advice for people working in locations ranging from places of worship to hotels and restaurants.

As well as outlining measures which could lessen the likelihood or impact of a terror attack, it also notes legal and commercial reasons why venues should take steps to deter events such as the London Bridge attack last week.

Many organisations have a duty to ensure people's health and safety under the Health and Safety at Work Act 1974, it says, and inadequate protection from terrorists could put a business's reputation at stake.

"The threat we face from terrorism is significant. As we have seen in the UK and across Europe, attacks can happen at any time and any place without warning," the guidance states :

"Understanding the threat we all face and the ways we can mitigate it can help keep us safer. Everyone can play a role in this effort by taking steps to help boost their protective security whether that's at work, at home or away; when travelling, when out and about or just simply when online."

The guidance is primarily aimed at individuals working in the security sector and those who own businesses or amenities.

Key points fall under ensuring physical safety, cyber security, and personal security.

The "night-time economy" is one area given dedicated attention in the guidance, which is particularly notable since the London Bridge attackers targeted an area known for its bars and restaurants.

"Absolute security is almost impossible to achieve," the document notes, recognising that an enjoyable atmosphere must be maintained.

"However, a balance must be struck," it adds, listing off measures such as protecting people from flying glass or controlling vehicle access into crowded areas.

The government guidance also gives specific pointers for people working in stadia and arenas, and those working at major events, covering tragedies such as the Manchester attack at a pop concert last month.

It warns that attack methodologies could range from bombings to atrocities committed with chemical, biological and radiological weapons.

uaware - further information

Government guidance on crowded places

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/619411/170614_crowded-places-guidance_v1.pdf

(1st September 2017)


WHAT'S IN THERESA MAY'S NEW ANTI-TERROR PACKAGE ?
(The Guardian, dated 7th June 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jun/06/anti-terror-options-tpims-tagging-mass-surveillance

Theresa May's unveiling of a fresh package of measures to keep track of terror suspects clearly raises questions over whether it is designed to deflect potential headlines about MI5 and Home Office failures over the London Bridge bombers.

The package does however fill in some details in her "enough is enough" four-point plan to tackle extremism in Britain by hinting at a series of steps to more effectively keep track of and control terror suspects in Britain. Taken together they add up to an attempt to restore some of the more restrictive elements of control orders to the existing regime of terrorist prevention and investigation measures (Tpims).

The clear threat that May is willing to amend human rights laws "if they get in the way of doing these things" is a recognition that some of the revived restrictions have already been subject to successful legal challenges in the British courts. This commitment appears to contradict the Conservative manifesto pledge not to repeal or amend the Human Rights Act until after Brexit, but she may be relying on the fact that any legal challenges may well take at least two years to play out.

The new measures include:

Human rights laws

Any attempt to amend the Human Rights Act before it is repealed post-Brexit will require a derogation under the European convention on human rights. This involves declaring a technical state of emergency as was done with the Belmarsh regime of indefinite detention without charge in the aftermath of 9/11. Ministers are also said to be considering restoring a power for the police to detain a suspect without charge for 28 days instead of the current 14 days. This would return to the position in 2011.

In her speech on Tuesday night, May said: "If human rights get in the way of doing these things, we will change those laws to make sure we can do them."

This flatly contradicts the commitment in her own manifesto not to rip up or amend the Human Rights Act before Brexit, at least two years away, or to withdraw from the European convention of human rights for at least the next five years. Derogation, which would be needed, amounts to a temporary and partial withdrawal from the convention.

"We will not repeal or replace the Human Rights Act while the process of Brexit is under way but we will consider our human rights legal framework when the process of leaving the EU concludes. We will remain signatories to the European convention on human rights for the duration of the next parliament," says the manifesto.

Tougher Tpims:

May says she wants to do more to "restrict the freedom and the movements of terrorist suspects" when there is not sufficient evidence to prosecute them. It is thought this includes extended curfews, extra restrictions on movements and on who suspects can meet or associate with, and access to communications.

The overnight residence requirement on Tpims is restricted to a 10-hour curfew after the supreme court ruled that the maximum 18-hour curfew without trial or charge under the previous control orders amounted to unlawful incarceration. It is possible that the period could be increased to 14-15 hours without breaching that ruling.

May has already beefed up Tpims once, in 2015, when she restored a power to force the relocation of the suspect up to 200 miles from their home city. The former official terrorism laws reviewer, David Anderson QC, went further and recommended a more aggressive use of existing "exclusion zone" powers that could see them banned also from going to crowded public places such as arenas or city centres. Satellite tagging would be needed to enforce these conditions, which may be a problem as the Ministry of Justice has had serious problems with its contracts for the next generation of tags.

Tpims mark II also included tighter restrictions on association and communications. Tpims mark III will also see further changes including the lifting - despite legal challenges in the past - of the current requirement that suspects must be permitted access to a landline, mobile and internet connection.

Deporting terror suspects

May says she wants to make it easier to deport foreign terror suspects to their own countries. Her speech gave no further detail but she may well be referring a new campaign to secure "deportations with assurances" that would revive one of her greater achievements as home secretary, the removal of Abu Qatada from Britain. She succeeded in bringing that drawn-out saga to a close by negotiating a deal with Jordan that it would not use torture-tainted evidence in any trial once Qatada was sent back. This allowed him to be put on a plane to Jordan without breaching European human rights protections. She may be hoping to emulate that success with a serious of new deportation deals with other countries.

Longer prison sentences


Sunday's four-point plan already includes heavier aggravated sentences for minor offences that are terrorist-related. The speech holds out the prospect of even longer sentences for those convicted of terrorist offences themselves. While a quarter of sentenced terrorists are put away for at least 10 years, about a fifth of those convicted each year are sentenced to under two years.

There are other policy measures that May could consider, although she did not refer to these. They include:

Investigatory Powers Act or "snooper's charter"


Targeted powers The new legislation gives the security services, including GCHQ, sweeping new powers to keep track of the digital life of any named suspect, on a home secretary's warrant backed by judicial oversight. They allow the services to hack phones, computers and even use a suspect's camera or microphone in their smartphones to eavesdrop remotely on conversations. These warranted powers allow the security services and police to monitor the content of emails, texts, phone calls and real-time conversations.

One yet-to-be implemented set of measures in the act are technical capability orders that require internet companies to bypass or alter encryption in the case of a named targeted suspect using encrypted services such as WhatsApp to communicate. Critics argue that once a back door is created to these encrypted services anyone, friend or foe, will be able to use them.

Mass surveillance powers The snooper's charter also contains wide-ranging powers to require web and phone companies to retain records of everyone's web browsing histories and communications data records for phone calls and texts for two years, for access by the police and security services. A potentially powerful source of data to keep track of the online lives of jihadi terror suspects but requires intelligence-led searching and a retrieval system to avoid "losing a needle in a haystack".

Community policing and Prevent programme

Cuts in police numbers would be reversed to ensure a community beat presence that restores the flow of local intelligence to special branch and security services. This would also enable security services to respond effectively to warnings from the community about suspect individuals, which has been identified as a factor in all three recent attacks.

The Prevent programme would be recast - as an Engage programme - to overcome its toxic reputation in some parts of the Muslim community. This could also ensure that individuals at risk of being drawn into terrorism are challenged and diverted.

Criminalisation of non-violent extremism

This forms a main part of May's four-point programme. The government would press for new international agreements to ensure internet companies deny a platform to extremist propaganda on the web. A new commission would be set up to "monitor and expose" Trojan horse-style extremism and extremists in the public sector and wider society. The problem with both proposals is that there is no legally robust definition of "extremist" that would pass its first high court freedom-of-speech challenge.

May believes that if legal human rights obstacles can be overcome then the drive against non-violent extremism could include a "counter-entryism strategy" including bans on extremist groups, disruption orders against individuals and closure orders against premises used to host extremist meetings. There would also be a campaign to promote "superior British values".

(1st September 2017)


DRUG DEATHS ON THE RISE IN EUROPE FOR THE THIRD YEAR : REPORT
(Reuters, dated 6th June 2017 author Axel Bugge)

Full article [Option 1]:

http://uk.reuters.com/article/us-europe-drugs-idUKKBN18X1Y4

Drug overdose deaths in Europe rose six percent to 8,441 in 2015, rising for the third consecutive year, driven by increasing use of synthetic opioids like fentanyl, Europe's Lisbon-based drug monitoring agency said on Tuesday.

The growing use of opioids has grabbed attention in recent years as deaths from such drugs, both illicit and prescription, in the United States have reached what many experts call epidemic levels.

The European drug agency's latest available data on overdose deaths shows they rose from 7,950 in 2014 and 7,345 in 2013. Opioids, which also include morphine and heroin, were related to 81 percent of all the deaths. Deaths from overdoses had been on a downward trend from 2008 until 2012.

The agency warned that drug-related deaths in Europe could be much higher due to "systematic under-reporting in some countries" and delays in reporting.

Still, Europe's drug deaths remain far lower than in the United States, where 52,000 people died of overdoses in 2015, 33,000 of which were related to opioids.

The agency said a big difference between the United States and Europe is the regulatory approach to prescribing opioid painkillers.

"However, the possibility of under-reporting cannot be dismissed, as Europeans experiencing problems with prescription medicines may access different services than those used by illicit drug users," the report said.

It also said demand for opioids now represented 38 percent of all requests for drug treatment in the European Union, indicating rising opioid use.

"In both Europe and North America, the recent emergence of highly potent new synthetic opioids, mostly fentanyl derivatives, is causing considerable concern," the report said.

Fentanyl is a synthetic pain medication, which is up to 100 times more powerful than morphine, and has been used increasingly as a recreational drug.

The report found that the mean age of death from drug overdoses for men was 38 and 41 for women.

The United Kingdom has, by far, the largest number of overdose deaths in Europe, and reached 2,655 in 2015. In Germany, which was second, overdose deaths were 1,226.

(1st September 2017)


A MALWARE IS MASQUERADING IN THE FORM OF A POWERPOINT FILE THROUGH DODGY E-MAILS
(International Business Times, dated 5th June 2017 author Agamoni Ghosh)

Full article [Option 1]:

www.ibtimes.co.uk/malware-masquerading-form-powerpoint-file-through-dodgy-e-mails-1624806

A newly discovered malware infection is masquerading in the form of a Microsoft PowerPoint file which downloads the infection as soon as users hover over a link.

The file is named as order&prsn.ppsx" or "order.ppsx" or "invoice.ppsx" and is sent as an attachment through email to victims with the subject line "RE:Purchase orders #69812" or "Fwd:Confirmation." The attachment may sometimes even contain zip files, which when extracted show the PowerPoint files.

What happens?

While PowerPoint files are written as PPTX, this file that comes attached in the mail reads as PPSX. The file format is identical to PowerPoint files but they enter the PowerPoint presentation view directly when opened. On opening a blank page, there is a message written in bright blue font saying,"Loading Please Wait" which is the malicious link according to Bleeping Computer.

What makes the malware extremely dangerous is that users do not even have to click on this malicious link. The victims only need to hover over the link and the malicious code will be executed.

Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers over a link; no macro scripts are required.
How to stay safe?

Microsoft is aware of the malware and has said if users have Windows Defender and Office 365 Advanced Threat Protection activated, they will remove the malware by signalling a threat and closing down the file. In case you do not have these activated, make sure not to open dodgy e-mails and read the file format extension carefully to spot the malware file.

(1st September 2017)


PARENTS WHO ALLOW CHILDREN TO USE iPADS UNSUPERVISED PUT THEM AT RISK OF SEXUAL ABUSE
(The Telegraph, dated 1st June 2017 author Nicky Harley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/05/31/parents-allow-children-use-ipads-unsupervised-can-put-risk-sexual/

Parents who allow children to use iPads unsupervised can put them at risk of sexual abuse, the NSPCC says amid a huge rise in cyber sex crimes

Around 15 children everyday are being exposed to cyber sex crimes new figures have revealed.

In total, there were 5,653 child sex crimes recorded in 2016/17 involving the internet, an increase of 44 per cent on last years figures.

The NSPCC, which obtained the data through Freedom of Information requests, said it was urging the next government to introduce strict internet safety measures to protect children.

The charity has developed a tool called Net Aware to help parents to protect their children and says younger children should be supervised.

NSPCC policy manager Lisa Mccrindle said: "Parents need to keep an eye on youngsters using devices and monitor the content they are accessing. Parents should absolutely be supervising their children.

"Before they let them use them they need to make sure they are happy with the settings.

"Parents know their children best and they need to ask them what they are looking at. They may want to supervise them depending on how sensible their child is."

For the past two years, police have been required by law to add a "cyber flag" to any child sexual offences that involved the internet in some form.

This could include activity such as online grooming, using the internet to meet up with a child, or an individual pretending to be someone online that they were not.

The data showed that among forces that recorded ages, 13 was the most common age of a victim. There were almost 100 crimes committed against youngsters aged 10 and under, and the youngest victim was aged three.

An NSPCC spokesperson said: "As soon a s achild goes online parents need to be having conversations with them, they shouldn't leave them to it.

"If they are going out on their own it is the same mentality, how to keep them safe from stranger danger, parents need to be having an equivalent conversation when their child goes online. Young children need to be supervised."

NSPCC chief executive Peter Wanless said the government needs to "urgently address" the issue.

"These figures confirm our fears that offenders are exploiting the internet to target children for their own dark deeds," he said.

"Children also tell our Childline service that they are being targeted online by some adults who pose as children and try to meet them, or persuade them to perform sexual acts on webcams, before blackmailing them.

"We are calling on the government to force internet companies and social media sites to adhere to rules that keep their young users safe."

New research by anti-bullying charity Ditch the Label revealed that more than one in two gamers have experienced bullying while playing online.

The survey of 2,515 people aged 12-25 found 47 per cent had received threats while playing a game, while 22 per cent have stopped playing as a result of bullying.

Other findings included four in 10 people receiving unwanted sexual contact in a game.

NSPCC advice on online games, including their Netaware advice app :

https://www.nspcc.org.uk/preventing-abuse/keeping-children-safe/online-safety/minecraft-a-parents-guide/

Further information - see article :

CYBER SEX CRIMES AGAINST CHILDREN HAVE SURGED BY 44%, NSPCC REVEALS

Full article [Option 1]:

www.standard.co.uk/news/crime/cyber-sex-crimes-children-increase-44-nspcc-a3554031.html

(1st September 2017)


HEALTHCARE TOPS UK DATA BREACH CHART - BUT IT'S NOT WHAT YOU'RE THINKING
(The Register, dated 1st June 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/06/01/data_breach_analysis/

The UK health sector accounts for nearly half (43 per cent) of all data breaches, according to new research.

A study of figures from the Information Commissioner's Office (ICO) by data security firm Egress found that human error, rather than external threats, was the main cause of breaches across every sector of the UK economy.

Healthcare organisations suffered 2,447 data breaches and accounted for 43 per cent of all reported incidents between January 2014 and December 2016. Cumulative healthcare breach numbers were almost four times more than the second highest sector, local government.

The number of incidents rose year-on-year, from 184 in the last quarter of 2014 to 221 in the last quarter of 2016.

Human error was the main cause of the 221 breaches that took place between October and December 2016. Pratfalls included: loss of paperwork (24 per cent); data faxed/posted to the wrong participant (19 per cent); data sent by email to incorrect recipient (9 per cent); and failure to redact data (5 per cent).

Although healthcare suffered the highest volume of incidents, other sectors are experiencing a more rapid increase. The courts and justice sector has seen the most significant surge, a 290 per cent hike since 2014, placing it in the top five worst affected industries by the last quarter of 2016.

Other marked rises can be seen in central government and finance industries - 33 and 44 per cent respectively.

Across all sectors, the total number of security incidents reported has increased by almost a third (32 per cent) since 2014.

(1st September 2017)


FRANCE WARNS NIGHTMARE SCENARIO OF "PERMANENT CYBER WAR" IS LOOMING
(International Business Times, dated 1st June 2017 author Associated Press)

Full article [Option 1]:

www.ibtimes.co.uk/france-warns-nightmare-scenario-permanent-cyber-war-looming-1624367

Cyberspace faces an approaching risk of "permanent war" between states and criminal or extremist organisations because of increasingly destructive hacking attacks, the head of the French government's cybersecurity agency warned Thursday.

In a wide-ranging interview in his office with The Associated Press, Guillaume Poupard lamented a lack of commonly agreed rules to govern cyberspace and said: "We must work collectively, not just with two or three Western countries, but on a global scale."

"With what we see today - attacks that are criminal, from states, often for espionage or fraud but also more and more for sabotage or destruction - we are getting closer, clearly, to a state of war, a state of war that could be more complicated, probably, than those we've known until now," he said.

His comments echoed testimony from the head of the US National Security Agency, Adm. Michael Rogers, to the Senate Armed Services Committee on May 9. Rogers spoke of "cyber effects" being used by states "to maintain the initiative just short of war" and said "'Cyber war'" is not some future concept or cinematic spectacle, it is real and here to stay."

Poupard said "the most nightmare scenario, the point of view that Rogers expressed and which I share" would be "a sort of permanent war - between states, between states and other organisations, which can be criminal and terrorist organisations - where everyone will attack each other, without really knowing who did what. A sort of generalised chaos that could affect all of cyberspace."

Poupard is director general of the government cyber-defense agency known in France by its acronym, ANSSI. Its agents were immediately called to deal with the aftermath of a hack and massive document leak that hit the election campaign of President Emmanuel Macron just two days before his May 7 victory.

Contrary to Rogers, who said the US warned France of "Russian activity" before Macron's win, Poupard didn't point the finger at Russia. He told the AP that ANSSI's investigation found no trace behind the Macron hack of the notorious hacking group APT28 - identified by the US government as a Russian intelligence outfit and blamed for hacks of the US election campaign, anti-doping agencies and other targets. The group also is known by other names, including "Fancy Bear."

Poupard described the Macron campaign hack as "not very technological" and said "the attack was so generic and simple that it could have been practically anyone."

Without ruling out the possibility that a state might have been involved, he said the attack's simplicity "means that we can imagine that it was a person who did this alone. They could be in any country."

"It really could be anyone. It could even be an isolated individual," he said.

(1st September 2017)


SORROW FOR THE LOSS AT GRENFELL TOWER


SORROW FOR THE VICTIMS

AND THEIR FAMILIES

 

London Southwark
Manchester
London Westminster




MAY 2017


WE WILL RAISE CORPORATION TAX !

I read the following articles and tried to think of an all encompassing title. I have probably failed, but if you tax global companies more than they expect they can "fiddle the books legally" in another country. Or, just move the whole organisation to another country, leaving unemployment behind them. Who will get taxed then to balance the UK Government books ?

----------------------

EXPLAIN YOURSELF JEAN-CLAUDE JUNCKER UNDER FIRE FROM OWN MEPs OVER SPECIAL TAX DEALS
(Express, dated 31st May 2017 author Jon Rogers)

Full article [Option 1]:

www.express.co.uk/news/world/811164/Jean-Claude-Juncker-European-Union-Commission-Lux-Leaks-scandal

MEPs from the European Parliament quizzed the European Commission president over the numerous sweetheart deals made with large multinational companies from 1989-2009, which has been dubbed the Lux Leaks scandal.

The various deals with numerous big companies such as Pepsi, IKEA, AIG, Coach, Deutsche Bank, Abbott Laboratories and nearly 340 other companies were made during when Mr Juncker was firstly Minster of Finance in Luxembourg and later Prime Minister of Luxembourg.

The deals allowed many of the companies to slash their global tax bills.

MEPs have ordered Mr Juncker to explain his role in the scandal, which came to light when the deals were revealed by the International Consortium of Investigative Journalists.

The consortium revealed how accountants PricewaterhouseCoopers helped multinational companies obtain at least 548 tax rulings in Luxembourg from 2002 to 2010.

The rulings, essentially provided written assurance that companies' tax-saving plans would be viewed favourably by the Luxembourg authorities.

In a scathing report the Greens/European Free Alliance (EFA)said "nobody has been held accountable" for the scandal.

A statement from the Greens/EFA said: "Although the complicity of some European member states in this game was proven in the European Parliament' inquiries, so far nobody has been held accountable for these scandals.

"Even 'Mister Clean' Jean-Claude Juncker, former Finance and Prime Minister of Luxembourg, refused any responsibility whilst it is generally recognised that Luxembourg issued tailored tax rulings to multinational corporations and thus actively helped to dodge taxes elsewhere."

The Greens/EFA report published a report showing how Luxembourg attempted between 2003 and 2005 - when Mr Juncker was Prime Minister - to block moves aimed at fighting tax evasion.

According to the report by the Greens and EFA, Luxembourg eventually managed to gain an important concession - instead of automatically exchanging information, it was authorised to levy a withholding tax deducted from interest earned in Luxembourg, partially passed on to the EU country of residence.

The report said: "The behaviour of Luxembourg was even more detrimental to its neighbours as the Grand Duchy tolerated the creation of a tax avoidance business on its territory helping wealthy individuals to formally move the ownership of their funds into offshore companies located in tax havens and thus escaping the scope of this legislation."

The financial and economic policy spokesperson for the Greens/EFA Group in the European Parliament, Sven Giegold, said: "Jean-Claude Juncker must explain his role in Luxembourg's tax haven business in front of the inquiry committee and take responsibility for his past mistakes.

For years, Luxembourg has blocked European tax cooperation and established loopholes that have led to enormous tax losses in other EU countries. From 2003 onwards, Luxembourg has made money from the circumvention of European rules.

"The business model established by Luxembourg has cost European countries at least 300 million euros in lost tax revenue. The tax evaders must be prosecuted before the limitation period begins. The authorities in Luxembourg must pass on information to the law enforcement authorities in their partner countries.

"We call on Jean-Claude Juncker to propose a directive on the enforcement of tax justice in Europe. All EU countries must cooperate in the pursuit of tax evaders, instead of protecting the offenders."

Between 2005 and 2016 Germany, Denmark, Spain, France, Britain, Italy, the Netherlands, Portugal and Sweden lost over £261 million (€300m) in tax revenue, according to the Greens/EFA.

Mr Juncker is facing a massive backlash in France over his alleged involvement in the Lux Leaks scandal.

Earlier this year 83,000 people signed a petition calling on the politician to resign as he faced calls for a vote of no confidence.

In the petition Jacques Nikonoff, professor of economics in Paris VIII, said the leaders of the Grand Duchy were aware of tax evasion.

Mr Nikonoff said: "Luxembourg Leaks is a gigantic financial scandal involving several hundred agreements between the Grand Duchy's tax office and audit firms on behalf of multinational firms.

"Consequently, Mr Juncker must leave his position as President of the European Commission.

"Either he resigns himself if he has a little decency, or the European commissioners appoint another president.

"This is what the European Commission had done in 1999 when the then president, Jacques Santer, resigned.

"He was accused of covering up fraud and nepotism.

"The European Parliament may also censure the Commission, thus obliging it to do the housework."

A European Commission spokesperson told Express.co.uk: "The Juncker Commission has lead the crackdown on tax avoidance and tax evasion, putting the EU in the driving seat of global efforts in this field.

"Over the past two and a half years, we have driven through more initiatives to clamp down on tax dodging in the EU than happened in the previous twenty years.

"President Juncker made this fight one of the central tenets of his campaign to become Commission President. We have more than delivered on this pledge. It's a priority in our political guidelines.

"The Juncker Commission has been able to drive through major tax avoidance reforms that have completely changed the taxation landscape.

"Thanks to binding measures and greater transparency, it's now much harder for large companies to get away with not paying for their fair share of tax.

"We also put in place a strategy to deal with non-EU countries that don't play fair when it comes to tax and we're drawing up a blacklist of tax havens.

"This summer, we will be putting forward a proposal to tackle the role that some intermediaries - such as accounting firms or banks - play when it comes to aggressive tax planning.

"We have made unprecedented strides to boost tax transparency and to close loopholes leading to large scale tax avoidance at EU level since this Commission took office.

"These are steps that would have been unthinkable just a few short years ago and without the political will and drive of President Juncker."

----------------------

IS MALTA REALLY EUROPE'S "PIRATE BASE" FOR TAX ?

(BBC News, dated 25th May 2017 author Herman Grech)

Full article : www.bbc.co.uk/news/world-europe-40026826

"Offshore", "tax haven" and more recently "Panama in the EU" are labels that Malta has done its best to shake off.

But when a team of journalists declared that the tiny Mediterranean island was a "pirate base for tax avoidance", it sent ripples of concern across the EU.

Malta currently holds the presidency of the European Union, so the allegations are all the more sensitive. And they come at the tail end of a bitter election campaign that has seen the island's Labour government fending off serious claims of corruption, ahead of a vote on 3 June.

What makes Malta so attractive?


Malta operates a tax system where companies pay the lowest tax on profits in the EU.

While local businesses must pay 35% on profits, international corporations profit from a corporation tax rate of as little as 5%, thanks to a complex system where shareholders can receive a tax refund of up to six-sevenths of their tax paid in Malta. The average rate in the EU is around 22%.

So why should that upset the EU?

Several EU countries say such a system damages their budgets and reveals a weakness in the EU, which allows the 28 member states sovereign rights over their taxation.

According to a report commissioned by Green MEPs in the European Parliament, Malta helped multinationals avoid paying €14bn (£12bn;$15.6bn) in taxes between 2012 and 2015, which would have gone to other EU countries.

Juncker under fire over Luxembourg's tax regime


The EU wants to stop companies setting up "letter-box subsidiaries" in countries solely to qualify for a softer tax regime. That is a situation the Maltese company registry is all too familiar with. The fight against tax avoidance is one of the European Commission's main priorities - its president, Jean-Claude Juncker, recently had to explain his own conduct as prime minister of Luxembourg.

Is Malta the EU's Panama?


On May 19, a network of journalists released their findings after digging into more than 150,000 documents.

Describing them as the "Malta Files", the group said they showed how international companies were taking advantage of the Maltese tax system. They also claimed Malta had become a target for firms linked to the Italian mafia and Russian loan sharks.

It came just two weeks after Norbert Walter-Borjans, the finance minister in Germany's most populous state, North Rhine-Westphalia, singled out Malta as "the Panama of Europe".

What are the Panama Papers all about?

It is a highly sensitive subject for Malta's leadership, as just over a year ago one of the revelations from the huge leak of documents known as the Panama Papers was that the Maltese prime minister's chief of staff and a prominent minister held secret companies in Panama.
Is Malta being unfairly targeted?

Malta says it is under siege, insisting big countries are anxious to bite off a good chunk of revenue made by the

The tax system has been jealously guarded by different Maltese governments, with successive prime ministers arguing there is nothing secretive about Malta's registry of companies and that controlling tax policy is the only tool left for small EU countries to remain competitive.

Malta country profile

After the "Malta Files" were divulged, Finance Minister Edward Scicluna told reporters: "Do not underestimate the attempts to bully a small country."

Mr Scicluna has striven to explain that the Maltese authorities share company and banking information whenever asked to do so by foreign jurisdictions.

Prime Minister Joseph Muscat added: "Our register is more transparent than Germany's or Luxembourg's. Our competitive edge is like giving a manufacturing company land on the cheap to encourage it to set up a factory in our country."

'Nothing to hide'

Ex-Finance Minister Tonio Fenech told the BBC it all boils down to tax competition.

"It's not Malta's problem that it has an attractive tax jurisdiction. It's the problem of other EU states that don't. Why should I increase my tax rates to please Germany or France? A lot of countries should look at the way their tax system has killed off business and led to unemployment."

Mr Fenech served for nine years as finance minister and oversaw the tax system when Malta joined the EU in 2004. He said the island had nothing to hide. Its corporate tax system was sanctioned by the Organisation for Economic Co-operation and Development (OECD) and is in line with the EU's freedom of establishment.

Mr Fenech insisted there was no fool-proof system anywhere to weed out questionable companies: "There's VAT evasion, money laundering all over Europe. What I can assure you is we have a lot of stringent rules."

Why Malta's leaders are under scrutiny

Malta's economic success has been overshadowed by corruption scandals that go to the core of the Labour government elected in 2013.

The government has been under siege since the Panama Papers revealed details of secret companies in Panama.

Those revelations have cast doubt on its ability to push through anti-money laundering legislation.

Simon Busuttil, leader of the centre-right Nationalist Party, said the corruption that gripped the Muscat government was the main reason Malta was being subjected to closer scrutiny.

The so-called Individual Investor Programme scheme, which enabled Malta to raise millions by selling its passports to rich foreigners, is at the centre of an inquiry, after Mr Busuttil claimed he had evidence to prove the prime minister's chief of staff was receiving kickbacks off the scheme.

Malta tightens passport sale terms

The European Parliament's "Pana" Committee, probing the Panama Papers, has summoned both Mr Muscat and his chief of staff for a hearing in June.

Vice-chairperson Ana Gomes said: "All these scandals relating to Panama are harming Malta's image and the EU's. We're very concerned about the systems, or the apparent lack of them, to prevent the island from being used for activities of money laundering and proceeds of crime."

Though Joseph Muscat and Simon Busuttil are worlds apart over the Panama Papers, they have both pledged to fight to convince the EU there is nothing illegal or immoral with Malta's tax system if they win office in elections on 3 June.

(1st June 2017)


MAFIA PLUNDERNG GERMANYS CARE HOMES
(Deutsche Welle, dated 30th May 2017 author Ben Knight)

Full article [Option 1]:

www.dw.com/en/mafia-plundering-germanys-care-homes/a-39050629

Some 230 care home operators are thought to have created a systematic fraud network in Germany linked to the mafia, police say. Patients' rights groups say the government is giving organized crime a free ride.

The German government has been accused of making things far too easy for organized crime to exploit the country's care home networks. The accusations came after a report by the Federal Criminal Police Office (BKA) and its state counterpart in North Rhine-Westphalia showed on Tuesday that around 230 companies are under investigation for massive fraud.

According to the report, leaked to Die Welt newspaper and Bavarian public broadcaster Bayerische Rundfunk, companies routinely defraud insurance providers, patients and pharmacies by claiming for services they are not providing, falsifying documents, employing unqualified carers and making multiple claims for a single patient.

Gamblers and contract killers

With some of the companies, the police suspect links to organized crime networks from Russia or Eurasia, because of attendant suspicions of money-laundering, the presence of shell companies both at home and abroad, as well as links to the gambling industry.

Not only that, the leaked report found that some of the former heads of the companies under investigation were already known to police as suspected contract killers.

During a closed meeting last week between police, state prosecutors and representatives of health insurers, the special investigators said they believed that care work was a particularly juicy target for fraud, since it offered big profits against a relatively low risk. Not only that, given that the German population is ageing, the opportunities were likely to increase in the future.

Various patients' right representatives declared their outrage at the report on Tuesday. "When I hear something like that, I get angry, because fraud in the care industry is particularly macabre," the government's patients' commissioner, Karl-Josef Laumann, told broadcaster SWR2.

But Eugen Brysch, head of the German foundation for patient protection (DSP), offered more than anger, arguing that the country's authorities had gone "too easy" on organized crime up to now. In a statement, Brysch, pointed out a series of deficits in both law enforcement and controls designed to catch false claims.

"There is a lack of focused state prosecutors and special investigation groups," Brysch said. "This is where we need more from the interior ministers and the justice ministers. But it is also the responsibility of the medical services of the insurance companies. When the identities of claimants aren't checked, it's not surprising that one person receives care services under different names."

Solutions already available


The problem is not new. Similar large-scale organized fraud was uncovered this time last year, when the German government introduced laws allowing health insurers to carry out other checks.

But the DSP, which says it is financed exclusively from donations, has always argued the government could go much further, and on Tuesday reiterated some of the proposals brought up in an eight-point plan it devised a year ago - including a central electronic database that logs all care services provided, and a single lifetime ID number for all patients.

"This would shine a light into the jungle between the care insurance and health insurance," said Brysch, who believes that criminals make hay in the bureaucratic disconnect between care insurance and health insurance (Germany is one of the few countries that has two separate systems).

On top of that, the DSP also argues that criminals exploit the fact that prosecutors in different German states deal with the problem differently - because only some states have made combating care fraud a priority. A spokeswoman for the German Justice Ministry confirmed to DW that states have the right to determine which crimes they pursue.

But Bernd Tews, head of the association of private social care providers (BPA), was more sanguine, pointing out - in a statement emailed to DW - that the problem was far from widespread, given that only 230 of 14,000 care companies were under investigation.

Not only that, the new report showed that the current system was effective. "The cases of fraud, which should be sanctioned with all legal means, were uncovered by a well-functioning control system and are clearly being legally pursued appropriately," he said.

Tews also warned against succumbing to a "culture of suspicion" towards care companies.

uaware comment

There is always someone, somewhere nicking money off of care homes !

(1st June 2017)


MORE THAN HALF UK CHARITIES DON'T HAVE ADEQUATE WHISTLEBLOWING SCHEMES, RESEARCH FINDS
(Independent, dated 26th May 2017 author May Bulman)

Full article [Option 1]:

www.independent.co.uk/news/uk/home-news/uk-charities-whistleblowing-schemes-more-than-half-research-alder-a7756841.html

More than half of charities in the UK do not have an adequate whistleblowing scheme, despite a number of scandals involving governance failures and data-sharing in recent years, according to research seen exclusively by The Independent.

A survey carried out by consultancy firm Alder and online magazine Third Sector into charities' cultures found that many charities are still not taking basic steps to minimise the risk of further controversies, with 22 per cent not having any whistleblowing scheme and a further 35 per cent not having one that is widely known about.

Nearly a third meanwhile said they do not review their trustees' performance in any way, while almost a quarter (24 per cent) stated their trustees would not know if there was a poor workplace culture at the charity.

The research, which surveyed 382 charity trustees and executives in the UK, also found more than one in five (21 per cent) admitted to lacking confidence that their suppliers' values and ethics matched those of the charity.

UK charities have an estimated annual turnover of more than £70bn, and it is believed that some 15 million people volunteer at least once a month, but a series of cases involving the collapse of charities amid claims of financial mismanagement and poor oversight are evidence of a growing crisis in the sector

Alder's managing director, Tim Toulmin, said the findings show that charities should start identifying taking action to avoid further controversy, saying: "Charity leaders need to be far more rigorous about understanding how exposed they are to risk.

"The link between an organisation's culture and its reputation is clear, so they need to start by identifying the obvious weak spots and then taking action if the sector is to avoid further controversy.

"These results suggest introducing whistleblowing schemes and a review of trustees' engagement with their charities should both be high on the priority list."

Karl Wilding, director of public policy and volunteering at the National Council for Voluntary Organisations, told The Independent: "Charity trustees are more aware than ever that good organisations need good governance. Most trustees are diligent and hard-working, taking seriously their responsibilities, as these findings show.

"Almost all are volunteers. Amidst regular calls for trustees to manage a widening range of risks, it is more essential than ever that we support this most important of roles."

(1st June 2017)


CONTACTLESS PAYMENT FRAUD SOARS TO £7m
(BBC News, dated 26th May 2017 author Johnny O'Shea)

Full article: www.bbc.co.uk/news/uk-england-devon-39942246

The amount of money stolen from contactless bank cards and mobile devices has soared, it has emerged.

Almost £7m was taken in 2016, compared to £2.8m in 2015, according to Financial Fraud Action UK.

In the same period, contactless spending rose from £7.75bn to £25.2bn.

A judge recently slammed the technology, which does not require a PIN, for making life "too easy" for criminals during the sentencing of a fraudster in Devon.

Contactless cards can be used for transactions of up to £30.

Gareth Shaw, money expert with consumer group Which?, said there are "still questions around the security of these cards".

"Card companies must be responsible for striking a better balance between convenience and security," he said.

Bethan Davies, 37, works for a communications agency and had around £200 stolen from her contactless card after losing it on a night out in central London last summer.

She cancelled the HSBC card the following morning, but noticed further activity over the next two weeks.

She said: "I'm quite fastidious at checking my statement and I saw loads of small transactions coming out, from places like Tesco, food and wine shops and weirdly a dog grooming parlour in North London.

"Because the transactions were small, from a couple of quid up to £12, they went under the radar and were still being authorised."

She said money was refunded straight away.

An HSBC spokesperson said: "We cannot go into any detail of how our fraud systems work but customers are protected against losses from this type of fraud."

Student Hatty Sharp, 22, had her card stolen while shopping at an Aldi in Southampton.

She said: "I immediately cancelled my Santander card, and then phoned up to cancel my HSBC card, but was put on hold for 15 minutes. In this time the thief had gone to the off-licence around the corner and spent £17, I presume on alcohol."

She reported the crime to the police, and was fully refunded within two weeks.

Andrew Bailey, chief executive of the Financial Conduct Authority said: "The overall risk is low" but added "we have been urgently working with card schemes and banks to ensure this issue is fixed."

Contactless card fraud accounts for 1.1% of total card fraud.

In a letter to the Treasury Select Committee earlier this year, John Griffith-Jones, Chair of the Financial Conduct Authority said "public confidence could be eroded without further action".

Richard Koch, Head of Policy at The UK Cards Association, which represents card issuers, said: "All contactless cards contain robust security features including an in-built security check which triggers the need to enter a PIN at certain points.

"Customers are fully protected against any losses and will never be left out of pocket in the unlikely event they are the victim of this type of fraud, unlike if they lose cash."


How to use contactless safely (Which?)

- Never hand over a card If your card is taken out of your sight someone could 'skim it', copying the data from its magnetic strip.

- Ask for a receipt Contactless users aren't always offered a receipt, so if you want to keep track of spending or make sure a transaction is genuine, you should ask for one.

- Check your statements Regularly look for unusual transactions, including on lost or stolen cards, as in some cases they can still be used after being cancelled.

- Digital wallets You can store your card details in a 'digital wallet' in the apps, Apple Pay and Android Pay. These allow you to buy goods by holding your phone over a contactless reader.

(1st June 2017)


TUBE ACCIDENTS SOAR TO RECORD HIGH OF ALMOST 5000 A YEAR
(London Evening Standard, dated 25th May 2017 author Nicholas Cecil)

Full Article [Option 1]:
www.standard.co.uk/news/transport/tube-accidents-soar-to-record-high-of-almost-5000-a-year-a3548326.html

The number of accidents involving passengers on the Tube has risen to a record high of almost 5,000 a year, the Standard reveals today.

It spiralled to 4,928 last year, an 11 per cent increase from 2015, amid fears that overcrowding and fewer staff at smaller stations are fuelling the rise.

There was a sharp increase in accidents at several busier stations, including Baker Street, Bank/Monument, Bond Street, Westminster, Southwark and Tottenham Hale.

Small rises were recorded at dozens of other stations.

The figures for Zones 1-4 led to calls for Transport for London to ensure that the Tube is the "safest in the world".

As passenger numbers rise, its bosses are investing millions to improve capacity at key stations including Bank, Bond Street, Victoria and Tottenham Court Road.

There will be more frequent services on several lines to reduce crowding. An extra 325 station workers are being recruited this year after a staffing review that followed ticket office closures.

There were 4,517 accidents in 2014 and 4,439 in 2015, before the sudden increase of 489 last year to 4,928.

Tom Brake, Liberal Democrat parliamentary candidate for Carshalton and Wallington, said: "London Underground must redouble their efforts to make the Tube the safest in the world."

Richard Freeston-Clough, of London TravelWatch, said: "The figures would suggest that smaller stations with fewer staff around are recording more accidents because staffing is likely to have been reduced.

"Conversely, accidents at bigger stations like Bank/Monument and Baker Street are also increasing because the growth in usage is making them more crowded."

He said the rise in accidents highlighted the need for extra staffing and congestion relief.

"Customer fall in gap" accidents were slightly down last year but 62 out of the 282 were at one station, Baker Street.

The high number there has been blamed on the arrival of S-stock trains level with the platform, to aid wheelchair access. This widens the gap at stations with curved platforms.

Dr Karen McDonnell, occupational safety and health policy adviser for the Royal Society for the Prevention of Accidents, said TfL had a "duty of care" to passengers.

She added: "If a rise in incidents is taking place, then organisations must investigate the causes and do all they can to mitigate the risks."

Steve Griffiths, the Tube's chief operating officer, said safety was its "top priority", with the number of injuries running at one in every four million trips.

"We continue to work hard to reduce this even further, with staff on hand to help customers," he said.

"We have introduced flashing blue lights to draw attention to gaps between trains and platforms at key locations and we're investing heavily in adjusting platform edges to narrow gaps."

Office of Rail and Road statistics indicate that the Tube is the safest big railway in Europe, TfL said.

From this month, the frequency of Victoria line services has risen from 33 trains an hour at peak times to 36. From 2019, lines including the District, Circle, and Metropolitan will have more trains.

The amount of passengers using the Tube is rising, TfL said, up from 1.3 billion in 2014/15 to 1.35 billion in 2015/16.

The number of "fall in gap" cases was just over 280 last year, compared with 293 in 2015 and 269 in 2014.

Some key stations have seen falls in the number of overall accidents - also thought to include people slipping over and falling down stairs - such as Victoria, down from 126 in 2014 to 72 last year, and Oxford Circus, down from 133 to 118.

Most accidents on the Underground in 2016 (Figures obtained from TfL)

King's Cross St. Pancras : 212
Waterloo : 206
Baker Street : 205
Bank & Monument : 141
London Bridge : 136
Holborn : 121
Oxford Circus : 118
Green Park : 116
Liverpool Street : 92
Euston : 89
Stratford : 83
Bond Street : 81
Westminster : 78
Embankment : 76
Victoria : 72
Finchley Road : 63

(1st June 2017)


HOW DOES YOUR BANK SCORE WHEN DEALING WITH FRAUD ?
(The Telegraph, dated 23rd May 2017 author Amelia Murray)

Full Article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/does-bank-score-dealing-fraud/

Barclays and Santander are the banks most likely to wrongly refuse to refund customers if they are victims of fraud, an investigation has revealed.

Banks are liable to reimburse unauthorised transactions if the customer reports it within 13 months and was not deemed to be negligent with their account details, or debit or credit card.

Customers who are refused a refund can take their complaint to the Financial Ombudsman Service, the resolution service, which will investigate if the bank is being fair.

An investigation by Which?, the consumer lobby group, found that between April 2015 and February 2017 Barclays wrongly rejected 36pc of customers who disputed transactions on their accounts. These complaints were upheld when taken to the Ombudsman.

Which? looked at banks that had more than 100 disputed transaction cases.

Santander wrongly denied 33pc of customers compensation. Nationwide, RBS and NatWest refused to reimburse almost a third of customers who were victims of fraud, which the Ombudsman later decided was unfair.
Card fraud on the rise

The number of people cancelling debit and credit cards because of fraudulent activity has risen by 1m in the past year, from to 5.5m. The average amount lost has increased from £475 to £600, according to comparethemarket.com, the comparison site.

Consumers who have money stolen from their debit or credit card may be liable for the first £50 of any money taken from the account before the card is reported lost or stolen.

Once the unauthorised transaction is reported to the card provider customers are not liable for any more fraudulent payments unless it can be proved they acted negligently. If the bank believes you've been negligent with your Pin or card you could be liable for all costs.

Can the Ombudsman help with bank transfer fraud?


A bank is not liable to refund victims who have been tricked into making payments to criminals posing as trusted parties, such as solicitors, financial advisers and sellers on eBay or other websites. Providers will claim the payment was authorised.

Telegraph Money is campaigning for banks to take more responsibility to protect its customers from bank transfer fraud.

In the super-complaint made by Which? to the Payment Systems Regulator, which looks after the payments industry, it suggested that if banks were forced to compensate victims of bank transfer fraud, they would invest more in their systems that detected the fraud in the first place.

Those who are tricked into making payments to criminals can take their case to the Ombudsman to try and get their money back. However, its powers are limited.

The Ombudsman can investigate the banks' processes in relation to the fraudulent payment, but it cannot look at broader procedures, such as how accounts are opened.

Because of its restrictions, Telegraph Money has only seen a few occasions when the Ombudsman rules in favour of victims of bank transfer fraud.

One reader, David Burton, spent two years trying to get back £3,400 that he paid to a fake eBay seller for a non-existent motorhome.

The Ombudsman said TSB, the fraudster's bank, could not be blamed. This was still the case when Mr Burton later submitted police evidence that revealed the bank had allowed the account to be opened using fake details.

After pressure from this newspaper, TSB finally admitted fault in a landmark case and refunded Mr Burton the stolen funds.

However, another victim Ann Green had more success with the Ombudsman, which forced Barclays to pay her back more than £14,000 she had transferred to a fraudster posing as her financial adviser.

The Ombudsman discovered Barclays did not block the fraudsters account when Ms Green reported the crime and allowed the criminal to steal her money. It was ordered to reimburse her and pay compensation and interest.

The worst banks at refunding disputed transactions

(n) = Complaints resolved by Financial Ombudsman
[%] = Upheld in favour of consumer

Barclays (inc Barclaycard) : (975) [36%]
Santander : (870) [33%]
Nationwide : (290) [28%]
RBS : (199) [27%]
NatWest : (780) [22%]
Bank of Scotland (inc Halifax) : (478) [22%]
Lloyds : (484) [22%]
HSBC (inc First Direct) : (493) [21%]
TSB : (238) [20%]

(1st June 2017)


NEW BANKING SCAM SEES FRAUDSTERS OPEN "TWIN" ACCOUNT NEXT TO YOUR REAL ONE
(The Telegraph, dated 22nd May 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/current-accounts/new-banking-scam-sees-fraudsters-open-twin-account-next-real/

A startling case of bank fraud has exposed the routine failure of current account providers to check applicants' information.

Halifax customer Mark Mansfield discovered a criminal had opened another Halifax current account online in his name, despite the fraudster providing fabricated information about his salary and employment details.

Halifax since admitted to Telegraph Money that these details are not always double-checked. Security experts say a failure to conduct such verification lays the bank - and its customers - open to a range of financial crimes.

What was all the more extraordinary in this case was that Mr Mansfield, as an existing current account customer, had already lodged the correct information with the bank. Halifax failed even to run a basic check against this.

The ruse is one of several where criminals' intimate knowledge of banks' procedures enables them to navigate security checks and open accounts or perform transactions.

In another example, fraudsters were able to exploit a weakness in NatWest's system which enabled them to lock Telegraph Money reader Annette Jefferys out of her online account. They used this as a trigger to then obtain an "activation code" to unlock it again.

The criminals had gleaned enough information about Ms Jefferys, almost certainly from social media sites and open source directories, to access her online banking.

It was the criminals' close knowledge of NatWest's procedures that enabled them to succeed in draining her account of all but 10p.

In Mr Mansfield's case no money was stolen from him - although other businesses fell victim. In this case it was Vodafone, because the criminals obtained two phones from a Vodafone store in Portsmouth.

It is not clear whether the fact that Mr Mansfield already had a Halifax current account played a part in the ability of the criminal to open their own, fraudulent account. What is clear, however, is that the criminal provided adequate information to satisfy Halifax.

Mr Mansfield, 30, who works in public transport, discovered the fraud on May 3 when he telephoned Halifax to find out why his debit card had been blocked, and bank staff asked "which account the issue related to".

Later that week Mr Mansfield received a new card and Pin number for the fraudulently-opened account.

On the same day he also received an invoice from Vodafone for two business phone contracts.

Mr Mansfield is now having to keep a close eye on his credit report to make sure the fraudsters are not using his details to apply for any other contracts.

Mr Mansfield said he "couldn't believe" Halifax did not check the details given by the criminal.

He said: "How can a bank of that scale have such lax security? How do I know that this can't happen again?

"What's the point in having a system in place, which requires the provision of detailed information, if you're not going to follow it?

"I don't understand how a bank in this day and age can get away with this."

Halifax told Telegraph Money that not all the information sought at the time of account opening was used to verify customers' identity.

It said the fraudster in this case provided "sufficient customer information" to pass its account opening checks.

It said while some incorrect responses to questions were provided, not all would have been used for "verification purposes".

Halifax insisted its procedures were robust. A spokesman said: "Information required will vary depending on if it is an existing customer whose information we already have, or a new customer.

"We would not share details of exactly what these are or how this information is verified."

How great is the danger of 'twinned' account opening?


John Marsden, head of ID and fraud at Equifax, the credit reference agency, said each bank will have a different set of processes when customers open accounts, but fraudsters appear to have identified a "vulnerability" that could make it easier for fraudsters to open secondary accounts.

This could then give them access to the rest of the victim's banking or allow them to use the details to sign up to contracts, such as for mobile phones or credit cards.

Mr Marsden said this type of fraud is relatively new but is fast becoming a "well known practice".

He said: "If anything, banks should be asking more questions when customers try and open secondary accounts. I'd be very suspicious."

Mr Marsden said banks need to be "raising the bar" when it comes to verifying the applications of additional accounts.

He said: "Every bank has its flaws but the authentication process should be taken to a higher level. Banks shouldn't be lowering their defences."

This latest disclosure comes as Telegraph Money continues to campaign for banks to take greater responsibility for the accounts and services they provide to fraudsters, who then rob other, innocent customers.

Where victims are tricked into paying money into fraudsters' accounts, the receiving bank is able to shrug off all liability.

Trade body the British Bankers' Association admitted that much of the information asked for at account opening is to check their suitability, rather than to enhance security.

A spokesman said: "Banks try to balance security and convenience and may also ask for information to ensure products meet their customers' needs."

FIVE TRICKS HACKERS USE TO STEAL YOUR BANK DETAILS

- Using fake "free" WiFi networks to steal passwords
- Guessing obvious passwords like "123456"
- Social media stalkers who find out when you're on holiday, using Facebook
- Dodgy apps that trick you into giving away data using in-app permissions
- Fake emails pretending to be from well-known brands - like Amazon or eBay

(1st June 2017)


STEALTHING ISN'T A "SEX TREND". IT'S SEXUAL ASSUALT - AND IT HAPPENED TO ME
(The Guardian, dated 22nd May 2017 author Sophie Maullin)

Full article [Option 1]:

www.theguardian.com/commentisfree/2017/may/22/stealthing-sex-trend-sexual-assault-crime

A few months ago I got chatting to a guy on Tinder. He was an architect who came across as intelligent and polite, and we set a date to meet. We were getting on really well when he asked me to go back to his house and I thought, why not? Later on, sex began consensually. I wanted him to wear a condom and he did. During sex he asked if he could take the condom off and I told him no. A few minutes later he asked again; again I said no. Noticing me checking that the condom was still on, he turned me to face away from him. Immediately after sex I realised that he had removed it and ejaculated inside me.

"Stealthing" is the pop culture name to describe a "new sex trend" reported to be "on the rise". It refers to the act of deliberately removing a condom during sex without your partner's knowledge or consent. This catchy phrase doesn't actually mean there's a new trend but coins a new term for a kind of sexual assault. Following a landmark case in Switzerland where a man was given a 12-month suspended sentence for removing a condom without his partner's knowledge or consent, and a recent report by Yale law graduate Alexandra Brodsky, stealthing is attracting more mainstream attention. But, despite this, no one has so far been found guilty of it in the UK.

On realising what had happened to me during my Tinder date, I rushed to get my things and leave his house. When I asked him if he had taken off the condom, he didn't give a clear answer and appeared confused by my outrage and upset. I took a cab to a nearby friend's flat and went straight to her shower, not even thinking that I was washing away evidence of an assault. I wasn't aware a crime had been committed - I just felt violated, and my instinctive reaction was to wash it off.

My feelings of violation weren't caused by the experience of unprotected sex itself, despite having been exposed to potential STIs and pregnancy; it was my perpetrator's abuse of my boundaries and his perceived entitlement to my body. I didn't realise I had been sexually assaulted until a nurse, giving me the morning-after pill, explained it to me.

Brodsky's Yale study finds survivors of stealthing struggling to recognise their experience as sexual assault, writing that one woman describes her experience as "rape-adjacent" for lack of better language.

The nurse called the initial response police, who again outlined how what had happened may have been against the law, and passed me on to the Sapphire team, the Met police's specialist sex crimes unit. I was asked to give a video recorded statement, but before this happened two female police officers from the unit took me into a room to ask me if I was sure I wanted to go through with it.

At the time, I felt overwhelmingly guilty for consenting to sex in the first place and my self-doubt grew when police officers asked me repeatedly "if I was sure" and if I was aware I could "ruin a man's life". Ironic at a time that I was still waiting for my HIV-Aids and STI test results. One officer even offered to "bring the guy in and give him a scare", as an alternative to me pressing any charges through official means. They told me about a case of paedophilia they had been working on for years, which still had no resolution, implying that even if I did go through with the charges, it was unlikely that I would ever be successful in court with what they clearly considered a non-issue.

Much of the problem still comes down to attitudes and myths surrounding women and sex. What happened to me was a violation, but it's clear that the law can only do so much when law enforcement is still contaminated by rape myths. During my video statement the onus was placed on me as the victim to protect myself from rape. "Did it feel different after he'd taken it off?" I was asked. Arguably irrelevant, as by that point the assault would have already happened. "How many drinks had you had?" Yes, police are still asking women to justify the amount of alcohol they had before being sexually assaulted.

The problem is amplified by the prevailing assumption that women lie about sexual assault, despite the fact that Rape Crisis UK reports that false allegations are incredibly rare. The more serious issue is that the vast majority of survivors choose not to report to the police.

My experience with the police abruptly ended after my perpetrator was called in to give his statement. He said that the condom fell off without his knowledge and all charges were dropped. I was left with no real way to move forward.

Dr Sinéad Ring of the University of Kent says that the agonisingly low conviction rates in cases of rape are due to initial obstacles encountered by victims - namely the police and the CPS. Once a rape case makes it to court, the conviction rate is relatively high - 57.9% in the UK last year. But to make it to this point, there must be more evidence than a victim's account of the assault. In cases where sex began as consensual, such as with stealthing, this is near impossible.

With no successful convictions for stealthing under British conditional consent laws, even though wider society may be catching up with the idea that rape is about consent and not force, law enforcement still needs to rid itself of pervasive stereotypes about sexual assault. If awareness around stealthing improves, and it is recognised as a crime, then we need to ensure that those who come forward are supported.

(1st June 2017)


FACEBOOK SEES 54,000 REVENGE PORN CASES A MONTH, DOCUMENTS REVEAL
(The Telegraph, dated 22nd May 2017 author Cara McGoogan)

Full article [Option 1]:

www.telegraph.co.uk/technology/2017/05/22/facebook-faces-thousands-revenge-porn-cases-month-documents/

Facebook received tens of thousands of potential "sextortion" and "revenge porn" cases a month, leaked company documents show.

The 100-page handbook Facebook gives to moderators reveals the social network receives swathes of reports regarding abusive sexual material, an area where they "make most mistakes".

The documents, leaked to the Guardian, show Facebook users reported almost 54,000 incidents of sexual extortion and revenge porn in January, with the company disabling 14,130 accounts as a result. Moderators escalated 33 cases for involving children.

The files also also reveal that Facebook will not delete videos and images depicting violence, self-harm and child abuse of a non-sexual nature, since they may draw attention to mental illness or be newsworthy. In some cases, it allows footage portraying physical bullying of children under seven.

Recent changes suggest Facebook has only started to ban abusive posts about disabled people and those with serious health conditions in the last few months.

Revenge porn, which involves intimate images being shared online after a relationship ends, has been a criminal act in the UK since 2015. Offenders face up to two years in prison if convicted of sharing "private, sexual images of someone without consent and with the intent to cause distress".

It is not clear how many cases Facebook passed to the police. The figures for sextortion and revenge porn, which Facebook deems as serious as child exploitation and terrorism, are international and only reflect incidents that have been reported by users. The scale of the problem could be significantly greater if there are a large number of cases not reported.

A source admitted Facebook moderators find it difficult to police sextortion and revenge porn material, "Sexual policy is the one where moderators make the most mistakes," an unnamed source told the Guardian. "It is very complex."

Facebook has been criticised numerous times for censoring posts that it deems to be of a sexual nature that are in fact newsworthy or harmless.

It recently updated its policies after an outcry when it deleted a post containing the Pulitzer prize-winning "Napalm girl" photo posted by Norwegian newspaper Aftenposten.

It has also reinstated images of mothers breastfeeding and virile works of art, claiming to have removed them mistakenly.

(1st June 2017)


EU CYBERSECURITY AGENCY SEEKS FUNDS AND POWER TO POLICE ATTACKS
(Euractiv, dated 22nd May 2017 author Catherine Stupp)

Full article [Option 1]:

www.euractiv.com/section/cybersecurity/interview/eu-cybersecurity-agency-seeks-remit-funds-to-police-attacks/

The EU cybersecurity agency ENISA will receive a makeover in September when the European Commission renews its mandate amid a whirlwind of new cybersecurity measures. The director of the Athens-based agency has been requesting a larger budget to deal with the rise in attacks on internet-connected devices.

"It would be good to have seven days a week, 24 hour resources here," ENISA director Udo Helmbrecht said in an interview.

Helmbrecht called the EU response to the WannaCry ransomware hack, which affected thousands of people over a week ago, the first example of collaboration by authorities across the EU. National experts shared information and put out warnings to internet users over the weekend, he said.

The directive on security of network and information systems, an EU cybersecurity law that was passed last year, requires cybersecurity authorities in every EU country to share information on attacks. ENISA helps put smaller member states in touch with bigger countries-often with better resourced cybersecurity offices-that can share what they know.

"You have a technical community in Europe…[and] this community is working, that's the message," Helmbrecht said.

A decade after the 2007 attacks which overwhelmed websites in Estonia, there is still no procedure for how European authorities should deal with a cybersecurity crisis, according to Helmbrecht. It's a situation ENISA wants to change.

"We have to be more agile and flexible for the future," he said. With only 84 employees and an annual budget of €11 million, ENISA has been pushing for a larger budget for years; Helmbrecht unsuccessfully requested an additional €5 million from the Commission in 2017.

Helmbrecht is aware of the resources required to adequately address potential and existing threats: he was formerly the head of Germany's cybersecurity agency BSI, which now has more than 600 employees.

"If you talk about the cybersecurity strategy, this is something where you also talk about priorities. You say everything goes digital and ICT is the backbone of our society. If a politician says this, then a politician also has to do it," he said.

ENISA's budget struggles are linked to its limited role with no say on legislation. The agency's role is limited to only providing advice and research, and organising exercises where national authorities show each other how they respond to emergency attacks.

Andrus Ansip, the Commission Vice-President in charge of EU technology policies, visited ENISA's Athens headquarters two weeks ago, after announcing in Brussels that he will present the agency's new legal mandate and a slew of cybersecurity policies in September.

Helmbrecht praised Ansip's support for the agency. "There is a good chance that with this new ENISA mandate, we can be stronger," he said.

"If the world is getting like this, you might need more" than just a soft approach on cybersecurity, he said.

Ansip confirmed two weeks ago (10 May) that his September proposals might include measures on certification and labeling to verify how secure technology products are.

t's an issue that Helmbrecht has advocated for. He even pushes for further discussion on how liability rules might be altered to deal with cybersecurity attacks.

"You have in other areas like cars and planes, regulation of quality management and type approval," he said.

"Everyone who has a garage company can put their [software] product on the market and there are no controls. We have to change that and put a bit more pressure on it," he said.

One option could be to require companies to provide a software fix for security problems. If firms don't create them, they should perhaps be held liable for the outcomes of attacks, Helmbrecht suggested. "We need something as a customer that says who is responsible and who is liable."

The Commission has promoted labeling as a means for companies to leverage their security guarantees as a marketing tool. Labels "would ultimately help the EU lead in establishing global IT security certification policies and boost the competitiveness of EU industry in European and global markets," according to an explanatory document from the Commission.

But tech companies have rejected the plan, arguing it will hurt some firms' business if consumers can see how their security features rank against other companies'.

After Ansip's announcement about his plans to possible introduce a labeling system - the Commission is still assessing whether it will or not - tech association DigitalEurope, which represents Google, Microsoft and other companies, spoke out against the proposal.

"Rather than promoting security certification and labeling," the lobby group said the Commission "would be better investing in additional resources for ENISA, as well as encouraging public-private partnerships to develop industry-led solutions and standards."

The Commission launched a €450 million public-private partnership last year to invest in cybersecurity with tech companies and public authorities. Helmbrecht said the programme has attracted almost €2 billion and needs to keep gaining momentum to broaden the market for secure technologies.

"We have small and medium companies but we don't get this growth. We don't want talents to go to Asia or to the US, and we don't want to have small European companies be bought by Americans. We have to have growth in Europe,…[and] when it runs, nobody can stop it again," he said.

(1st June 2017)


SCOOTER GANGS COMMIT 50,000 CRIMES IN LONDON EACH YEAR
(London Evening Standard, dated 19th May 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-scooter-gangs-commit-50000-crimes-in-london-each-year-a3543291.html

One of the suspects riding pillion sprays the foam extinguisher directly into his face and the camera shows him falling to the floor.

The group were unsuccessful and fled the scene.

Today detectives appealed for information on the gang who are wanted in connection with a total of seven offences in the Barking and Dagenham area in just two days last month.

The appeal came as senior officers from Operation Venice, the Met's campaign against moped crimes, told the Standard how they were combating the explosion in "two wheeled" crime across the capital.

They revealed how gangs of mainly teenage boys are stealing mopeds in outer London borughs and using them to commit snatches in the West End - often motivated by the thrill of speed.

Detectives say they are targeting at least 500 known offenders behind the crime spree - with suspects moving between using stolen mopeds and pedal cycles to snatch mobile phones.

Police also urged Londoners to take simple steps to help prevent crimes, in particular warning scooter owners to use locks to secure their bikes in the street.

The scale of the offending can be revealed in new figures released by the Met which show thieves are stealing around 1,500 scooters or motorcycles in London every month.

In addition, the same criminals are using scooters or pedal cycles to commit 2,500 theft offences a month, most of them mobile phone snatches.

Thefts involving mopeds or motorcycles are currently running at 13,005 over the past 12 months, a 41 per cent increase over the previous period.

Commander Julian Bennett, who is in charge of Operation Venice, said: "This is coming up to 50,000 crimes a year so this is a significant issue.

"This is a serious crime because of the risk to everyone involved, including the riders, pedestrians and the victims of the snatch. This is completely unacceptable."

Police say moped crimes, once mainly confined to boroughs such as Islington, Hackney and Haringey, are now spreading across the city and beyond.

Earlier this week a covert police team seized a suspect in Islington who had travelled to London from the Thames Valley area.

Officers say part of the problem is the ease in which gangs can steal scooters by simply breaking their steering locks.

They point out there are more commuters using inexpensive scooters to avoid expensive rail fares but most don't leave their machines securely locked.

Superintendent Mark Payne, who is co-ordinating the Met's prevention campaign, said: "They take the key out and think it is OK to walk away from but the average thief can steal a scooter in 30-40 seconds.

"If people take more care and use locks to secure their machines there will not be as many stolen scooters around so there will be less crime."

Police admit difficulties in securing evidence against the gangs who hide their faces while the Met's pursuit policy means officers have to adhere to strict guidelines before chasing a scooter or motorcycle rider at high speeds through London.

However, police insist they still carry out pursuits - earlier this week a teenager was arrested in Penge after a chase involving the police helicopter and a stinger device used to puncture his tyres.

In a series of new measures designed to tackle the moped gangs the Met announced:

- A revamped Operation Venice campaign to co-ordinate action across London's 32 boroughs

- Extra covert patrols to catch the bike thieves red-handed and plans for "tougher tactics" to seize offenders in the act.

- More sophisticated forensic techniques to track criminals to avoid the risk of a chase.

- A specialist tactical traffic advisor who can authorise high speed pursuits on duty 24/7 in the Met's central London control room.

- A new facility to capture footage of scooter crimes taken by members of the public.

- Special 'recognisers' being used to spot known offenders - one suspect in a recent spree of incidents outside the BBC was recognised by a mole on his forehead.

Police refuse to give details of the tougher tactics but say it will allow officers to intervene more effectively and safely if they encounter scooter thieves.

Supt Payne said suspects occasionally took off helmets in a bid to force police to abandon chases but he said: "If a rider takes his helmet off, that's a result for us. They will drive past five or six CCTV cameras and we will have his face.

"We know who they are and there is no point in pursuing them. We will bang on their door at 3am when it is low risk, why should we bother chasing them through the streets of London."

Restrictions on pursuits were enforced more strictly after the death of 18-year-old Henry Hicks who was killed when his moped crashed as he was being chased by police December 2014.

Four police officers are facing misconduct charges after an inquest jury rejected their account that Hicks was not aware he was being followed.

Detectives say they are gathering intelligence on around 500 suspects committing scooter or cycle crime across London but believe more are involved.

A team focuses on a dozen top offenders at a time, targeting them with proactive patrols, bail and curfew checks and working with the local authority on diversion.

Detective Superintendent Stuart Ryan, who is in charge of operations against the gangs, said most offenders were in their teens and early 20s and some were organised in groups of around five to 10 people who use a stolen bike for a period before dumping it.

The bikes are stolen in outlying boroughs and used to travel into the West End to commit crimes.

Many prolific offenders have 20 or so crimes to their name, one 15-year-old was only jailed after being arrested 80 times.

He admitted police often played "wack-a-mole" with gangs who appear at different times and locations across London.

He said "They can change their tactics every single day. You can see mopeds driving around just to see what the crowds are like and whether police are around. "Some of the groups do seem to talk to each other, to warn if the police are around. They are professional at this."

Some offenders were diverted but there was a hard core who were more difficult to reach.

The offenders come from a mix of backgrounds, some of them wealthy, who are driven by a desire for kicks.

Det Supt Ryan said: "Part of it is about speed, they need a thrill. Some of it is money but their network is based on their social and geographical network.

"They enjoy it because the feedback we have had from them is they enjoy the speed, they enjoy going fast and they enjoy the easy money, it is better money than McDonald's and their friends are doing it."

The crimewave is being driven by a new demand for spare parts in mobile phones with iPhone screens costing as much as £150 to replace.

Each stolen iPhone can fetch £100 and there are cases of thieves snatching 20 or more in the space of an hour in central London.

Thefts of mobiles fell dramatically three years ago when new security was brought in but the second hand market for spare parts and re-sale value of iPhones caught police by surprise.

Detectives have discovered thieves can spot what sort of phone you are carrying either in your pocket or from a few hundred yards away.

Police know because they asked suspects in custody to identify different phones in people's pockets, they knew what phones they had just from the size of it.

Police also have evidence the gangs practise on each other on estates to become better at snatching phones from pedestrians in the street.

(1st June 2017)


CROOKS USE WANNACRYPT HYSTERIA AS HOOK FOR BT-BRANDED PHISHING EMAILS
(The Register, dated 19th May 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/05/19/wannacrypt_warning_email_confusion/

Scoundrels have latched on to the WannaCrypt outbreak as a theme for scam emails. Coincidentally some consumers are receiving seemingly genuine warnings from their ISPs related to suspected infection during last week's worldwide ransomware outbreak.

Confusingly, ISPs are also sending out genuine warnings !

Action Fraud warned about a dodgy email trying to trick BT customers on Thursday.

Recipients, who were falsely warned that they would be locked out of their account unless they completed a bogus "security check", commented that the emails were convincing.

Meanwhile, Virgin Media is pumping out well-intentioned emails to customers among its user base logged as visiting the WannaCrypt sinkhole domain, which was registered in order to capture malicious traffic and prevent control of computers by the criminals who infected them. This behaviour might mean that WannaCrypt attempted to infect their machine. The same warning would be generated if users visited the domain out of simple curiosity.

The Register was forwarded a copy of one such email (which appears legit, and links to a real page on Virgin Media's site) by a reader. The email alerted Ben W that a device on his network might be infected with WannaCrypt. "I'm pretty sure this is a false positive since the only Windows machine on my network is a fully updated Windows 10 machine (and certainly not ransomwared)," Ben told El Reg.

Malwarebytes security researcher Chris Boyd, who we consulted about the suspicious email, told us that it might well be a genuine warning. "I've seen a few of these today - my first thought is perhaps the recipients have visited the sinkhole domain, either via security/news articles to see what it looks like, or they've been on a page merely linking to the sinkhole and Virgin's configuration is assuming they've 'visited' it."

Ben, in turn, responded that he might well have visited the sinkhole. "You're perhaps right about visiting the sinkhole domain (which I probably did out of interest when I saw it published)," he said.

Other recipients of the same warning message have started a thread about it on Virgin Media's forums. Almost all are VPN users, according to Ben W, a factoid that may or may not have some bearing on what's going down.

(1st June 2017)


WEAK DEFENCES LEAVE US WIDE OPEN TO RANSOM ATTACKS
(New Scientist, dated 17th May 2017)

Full article [Option 1]:

www.newscientist.com/article/mg23431263-400-we-will-be-held-to-ransom/?campaign_id=RSS%7CNSNS-technology

LET'S be clear about the source of the unprecedented cybercrime wave that raced round the world over the past week.

The US's National Security Agency, keen to pry open digital spyholes, created a tool called EternalBlue, which exploited a vulnerability in old versions of Microsoft Windows. That was leaked by a hacker group in April, and this month emerged as the WannaCry "ransomware" - a security lapse that Microsoft president Brad Smith compared to the US military having some of its Tomahawk missiles stolen.

The ransomware spread like wildfire, crippling systems in 150 countries including those of the UK's National Health Service, at considerable human and economic cost (see "Ransomware attack hits 200,000 computers across the globe").

What makes the attack all the more worrying is that it showed no signs of great ambition. The amount of money demanded was relatively small, and the malware included a flaw that ultimately allowed a lone security analyst to defuse it. Despite lurid early headlines, it looks less like a coordinated blitz and more like a small-time hack that snowballed.

How did it get so far? In the case of the NHS, the answer is chronic underfunding. The service runs elderly versions of Windows not only in some desktop systems, which are relatively easy to patch, but also embedded in unwieldy equipment like MRI machines. Fingers are being pointed in all directions over the failure to upgrade, but health secretary Jeremy Hunt looks unlikely to emerge with much credit, having reportedly axed the NHS's Windows service contract in 2015 and gone AWOL during the crisis.

It is not as if we did not have warning. Ransomware attacks have been increasing - especially on hospitals, which make attractive targets given their combination of sensitive data and ageing tech. Had determined cyberwarriors been at work we could have been in far worse trouble, with critical systems brought to their knees for days or weeks. We might yet, if the lessons of this crisis are not learned.

One lesson: upgrades and service contracts can be costly, but not paying for them is a false economy. We must hope our technologically illiterate political classes will now accept that.

Another: no one can be trusted with security loopholes. The NSA left the Microsoft vulnerability open for their own use. By not reporting it, they left millions of people vulnerable to attack. To be blunt: rather than protecting national security, the NSA endangered it.

(1st June 2017)


POLICE ANTI-RANSOMWARE WARNING IS HOTLINKED TO "RANSOMWARE.PDF"
(The Register, dated 17th May 2017 author Gareth Corfield)

Full article [Option 1]:

www.theregister.co.uk/2017/05/17/ransomware_wannacrypt_how_not_to_warn_against_it/

Official anti-ransomware advice issued by UK police to businesses can only be read by clicking on a link titled "Ransomware" which leads direct to a file helpfully named "Ransomware.pdf".

In case you've been living under a rock, large chunks of the digitised world, including most of the NHS, were, ahem, digitally disrupted by the WannaCrypt ransomware last week.

A total of 74 countries were hit by the self-spreading cryptoware, which attempted to extort users into paying $300 in Bitcoin.

How did the Metropolitan and City of London police forces' business outreach tentacle deal with the WannaCrypt outbreak, then? This morning, a full four days after the malware had both spread and been contained, it issued an email alert - which, as well as being late, managed to look uncannily like a sketch from a "how not to do it" cartoon.

"Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police's National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days," it said. Standard stuff.

Meanwhile, this is Apple's security advice (many, many other sources are available) on email attachments:

Always use caution when opening (such as by double-clicking) files that come from someone you do not know, or if you were not expecting them. This includes email attachments, instant messaging file transfers, and other files you may have downloaded from the Internet. Any time that you download from a source that has not previously earned your trust, you should take extra precautions. This is because a downloaded file might have a name or icon that makes it appear to be a document or media file (such as a PDF, MP3, or JPEG), when it is actually a malicious application. A malicious application disguised in this manner is known as a "Trojan".

The message and link were sent by a Met copper working for OWL, Online Watch Link. This is a police initiative which we are told "keeps communities safe, helps reduce crime and keeps people informed of what's going on locally".

Presumably local issues don't include cybersecurity. Actual anti-malware guidance written by state actors who generally know what they're doing can be found on the National Cyber Security Centre website.

(1st June 2017)


JAIL INSTALLS INVISIBLE FENCE TO BLOCK DRONES DELIVERING DRUGS AND PHONES
(The Times, dated 17th May 2017 author Simon de Bruxelles)
www.thetimes.co.uk [Option 1]

A prison in the Channel Islands is to become the first to install an invisible barrier to prevent drones being used to deliver contraband to inmates.

Remote-controlled drones are being used regularly to fly mobile phones, drugs and weapons into jails, often under cover of darkness.

The Sky Fence system developed by Richard Gill, a British drone expert, will use "disrupters" to create a 600m tall electronic barrier around the jail on Guernsey. If a drone tries to cross the invisible line, its operator will lose control and the unmanned aircraft will be "bounced back" to where it came from.

Mr Gill, 36, who set up his company Drone Defence after leaving the army three years ago, said: "It will look like it is bouncing off a forcefield. The operator's video screen will go black and they will lose control. Drones made in the last few years are all designed to return to the last point at which they were under control if the signal is lost. It won't bring the drone down because if it did and it hit someone or caused damage that would create issues of liability."

The technology has potential for other applications that Mr Gill's company is exploring. These include creating a dron proof security shield around nuclear and gas storage facilities, keeping prying eyes away from celebrities and protecting places likely to be targeted by terrorists, such as government buildings.

The security services are alarmed by the possibility that a skilled terrorist drone operator could use a cheap commercially available machine to deliver a small but precisely targeted bomb. Existing defences against drones include firing nets to entangle the propellers and even using large birds of prey to bring them down.

Les Nicolles, the prison on Guernsey, does not have a problem with drones, but the system was included as part of a security upgrade. It is expected to go into operation at the end of July.

About 20 disruptors will be installed around the perimeter. The cost of the system was less than £250,000.

David Matthews, the prisons govenor, said: " This is the first time this technology has been ussed in any prison anywhere in the world. I would like to see it adopted in other UK prisons because it has become a significant problem there."

Sky Fence was created by Mr Gill's Nottingham based company and Eclipse Digital Solutions.

The Ministry of Justice refused to comment on the technology, but previously it has announce plans to "geo-fence" jails from drones. One proposal was to build the co-ordinates or location of every jail into drone technology so that the devices would be repelled from flying over them.

Yesterday two men who had used drones to fly drugs and mobile phones into prisons were jailed. Tomas Natalevicius, 35, and Dalius Zilinskas, 33, were caught after police officers saw a drone flying into Mount prison in Bovingdon, Hertfordshire, in October last year. Natalevicius was also charged over an incident in August when a drone crashed near Pentonvill prison in North London.

Natalevicius was jailed for seven years and eight months and Zilinskas for two years and eight months.

(1st June 2017)


CRIME VICTIMS ASKED FOR DIY WITNESS STATEMENTS
(The Times, dated 17th May 2017 author Fiona Hamilton)
www.thetimes.co.uk [Option 1]

One of Britain's biggest police forces is to ask victims of crime to write their own witness statements and submit them by email.

West Midlands police will offer "self-reporting" for less serious crimes such as criminal damage, shoplifting and driving off without paying for petrol.

Dave Thompson, chief constable, said that the service was intended to increase efficiency but added that the more "convenient" method was likely to result in more crime reports.

He said that the system would be used only for "simple" offences and never for burglaries or violent crimes. Victims would have a choice and could speak to officers by phone or in person should they wish. Officers would still be sent to speak to vulnerable victims. In the coming months, members of the public who ring 101, the non-emergency line, will be informed about the self service option. Victims may also be encouraged to upload security camera footage and other images to police.

"We'd never say, 'do your own interview' but quite a lot of the public can do things to help us," Mr Thompson said.
"There is no reason why you could'nt put down your recollection of what happened. There's space for the public to play a greater part and there's a need for the system to be simplified."

Some members of the public were "just as capable" as police officers of writing basic statments about simple crimes.

He said that the police needed to modernise and should also consider further use of artificial intelligence.

Officers in Durham will soon use artificial intelligence to determine whether a suspect should be kept in custody or released on bail. Mr Thompson said that the same technology could potentially be used for webchats and toanswer frequently asked questions.

He said that the police service had faced swingeing cuts but was continually being asked to do more. There was an "inexhaustable pit" of vulnerability and danger that a bigger share of police resources would be focused on increasingly few people.

Mr Thompson said that police would "of course" continue to investigate child sexual exploitation and other significant matters of vulnerability. However, the service was taking on many other problems, including rising numbers of missing people and mental health issues. He stressed that police should not rule out investigating any crimes.

(1st June 2017)


BRITISH CYBER COPS FACE BIGGEST TEST AFTER WORLDWIDE CYBERATTACK
(Bloomberg, dated 17th May 2017 author Kit Chellel)

Full article [Option 1]:

www.bloomberg.com/news/articles/2017-05-17/british-cyber-cops-face-biggest-test-after-worldwide-cyberattack

Days after the global cyber attack, U.K. police are trying to figure out whether it was an established network of criminals, state-backed hackers or bored teenagers that crippled the country's health service.

The malware campaign affected more than 200,000 computers in at least 150 countries, locking users out of systems at Chinese government agencies, Deutsche Bahn, automakers Nissan Motor Co. and Renault, logistics giant FedEx Corp., and hospitals around the world. As security experts gain the upper hand in containing the infection, police have begun the hunt for its creators.

"The response is beyond anything I've seen before," said Steven Wilson, the head of Europol's EC3 cyber crime unit. "The picture is starting to emerge slowly. This could be something that is going to take us a considerable period of time."

Finding and locking up hackers may be the toughest job in law enforcement. Criminals can use the darkweb -- the subterranean layer of the internet untouched by conventional search engines -- to disguise their activities, and make use of a complex online ecosystem of black market services that is global in nature. Suspects are often in Eastern Europe, Russia or other hard-to-reach jurisdictions for U.S. or European police.

The U.K. and Russia were among the worst hit, making them the likely leaders in any investigation.

Absolutely Focused

"We are absolutely focused in finding out who the criminals behind this attack are," said Lynne Owens, director general at the National Crime Agency, known as the U.K.'s FBI. "At this moment in time, we don't know whether it's a very sophisticated network or whether it's a number of individuals working together," Owens said in an interview posted on the agency's website.

Unlike being hacked by clicking on a malicious email or link, the "WannaCry" virus replicated itself, spreading for computer to computer automatically and demanding that computer users pay a ransom in bitcoin, an online currency that is extremely difficult to track.

"It takes a colossal amount of time, resource, knowledge, skill and effort to look through all the data and follow it through all the encrypted steps," said Brian Lord, a former director at the U.K.'s signals intelligence agency, GCHQ.

Lord, now an executive at security firm PGI Cyber, said it takes "strategic patience" and that law enforcement agencies -- with all of their competing priorities and demands -- rarely had such qualities.

Robust Investigation

This time it may be different, given the widespread damage caused by WannaCry, according to Thomas Brown, a former assistant U.S. attorney in New York who supervised a cyber crime unit.

"The wealth of available evidence given the vast scope of the attack, as well as the fact that there will probably be very strong international cooperation in light of the huge number of affected countries (including Russia), indicate that the investigation will be extremely robust," he said.

The probe will likely feature a combination of high-tech evidence gathering and traditional gum shoe techniques, such as interviewing suspects and confidential sources, said Brown, a managing director at Berkeley Research Group.

An NCA spokeswoman said the agency would use its international liaison officers, based in 120 countries, to work with overseas forces.

Leading the NCA operation is Oliver Gower, a former civil servant who speaks fluent French and who has spend the past five years helping build a coordinated government response to cyber crime, according to his LinkedIn profile.

"Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice," Gower said in a statement last week.

Teenage Kicks

The NCA has made progress in dismantling the online systems that distribute viruses, and recently arrested suspected cyber money launderers. Unlike U.S. authorities, it doesn't have a track record of extraditing overseas hackers or, in one instance, seizing them while on holiday in the Maldives. The NCA's cyber division is probably best known for an advertising campaign trying to dissuade teenagers from breaking computer laws.

The NCA can also call on the U.K.'s new National Cyber Security Centre, a GCHQ division created last year to be the public face of the famously secretive data collection agency.

The NCSC coordinated the immediate response to the ransonware attack, its first major incident. Over the weekend, the centre made contact with some of the world's largest private cyber security companies, including Secureworks Corp. and FireEye Inc., compiling information about the ransomware and how to contain it.

"This is the NCA's biggest challenge to date," said Alex Mendez, joint founder of Remora, a London-based computer security firm. The agency could potentially work together with other countries but in practice it can be hard to agree on operational actions due to the underlying political environment, he said.

(1st June 2017)


RANSOMWARE CYBER ATTACK
(Action Fraud, dated 15th May 2017)
www.actionfraud.police.uk

Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police's National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.

Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.

Key Protect messages for businesses to protect themselves from ransomware:


- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device that isn't left connected to your network as any malware infection could spread to that too.


The National Cyber Security Centre's technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the "WannaCry" Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

Key Protect advice for individuals:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn't left connected to your computer as any malware infection could spread to that too.

- Only install apps from official app stores, such as Google's Play Store, or Apple's App Store as they offer better levels of protection than some 3rd party stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.


Phishing/smishing

Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:

- An email address can be spoofed. Don't open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.

- The sender's name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.

Don't disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another "safe" account.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk

(1st June 2017)


THE WORLD'S 10 BIGGEST CYBERCRIME HOTSPOTS IN 2016
(Business Insider, dated 14th May 2017 author James Cook)

Full article [Option 1]:

http://uk.businessinsider.com/worlds-10-cybercrime-hotspots-in-2016-ranked-symantec-2017-5

Cybercrime has been in the news recently, whether it was the hack of the Democratic Party in the US during the most recent presidential election, or a scam that sent fake Google Docs links to people's Gmail accounts.

But where does malware, hacking attempts, and other cybercrime actually come from?

American cybersecurity company Symantec released its latest internet security threat report in April which looked at which countries were the biggest sources of malware, spam, and phishing attacks.

Symantec logged every kind of online threat it came across, whether malware, spam, phishing, bots, or hacking attempts. It then attempted to find the source of those attacks, and compiled this ranking of countries, sorted by number of threats that originated from them.

Here are the 10 countries that were the source of the most cybercrime in 2016:

1. The United States -23.96%

The US came out way in front of every other country on Symantec's list. Last year it was number two, with 18.89% of threats detected globally, but that has risen to 23.96%. In 2016 a new kind of malware named Mirai spread around the world. And earlier this year, security journalist Brian Krebs claimed that the malware originated in the US.

2. China - 9.63%

China was the second-biggest source of global threats detected by Symantec, down from the number one spot last year. CNBC reported in July that malware that originated in China had been found to have infected over 10 million Android phones.

3. Brazil -5.84%

Brazil has the dubious honour of entering Symantec's top three countries for threat detections. It has had a massive rise, up from number 10 last year. Security Intelligence published an overview of the trends in Brazilian malware back in July.

4. India - 5.11%

India actually went down Symantec's leaderboard of global threat detections. This year it's number four, whereas last year it was at number three. It was reported in February that Hitachi's ATM system in India had been compromised for two months.

5. Germany - 3.35%

Germany came in at number five on Symantec's list, up from number eight last year. The country has been a target of malware in the past: In 2016 a German nuclear plant was found to be infected with computer viruses.

6. Russia - 3.07%

Russia came in sixth in Symantec's research, but that was up from eleventh in 2015. The country has seen a surge in the amount of threats detected, Symantec's report showed.

7. The United Kingdom - 2.61%


The UK came in seventh in Symantec's ranking, the same position as 2015. Research from the Enigma Software Group released in March showed that London and Manchester are the most likely cities in the UK for computers to be infected with malware.

8. France - 2.35%


France accounted for 2.35% of threats detected globally by Symantec. France has been an emerging country for hacking and malware . Trend Micro released a report last year that examined the country's growing cybercrime problems.

9. Japan - 2.25%

Japan was the ninth-biggest source of cyber attacks, up from the twelfth-biggest in 2015. Japan has historically seen relatively little cybercrime, but that changed in 2015. A Trend Micro report in 2015 predicted a large spike in hacking in the country.

10. Vietnam - 2.16%

Vietnam was responsible for 2.16% of global threat detections in 2016 that Symantec found. That's up from 0.89% in 2015. The country has also been the target of hacking attacks in 2016 . In July it was found that Vietnam's biggest airline, Vietnam Airlines had been hacked into. And that malware may have spread to government agencies and banks.

(1st June 2017)


NATIONAL CRIME AGENCY STATEMENT : ON INTERNATIONAL CYBER CRIME INCIDENT
(NCA, dated 13th May 2017)

Full article :

www.nationalcrimeagency.gov.uk/news/1082-nca-statement-on-international-cyber-crime-incident

The NCA is working closely with a range of partners both in the UK and overseas to protect the public and businesses from the global cyber-attack from the 'WCry' or 'WannaDecrypt0r' ransomware.

The NCA leads the UK law enforcement response to cyber threats and is investigating this incident with the National Cyber Security Centre.

Specialist cyber crime officers from the NCA and policing are engaging directly with victims, including NHS trusts, and are visiting a number of NHS Sites to help protect victims and secure and preserve evidence.

While the NHS has been a high profile target in this attack, there are currently no indications that UK policing or other government departments have been infected with the ransomware.

The NCA is actively pursuing a number of lines of enquiry and is working with industry and international law enforcement partners, to identify and locate suspects.

Oliver Gower, Deputy Director of the NCA's National Cyber Crime Unit said:

"This was a large-scale attack, but we are working closely with law enforcement partners and industry experts in the UK and overseas to support victims and identify the perpetrators.

"Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice.

"Victims of cyber crime should report directly to ActionFraud. We encourage the public not to pay the ransom demand."

ActionFraud is the UK's national fraud and cyber crime reporting centre. Victims of cyber crime can report directly at actionfraud.police.uk ActionFraud offer advice and resources on how to protect your data, devices and what to do if infected.

The NCA are advising the public and organisations to help reduce the risk of these attacks by:

- Making sure your security software patches are up-to-date.
- Making sure that you are running anti-virus software.
- Backing-up your data in multiple locations, including offline.
- Avoiding opening unknown email attachments or clicking on links in spam emails.

(1st June 2017)


UK AND NETHERLANDS EMERGE AS GROWING HOTSPOTS FOR ORGINATING CYBERATTACKS
(IBM - Security Intelligence, dated 11th May 2017 author Douglas Bonderud)

Full article [Option 1]:

https://securityintelligence.com/news/uk-netherlands-emerge-as-growing-hotspots-for-originating-cyberattacks/

Europe is climbing the charts, but it's not in a desirable category for EU member countries. According to a recent NTT Security report, more than half of the world's phishing attacks now originate from the Europe, Middle East and Africa region (EMEA).

The Netherlands is ground zero for this type of attack, having suffered 38 percent of noted phishing attacks, which is second only to the U.S. The U.K. also took second spot behind the U.S. in total number of cyberattacks.

Europe: A Breeding Ground for Cyberattacks

While the distribution and origin of attack efforts has changed, methodologies remain largely the same. As noted by CBR Online, 73 percent of all cyberattacks leveraged phishing techniques to gain access, with many relying on a combination of social engineering and poor password choices to effectively breach company networks.

What's more, 77 percent of attacks occurred across just four industries: business and professional services (28 percent), government (19 percent), health care (15 percent) and retail (15 percent), NTT Security reported. In many cases, phishing efforts acted as precursors to ransomware infections, forcing companies to choose between holding the line and risking lost data or paying up and hoping that attackers honor their word.

But something had to give. Europe's increasing tech savvy and rising economic clout made it the ideal place for cybercriminals to develop new techniques, improve old threat vectors and launch a new wave of cyberattacks against targets worldwide.

A Potentially New Landscape


As noted above, both the Netherlands and the U.K. feature prominently in the new threat landscape. But what sets these nations apart from their European neighbors?

"Particular areas of the EMEA, and especially the Netherlands, are known for having internet networks that are fast and reliable," Dave Polton of NTT Security told SecurityWeek. Add in the extremely busy Amsterdam Internet Exchange (AMS-IX), and it's the perfect place for cybercriminals looking to develop, test and deploy new phishing attacks.

Meanwhile, in the U.K., just 31 percent of businesses listed cybersecurity as a "very high" priority, and a "sizable proportion" of companies lack basic information security protections, Forbes noted. The gap between necessary cybersecurity protections and the current technology landscape makes the rise of cyberattacks inevitable. It has also helped push the U.K. into second place behind the U.S. for total attacks launched.

The nation has rolled out new cyber legislation in the form of the Investigatory Powers Act, which compels communication service providers (CSPs) to retain customer internet connection records for one year and allows law enforcement agencies to see these records without a warrant. However, security experts such as Sean Sullivan of F-Secure argued in SecurityWeek that these new powers will "be useful in a reactive way, to investigate after the fact. I do not think they will prevent."

Last Line of Defense

The Netherlands and the U.K. are now leading the charge in both overseas phishing attacks and total attack volume. It's not good news for security firms or enterprises, but it's necessary knowledge. Understanding the scope of new threats is the only hope of holding the line and putting preventative measures in place.

(1st June 2017)


BRITAINS WORST COLD CALLERS
(The Telegraph, dated 11th May 2017 author Nicola Harley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/05/10/britains-worst-cold-callers-firm-behind-100-million-nuisance/

The firm behind 100 million nuisance calls has been given a record £400,000 fine.

Keurboom Communications Ltd has been handed the highest ever nuisance calls fine after more than 1,000 people complained about recorded - also known as automated - calls.

The calls, made over an 18 month period, related to a wide range of subjects including road traffic accident claims and PPI compensation. Some people received repeat calls, sometimes on the same day and during unsociable hours. The company also hid its identity, making it harder for people to complain.

Keurboom Communications Ltd has been placed into voluntary liquidation.

It comes as a new law is in the process of being introduced to make directors liable to individual fines of up to £500,000.

The Telegraph has campaigned for a new law to close a loophole that allows company directors to claim bankruptcy for firms that are fined, thereby "dodging" payment.

Last year the Telegraph revealed that out of 20 firms penalised, 15 went bust or declared themselves insolvent, thereby avoiding the fine.

Currently only firms can be fined up to £500,000 by the Information Commissioner's Office [ICO], but under the new rules directors can be personally fined the same amount.

Companies can only make automated marketing calls to people if they have their specific consent. Keurboom did not have consent so was in breach of the law.

Steve Eckerlsey, Head of Enforcement at the Information Commissioner's Office (ICO) said: "Keurboom showed scant regard for the rules, causing upset and distress to people unfortunate enough to be on the receiving end of one its 100million calls.

"The unprecedented scale of its campaign and Keurboom's failure to co-operate with our investigation has resulted in the largest fine issued by the Information Commissioner for nuisance calls."

During the investigation, the ICO issued seven information notices ordering the company, which is registered in Dunstable, Bedfordshire, to provide information to the regulator.

When it failed to comply, Keurboom Communications Ltd and its director, Gregory Rudd, were prosecuted and fined at Luton Magistrates' Court last April.

Mr Eckersley said: "These calls have now stopped - as has Keurboom - but our work has not. We'll continue to track down companies that blight people's lives with nuisance calls, texts and emails."

Following the ICO's investigation, Keurboom Communications Ltd has been placed in voluntary liquidation. The ICO says it is committed to recovering the fine by working with the liquidator and insolvency practitioners.

Alex Neill, Which? Managing Director of Home Products and Services, said: "Nuisance calls are a menace, so it's right that the companies making them are held to account and hit with big fines.

"The next Government should swiftly bring in new? powers holding directors personally accountable for these unlawful calls."

Last year the ICO had its busiest year for nuisance calls issuing 23 companies a total of £1.923 million for nuisance marketing.

The previous record nuisance call fine was in February 2016, when the ICO fined Prodial, a lead generation company, £350,000 for making 46 million nuisance calls.

Mike Lordan, Director of External Affairs a the Direct Marketing Association, said: "We applaud the work of the Information Commissioner's Office in their work against rogue marketers who do nothing for consumers and give the legitimate industry a bad name. We hope that in the future rogue marketers will face the real threat of prison when abusing consumers in this way, which will be an effective deterrent."

(1st June 2017)


HUGE ANDROID FLAW LEAVES USERS WIDE OPEN TO MALWARE AND IT WON'T BE FIXED FOR MONTHS
(International Business Times, dated 10th May 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/huge-android-flaw-leaves-users-wide-open-malware-it-wont-be-fixed-months-1620903

A security vulnerability in the Android operating system (OS) that lets malicious applications hijack a device's screen has reportedly left nearly 40% of users vulnerable to ransomware, banking malware and adware - but Google says it won't be fixed for months.

The flaw was found in a core security mechanism of Android 6.0.0 (Marshmallow) and above, which based on official statistics is 38.3% of devices. Google has confirmed it is aware of the issue but says the bug won't be resolved until the release of 'Android O' in Q3 2017.

According to experts at cybersecurity firm Check Point, the problem persists due to a Google policy which grants certain permissions to applications directly installed from the official Play Store.

The faulty model - "SYSTEM_ALERT_WINDOW" - allows apps to "overlap" on a device's screen.

This, as the researchers noted in a blog post this week (9 May), is one key method used by hackers and cybercriminals to trick unwitting Android users into falling for malware and phishing scams that can result in ransomware, banking Trojans and adware.

Check Point said over 70% of ransomware (malware that locks down a system until money is paid to the hacker), over 50% of adware and roughly 15% banking malware spreads by exploiting this type of permission. "This is clearly not a minor threat," experts said.

In a previous temporary fix, Google unveiled a patch for Android 6.0.1 that allowed the Play Store application itself to have enhanced control over permissions, but it seemingly backfired. If a malicious app was downloaded from Play it would be "automatically granted" the permission.

The experts said: "Since Google understood the problematic nature of this permission it created the distinct process to approve it. This soon caused problems, as this permission is also used by legitimate apps, such as Facebook, which requires it for its Messenger chat."

While Google currently uses a system known as 'Bouncer' to automatically scan applications in an attempt to fend off those containing viruses, some can still slip through the cracks. Recently, uncovered strains have included 'BankBot' and 'FalseGuide'.

"Beware of fishy apps," the researchers warned, adding: "Users should always beware of malicious apps, even when downloading from Google Play. Look at the comments left by other users, and only grant permissions which have relevant context for the app's purpose."

According to Android Police, a technology website, the Android 'O' developer preview will include four releases in advance of the final build, currently set to hit the app stores in Q3. An exact date has not been announced, but we recently got a glimpse of Google's new Fuchsia OS.

(1st June 2017)


CROOKS CAN NICK BRITS IDENTITIES JUST BY PICKING UP THE PHONE AND LYING
(The Register, dated 10th May 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/05/10/fraud_trends_cifas/

Identity crimes remain among the greatest threats to UK businesses online.

The offences made up three in five (60 per cent) of all fraud recorded by Cifas, the UK's leading fraud prevention service. Cifas' annual report, published Wednesday, collates statistics from 325,092 instances of fraud recorded in 2016. These internal and external cases represent a modest increase from the 321,092 recorded in 2015.

Facility or account takeover sharply increased last year. A facility takeover happens when a fraudster poses as a genuine customer, gains control of an existing account and uses it for their own ends - such as making transactions or ordering new products. Any account can be hijacked by fraudsters, including online banking, credit cards, telephone, email and other services.

Facility takeovers increased by 45 per cent from 15,497 in 2015 to 22,525 in 2016. More than half of these takeovers were enabled over the phone, typically through call centre staff.

The vast majority (88 per cent) of identity frauds were committed online, as were 30 per cent of facility takeovers. To pull off account takeovers crooks must first have obtained enough of their victim's personal and security information (date of birth, address, details of bank or other accounts, and sometimes passwords) to fool call centre staff. Data breaches, social media footprints and other open-source information can help facilitate this process. Often fraudsters need to approach their intended mark to get enough information, according to Cifas.

Cifas reckons the growing tactic of contacting call centre staff prior to attempting account takeover is, at least in part, a displacement effect. As online access to accounts is locked down with better authentication technologies, fraudsters are switching tactics in response.

Cifas chief executive Simon Dukes said: "Working together, organisations prevented £1 billion worth of fraud last year, but we know that as one method gets harder, fraudsters change tactic rather than stop. We are now seeing that the advances made in securing online access to customer accounts have led to fraudsters targeting the human being at the end of the phone.

"Using old-fashioned but highly effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims' accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier."

Cifas is pushing education as a means to help both call centre staff and targets to stay ahead of fraudsters. The service asks that the next UK government prioritises tackling fraud by putting fraud education in the national curriculum so kids get schooled on security practices early in life as well as making fraud prevention a "strategic priority for UK policing". In addition, the post-election government should run a comprehensive review of the sentencing guidelines for fraud.

(1st June 2017)


AI TO HELP UK POLICE DECIDE WHETHER TO REMAND OR RELEASE CRIMINAL SUSPECTS
(International Business Times, dated 10th May 2017 author Owen Hughes)

Full article [Option 1]:

www.ibtimes.co.uk/ai-help-uk-police-decide-whether-remand-release-criminal-suspects-1620910

Police in the UK will start using artificial intelligence (AI) to help them determine whether someone they believe to have committed a crime should be kept in custody.

Called the Harm Assessment Risk Tool (Hart), the machine learning system uses data from police records as well as the suspect's offending history and select demographic information to assess how likely they are to commit a crime if released.

According to the BBC, Hart will be deployed by police in Durham, north-east England, in the coming months. Instances where the system might be used include when officers need to decide whether to keep a suspect in custody for further questioning or release them on bail after being charged with a crime.

Suspects are classified as either low, medium or high risk, although the system is more likely to deem a person as medium or high risk in order to "err on the side of caution", reports the BBC.

In tests during which Hart was used to assess suspects' risk level but the outcome not enforced by officers, the algorithm proved to be 98% accurate when it determined a suspect as low risk and 88% accurate when classifying a person as high risk.

Access to the algorithm will be randomised in order to determine its effectiveness. Presumably, this will also help prevent bias against particular races, social classes and ethic groups.

While Hart uses a suspect's gender and postcode when making an assessment, its creators claim that this alone isn't enough to impact the decision. It is also intended as a complimentary tool for police and not one on which officers should base their decision entirely.

Hart only has access to Durham police records between 2008 and 2012, meaning the algorithm would be unable to make an assessment to anyone from outside the force's jurisdiction or who offended either before or after this time.

(1st June 2017)


UK POLICE FORCE FINED £150K AFTER DVD FOOTAGE OF SEX CRIME INTERVIEWS LOST IN POST
(International Business Times, dated 5th May 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/uk-police-force-fined-150000-after-dvd-footage-sex-crime-interviews-lost-post-1620152

Greater Manchester Police (GMP) has been fined £150,000 ($194,000) by the UK's data breach watchdog - the Information Commissioner's Office (ICO) - after three unencrypted DVDs containing footage of interviews with victims of violent and sexual crimes were "lost in the post".

The department sent the footage in 2015 to the Serious Crime Analysis Section (SCAS), a division of the National Crime Agency (NCA), by recorded delivery but they were never received. The DVDs, stored without password protection, have never been recovered.

The recordings showed victims talking openly about the crimes. The ICO said in a statement this week (4 May) GMP did not have appropriate measures in place to guard against the accidental loss - and should have known to send the material via special delivery.

The ICO said the DVDs contained "highly sensitive data" that would likely cause "substantial damage or stress" to the victims who may suspect that their personal data had been accessed by "individuals who have no right to see that information".

The substantial penalty must be paid to the ICO by 31 May 2017. If the ICO receives full payment by 30 May the GMP will be given a 20% discount to £120,000.

"GMP ought to have known that the DVDs containing the interviews would be vulnerable," the ICO said.

"The GMP was also aware that SCAS only used special delivery to send confidential material by post, if required," the ICO continued. "Special delivery is more secure than recorded delivery because an item is signed for every time it changes hands, and not just by the recipient."

Sally Anne Poole, ICO enforcement group manager, said: "When people talk to the police they have every right to expect that their information is handled with the utmost care and respect.

"Greater Manchester Police did not do this. The information it was responsible for was highly sensitive and the distress that would be caused if it was lost should have been obvious. Yet GMP was cavalier in its attitude to this data and it showed scant regard for the consequences that could arise."

The ICO investigation found that GMP had been sending unencrypted DVDs by recorded delivery to SCAS since 2009 and only stopped after the security breach in 2015. Yet this is not the first time the force had been found lacking in the area of data protection.

The ICO previously fined GMP £150,000 in 2012 after an unencrypted USB stick was stolen.

GMP Assistant Chief Constable Rob Potts told The Guardian: "The disks were sent in accordance with national guidance for sending sensitive information, however, when it became apparent that the disks may have been lost we immediately reviewed our own procedures.

"As a result postal delivery is no longer used by GMP for sensitive information.

"I think it is important to stress that when the potential loss did become apparent, we worked closely alongside Royal Mail to do everything possible to try to find the disks and immediately informed the three people concerned in the video interviews.

"They have been kept updated of this ongoing investigation and contacted this week to inform them of the ICO's decision." He added: "I would continue to urge anybody who has been a victim of crime to come forward to police, we are here to help and we can provide specialised support."

(1st June 2017)


WHY YOU REALLY NEED TO STOP USING PUBLIC WIFI
(Harvard Business Review, dated 3rd May 2017 author Luke Bencie)

Full article [Option 1]:

https://hbr.org/2017/05/why-you-really-need-to-stop-using-public-wi-fi

In today's busy world, convenience seems to outweigh consequence, especially with how people use their mobile devices. Using free public Wi-Fi networks, for example, comes with any number of serious security risks, yet surveys show that the overwhelming majority of Americans do it anyway. In a study by privatewifi.com, a whopping three-quarters of people admitted to connecting to their personal email while on public Wi-Fi.

It isn't hard to see that a few moments of online convenience are far outweighed by your money or financial information being stolen, or by suffering the embarrassment of your personal information being publicly released. According to a recent opinion poll, more people are leery of public Wi-Fi networks than of public toilet seats (a promising sign). But an interesting experiment, conducted at the 2016 Republican and Democratic National Conventions, showed attendees' true colors. At each convention, private entities provided visitors with free public Wi-Fi networks (for social science purposes). Around 70% of people connected to the nonsecure Wi-Fi networks at both conferences.

Security consultants often find that sex can be an attention-grabbing metaphor to get a client's attention. When we lecture businesspeople about cybersecurity, we compare the dangers of using public Wi-Fi to the risks of having unprotected sex. In both cases, not taking the necessary precautions can lead to lasting harm. For mobile devices, the harm is digital: the theft of your personal data, such as passwords, financial information, or private pictures or videos. You're rolling the dice every time you log on to a free network in a coffee shop, hotel lobby, or airport lounge.

Think the problem is being exaggerated, or that cyber theft only happens to large corporations? Consider that over half of the adults in the U.S. have their personal information exposed to hackers each year. Furthermore, Verizon's annual Data Breach Investigation Report has found that 89% of all cyber attacks involve financial or espionage motives.

There are dozens of online tutorials showing hackers how to compromise public Wi-Fi, some of them with millions of views. The most common method of attack is known as "Man in the Middle." In this simple technique, traffic is intercepted between a user's device and the destination by making the victim's device think the hacker's machine is the access point to the internet. A similar, albeit more sinister, method is called the "Evil Twin." Here's how it works: You log on to the free Wi-Fi in your hotel room, thinking you're joining the hotel's network. But somewhere nearby, a hacker is boosting a stronger Wi-Fi signal off of their laptop, tricking you into using it by labeling it with the hotel's name. Trying to save a few bucks, and recognizing the name of the hotel, you innocently connect to the hacker's network. As you surf the web or do your online banking, all your activity is being monitored by this stranger.

Still not convinced of the risks? Here's a story that should worry business travelers in particular. In 2014 experts from Kaspersky Lab uncovered a very sophisticated hacking campaign called "Dark Hotel." Operating for more than seven years and believed to be a sophisticated economic espionage campaign by an unknown country, Dark Hotel targeted CEOs, government agencies, U.S. executives, NGOs, and other high-value targets while they were in Asia. When executives connected to their luxury hotel's Wi-Fi network and downloaded what they believed were regular software updates, their devices were infected with malware. This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device.

What is the best way to protect yourself against these kinds of Wi-Fi threats? Although antivirus protection and firewalls are essential methods of cyber defense, they are useless against hackers on unsecured Wi-Fi networks. Consider the following seven security tips to keep prying eyes out of your devices:


- Don't use public Wi-Fi to shop online, log in to your financial institution, or access other sensitive sites ever

- Use a Virtual Private Network, or VPN, to create a network-within-a-network, keeping everything you do encrypted

- Implement two-factor authentication when logging into sensitive sites, so even if malicious individuals have the passwords to your bank, social media, or email, they won't be able to log in

- Only visit websites with HTTPS encryption when in public places, as opposed to lesser-protected HTTP addresses

- Turn off the automatic Wi-Fi connectivity feature on your phone, so it won't automatically seek out hotspots

- Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data

- Buy an unlimited data plan for your device and stop using public Wi-Fi altogether

The more you take your chances with a free network connection, the greater the likelihood that you will suffer some type of security breach. There is a saying in the cybersecurity industry that there are three types of people in the world: those who have been hacked, those who will be hacked, and those who are being hacked right now and just don't know it yet. The better you protect yourself, the greater your chances of minimizing the potential damage. Remember: Falling victim to public Wi-Fi's dangers is a question of when, not if.

(1st June 2017)


SCOTLAND YARD CREATES SQUAD TO TACKLE KNIFE CRIME
(London Evening Standard, dated 3rd May 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/met-police-creates-crack-squad-to-tackle-knife-crime-as-another-man-is-stabbed-to-death-in-london-a3529171.html

Scotland Yard today launched an 80-strong task force to tackle the epidemic of soaring knife crime as another young man was stabbed to death in London.

A squad of covert and uniform officers is to be deployed to trouble spots at a moment's notice to curb flare ups of violence across the capital.

The moves comes as police are battling a 24 per cent rise in knife crime in London amid a stream of stabbings and murders across the city.

In the latest incident a 23-year-old man died after staggering into Barnet Hospital with stab injuries at 7.30pm last night. He received emergency treatment but died an hour later.

Detectives believe he was attacked in Masefield Crescent, Southgate before being driven to hospital. There have been no arrests.

In another incident last night a 17-year-old was repeatedly stabbed in a suspected gang related attack outside the Arcola Theatre in Dalston.

The teenager was first described as critically injured but his condition this morning was described as stable.

Last week six men were killed in knife attacks in London and a total of 17 men under the age of 25 have died in stabbings this year.

Today the Met launched the eighth phase of its Operation Sceptre campaign against knife crime with details of a new squad to tackle violence and a series of measures aimed at deterring crime with a focus on working with schools.

Police say they are also rolling out a more community-led approach to tackle stabbings with elements taken from a US anti-gang strategy called the Boston Ceasefire project.

One new approach is to recruit role models and leaders from within communities to deliver anti-crime messages to young people at risk.

Detective Chief Superintendent Michael Gallagher, the operational head of the Sceptre campaign, said: "We are pushing initiatives and messages which are delivered by communities.

"It used to be the police who delivered these messages but now we are trying to get community representatives to put them across.

"The group we are trying to influence don't want to hear messages from people like me, it will have far more impact if it comes from a mum or someone who is a role model for that group of Londoners."

Among the role models is a street pastor from north London and a mother with a strong links to the local community.

DCS Gallagher said: "These individuals are out there in our communities, they can be anyone. I am meeting more and more people who want to do something about it. Communities are coming to us and saying 'What can we do? These are our kids.'"

Over 900 activities are planned in London in a week of action which will include intelligence-led stop and search to target known knife offenders, weapons sweeps of estates and parks and initiatives in schools to divert young people from knife crime.

DCS Gallagher, the current commander of Brent police, said the Sceptre Task Force of 40 covert officers and 40 uniform police was being deployed to boroughs with the worst record of stabbings.

The squad, which was used in Croydon and Tower Hamlets yesterday, will support local police, carry out high visibility patrols and deploy covert teams in hotspots of knife crime.

The unit, whose officers are being drawn from boroughs, is expected to become a permanent fixture in the fight against knife crime.

DCS Gallagher said : "This is a cohort of officers that I can drop into an area to have a fast time impact, virtually immediately. It is about protecting kids.

"We will review where it deploys on a day to day basis. We have to be flexible because this is not a predictable challenge we have."

He said the officers would be carrying out stop and search activity but said it would be done with "dignity and respect" and local community members would be encouraged to accompany patrols.

Academics, researchers form the University of London and the Office of National Statistics are also being employed by the Met to examine crime data in a bid to understand what is driving the surge in knife crime.

DCS Gallagher said: "What is clear is that it is not just the victim who is vulnerable, what is becoming quite clear is that the suspect cohort come from a chaotic background.

"It is not just driven by socio-economics, there are also mental health issues and some real vulnerability which has put them into that space of carrying or using knives."

He said the research showed that both knife victims and suspects came from the same group adding: "This is not a black or a white thing, it is a crime thing. "Regardless of ethnicity, it is about understanding the problem.

"What I need to know is have we had a cultural shift, is it because we have a rising youth population or is it because there is more of a criminal violent element in society at the moment."

He added: "It is a huge concern. We need to understand exactly what is going on. Hopefully, the research will give us a better idea of how to tackle this problem with the resources we have got."

KNIFE CRIME IN LONDON
Source : Met Police statistics

n = Knife crime (n) = Fatal [n] = Serious <n> = total injuries

Barking and Dagenham : 618 (3) [34] <140>
Barnet : 613 (2) [23] <120>
Bexley : 345 (1) [15] <64>
Brent : 797 (2) [61] <204>
Bromley : 463 (0) [20] <93>
Camden : 558 (4) [28] <111>
Croydon : 1026 (60) [61] <190>
Ealing : 749 (4) [48] <196>
Enfield : 746 (1) [38] <136>
Greenwich : 606 (1) [33] <151>
Hackney : 939 (0) [56] <188>
Hammersmith and Fulham : 408 (2) [12] <75>
Haringey : 1001 (4) [45] <199>
Harrow : 308 (1) [21] <93>
Havering : 421 (1) [13] <71>
Hillingdon : 474 (2) [31] <94>
Hounslow : 574 (1) [32] <133>
Islington : 757 (3) [57] <161>
Kensington and Chelsea : 497 (1) [34] <83>
Kingston upon Thames : 138 (1) [8] <34>
Lambeth : 1156 (1) [80] <247>
Lewisham : 910 (4) [51] <190>
Merton : 324 (1) [21] <68>
Newham : 1165 (3) [63] <246>
Redbridge : 578 (2) [30] <131>
Richmond upon Thames : 186 (0) [10] <30>
Southwark : 1258 (3) [63] <237>
Sutton : 232 (0) [13] <37>
Tower Hamlets : 1087 (2) [52] <195>
Waltham Forest : 701 (0) [35] <130>
Wandsworth : 510 (3) [30] <108>
Westminster :

(1st June 2017)


MET PUTS SAVINGS TARGETS AT RISK BY SPENDING £30m TOO MUCH ON TECH
(London Evening Standard, dated 3rd May 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/met-puts-savings-targets-at-risk-by-spending-30m-too-much-on-tech-a3529101.html

Scotland Yard risks failing to meet savings targets this year, partly because of a multi-million-pound overspend on digital policing.

Figures show that the Met is set to overspend by more than £30 million on a plan to upgrade its technology, while also raiding £24 million from its reserves. The Met said IT support costs for projects such as body-worn video cameras, which are being rolled out to all frontline officers, were partly to blame for the overspend.

The details emerged as the Met revealed it was to start issuing tablets and laptops to officers after shelving a £6 million trial to equip police with iPads. About 1,700 laptops and tablets are being given out from August this year. The budget overspend comes after new Met chief Cressida Dick pledged to expand digital policing to improve the Met's efficiency. The force has launched a massive overhaul of its IT systems at a cost of up to £350 million.

In a recent report to the London Assembly's police and crime committee, the Met said the overspend on technology had increased from £6 million to £30 million in the third quarter. It states that a review of future spending had failed to identify any savings that could balance the digital policing budget. Liberal Democrat London Assembly member Caroline Pidgeon, a member of the police and crime committee, said: "The Met has a very long history of costly IT blunders, which have cost the public millions of pounds. It appears the Mayor was duped by the Met's forecasts, which were wildly optimistic in terms of the savings that new technology would make."

Rory Geoghegan, a former Met officer and now head of criminal justice at the Centre for Social Justice, said the Met spent nearly five years trialling 700 iPads when New York's police force rolled out smartphones to every frontline officer in a little over two years.

He said: "Successive commissioners have inherited and, like the Met's frontline, endured computer systems stuck 20 years in the past. These eye-watering figures - enough to pay the salaries of 1,000 police officers for a year - demonstrate just how vital it is for the Met's new commissioner to grip the technology issue."

Recent figures show that the Met is spending around £150 million on digital policing a year while launching ambitious plans to update technology. A report in 2013 found it had 750 systems that have been wired together over the past 40 years including one core operating system which dated back to a Seventies baggage handling system.

There are plans for a digital crime reporting system and the use of tablets to allow officers to stay on the streets for longer. The Met said in a statement: "We are undergoing a complete refresh of our information technology processes, infrastructure and equipment.

"The transformation will ultimately provide improved value for money, drive efficiency through cutting down on bureaucracy and will enable the delivery of other strategic programmes, such as officer mobility. However, the upgrade programme is not as simple as it would be for many other organisations due to the amount of specialist legacy software upon which parts of the Met still relies."

The force said there were "unforeseen support costs associated with new technology, such as body- worn video".

(1st June 2017)


IBM HAS BEEN SHIPPING MALWARE-INFECTED USB STICKS
(Graham Cluley, dated 2nd May 2017 author Graham Cluley)

Full article [Option 1]:

www.grahamcluley.com/ibm-shipping-malware-infected-usb-sticks/

IBM has warned customers that it accidentally shipped a number of malware-infected USB sticks to enterprises ordering its IBM Storwize V3500, V3700 and V5000 Gen 1 flash storage solutions.

The malware is found in the intitialisation tool's directory, and when tool is launched from the USB stick to configuring the Storwize storage solution, the malware is copied to a temporary directory on the computer's hard drive.

IBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code.

Affected Products

The Initialization Tool on the USB flash drive with the partnumber 01AC585 that shipped with the following System models may have an infected file:
IBM Storwize V3500 - 2071 models 02A and 10A
IBM Storwize V3700 - 2072 models 12C, 24C and 2DC
IBM Storwize V5000 - 2077 models 12C and 24C
IBM Storwize V5000 - 2078 models 12C and 24C

IBM Storwize Systems with serial numbers starting with the characters 78D2 are not affected.

IBM has not said how many infected USB sticks it believes it has shipped to customers, but even if it's a relatively small number that will be of little comfort if you were one of the unlucky recipients.

The good news is that the malware is only copied onto the computer. The initialisation process does not actually run the malicious code, and a computer can only become infected if the malicious file is executed.

While the malware does not target the integrity of the storage systems themselves, if the malicious code is launched it will attempt to infect the Windows computer it is run on, and may download further malware from the internet.

IBM is recommending that the malware-infected USB sticks should either be securely destroyed, or have the offending folder wiped and a clean version of the installation tool package downloaded and installed in its place.

Personally I would think that USB sticks are so cheap that the simplest choice is to destroy the infected one (in order to prevent someone else innocently using it) and download the software you need afresh.

According to IBM, up-to-date versions of the following anti-virus products have been confirmed to detect the malware: AhnLab-V3, ESET NOD-32, Kaspersky, McAfee, McAfee-GW-Edition, Microsoft, Qihoo-360, Symantec, Tencent, Trend Micro, Trend Micro Housecall, ZoneAlarm.

I would imagine other vendors are also busily updating their security products if they have not already done so.

It's important to remember that malware doesn't just present a risk to you when you open on an email attachment, or click on a link, or visit a website with poisoned adverts. Your computer can also come to harm through malware which has been physically shipped to you on CD ROM, on a USB stick, or even pre-installed on a hard drive.

We tend to trust companies like IBM to take greater care over what they ship to their customers and assume it to be uncompromised and squeaky-clean. Clearly that trust is sometimes misplaced.

uaware further information

IBM notification : www-01.ibm.com/support/docview.wss?uid=ssg1S1010146

(1st June 2017)


TRESPASS INCIDENTS AT A 10 YEAR HIGH
(The Railway Magazine, dated May 2017)
www.railwaymagazine.co.uk [Option 1]

Alarming new figures from Network Rail and British Transport Police reveal that more people than ever are risking their lives on the rail network by trespassing on the tracks.

The data looks at trends over the last 10 years and shows that trespass incidents are at an all time high, and that at least one person trespasses and dices with death every hour.

Last year there were more than 8,000 incidents where people risked their lives across the rail network, an 11% increase on the previous year.

Young people are also the most likely to take a risk, with 50% of those killed under the age of 25.

Spring and Summer see more than double the number of young trespassers, compared to the Winter months.

Allan Spence, head of public and passenger safety at Network Rail, said: " Every April we see a huge rise in the number of people taking risk on the rail network and its worrying that these numbers seem to bgoing up".

Short Cut

"Britain has the safest railway in Europe, but still too many people lose their lives on the tracks. The dangers may not always be obvious, but the electricity on the railways is always on and trains can travel at up to 125mph, so even if they see you, they can't stop in time."

According to Network Rail's statistics, 72% of all passengers who died over the last 10 years weere struck by a train and another 17% were electrocuted. The other 11% were killed by a fatal fall on or near the railway.

Most trespassers highlight taking a short cut (42%) as their main motivation for committing the crime, followed by thrill-seeking (19%).

The new figures also highlight that youth trespass is more prevailent in areas of socio-economic deprivation.

In response to the seasonal surge in incidents and to tackle the problem of youth trespass, Network Rail and the British Transport Police have jointly launched a schools programme where rail community safety managers and BTP officers will be out teaching thousands of children about railway safety.

(1st June 2017)


TAYLOR WIMPEY TO PAY UP TO £130m TO SETTLE GROUND RENT SCANDAL
(The Guardian, dated 27th April 2017 author Patrick Collinson)

Full article [Option 1]:

www.theguardian.com/business/2017/apr/27/taylor-wimpey-ground-rent-scandal

Taylor Wimpey is to pay out up to £130m to buyers of some of its new-build leasehold properties, which were rendered near-worthless after homeowners found themselves trapped in spiralling ground rent contracts.

In a statement issued at its AGM, the housebuilder said a review of the contracts, in which the ground rent doubles every 10 years, found they were legal but "not consistent with our high standards of customer service and we are sorry for the unintended financial consequence and concern that they are causing".

It said it would make a provision of £130m "to alter the terms of the doubling lease to materially less expensive ground rent review terms, with the group bearing the financial cost of doing so".

With thousands of homebuyers caught out by rapidly rising rents, the solicitors they used may face claims of professional negligence

An investigation by the Guardian last year in collaboration with campaign group Leasehold Knowledge Partnership uncovered how buyers of Taylor Wimpey homes, predominantly in the north-west, found them to be almost unsaleable because of the doubling ground rents.

One flat owner reported being trapped in a property that had been rendered virtually worthless just six years after being built. Others have been forced to pay £1,000-plus fees to their freeholder for permission to build an extension, while attempts to buy out the leasehold have been met with demands of £35,000 or more, even though the lease has, in some cases, hundreds of years to run.

Sebastian O'Kelly, of the Leasehold Knowledge Partnership, said: "Homebuyers wanted homes and trusted a plc housebuilder. Taylor Wimpey created an investment asset class - the freehold - which it then traded to anonymous and murky investors, who hide their beneficial ownership behind nominee directors.

"This ground rent racket is wealth erosion on a massive scale, which has fallen mainly on young first-time buyers and their families. It has revealed the rotten core of leasehold as a form of property tenure."

But questions remain over who will benefit from the £130m put aside by Taylor Wimpey, and whether other developers will also compensate leasehold buyers.

Graham Balchin, a solicitor who has acted on behalf of many homebuyers trapped in escalating ground rents, said: "There can be no doubt that the Guardian's series of articles has played a big part in generating the publicity which has in turn resulted in this change.

"While this development will come as an enormous relief for those leaseholders who bought new from Taylor Wimpey, many of these properties have changed hands since they were first sold and its statement indicates that it is only those who bought direct from Taylor Wimpey that will be helped.

"If that is a correct understanding of TW's position, it will mean that there will still be thousands of TW leaseholders who will not be helped. That class of owner could therefore remain stuck with onerous ground rents in properties which will remain difficult, if not impossible to sell, at least for a price close to the value of a similar property without the onerous doubling clause."

Taylor Wimpey reported profits of £733m in the year to December, up 22% on the year.

Ground rents that double every 10 years have become hugely attractive to specialist investors, because they imply an interest rate of 7% a year when the Bank of England base rate is just 0.25%.

Many buyers were told that the 250- or even 999-year leases on their new-build homes were "virtually freehold" because of the length of the lease. But the investors who have snapped up the leases, often for just a few thousand pounds, refuse to sell them to householders unless they pay £30,000 or more. In some cases they simply refuse to sell the freehold, and are not legally required to do so.

Buyers have also complained that their attention was not drawn to the ground rent increases, as they were encouraged to use the conveyancing services provided by the developer.

Sir Peter Bottomley, MP for Worthing West, has led the campaign against leasehold abuse in parliament. He called on other developers to match the compensation to be offered to buyers of Taylor Wimpey homes.

"Taylor Wimpey has recognised that leaseholders have been disadvantaged by at least £130m," Bottomley said. "What is needed now is for all other developers to recognise their responsibilities. Developers have to rectify the impact of their past behaviour on innocent leaseholders."

The scandal of escalating ground rents comes amid a surge in leasehold sales in the UK. Earlier this month, a report by the campaign group HomeOwners Alliance warned of the worsening "nightmare" of the leasehold system in England and Wales, saying millions of homebuyers were hostages to exorbitant bills and estimating that landlords were in line to pocket £4bn from lease extensions.

Leasehold, once seen as a dying relic of the Victorian property market, has returned with a vengeance since the 1990s, according to the report. In 1996, just 22% of new builds in the UK were sold as leasehold, but this has doubled to 43% at present. In London, nine out of 10 new builds are now leasehold.

(1st June 2017)


CYBERCRIMINALS BREACHED OVER A BILLION ACCOUNTS LAST YEAR
(NBC News, dated 1st May 2017 author Herb Weisbaum)

Full article [Option 1]:

www.nbcnews.com/tech/tech-news/cybercriminals-breached-over-billion-accounts-last-year-n753131

Cybercriminals had a very good year in 2016 - and we all paid the price.

These digital bandits became more ambitious and more creative and that resulted in a year marked by "extraordinary attacks," according to the 2017 Internet Security Threat Report from Symantec. "Cyber crime hit the big time in 2016, with higher-profile victims and bigger-than-ever financial rewards," the report concluded.

"The bad guys made a lot of money last year," said Kevin Haley, director of Symantec Security Response. "They keep getting better and more efficient at what they do; they managed to fool us in new and different ways."

Some of the damage done last year:

- Data breaches that exposed 1.1 billion identities, up from 564 million in 2015
- More ransomware attacks with higher extortion demands
- Some of the biggest distributed denial of service (DDoS) attacks on record, causing "unprecedented levels of disruption" to internet traffic.

Cyber thieves have traditionally made their money by stealing a little bit from a lot of people. They've focused on raiding individual bank accounts or snagging credit card numbers. But that's starting to change, as criminal gangs are going after the banks themselves, the reported noted.

"It takes a lot of sophistication and a lot of patience - you really need to understand what you're doing - but if you can break into the bank, you can steal millions of dollars at once," Haley told NBC News. "It's like those big heist movies we see. Cybercriminals are now pulling off these big heists with specialists, sophisticated tools and some great imagination in what they do."

Email Is Back as the Favorite Way to Attack

Malicious email is now "the weapon of choice" for a wide range of cyber attacks by both criminals and state-sponsored cyber espionage groups.

Symantec found that one in 131 emails was malicious last year, up dramatically from 2015, and the highest rate in five years.

Email attacks are back because they work, the report noted: "It's a proven attack channel. It doesn't rely on vulnerabilities, but instead uses simple deception to lure victims into opening attachments, following links, or disclosing their credentials."

Remember: It was a simple spear-phishing attack - a spoofed email with instructions to reset an email password - that was used to attack the Democrats in the run-up to the 2016 presidential election.

"People are comfortable with email. They read it," Haley said. "Even when people are suspicious, the bad guys know how to fool us."

Most malicious email is disguised as a notification - most commonly an invoice or delivery notice from a well-known company. In many cases, the malicious attachment is a simple Word document. Most people don't think of a Word file as dangerous or malicious. And for the most part, they're not. But these clever crooks have a "social engineering" trick to get you to do what they want.

The information on the malicious document is deliberately unreadable, which is unsettling. A note tells the intended target to click a button that will make it possible to read the message. Do that, and you've turned on the macros that allow the malware to download onto your computer. Just like that, they've got you.

Ransomware: Everyone Is at Risk

Ransomware attacks have grown more prevalent and destructive, which is why Symantec called them "the most dangerous cyber crime threat facing consumers and businesses in 2016." The number of ransomware infections detected by Symantec grew by 36 percent last year, skyrocketing from 340,000 in 2015 to 463,000 in 2016. And it's expected to remain a major global threat this year.

This devious malware locks up computers, encrypts the data and demands payment for the unique decryption key. In the blink of an eye, entire computer systems can become useless.

Ransomware is most often hidden in innocuous-looking email, such as a bogus delivery notice or invoice. For-hire spam botnets make it easy for the crooks to send hundreds of thousands of malicious emails a day for very little cost.

It's a lucrative crime. The average ransomware demand shot up from $294 in 2015 to $1,077 last year. Research by Symantec's Norton Cyber Security Insight team found that 34 percent of the victims worldwide pay the ransom. In the U.S. that jumps to 64 percent. This willingness to pay could explain why America remains their prime target, with more than one-third of all ransomware attacks.

(1st June 2017)


BRIDGE STRIKES (Extract)
(The Railway Magazine, dated May 2017 author Chris Milner)
www.railwaymagazine.co.uk [Option 1]

Somewhere in the country, a railway bridge is hit by a vehicle every day. It's a staggering statistic, and such incidents continue to be a significant risk to railway safety. Official figures reveal bridge strikes outweigh level crossing incidents by a ratio of more than four to one. The Office of Rail and Road statistics for 2015/16 show that there were 1,753 bridge strikes, while level crossing incidents numbered just under 420.

While the number of bridge strikes equates to nearly five each day, there has been a generally downward trend since a peak in 2007/08 of 2,374. Even so, more than 90% of bridge strikes affect rail overbridges.


Top hit bridges (Strikes in 2015/16)

1. A205 St Mildreds Road, Hither Green SE12 0RL : 26
2. A205 Thurlow Park Road, Tulse Hill SE21 8JB : 22
3. Lower Downs Road, Wimbledon SW20 8QG : 16
4. A52 Barrowby Road, Grantham NG31 6PE : 14
5. A624 Hayfield Road, Chinley SK23 6DZ : 13
6= A636 Denby Dale Road, Wakefield WF3 7TG : 12
6= A142 Stuntney Road, Ely CB7 4DY : 12
8= A5 Watling Street, Hinckley LE10 0FY : 11
8= A51 Upper John Street, Lichfield WS13 6HU : 11
10= A429 Kingway, Hullavington, Wilts SN16 0HW : 10
10= B5008 Repton Road, Willington, Derbys DE65 6BP : 10

The majority of such incidents are caused by HGVs, but culprits can also include buses (around 40 such incidents a year), light vehicles and vehicles carrying plant equipment. Some years ago there was a minor incident at Atherstone where a caravan being towed under the 7ft-high bridge next to the station became wedged; so it can be all kinds of vehicle that put the railway at risk.

Awareness

As part of the education process Network Rail has worked with companies like Eddie Stobart, as well as trade bodies (Road Haulage Association and Freight Transport Association) making presentations, as they feel driver engagement and involvement is vital.

Another part of the process is encouraging drivers to be aware of vehicle dimensions and checking the height with a measuring pole as part of the walk-round routine before setting off. That action, together with entering the height on a cab display, plus using a sat nav for HGV's, where routes avoiding low or narrow bridges can be plotted, is step in th right direction. However, trucker sat navs cost £400 and when car sat navs are £50 or even free with smartphone apps, there is no incentive to use the right equipment.

Enforcement

Looking to the future, work by Network Rail bridge specialists has led to increased interest in the issue by the NR board. In addition to a national advertising campaign that includes trucking magazines, there are social media campaigns, guides for drivers printed in seven foreign languages, along with closer links between Network Rail, Traffic Commissioners, DVSA, BTP and the local police forces on enforcement.

Network Rail has also been in contact with many well known companies, including Eddie Stobart, DPD, ASDA, Yodel, Smith's, Royal Mail, UK Mail, Hermes, Fedex, SG World, to offer presentations, and is also briefing bus and coach companies. Using new technology, work is taking place to develop smartphone apps that use GPS signals and give an audible warning of low bridges before drivers get to them.

Historic records will be reviewed, as will road signage, to ensure any prosecutions can be enforced. Currently, legislation covering failure to comply with road traffic signs and careless driving is covered under Section 3 Road Traffic Act 1988, and carries a maximum fine of £2,500 as well as three to nine points on the offender's licence, however actual enforcement is another issue.

As part of this feature, under the Freedom of Information Act the Leicester Police were asked how many drivers had been prosecuted in the previous five years for traffic offences connectded with hitting the A5 bridge at Hinckley. The answer ? None.

And therein lies the problem. Incidents, disruptive as they are to the railways, are still not being taken seriously by law enforcement agencies, but work by the Network Rail specialist will hopefully change opinion and see bad drivers penalised.

(1st June 2017)


APRIL 2017


THOUSANDS OF PAEDOPHILES ESCAPING JUSTICE, WARNS FORMER POLICE CHIEF
(The Telegraph, dated 29th April 2017 author Robert Mendick)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/04/29/thousands-paedophiles-escaping-justice-warns-former-police-chief/

An astonishing 30,000 paedophiles are going unpunished even though police possess the technology to identify and arrest them, the former head of the police's online child abuse unit has told The Telegraph.

In a withering critique, the ex-police chief in charge of the Child Exploitation and Online Protection Centre (CEOP), Peter Davies, said vulnerable children were being subjected to sexual abuse that could be prevented.

Peter Davies, who retired as an assistant chief constable last month allowing him to speak out for the first time, said he was disgusted by and dismayed at the refusal of authorities to tackle the problem.

"I feel like a lone voice in the wilderness," he said. "There are tens of thousands of people who should be locked up but we don't know what to do with them."

Research by CEOP when Mr Davies headed the national unit suggested 50,000 paedophiles in the UK were downloading illegal child sex images and videos.

The unit believes a little over half of those also engage in physical abuse.

Mr Davies said that police possess the technology to identify about 30,000 of the estimated 50,000 offenders, but under current policy the crimes are largely ignored due to a lack of resources.

Mr Davies, who retired as an assistant chief constable last month, said: "I am an old-school police officer and in my opinion we should be going after these offenders and prosecuting them.

"To deal properly with this offending population we need to invest on a scale that would be radical and different. The alternative is we leave these thousands of people to carry on causing terrible harm and I don't think that is acceptable."

The lack of resources to investigate current offenders will give fuel to critics of costly high-profile historical abuse inquiries, such as the disastrous £2 million Operation Midland. The investigation into a VIP paedophile ring was launched on the basis of allegations of a single complainant who turned out to be a fantasist.

Wiltshire Police has already spent £1? million investigating the former prime minister Edward Heath, who died in 2005, amid claims it has found no evidence of wrongdoing, while the delayed Independent Inquiry into Child Sexual Abuse is expected to cost more than £100? million but has been beset by scandal and delay.

Mr Davies said: "Of the many 'historic' investigations, a few have been poorly conducted and a waste of valuable time and legitimacy. A great deal of effort and resource is being directed at areas which, while important, do not feel to me as significant as the real, present, detectable threats to children now."

The Research by CEOP when Mr Davies headed the national police unit suggested 50,000 paedophiles in the UK were downloading illegal child sex images and videos.

Of those, it thought a little over half are also 'contact' abusers, that is adults who are also physically sexually abusing children.

Mr Davies told The Telegraph that police possessed the technology to identify about 30,000 of the estimated 50,000 online offenders. Each of those should be investigated - but under current policy, the crimes are largely being ignored due to a lack of resources. The criminal justice system would simply be overwhelmed and unable to cope.

But Mr Davies said: "I am an old school police officer and in my opinion we should be going after these offenders and prosecuting them.

"What this means is to deal properly with this offending population we need to invest on a scale that would be radical and different. The alternative is we leave these thousands of people to carry on causing terrible harm and I don't think that is acceptable."

Mr Davies's comments follow a damning report last week into CEOP by the Independent Police Complaints Commission over its failure to investigate after Toronto police handed it a list of 2,000 people who had downloaded indecent films of children from a Canadian company.

The list of names was passed to CEOP by Toronto police in July 2012 but the contents ignored until October 2013.

Mr Davies was never told of the existence of the list, which contained the names of at least two serial child abusers, including Myles Bradbury, a doctor at Addenbrooke's Hospital, who admitted 25 offences, including the sexual assault of young cancer patients.

Mark Frost, 70, a former teacher scout leader, who last year admitted 45 ?offences including rape and sexual assault of boys, was also on the Operation Spade list flagged up to CEOP in 2012.

A third offender Martin Goldberg, a deputy headteacher, had taken hundreds of indecent images of children. He killed himself after police finally began an investigation.

Mr Davies, who was head of CEOP for three years until 2013, had ? attempted to shake up the organisation.

But he found himself accused of bullying by junior members of his team. He was given 'management advice'.

Mr Davies, who now works for an international security consultancy Austability, said: "I don't think people really understand what a serious offence the possession of indecent ? images of children is.

"Each image is the scene of a crime. A child has been sexually abused to create each image and any customer downloading that image is complicit in the abuse."

Police currently have the technology to catch online offenders. But if encryption systems improve, those efforts will be thwarted in the future.

Mr Davies said there was currently a 'golden opportunity' to crack down on thousands of paedophiles but that chance would be missed if encryption techniques improve.

"If this golden window of opportunity is slammed shut in a few years' time, it might stay shut forever after," said Mr Davies. "It would not be hard for police to find offenders by the thousands. I can't tell you the secrets of how that is done."

But he said resources needed to be made available and urged the Government to rethink its priorities. "We are spending for example billions of pounds on the high speed rail network. But what about the human infrastructure of this generation of children who are being sexually abused?

"And what about the insider threat posed by so many criminals committing such offences unchallenged? It is time we had a public debate about this."

(1st June 2017)


THIEVES COULD STEAL YOUR CAR BY HOLDING A BAG UP TO YOUR FRONT DOOR
(Metro, dated 29th April 2017 author Ashitha Nagesh)

Full article [Option 1]:

http://metro.co.uk/2017/04/29/thieves-could-steal-your-car-by-holding-a-bag-up-to-your-front-door-6605444/

Thieves have been caught on camera stealing someone's £60,000 BMW X5, by doing nothing more than holding a bag up to their front door.

The disturbing incident happened just days after someone's Mercedes Benz was said to have been stolen in a similar way.

According to the Daily Mail, experts believe that inside the bag there's a transmitting device that extends the signal from the BMW's keyless fob, which had been kept inside the house.

The car was driven away at around 2am on April 4, while its owners slept.

Many high-end cars now use a keyless start system, which means they can be unlocked simply by having a fob nearby.

The fobs contain computer chips and security codes that are detected by a computer inside the car.

Once the fob has been recognised as being close by, the driver can start the car's engine with just the press of a button.

Both the Mercedes and the BMW were stolen in Essex, sparking fears that a gang is targeting keyless cars.

Ray Anderson, a security expert whose firm Classic Security Solutions covers the county, told the paper that it was the fourth such car theft he'd heard of so far this year.

He warned that the only way to protect your car from similar thefts is to keep your key fob inside a metal box, or even inside the fridge.

'The metal blocks the signal,' he said. 'We think these keyless fobs continually emit a signal. You can turn them off but most people don't.

'We think, from analysing CCTV, [the thieves] are using a device to extend the signal - which makes it appear the fob is closer than it is.'

The BMW's owners didn't want to be identified, but have released the CCTV footage to warn other motorists.

'We are extremely concerned our BMW could be stolen in this way,' they said. 'We see this as a significant security breach.'

(1st June 2017)


VIOLENT CRIME RISING IN ENGLAND AND WALES, POLICE FIGURES SHOW
(The Guardian, dated 27th April 2017 author Alan Travis)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/apr/27/violent-rising-england-wales-police-figures-ons

There have been "small but genuine" increases in murder and other violent crimes, including 13-14% increases in gun and knife crime in 2016, according to the latest police-recorded crime figures.

The Office for National Statistics said the police data showed a 9% rise in overall crime in 2016, but that had to be viewed alongside the more authoritative crime survey of England and Wales, which showed an apparent 5% fall over the same period. These figures do, however, show an increase in violent crime, with a 10% rise in robberies, a 35% increase in public order offences and a 12% rise in sexual offences, including rapes.

The English and Welsh police figures include an apparently alarming 21% rise in the number of murders, up 121 to 697, but the figures include 96 cases of manslaughter at Hillsborough in 1989. Once those are excluded the increase is much lower, at 4%.

The police data also shows a 19% rise in offences involving violence against the person, but the statisticians say 40% of the increase is accounted for by the inclusion of certain types of harassment offences for the first time.

The ONS says the police figures show "small but genuine increases in some types of high-harm but small-volume violent crime". They include a 13% increase in gun crime to 5,864 incidents, driven by greater criminal use of handguns and shotguns. These figures are confirmed by ambulance response records.

The police figures also show a similar 14% rise in knife crime, with improvements in police-recording practices contributing to the increase.

"There were also small increases in some offences where recording practices are less likely to have been a driving factor," the ONS said. "For example, it is likely that recent rises in burglary and robbery reflect some genuine increases in crime. However, these recent increases should be seen in the context of substantial falls in such crime over the longer-term."

The crime survey of England and Wales, based on the public's experiences, estimated there were 6.1m offences in 2016 - a fall of 5% from the previous year.

There were a further 11.5m offences of fraud, online crime and computer misuses in 2016, which experimental statistics suggest is rising.

"The police recorded a total of 4.8m offences in the year ending December 2016, an annual rise of 9%. However, the large volume increases driving this trend are thought to reflect changes in recording processes and practices rather than crime," the statisticians said.

Both surveys showed continuing large declines in domestic burglary (down 7%), car theft (9%) and bicycle thefts (10%).

Ch Con Bill Skelly, of the National Police Chiefs' Council, said the figures showed total levels of crime were broadly stable compared with recent years. Police forces continued to see increases driven by better recording procedures and improved victim confidence in coming forward to report crimes such as domestic violence and non-recent sexual abuse.

"There are some genuine increases that police forces across the country are responding to, particularly with regard to 14% rise in knife crime and 13% increase in firearms offences. The trend, which had been declining for many years but has now begun to climb more sharply, is a key priority for the police service. Forces will continue to target habitual offenders and conduct wide-ranging proactive operations to seize thousands of illegal weapons before they can be used to cause harm," Skelly said.

"The experimental statistics also highlight the complex picture around fraud and computer misuse, with significant increases and an estimated 5.4m incidents occurring in the past 12 months. Police forces are working with partners locally and nationally to strengthen people's defences against online crime and develop new tactics and capabilities for digital policing to tackle the cyber threat."

(1st June 2017)


TUBE PICKPOCKET SQUAD TO BE DISBANDED
(London Evening Standard, dated 27th April 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/tube-pickpocket-squad-to-be-disbanded-a3525131.html

A specialist pickpocket squad which targets thieves operating on the London Underground is to be axed in a shake-up of policing on the railways.

The so-called Dip Squad which has clocked up hundreds of arrests of pickpockets in recent years is to be disbanded at the end of the week.

The move by British Transport Police echoes a decision last year to axe another specialist squad investigating sex attacks on the Tube.

That decision was later reversed after outrage over the move when it was revealed by the Standard.

Today British Transport Police said the Dip Squad was not getting disbanded "as such" but their work was being divided between two teams.

A spokeswoman said: "We'll have a dedicated team of detectives responsible for investigating theft of passenger property in London and the South East.

"We'll have six 'proactive' teams in London, responsible for carrying out patrols to target offenders and reduce crime. Previously, all of this work was the responsibility of the Dip Squad."

The specialist unit deploys officers in plain clothes who are trained to spot suspicious behaviour and who are expert at spotting the tactics and faces of the pickpocketing gangs.

Police say there is an annual issue with pickpocket gangs arriving in London for the "summer season" and targeting particular events such as Wimbledon.

During the 2012 Olympics, the force deployed uniform patrols to deter pickpocketing but also used the covert Dip Squad officers to spot the pickpocket gangs.

Insiders say pickpockets are either home grown or from Eastern Europe with some gangs travelling from South America to target London.

One source said : "These are gangs that will turn up in Barcelona or Paris, they travel wherever there are rich pickings."

The decision to disband the unit emerged on Twitter when the squad tweeted this week: "We have just arrested a Dip #Holborn after we saw him steal a phone from a lone female. Could be our last one, I am going to miss this".

However, the decision to axe the squad was greeted with concern on Twitter with one commentator saying: "Bonkers to disband them. @btp declaring open season on commuters by professional pickpockets."

Rory Geoghegan, a former Met officer and the head of criminal justice at the Centre for Social Justice think tank, said: "Theft from passengers is BTP's single biggest crime problem in London and we know that proactive policing by the Met has cut pickpocketing above ground on Oxford Street by as much as 50 per cent.

"It's therefore alarming to see a further erosion of highly effective proactive policing in the capital."

Last year a gang of pickpockets were jailed for a total of 30 years after making £5million from stealing mobile phones from commuters on the Tube.

The 11 thieves earned almost £10,000 a day targeting commuters and police recovered 1,000 phones in raids on their homes. Ringleader Nawid Moshfiq, 39, of Brentford, West London, was handed five years at Blackfriars crown court.

BTP said the decision to split the unit into two teams was part of a consultation document on a shake-up on policing the railways published last year.

(1st June 2017)


HOW YOUR COMPANY NEEDS TO TRAIN WORKERS IN CYBERSECURITY
(Computer World, dated 25th April 2017 author Matt Hamblen)

Full article [Option 1]:

www.computerworld.com/article/3192346/security/how-your-company-needs-to-train-workers-in-cybersecurity.html

With workplace cyberattacks on the rise, industry experts are pressing businesses to train their workers to be more vigilant than ever to protect passwords and sensitive data and to recognize threats.

"It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure," said Michael Kaiser, executive director of the National Cyber Security Alliance, a group that promotes education on the safe and secure use of the internet. The group's members include such major technology companies as Cisco, Facebook, Google, Intel and Microsoft.

Kaiser made his comments timed with last week's release of a Dell End-User Security Survey that found that 72% of workers are willing to share confidential company information without regard for proper data security protocols. The survey was conducted online in late February and early March with results from 2,608 professionals in companies with more than 250 workers.

"Cybersecurity education needs to be an integral part of the workplace culture," Kaiser added. "Cybersecurity education doesn't mean hosting a one-time course or seminar; it means making security a collaborative, continuous cultural initiative."

Creating a security culture at a company can be complicated. The survey found that 65% of employees recognize their responsibility to protect confidential information, but many said security programs limit their productivity. Of those who received cybersecurity training at work, 24% admitted they went ahead and used unsafe behaviors anyway in order to complete a task.

There is a "balance between protecting your data and empowering employees to be productive," said Brett Hansen, vice president of endpoint security and management at Dell. Data security needs to be the top priority "while maintaining productivity," Hansend said. It's a difficult task that requires companies to create simple, clear policies that address potential breaches.

The survey found that unsafe behaviors for accessing, sharing and storing data are common in the workplace. Forty-six percent of employees admitted to connecting to public Wi-Fi to access confidential information, while 49% admitted to using a personal email account for work tasks. The survey found 35% said it was common to take corporate information with them when leaving a company.

"As the Dell survey clearly indicates, there is still much work to be done regarding cybersecurity education and training for employees," said Kristin Judge, director of government relations for the Alliance, via email.

With political risk claims and geopolitical uncertainty increasing, Zurich's David Anderson and The Atlantic Council's Mathew Burrows talk risk scenario analysis and mitigation.

"The trend we are seeing is one of creating a culture of cybersecurity within an organization, which means taking cybersecurity best practices out of the IT department and bringing them into the risk management discussion… Effectively responding to cyber threats is relatively new on the list of day-to-day business practices -- so it will take some time to establish and instill widespread organizational change."

Avivah Litan, a security analyst at Gartner, said companies are beginning to institute cybersecurity training programs. "When it is instituted, it really makes a huge difference," Litan said in an email. She said she used to be cynical about the impact of these training programs, but has become convinced recently about how effective they can be. She wrote a blog in December describing how one Midwest energy firm had seen an almost 80% reduction in security incidents after training.

The alliance urges companies to talk frequently to workers about:

- Rules for keeping a clean machine, including what programs, apps and data that workers can install and keep on their work computers;

- Best practices for passwords, including making them long and strong, with uppercase and lowercase letters, numbers and symbols, and changing them routinely.

- Throwing out suspicious links in email, tweets, posts, online ads, messages or attachments-even if they know the source.

- Remembering to back up work, based on the policies of each company.

- Speaking up if they notice strange happenings on their computer.

(1st June 2017)


STALKING BEHAVIOUR IDENTIFIED IN 94% OF MURDERS, STUDY SHOWS
(The Guardian, dated 24th April 2017 author Jamie Grierson)

Full article [Option 1]: www.theguardian.com/uk-news/2017/apr/24/stalking-behaviour-murders-study-shows

Stalking behaviour has been identified in nine in 10 murders studied by criminologists as part of research examining a link between the two crimes.

The six-month study by the University of Gloucestershire found stalking was present in 94% of the 358 cases of criminal homicides they looked at. Surveillance activity, including covert watching, was recorded 63% of the time.

The Suzy Lamplugh Trust, which runs the National Stalking Helpline, warned that failure to take action on stalking could lead to an escalation in violence and potentially death. It called on courts to recognise stalking as a broader problem and pattern of behaviour.

The chief executive of the trust, Rachel Griffin, said: "Stalking is an obsession which can increase in risk and severity and needs to be addressed under an early intervention model.

"Acting on what are currently considered to be minor, unrelated incidents, but which are driven by a malicious intent which could later put the victim at great risk, could help to save lives."

The charity is working with three police forces and NHS trusts to pilot intervention programmes that focus on the fixation of the stalker.

"To see these changes being put into action, we need real commitment from criminal justice professionals to ensure that the intention driving the behaviour is examined and assessed for threat, and that these seemingly 'harmless actions' are seen for what they are and given the attention they deserve," Griffin said.

According to the researchers, 85% of homicides occurred in the victim's home. Dr Jane Monckton Smith, a former police officer turned criminologist, found that in almost every case the killer displayed the obsessive, fixated behaviour associated with stalking.

Stalking could present itself in acts such as rearranging a victim's garden furniture, sending unwanted gifts, loitering on the pavement outside their house, or even calling social services to maliciously report "poor" parenting.

Monckton Smith and the Suzy Lamplugh Trust have called on criminal justice professionals to review their approach to assessing risk, so the 1.1 million victims of stalking every year can receive greater protection.

"Practically every case we looked at featured examples of the obsessive, fixated behaviour that typifies stalking," Monckton Smith said.

"Sadly, it is too late for the women and children that formed part of our research so we need to do justice to their memory by acting earlier, when stalkers are demonstrating these behaviours, rather than waiting for the escalation, which can have such profound and tragic results.

"Understanding the motivation behind these behaviours, and the risk that they present, is profoundly important."

Suzy Lamplugh Trust : https://www.suzylamplugh.org/

(1st June 2017)


eBAY DENIES CLAIMS IT'S FAILING TO THWART "SYSTEMATIC FRAUD"
(The Register, dated 24th April 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/04/24/ebay_fraud/

A campaigner has gone public with his concerns over an alleged scam on eBay.

The person claimed a group of fraudsters have seemingly found a way around PayPal/eBay's anti-fraud system through a complex multi-stage scam. eBay says it has the problem in hand, a contention strongly disputed by the campaigner, who said he'd been tracking and reporting the fraud to the firm for months - without a proper clampdown by the online auction house.

The campaigner alleged the "ongoing scam" - which ultimately leaves eBay rather than its users out of pocket - would have "conservatively" cost the auction house tens of thousands of pounds over recent months.

Four stages


The informant went on to describe the scheme he alleges is at play. He claimed "phase one" begins with creating fake eBay and PayPal business accounts using throwaway webmail accounts.

These accounts are then used to sell iPhone cases and leads for three to four months, he claimed. He explains that after months of benign activity, PayPal thinks the trickster is a legit seller and releases the 21-day payment hold, allowing the account-holders instant access to any money they get through sales. eBay also clears the accounts from the shackles of a system (focused on new accounts) that checks for suspicious inventory changes, he claimed.

It's at this point that the scam kicks in, alleged the campaigner. The fraudsters begin listing items such as electric toothbrushes, power drills and Lego sets. They sell these in batches of 20+, usually around four to five batches per account.

As soon as the funds from the first batch are in, they spend the money in their accounts on iPhones and/or laptops from other legit eBay stores. The fraudsters also buy large quantities of stamps.

They also use techniques to avoid giving away their real location when picking up the goods.

By the time the first buyers who bought the first batch start asking for refunds due to the scammers not responding and the items not being delivered, most, if not all, of the money has already been spent. Scam accounts are abandoned. eBay/Paypal, left unable to retrieve the funds, must dip into its own pocket to refund scores of buyers who have been ripped off.

Dispute resolution

The average scam account makes £1,440 and rips off 99 people, according to the source, who said he'd been following the scam for months.

"Over the past 5 months I've not only told eBay about this scam several times but reported the accounts months before they scammed via @askebay on twitter and also reported every listing via the report item link.

"eBay have completely ignored me every time and by doing this from November to Now they have lost over £100,000 and over 7,000 customers have had their time wasted."

Our informant claimed that after he failed to get eBay to act, he went public with a series of blog posts documenting the alleged scam.

He first approached us over the issue last month, since which we've been talking to eBay and passing over a list provided to us of suspect accounts, which the auction house (on investigation) claimed had already raised red flags.

eBay told us it had detected the rogue accounts itself rather than as a result of our reader's alerts. "Our filters had detected behaviours associated with them that merited account reviews and necessary steps were taken to limit these accounts immediately," an eBay spokesman told El Reg. The online auction house also offered a generic comment about how it monitors suspected fraudulent abuse on its marketplace.

We have dedicated in-house detection teams and alert systems in place to identify suspicious behaviour.

Our teams share information with law enforcement agencies around the world to keep our marketplace safe for customers.

The campaigner dismissed eBay's response. "Not counting the ones you [The Register] reported, I've never in [six] months seen an account in the active scamming phase get shut down till long after it was abandoned.

"The scammers are still going, albeit in a limited capacity, for the time being," he claimed. "I'm guessing they are holding off making new accounts for a while but they'll be back. I can't see them walking away from at least £20,000 a month," he added.

He claimed the scammers were also abusing PayPal, incidentally, in furtherance of the scam. El Reg invited PayPal to comment on this and we'll update this story as and when we hear more.

A third-party infosec expert, who offered an opinion but made it clear they'd rather not be quoted, said that they could see how such a scam would work but commented that it appears the victim in this is eBay as the account-holders who are targeted end up getting their money back. "The main victim is eBay [which] may have estimated the costs of dealing with this level and type of fraud outweigh the costs due to the losses," our source offered.

The campaigner accepted this point.

(1st June 2017)


LONDON SCHOOLCHILDREN "USING ACID" INSTEAD OF KNIVES AS WEAPON OF CHOICE"
(London Evening Standard, dated 23rd April 2017 author Mark Chandler)

Full article [Option 1]:

www.standard.co.uk/news/crime/london-schoolchildren-using-acid-instead-of-knives-as-weapon-of-choice-a3521641.html

London schoolchildren are increasingly using acid as a weapon instead of knives, it is claimed.

The attacks, known as "dosing", have seen a sharp increase in recent years, with youths smuggling acid or ammonia into school hidden inside drinks bottles.

One teenager told the Sunday Times many children were using a bottle of cheap household cleaner as a weapon.

The 18-year-old, who claimed to have carried acid since he was 12, said: "You can get that for, like, £5 and f*** someone's whole life up.

"Or you can just buy ammonia. That's £3. Just keep it in a drinks bottle."

He added: "A lot of people ain't got the heart to stab people.

"It's just easier to squirt someone."

Data released last month showed a sharp rise in such attacks in the capital.

The figures, released by the Metropolitan Police, showed the number of reported attacks in London rose from 261 in 2015 to 454 in 2016, a rise of 74 per cent.

A shocking series of alleged acid attacks have been reported in the capital over the past few weeks, including one at Sydney Russell School in Dagenham which saw three children arrested.

Other incident away from school included an alleged attack at Dalston nightclub Mangle where two people were left blind in one eye and a further 18 were injured.

Chief Superintendent Sean Wilson, of the Met Police's East Area Basic Command Unit appealed for parents' help in tackling the problem.

He said: "We are aware of a growing trend in the use of noxious substances in assaults.

"Assaults involving corrosive liquids such as acids are horrific and the impact on victims can be devastating.

"We have schools and youth engagement officers who work closely with young people in their communities. We are working to understand why more people appear to want to use a noxious substance as a weapon. "

He said: "Our officers are proactive around preventing and detecting these type of incidents. Anyone caught carrying noxious substances will be arrested and face being prosecuted for possession of an offensive weapon.

"Those who are arrested and prosecuted for using noxious substances against others will be dealt with through the courts.

"We would ask for parents, teachers and our communities to support us. If you know of a child or a pupil storing and carrying a noxious substance, then we must challenge them and ask them why.

"If your child knows of anyone in possession of a noxious substance then we encourage them to make contact with us or speak to their teachers. This may prevent someone from being very seriously injured."

(1st June 2017)


STALKERS UNLIKELY TO BE JAILED EVEN FOR REPEAT OFFENCES, OFFICIAL FIGURES SHOW
(The Guardian, dated 22nd April 2017 author Jamie Doward)

Full article [Option 1]:

www.theguardian.com/law/2017/apr/22/stalkers-unlikely-to-be-jailed

Offenders convicted of stalking or harassment who repeatedly breach their restraining orders often escape with fines and non-custodial sentences, according to new figures.

Politicians and victim support groups warn that lives are being put at risk by failure to take action against repeat offenders who habitually breach the orders, which can be imposed for a range of offences also including domestic violence and coercive control.

Figures from the Ministry of Justice in response to parliamentary questions reveal that the number of restraining orders imposed by courts in England and Wales rose from 20,356 in 2013 to 23,057 in 2015, up 13%. Just over a third of these - nearly 8,500 - were breached. Penalties for breaching an order can result in a prison sentence of up to five years. But MoJ figures reveal that almost two-thirds of those who breached their orders received a non-custodial sentence. Even when the offender had committed multiple breaches, a custodial term was unlikely.

Almost 60% of those who breached a second time avoided a custodial sentence. Almost half of those who breached a third time (49%) avoided jail, as did 38% of those who breached on four occasions.

The government said in December that it was "determined to do everything possible to protect all victims of stalking and stop perpetrators at the earliest opportunity". But victims' charities said the law was failing to protect the vulnerable who, in the vast majority of cases, were women.

"Stalking victims are being put at great risk when police, CPS and courts fail to uphold restraining orders and allow breaches to go unpunished," said Claire Waxman, a stalking survivor who founded the charity Voice4Victims. "This gives the stalker the belief that their behaviour is acceptable and that the order is meaningless. The victim suffers further trauma as they realise that they are powerless and that this legal intervention does not deter their abuser, nor provide any real security or protection. The victim is left vulnerable and fearful of what will come next."


Experts say that the breach rate for stalking and harassment restraining orders is significantly higher than for other offences, because of the obsessive nature of the perpetrators' behaviour. But victim support groups said that unless firm action was taken against perpetrators there remained a significant risk that their crimes could escalate into further serious offences such as rape, assault and murder.

Emily Maitlis, a journalist on BBC Newsnight, was stalked for 25 years by a former university acquaintance, Edward Vines, despite his being subject to an order forbidding contact with her. Vines was jailed only after breaching the order on two occasions. Victim support groups claim that better monitoring of restraining orders to ensure compliance with them would help reduce the threat of harm to victims - and send a clear signal to perpetrators that continued harassment would result in custody.

The Sentencing Council for England and Wales, the independent body responsible for developing sentencing guidelines for the courts, is consulting on breach offences, including those involving restraining orders. The council will hand down new draft guidelines on Tuesday that some MPs hope will result in a tougher line against repeat offenders.

Liz Saville Roberts, Plaid Cymru's justice and home affairs spokesperson, said: "It is clear that sanctions for failing to comply with restraining orders must be strengthened."

Harry Fletcher, co-director of Voice4Victims, said: "There should be a presumption of custody if a person breaches on two or more occasions. There should also be consistency in the conditions imposed in restraining orders and these must include banning the offender from making contact through social media, via a third party and from making vexatious applications in the family or civil courts."

The Ministry of Justice said: "Decisions on the sentence to be imposed for breaches of such orders are for judges and magistrates, who will make their decision based on the full facts of the individual case they are hearing."

(1st June 2017)


UK LIKELY TO FACE NATIONAL CYBER EMERGENCY, SAYS NCSC
(Computer Weekly, dated 21st April 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450417266/UK-likely-to-face-national-cyber-emergency-says-NCSC

The UK has not had to face a top-level cyber security threat before, but the National Cyber Security Centre (NCSC) is continually preparing for what it considers to be inevitable.

"A level-1 cyber attack would be a classic national emergency that the government would take very seriously and the average person on the street would probably notice some sort of impact on their lives," said Felicity Oswald, deputy director of strategy and effectiveness at NCSC.

"It is not a question of 'if' but 'when'. We know it is going to happen," she told a Policy-UK forum in London on the British approach to cyber security.

Most incidents are level-3. "These are every day incidents to us, but are still hugely significant to UK organisations," said Oswald.

A level-2 incident typically matters at a sectoral level. It is a threat that is hitting more than one organisation or it is something on a national scale.

The NCSC has dealt with a "few hundred" of incidents in the first six months of its existence, said Oswald, but she did not say if any of those were level-2 incidents.

Responding to incidents is one of three main strategic goals of the NCSC. For this reason, the NCSC has a large incident management team. "We do our best to support all organisations during a cyber security incident or attack," said Oswald.

Understanding the threats against the UK and UK organisations in great detail is another strategic goal, but Oswald said this is not possible using GCHQ knowledge alone.

"We also need to bring in all the knowledge available in industry and share organisational knowledge across sectors," she said, adding that the NCSC is keen to get feedback from industry.

"We want to be collaborative, we want to be different, and we want to be open and accountable, so tell us what is working and what is not."

Addressing vulnerabities

Addressing systemic vulnerabilities is part of the goal of understanding cyber threats to the UK and includes the NCSC's Active Cyber Defence (ACD) programme, which is intended to tackle -in a relatively automated way - a significant amount of the cyber attacks that hit the UK.

"The work we do needs to not just include interesting theoretical pieces about threats. We must think practically about how we can come up with big interventions to stop them at source," said Oswald.

"The second part of resilience is reducing risks. We do that through providing good advice based on the threats we understand are coming or have already arisen in a number of ways.

"The NCSC provides advice to everyone, from easily accessible advice to the public [via the NCSC website, weekly threat reports and social media] to highly classified advice to the top end of the national critical infrastructure and government," she said.

The NCSC also provides information to small and large business through the cyber security information sharing partnership (Cisp).

The third strategic goal of the NCSC is nurturing and growing cyber security capability in the UK, and providing leadership on critical national cyber security issues.

Keeping track of cyber threats


It is challenging to know what will happen next, said Oswald. "But we know cyber threats are growing. The government in the UK is taking these threats very seriously and investing heavily, but we also know that we can't do it alone.

"We need industry, not just to give us feedback, but to be part of the ecosystem, to be driving at the same things, to be holding us to account, and to also being doing their bit," he said.

Asked if there is likely to be any policy change on permitting Chinese involvement in the UK's tier-1 infrastructure through Chinese-made hardware such as routers, Oswald said prime minister Theresa May has made it clear she is keen to ensure key UK critical national infrastructure (CNI) is protected.

"One of the ways we have to do that is to ensure that where foreign investors are involved, we are 100% certain we know who they are, what they do, and what their intentions are around key CNI."

Oswald said the government is also expected to publish a green paper later in 2017 that sets out a new plan for foreign direct investment. "We expect that, in line with the prime minister's commitment, there will be some changes in policy and potentially legislation as well."

###Fighting cyber crime with deterrence

Asked if it was part of UK policy to stop threats before they happen, Oswald said deterrence is a big part of the national cyber security strategy.

"We don't just mean to deter foreign state adversaries, but also hacktivists and cyber criminals. And one of the ways we want to do that is to make it both more costly and less rewarding to carry out cyber attacks.

"An example of this is the work we are doing on email spoofing by encouraging free email providers to implement the Dmarc [domain-based message authentication, reporting and conformance] protocol to ensure email senders are who they appear or claim to be," he said.

This enables free email providers and other domain owners to block spoofed emails, making it less rewarding for cyber criminals to set up fake email accounts.

Implementation of Dmarc is mandatory for public sector bodies as part of the active cyber defence programme led by the NCSC.

In November 2016, HM Revenue & Customs announced it was geared up to block the half a billion phishing emails sent per year designed to steal personal and financial information or deliver malware from ever reaching UK taxpayers using Dmarc.

(1st June 2017)


TRAVELLERS FACE FINES AFTER HEATHROW "PARKING SCAM"
(London Evening Standard, dated 21st April 2017 author Ben Morgan)

Full article [Option 1]:

www.standard.co.uk/news/london/travellers-face-fines-after-heathrow-parking-scam-a3519966.html

Heathrow travellers were today warned to be vigilant after almost 300 fines were issued on cars stored without permission by a private parking firm.

The penalties were given out over four days at two car parks run by Hillingdon council.

The town hall's trading standards team is now investigating whether one firm is using the car parks to store vehicles while the owners are away.

It is alleged that the owners did not park them and cars were not authorised to be left at the two sites, resulting in parking fines. Scores of parking companies near the airport offer "meet and greet" services, where cars are picked up and stored in a secure compound while the owners are away, for as much as £150 a week.

In photographs of the Yiewsley car park posted online by resident Sarah Harvey vehicles including BMWs, Mercedes and 4x4s have as many as five £60 fixed penalty notices attached to windscreens. Ms Harvey said: "I looked inside a few cars and saw some tickets on the seat that clearly say Terminal 2. It looks like people are being ripped off by the airport parking."

The 275 tickets were handed out in Fairfield Road car park, Yiewsley and Brandville Road car park, West Drayton. The total value of the fines is estimated to be £16,500.

A council spokesman said: "We urge members of the public to make adequate checks with any companies they are considering leaving their cars with, and wherever possible ensure that the facilities and services companies offer meet expectations, particularly with regards to the security of vehicles. We are aware of reports that some vehicles were parked in the car parks by a Heathrow parking company and not the vehicle owners.

"This is a matter we're taking very seriously. Our trading standards team has launched an investigation and will be contacting the people who have received the parking tickets.

"Everyone who receives a parking ticket has the right to appeal and we will be dealing with each ticket on a case-by-case basis."

Anyone with information should contact trading standards via the Citizens Advice helpline on 0345 4 040506

(1st June 2017)


THOUSANDS EXPOSED TO HACKERS BY WIFI ROUTERS
(The Independent, dated 20th April 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/wifi-hackers-risk-linksys-routers-exposed-a7691496.html

Security researchers have discovered a range of vulnerabilities affecting a range of Wi-Fi routers.

Both "high-risk" and "low-risk" issues have been uncovered in more than 20 different Linksys router models, over 7,000 of which were "exposed on the internet" when the research was conducted in the fourth quarter of 2016.

The vulnerabilities could allow cybercriminals to leak information about devices connected to the router, as well as overload the router itself and deny access to a user.

The issues were detected by Tao Sauvage, a senior security consultant at IOActive, and independent researcher Antide Petit.

"A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation, and information disclosure," said Mr Sauvage.

"Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks."

The Mirai botnet used insecure Internet of Things devices, such as cameras, routers, and light bulbs, to launch a massive attack against a top security blogger last September.

IOActive found ten vulnerabilities in Linksys products, which were reported to the company in January.

###The affected models are:

EA2700
EA2750
EA3500
EA4500v3
EA6100
EA6200
EA6300
EA6350v2
EA6350v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500
WRT1200AC
WRT1900AC
WRT1900ACS

Linksys has issued a security advisory, including a workaround for customers until final firmware updates are released in the coming weeks.

"As we work towards publishing firmware updates, as a temporary fix, we recommend that customers using Guest Networks on any of the affected products below temporarily disable this feature to avoid any attempts at malicious activity," it wrote.

"We will be releasing firmware updates for all affected devices. In order for your device to receive the update as soon as it is available, please make sure you have automatic updates enabled."

Linksys also recommends users change the default administrator password for their routers.

(1st June 2017)


BOSE HEADPHONES SECRETLY COLLECT USER DETAILS THROUGH APP
(The Independent, dated 20th April 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/bose-headphones-app-user-details-smartphone-lawsuit-claim-quietcomfort-soundsport-a7693606.html

Bose is being sued for allegedly spying on customers and selling their personal data to advertisers.

A lawsuit filed in federal court by Chicago resident Kyle Zak this week claims the company demonstrated a "wholesale disregard" for the privacy of consumers.

Mr Zak says he downloaded the Bose Connect app after purchasing the company's QuietComfort 35 headphones, signing up by entering his name, email address and headphone serial number.

The app allows users to control a range of features, such as noise cancellation and software updates, on their smartphone.

However, according to Mr Zak, it also secretly keeps a record of every song and podcast a user listens to, and sells it to third parties, such as analytics firm Segment.io.

Connect also works with Bose's SoundSport wireless, SoundSport Pulse wireless, QuietControl 30 and SoundLink wireless II headphones, as well as its SoundLink Color II, SoundLink Revolve and SoundLink Revolve+ speakers.

"People should be uncomfortable with it," Christopher Dore, a lawyer representing Mr Zak, told Reuters.

"People put headphones on their head because they think it's private, but they can be giving out information they don't want to share."

Mr Zak claims the data allegedly gathered and sold by Bose can provide "an incredible amount of insight" into customers' behaviour and political and religious views.

He is seeking $5 million in damages and an injunction preventing the company from collecting user data.

(1st June 2017)


THIRTY THOUSAND GUN OWNERS HIT BY MET POLICE DATA BREACH
(The Register, dated 19th April 2017 author Gareth Corfield)

Full article [Option 1]:

www.theregister.co.uk/2017/04/19/met_police_30000_gun_owner_data_breach/

Who gave marketing agency access to super-sensitive address database?

London gun owners are asking questions of the Metropolitan Police after the force seemingly handed the addresses of 30,000 firearm and shotgun owners to a direct mail marketing agency for a commercial firm's advertising campaign.

The first any of the affected people knew about the blunder was when the leaflet (pictured below) landed on their doormats in Tuesday's post.

Titled "Protect your firearms and shotguns with Smartwater", the leaflet - which features Met Police logos - advises firearm and shotgun certificate holders to "buy a firearms protection pack at a reduced price" of £8.95.

Smartwater is basically invisible ink. You mark your property using it and if you are burgled, police can use a UV light reader to see who rightfully owns stolen items. The company behind it was formed by an ex-police detective and his industrial chemist brother, and the firm has since forged very close links with a number of UK police forces. Its website boasts of the "traceable liquid's" crime-reducing properties, something that police actively endorse.

The promotional firearms security packs being peddled by Smartwater and the Met appear to be little more than a small can of the "traceable liquid" and the "right to display SmartWater's THIEVES BEWARE® deterrent signage for 5 YEARS", as the product page puts it.

The security implications of the Met distributing home addresses of the capital's 30,000 gun owners (about 5,000 rifle owners and 25,000 shotgun owners) are severe. A large part of firearms security is through obscurity; you take every precaution against strangers learning what your home address is if you store firearms there because that makes you a target for criminals.

It is not clear why firearms and shotguns stamped with serial numbers recorded against the owner's name and address on a police-controlled database need extra marking. Forensic scientists are easily capable of reading a filed-off or altered serial number, two common tricks criminals use in the hope of making their illegally acquired guns untraceable.

Neither is it clear why the Met is helping a commercial advertising campaign. While Smartwater kits are routinely offered to burglary victims by the force, this appears to be the first time it has supplied personal details from its databases to marketers.

Questions were immediately raised as to whether the Met had broken the law. The data protection statement that both police and certificate holders agree to is found in Firearms Form 201 (PDF), the application form for a firearm certificate. It says:

I understand that all information submitted will be handled in accordance with the Data Protection Act 1998 and the Freedom of Information Act 2000 and connected legislation. I understand and give consent for information contained within my application form or obtained in the course of deciding the application to be shared with: my GP, other government departments, regulatory bodies or enforcement agencies in the course of either deciding the application or in pursuance of maintaining public safety or the peace.

Note: Any information shared will be shared in accordance with data sharing protocols. We do not share your personal or company details with other applicants or members of the public and treat information in connection with the application in confidence, but individuals should be aware that we may be required to disclose some information in accordance with the legislation referred to above.

A spokesperson for the Information Commissioner's Office told The Register: "Businesses and organisations are required under the Data Protection Act to keep people's personal data safe and secure. If people have concerns about the way an organisation is handling their personal data, they can report them to us."

The British Association for Shooting and Conservation told us: "BASC has spoken with the Metropolitan Police and we understand they are investigating this matter. We are not in a position to comment further until the result of that investigation is known."

A Met press officer did not immediately respond to our questions, saying that the key person responsible was on leave.

The envelope containing the leaflet was stamped with a return address for "YDM", Bramley Business Centre, Leeds. A direct marketing company called Yes Direct Mail, based at the same address, acknowledged our call seeking comment and said its managing director was out of the office.

(1st June 2017)


FIFTH OF BRITISH BUSINESSES HACKED BY CYBER CRIMINALS
(Sky News, dated 18th April 2017)

Full article [Option 1]:

http://news.sky.com/story/fifth-of-british-businesses-hacked-by-cyber-criminals-10841874

A fifth of British businesses have been hacked by cyber criminals in the last 12 months - with larger firms the most at risk.

A survey by the British Chambers of Commerce (BCC) found 42% of big businesses had fallen victim to cyber crime, compared with 18% of small companies.

Only a quarter (24%) of those questioned said their business had security measures in place to guard against hacking.

Adam Marshall, BCC director-general, said: "Cyber attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity.

"While firms of all sizes, from major corporations to one-man operations, fall prey to attacks, our evidence shows that large companies are more likely to experience them.

"Firms need to be proactive about protecting themselves from cyber attacks.

"Security accreditations can help businesses assess their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online."

Yahoo, telecoms firm TalkTalk and dating website Ashley Madison are among the high-profile businesses to have been subject to cyber attacks in recent years.

A Government spokesman said: "It's essential businesses take responsibility for their cyber security risks and we urge them to take advantage of our free advice, online training and Cyber Essentials scheme to protect against attacks."

------------------------------------------------
NEARLY HALF OF FIRMS HAD A CYBER ATTACK OR BREACH
(BBC News, dated 19th April 2017 author Chris Baraniuk)

Full article : www.bbc.co.uk/news/technology-39641292

Nearly half (46%) of British businesses discovered at least one cybersecurity breach or attack in the past year, a government survey has indicated.

That proportion rose to two-thirds among medium and large companies.

Most often, these breaches involved fraudulent emails being sent to staff or security issues relating to viruses, spyware or malware.

The survey was completed by 1,500 UK businesses and included 30 in-depth interviews.

The government said a "sizeable proportion" of the businesses still did not have "basic protections" in place.

While many had enacted rudimentary technical controls, only one-third had a formal policy covering cybersecurity risks.

Less than a third (29%) had assigned a specific board member to be responsible for cybersecurity.

Businesses' susceptibility to cyber-attacks was a known issue, noted Prof Andrew Martin at the University of Oxford.

"A lot of businesses have responded to the problem with a box-ticking exercise or by paying an expensive consultant to make them feel better - it's far from clear that what people are doing is protecting them very well," he told the BBC.

He added it remained difficult for most people to distinguish malicious emails or websites from safe ones.

"It's all very well to say don't open emails from an unknown source - but most of us couldn't do business if [we] didn't do that," he added.

The government's survey indicates, however, that fewer businesses in 2017 consider cybersecurity to be of "very low priority". It said 74% now agreed it was a high priority issue for senior management.

The report also highlighted some unusual cybersecurity cases.

It said a large materials supplier for the construction industry faced "significant and ongoing" attacks, despite not having any e-commerce activities of its own.

"This included over 3,000 phishing emails a month and various ransomware attacks," the report noted.

Phishing is a form of cyber-attack in which emails with malicious links or attachments are disguised as genuine.

The most damaging case of ransomware at the firm in question caused its IT team to lose "around two weeks" of productivity.

Since then, the business has reviewed its cybersecurity policies.

(1st June 2017)


CYBER ATTACK HITS 1200 INTERCONTINENTAL HOTELS IN UNITED STATES
(Reuters, dated 19th April 2017 author Alistair Sharp)

Full article [Option 1]:

http://uk.reuters.com/article/intercontinental-cyber-idUKL1N1HR13K

Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States, including Holiday Inn and Crowne Plaza, were victims of a three-month cyber attack that sought to steal customer payment card data.

The company declined to say how many payment cards were stolen in the attack, the latest in a hacking spree on prominent hospitality companies including Hyatt Hotels Corp, Hilton, and Starwood Hotels, now owned by Marriott International Inc .

The breach lasted from September 29 to December 29, InterContinental spokesman Neil Hirsch said on Wednesday. He declined to say if losses were covered by insurance or what financial impact the hacking might have on the hotels that were compromised, which also included Hotel Indigo, Candlewood Suites and Staybridge Suites properties.

The malware searched for track data stored on magnetic stripes, which includes name, card number, expiration date and internal verification code, the company said.

Hotel operators have become popular targets because they are easier to breach than other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers, said Itay Glick, chief executive of Israeli cyber-security company Votiro. "They don't have massive data centers like banks which have very secure systems to protect themselves," said Glick.

InterContinental declined to say how many franchised properties it has in the United States, which is part of its business unit in the Americas with 3,633 such properties.

In February, InterContinental said it had been victim of a cyber attack, but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware.

(1st June 2017)


THESE ARE THE 12 UNHAPPIEST PLACES TO LIVE IN BRITAIN
(The Telegraph, dated 18th April 2017 author Adam Boult)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/04/18/12-unhappiest-places-live-britain/

Recent data from the Office of National Statistics, recording levels of personal well-being in the UK between October 2015 and September 2016, has revealed the areas of the UK where life satisfaction is lowest.

Members of the public across the UK were asked the following four questions, and asked to respond on a scale of 0 to 10:

- overall, how satisfied are you with your life nowadays?
- overall, to what extent do you feel the things you do in your life are worthwhile?
- overall, how happy did you feel yesterday?
- overall, how anxious did you feel yesterday?

According to the responses, the areas of the UK with the lowest levels of well-being are all in England, and six of them are in London.

Office for National Statistics representative Matthew Steel, discussing the findings, said: "At a time when economic measures are generally improving, this is not necessarily reflected in how people tell us they are feeling about their lives.

"Whilst it is too early to say why anxiety ratings have increased slightly and why life satisfaction, happiness and worthwhile ratings have levelled off in the past 12 months, we know from our previous research that factors impacting most on people's personal well-being include health, work situation and relationship status."

See below for a countdown of the 12 unhappiest places in Britain:

12. Hackney
11. Enfield
10. Islington
9. Boston (Lincs)
8. Haringey
7. Greenwich
6. Lewisham
5. Wolverhampton
4. Preston
3. Burnley
2. West Lancashire
1. Corby

(1st June 2017)


HACKERS ATTACKED ON IN FIVE UK FIRMS LAST YEAR, SURVEY FINDS
(The Guardian, dated 18th April 2017 author Phillip Inman)

Full article [Option 1]:

www.theguardian.com/technology/2017/apr/18/hackers-attacked-one-in-four-uk-firms-last-year-survey-finds

Cybercriminals have attacked one in five British businesses in the past year, many of which lack even the most basic security measures to protect confidential information. A report by the British Chambers of Commerce (BCC) found that only 24% of businesses said they had security in place to guard against hacking, despite the rising danger of attacks and increasing publicity about the threat.

Larger companies, defined as those with at least 100 staff, were more susceptible to cyber-attacks, with 42% of big businesses falling victim to cybercrime, compared with 18% of small companies.

The survey of 1,200 businesses follows a series of high-profile attacks on company databases, including those at search engine Yahoo, telecoms firm TalkTalk and dating website Ashley Madison.

Last year Yahoo discovered that hackers had accessed email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers from more than 1bn user accounts in August 2013, making it the largest such breach in history.

Adam Marshall, the BCC director-general, said: "Cyber-attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity. While firms of all sizes, from major corporations to one-man operations, fall prey to attacks, our evidence shows that large companies are more likely to experience them."

The survey found that most businesses were reliant on IT providers to resolve issues after an attack (63%), compared with 12% of banks and financial institutions and 2% of police and law enforcement agencies, which tend to have in-house expertise.

Marshall said: "Firms need to be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don't adopt the appropriate protections leave themselves open to tough penalties."

TalkTalk was hit last year with a record £400,000 fine for security failings that led to the company being hacked in October 2015. The Information Commissioner's Office levied the fine, saying that the attack "could have been prevented if TalkTalk had taken basic steps to protect customers' information".

Hackers accessed the personal information of more than 150,000 customers of the internet service provider, including sensitive financial data for more than 15,000 people.

Marshall added: "Companies are reporting a reliance on IT support providers to resolve cyber-attacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cybersecurity breach and increase clarity around the response options available to victims, which would help minimise the occurrence of cybercrime," he said.

(1st June 2017)


ROMANIAN MURDERER SLIPPED PAST UK BORDER PATROL AFTER KICKING FRIEND TO PULP
(International Business Times, dated 16th April 2017 author Lewis Dean)

Full article [Option 1]:

www.ibtimes.co.uk/romanian-murderer-slipped-past-uk-border-patrol-after-kicking-friend-pulp-1617177

A Romanian gangster who went on the run after kicking his friend to death in Italy managed to slip UK Border Patrol and lived in London for six years before being caught. Valentin Jinau battered the man to death in an underworld hit in 2010, and went on the run to avoid justice.

He was sentenced to 14 years in his absence by an Italian court but by that point was already living in Wembley, north-west London, after he used his own passport to enter the UK on a bus through Dover.

He set up home in the capital and sent for his wife and young daughter, while working at a hotel and a car wash that was managed by other Romanians.

For six years he lived under the radar of Italian prosecutors until photos on his Facebook profile and a video on YouTube of him celebrating his birthday tipped off investigators to his whereabouts.

Metropolitan Police officers were alerted and arrested him before he was deported to Italy.

His wife told the Sun newspaper: "He used his own passport and ID. He didn't lie about who he was. We know he was sentenced to 15 years but he didn't do anything."

The Home Office said "100% checks" were performed at the border.

News of Jianu's deportation came weeks after Albanian murderer Selami Cokaj sneaked back into the UK after being deported in 2009. The killer, who stabbed a man to death but escaped prison in 1999, managed to evade Border officials to return to the UK and set up a new life in Leicestershire.

uaware comment

A sad inditement of UK passport control and who is allowed and not allowed to use UK services. You could say, well it is onlly one individual; the sad fact of the matter is that the UK does not know who goes across its borders.
The odd situation is that the UK had a system in place to capture criminals like this, it only needed to be developed, but it was switched off.
Bear in mind also that police across each EU state are meant to share data of criminals "on the run"; well that hasn't worked either has it !

(1st June 2017)


WHAT HAPPENS TO YOUR DATA ONCE IT IS ON THE DARK WEB ?
(International Business Times, dated 15th April 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/what-happens-your-data-once-it-dark-web-1617115#

The dark web is the murky underworld of the Internet where hundreds of online communities illegally trade a wide variety of commodities, from stolen user data to drugs and weapons. Over the past few years, given the alarming escalation of data breaches, dark web marketplaces are reportedly flooded with stolen user credentials being traded for a quick buck. But what happens to your data after it has been stolen by hackers and put up on the dark web?

IBTimes UK spoke to Andrei Barysevich, director of advanced collection at Recorded Future, a cybersecurity firm that uses AI (artificial intelligence) to mine the dark web for malicious activities. Barysevich said that the "dark web historically has been the main congregation point for hackers and online fraudsters, providing access to the largest targeted audience safely."

According to the firm, the dark web is home to both high-profile cybercrime syndicates as well as low-level "script kiddies". Some "exclusive" dark web communities require prospective members to cough up a fee, which could range from a few to thousands of dollars and even require current members to vouch for a new entry.

What happens to stolen data on the dark web?

Stolen credentials are generally listed on the dark web to be sold so hackers can make a quick buck. Barysevich said that different kinds of user credentials have different value to cybercriminals. For instance, banking credentials are considered the most valuable. "Such credentials provide the biggest financial return to criminals and are often monetized by hackers directly through unauthorized financial transactions," Barysevich told IBTimes UK.

He added, "The second (and most common) type is e-commerce and email credentials, which are obtained through brute-forcing attacks using readily available tools and previously leaked databases.

"Employee credentials to various corporate networks are the rarest commodity on the underground and often sold to vetted and established buyers, fetching anywhere from a couple of hundred to thousands of dollars."

Barysevich said that stolen data is likely "resold in bulk" via "automated marketplaces. On an average, raw "email: password databases" are sold for $50 per one million credentials. However, retail accounts are generally sold for only a couple of dollars per record.

How are user credentials valuable to cybercriminals?

Cybercriminals are known to use stolen credentials to launch cybercrime campaigns as well as perpetuate crimes such as identity theft and scams. However, user data has other uses and can allow hackers entry into corporations.

"Stolen credentials could be utilized as a staging point to infiltrate almost any online service that utilizes email and password as a login combination. Access to stolen emails is often used to launch large-scale spam campaigns, advertising shady goods and services or distributing malicious files," Barysevich said.

Alarmingly, stolen user data can also remain valuable long after users have reset passwords.
Barysevich said, "Unfortunately, oftentimes compromised data represents significant threat long after users update their passwords on a compromised resource or system." He added that the much belaboured yet common practise of password reuse means that "a single breach immediately offers hackers undeterred access to dozens of unrelated companies."

He said, "Data stolen during high-profile breaches, such as the latest Yahoo compromise, is rarely immediately available for sale on the dark web. Despite publicly acknowledging the penetration of company networks by unknown hackers and requesting users to update their login passwords, stolen records were rumored to be available only to a handful of privileged criminals at a hefty price tag of several hundreds of thousands of dollars."

Data tracking and recovery on the dark is very challenging


Despite the volume of stolen user data available on the dark web, tracking its flow and its recovery can be "very challenging", according to Barysevich. He said that although recovering stolen data may be imperative to companies, it can pose a "moral and legal dilemma".

"On one hand, a company has a responsibility to retrieve a customer's records before they fall into the wrong hands and uncontrolled dissemination across criminal underground begins," Barysevich said. "On the other hand, purchase of data is inevitably incentivising criminals to continue their nefarious affairs and in many cases could pose a significant legal concern."

However, experts at Recorded Future believe that dark web threat research can help companies not just track and recover stolen data but also understand the inner workings of underground cybercrime communities and potentially predict and prevent cyberattacks.

(1st June 2017)


CAR PARKING APP SHARES 2000 CUSTOMERS PRIVATE DETAILS AFTER COMPANY SUFFERS GLITCH
(The Telegraph, dated 15th April 2017 author Fiona Parker)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/04/15/car-parking-app-customers-personal-data-shared-others-company/

Thousands of users of a parking app may have had their personal details shared with other customers.

Around 2,000 customers of the parking app RingGo were presented with other people's details when they logged into the service.

Many took to Twitter to complain of seeing people's names, vehicle registrations, email addresses and even credit card details.

The app allows users to register several cars and pay to park them in hundreds of locations across the country.

One customer, John Rust, tweeted: "Just got a call from a guy who logged into @RingGo_parking app and it loaded my personal info - he phoned my mobile number that was revealed."

Another, Thomas Bathurst, branding the incident "awful", reported seeing credit card information and car details.

The company confirmed the problem occurred after a new version of the app was released in on Tuesday and said a full investigation was being launched and a report had been submitted to the Information Commissioner's Office.

But on Thursday a glitch in the database meant some drivers were able to see details from other accounts during peak rush hour.

A spokesman from RingGo yesterday confirmed the data breach.

He said: "As soon as the issue came to our attention we ran a fix and by 0930 no additional motorists' info could be viewed.

"We believe the actual number of people who have been directly impacted is around 600.

"This error is totally unacceptable and we apologise sincerely to those affected."

The spokesperson said a further 1400 accounts had potentially been affected because they were parking at the time the incident began.

They added: "We can assure customers that no useable payment card information was displayed - only the last 4 digits are shown. Some personal data could have been visible, eg name, vehicle registration."

(1st June 2017)


BURGLARS EXPLOIT STOLEN AIRBNB GUEST ACCOUNTS
(The Times, dated 15th April 2017 author Kat Lay)
www.thetimes.co.uk [Option 1]

Airbnb has announced new security measures after an investigation found that hosts had been burgled by thieves using stolen guest accounts on the homesharing website.

Many hosts choose to let their homes only to people who have verified profiles, meaning that they have shown Airbnb identification such as a passport, and have positive reviews from previous bookings. However, scammers have been hijacking the accounts and changing personal details, such as the name, location and photograph, to book rooms.

One host who had rented out his apartment for a weekend told the BBC that he received a text message from the account holder that he thought was staying there saying that their account had ben compromised. He returned home with police to find his living room empty. The BBC said that it was aware of at least two other similar burglaries and three people who had had their guest accounts accessed.

Airbnb's Facebook page has dozens of comments from people affected.

"Unfortunately there have been some incidents where hosts and guests have suffered," Nathan Blecharczyk,a co-founder of Airbnb, said. "This is not acceptable to us. We're working around the clock to do everything we can to improve our detection and prevention methods."

The sitee is introducing a two-step verification process in which users must input both their password and a code sent to their mobile phone. It will also send a text message alerts when profile information is changed.

(1st June 2017)


MET POLICE SPEND £200m JUST TO REHIRE RETIRED OFFICERS
(Daily Mail, dated 14th April 2017 author Rebecca Camber)

Full article [Option 1]:

www.dailymail.co.uk/news/article-4410716/Met-Police-spend-200m-just-rehire-retired-officers.html

Britain's biggest police force has paid out over £200million to a single job agency to rehire its own retired officers and staff.

The Metropolitan Police's spending on recruitment firms for temporary staff has almost doubled in three years as senior officers blame soaring crime rates on budget cuts.

One job agency has even set up its own office within Scotland Yard, charging the force hundreds of thousands of pounds to re-hire 77 detectives who have just retired on their full pension.

The figures, released after a Freedom of Information request, came a day after the force blamed runaway knife and gun crime rates on a 'significant reduction in resources'.

One job agency has even set up its own office within Scotland Yard, charging the force hundreds of thousands of pounds

They show that Reed Recruitment has been paid a total of £219million over the last six years, which is the equivalent of hiring 1,245 police constables.

The true spending on recruitment is likely to be even higher as the force has only provided details of payments to one firm, even though it uses several agencies to hire retired officers and back office staff.

In the last three years Reed has seen its pay from the Met rocket from £26million in the financial year of 2013/4 to over £49million in 2015/16 as roles are increasingly being filled by temporary staff.

The force also paid out nearly £29million in redundancy costs over the same period.

The scale of the spending on recruitment emerged a day after Assistant Commissioner Martin Hewitt sought to blame a surge in gun crime of 42 per cent and a 24 per cent increase in knife on budget cuts.

He said: 'It would be a naïve answer to say that if you cut a significant amount out of an organisation you don't have any consequences.'

Metropolitan Police Assistant Commissioner Patricia Gallan has written to every detective due to retire this year and asked them to stay on as the force is short of 748 detectives.

Sources say many stressed detectives being bombarded with 20 cases at once are quitting the once prestigious role to go back into uniform, while officers are being diverted from criminal investigation department offices into inquiries into historical child sex abuse or counter terrorism.

Yesterday Assistant Commissioner Hewitt said the lack of detectives available was having an impact on crime detection rates, which have fallen in every major crime group, adding: 'That's a real area of concern for me.'

Scotland Yard has recently advertised for investigators to join its Trident gang squad and Sapphire sexual offences units, offering £19 an hour to temps willing to interview victims and witnesses, research suspects, assess crime scenes and prepare case files in shootings, stabbings and rapes.

But officers are furious that millions is being spent on temporary staff at a time when crime rates are soaring and the force has made more than 2,100 police staff redundant as part of a £600million cuts package.

Ken Marsh, chairman of the Metropolitan Police Federation said: 'I am shocked that we have spent that sort of money on recruitment when it could have paid for 1,200 cops instead.

'The issue is people don't want to do the detective job anymore, detectives sit in front of computers dealing with 20 to 30 crimes and being lambasted for not solving them all.

'Whereas the shift pattern for uniformed officers is now much better and they don't have to do the overtime like CID.

'It is having a massive impact because there are big holes and so they are using detectives that have retired who are probably being paid twice as much.

'It's absurd, they are just going around in a big circle not solving the problem.'

Figures released after Freedom of Information requests show the issue is not confined to Scotland Yard as other forces are also paying millions of pounds to recruitment firms.

West Midlands Police forked out £1.7million to recruitment agencies between April 2013 and March 2015.

In the same period Nottinghamshire Police paid out £3.5million and British Transport Police also spent £1.1million, paying £8,000 in finders' fees for some roles.

Yesterday John O'Connell, chief executive of the TaxPayers' Alliance, said: 'This is an extraordinary amount of money to spend on recruitment agents and taxpayers footing the bill will be left astonished.

The Metropolitan Police's spending on recruitment firms for temporary staff has almost doubled in three years

'Reports of officers being re-hired after retiring on full pensions will also raise eyebrows as taxpayers would want to know the details of these arrangements.

'At a time when rank and file police officers who put their lives on the line for us are facing pay cuts or worse, it is simply indefensible that millions are lining the pockets of recruitment agents.'

A Scotland Yard spokeswoman said using agency staff was the quickest way to fill vacancies and stressed that the bulk of payments to Reed are for staff salaries.

She said: 'As the Met goes through substantial organisational change to deliver significant cash savings whilst responding to the ever changing demands of keeping London safe, we have adopted a deliberate strategy to use a higher number of agency staff who are sourced through Reed to bring in specialist skills and fill short term resourcing needs.

'It is often quicker to engage individuals like retired officers on a short term basis through an agency such as Reed as they have banks of people ready for such roles.'

She added: 'The number of people currently working in the Met recruited through the agency is just 1.5 per cent of our total workforce.

'The vast majority of the money paid to the agency is for the salaries of those employed through the agency and working for the MPS on short term contract basis - not recruitment fees.

'We have 77 former officers filling detective roles in this way - that's just 1.11 per cent of our overall detective workforce. This is a sensible route whilst we further increase our detective numbers.'

A Reed spokesman said: 'The services we provide to the Met Police have been procured via a public sector framework following an Official Journal of the European Community tender process designed to drive value and efficiencies.'

(1st June 2017)


GERMANY TO INVESTIGATE MASS PLUNDER OF WORKS OF ART BY STASI IN COLD WAR ERA
(The Art Newspaper, dated 13th April 2017 author Catherine Hickley)

Full article [Option 1]:

http://theartnewspaper.com/news/germany-to-investigate-mass-plunder-of-works-of-art-by-stasi-in-cold-war-era/

Germany has dealt with the long shadow of Nazi-era looting for many years. Now the government is setting aside funding to investigate another dark chapter of the past: the expropriation of works of art by the Stasi, the East German secret police, during the Cold War. The research could open the door to new restitution claims from the families of victims.

Mass theft

At the end of 1961, just a few months after the Berlin Wall had been built, the East German minister for state security, Erich Mielke, gave orders for a secret operation to force open abandoned, privately rented bank vaults, safety deposit boxes and safes at around 4,000 locations across the country and empty them of their contents.

The operation, known as Aktion Licht (Operation Light), ran from 6 to 9 January 1962. It was a state-sanctioned mass theft of assets from those who had left the country. The seized treasures belonged to East Germans who had escaped to the West, but also to Jews forced to flee or deported to concentration camps during the Third Reich.

Stasi agents swept up jewels, gold, silver, clocks, porcelain, stamp collections, manuscripts, sculptures and paintings-including works by Lucas Cranach, Canaletto, Albrecht Dürer and Rembrandt-and piled them into trucks. They also found hidden Nazi party membership books and medals potentially useful for blackmail, as well as savings books and life-insurance policies. The Stasi valued its findings at DM4.1m-around $10m at the time. Mielke declared Aktion Licht a success.

"This whole operation was conducted over the weekend, to be as clandestine as possible," says Uwe Hartmann, the head of the provenance research department at the German Lost Art Foundation in Magdeburg. The foundation was set up by the German government in 2015 to research Nazi looting and provide a point of contact for families of victims. "We still don't know very much about it," he says.

That is about to change. The German government plans to allocate funding, through the Lost Art Foundation, to research art theft that took place under the Soviet occupation and the East German communist regime. The first step will be to investigate Aktion Licht and compile a list of sources, such as Stasi archives, that may contain more information about the seizures.

The Lost Art Foundation is adamant that this research will not detract from its main activity, which is to fund research to trace Nazi-looted art and books in public museums and libraries. It does, though, raise the prospect of more restitution claims from owners whose property was expropriated by the East German regime.

The kleptocratic state

Starting in 1945, East German art owners fell victim to an array of inventive methods of expropriation. At the end of the war, the Red Army's trophy brigades emptied not just German museums but also privately owned stately homes and palaces in their drive to secure reparations for the devastation the German army had wrought in the Soviet Union. Millions of items, including paintings, antiques and sculptures, were seized and transported to the Soviet Union.

In September 1945, in conjunction with a so-called land reform in East Germany that expropriated privately owned land, what had not already been looted was seized in an operation known as Schlossbergung, or "palace salvage". In the state of Saxony, the stolen objects were sold at the Albertinum in Dresden. Among the buyers were dealers who had been active in the Third Reich, as well as East German museums desperate to replenish their plundered collections.

After 1970, the preferred method of theft by the East German authorities was to fabricate astronomical tax bills and then seize works of art in lieu when the victims could not pay. As with Aktion Licht, the aim of the policy was to raise much-needed hard currency for the regime. Items confiscated were then either acquired by East German museums-which had to compete for them-or, more commonly, sent to the notorious Mühlenbeck warehouse for sale to the West.

The organisation charged with selling these items abroad was the shadowy Kommerzielle Koordinierung, or KoKo. As private collections declined in number, KoKo applied increasing pressure to make museums give up items that could generate precious foreign currency. Many of the works relinquished by museums had been privately owned and were then snapped up by the institutions in the Schlossbergung sales.

The files from the Mühlenbeck operation, listing objects that were acquired and sold, did not become available to the Federal Archive in Berlin until 2015. These, too, will need to be studied.

"It is important to remember that this is a Germany-wide problem," says Uwe Schneede, an honorary executive board member of the German Lost Art Foundation. Objects seized in the east "were largely sold by the East German state apparatus for hard currency in the West, and they are still there today".

(1st June 2017)


FRAUDSTERS NEED JUST THREE DETAILS TO STEAL YOUR IDENTITY - AND MOST OF IT CAN BE FOUND ON FACEBOOK
(The Telegraph, dated 13th April 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/fraudsters-need-just-three-details-steal-identity-and-can-found/

Fraudsters need just three key bits of information to steal your identity and access your accounts, take out loans, credit cards, mobile phones in your name.

All it takes is a name, date of birth and address - and most of this can be found on social media profiles, such as Facebook. And if your settings are not private, this is available for anyone to see.

A third of British adults with online profiles include their full name and date of birth, according to a YouGov survey.

Younger people are even more likely to display this information.

The survey revealed that 48pc of 18 to 24-year-olds divulge this information on social media sites compared to 28pc for those between 35 and 44.

Even if your date of birth isn't displayed, fraudsters will be able to tell if your friends post birthday messages with reference to your age.

"It's not hard to work out," said John Marsden, head of ID and fraud at Equifax, the credit reference agency.

"The date of birth is a crucial part of identification as it's the only detail that never changes. And once it's posted online, it's out there", said Mr Marsden.

Getting hold of your address and stealing your identity

Once fraudsters have your name and date of birth, it's not difficult to track down where you live.

Online directories hold huge quantities of information - from addresses, phone numbers and even a list of your past and present housemates. This can all be pieced together to assume your identity.

Some sites offer a limited number of free searches and will then charge a small fee for premium information.

The next step would be to obtain fake identification documents using your details.

These can be easily ordered online - Telegraph Money discovered one site which promised high quality passports that included security features such as watermarks, microprinting and security threads.

The site claims these would be "no different from the original documents".

The price of a replica passport depends on the country it's purported to be issued from.

A fake British passport costs £550. Those who want an additional bogus driving licence can get both for £720.

A replica US passport is priced at £590.

The site also offers money off for repeat customers. Those who order again will receive a 5pc discount - this increases to 10pc for the third and fourth order, and 15pc when five or more orders are made.

There are also a number of websites that sell imitation utility bills for £25 a time which could also be used in a credit or loan application.

Trial, error and interception

Each provider will require specific information when processing online and face to face applications. It doesn't take long to "crack the system", according to Mr Marsden.

And through trial and error, fraudsters can quickly learn what details are needed so they can go back and reapply.

Once the account is opened, the fraudster will try and intercept the documents or credit cards sent from the bank or other provider to your address.

Many addresses are targeted because of shared mail boxes - such as a set of flats with open access to post.

Protect your date of birth on social media

You can adjust the settings on your Facebook profile so that only you can see your date of birth and other personal details.

"People need to be mindful about their credentials displayed on social media - consumers don't seem to realise how key their date of birth is to their identity," Mr Marsden said.

"Cases of fraud are on the rise, with identity theft representing a major slice of fraudulent activity. More adults in the UK are engaging with social media than ever before, especially on their smartphones, and a high number are readily sharing their personal information on these platforms."

(1st June 2017)


FOREIGN OFFICE ATTACKED BY RUSSIA-LINKED CYBER HACKERS
(The Telegrpah, dated 13th April 2017 author Steven Swinford)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/04/13/foreign-office-attacked-russia-linked-cyber-hackers/

The Foreign Office has been targeted by a "highly motivated and well-resourced" group of cyber-hackers which has been linked to Russia.

Hackers targeted civil servants with a "spear-phishing" campaign, in which people were sent targeted emails in an attempt to trick them into downloading malicious files.

F-Secure, a cybersecurity firm, said that the malicious files contained hidden programmes which enabled the hackers to take total control of a victim's computer.

It said that the hackers had an interest in "intelligence gathering related to foreign and security policy" and had also targeted military personnel, officials and journalists in Eastern Europe and the South Caucasus.

Another cybersecurity expert told the BBC the hackers were linked to Russian attempts to influence the outcome of the US election. Two of the addresses used by the hackers were linked to the US attacks.

It is not known whether the hackers succeeded, but the Foreign Office's most sensitive information is not held on the computers that were targeted by hackers.

F-secure said: "We are confident the Callisto Group used this type of access to a target's email account for the purposes of sending spear phishing to other targets. We also believe it is highly likely that the Callisto Group would leverage the same access to read and monitor the target's email activity.

"The most obvious common theme between all known targets of the Callisto Group is an involvement in European foreign and security policy, whether as a military or government official, being employed by a think tank, or working as a journalist.

"This targeting suggests the Callisto Group is interested in intelligence gathering related to foreign and security policy. Furthermore, we are unaware of any targeting in the described attacks that would suggest a financial motive."

The UK's National Cyber Security Centre (NCSC) declined to say who was behind the on the attack on the Foreign Office but said: "The first duty of government is to safeguard the nation and as the technical authority on cyber security, the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world.

"The government's Active Cyber Defence programme is developing services to block, prevent and neutralise attacks before they reach inboxes."

F-secure said that there is evidence linking the group to a foreign government, adding that its "infrastructure".

(1st June 2017)


POLICE FORCES ISSUE SEXTING DICTIONARY TO PARENTS TO DECODE 112 WORDS CHILDREN ARE USING ON THE INTERNET
(The Telegraph, dated 12th April 2017 author Rozina Sabur)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/04/12/police-forces-issue-sexting-dictionary-parents-decode-112-words/

A police force has issued a 'sexting' dictionary to parents to help them decrypt the code words children use to secretly exchange explicit messages and photographs.

Worries officers have promoted a 112-word glossary of terms that children are using on the internet that are incomprehensible to their parents.

Police fear many families would not what was going on if they found letters such as WYRN or P911 or LMIRL, MOS, TDTM or IWSN on a kids phone.

They codes in fact mean 'Whats Your Real Name'; 'Parent Alert'; 'Lets Meet in Real Life'; 'Mum Over Shoulder'; 'Talk Dirty to Me' and 'I Want Sex Now'.

Humberside Police are now promoting the list, which includes 112 codes that children use while exchanging lewd images and messages, originally compiled by the Police Service of Northern Ireland.

They also include NIFOC (Nude in Front of Computer) GYPO (Get Your Pants Off) FWB (Friends with Benefits) and KPC (Keeping Parents Clueless).

Ways of warning that mum or dad is around include PAW (Parents are Watching) POS (Parents Over Shoulder) and CD9 (Code 9, meaning parents are around).

Worryingly, many are designed to arrange real life meetings between strangers such as WTPA (Where the Party At?) RU/18 (Are you over 18) RL (Real Life) and ADN (Any Day Now).

Making parents aware of the cryptic messages, which also include drug references, is part of a new purge by the Humberside force on sexting.

A spokesman said: "We have recently had numerous reports of young people sharing sexual, naked or semi-naked images of themselves, also known as sexting.

"Therefore, were urging parents to talk to their children about the dangers of sexting as it could lead to embarrassment, blackmail or even a criminal record.

"We know talking about sexting with your child may feel uncomfortable or awkward but it is incredibly important to discuss the risks, teach them how to stay safe and explain how these reports can use up valuable police investigation time."

The spokesman advised: "Talk about the Granny rule would you want your Granny to see the image youre sharing?

"Talk about whether a person who asks for an image from you might also be asking other people for images.

If children are sending images to people they trust, they might not think theres much risk involved. Use examples of when friends or partners have had a falling-out and what might happen to the images if this happens."

UAWARE - FURTHER INFORMATION

What are the UK laws on sexting?

Extract from article dated 27th February 2017 [Option 1]:
www.telegraph.co.uk/news/2017/02/27/parents-must-prepare-have-uncomfortable-conversations-sexting/

- Possessing, taking or distributing images of someone who is under the age of 18 is illegal in the UK

- This is even if the person in the photo is the one possessing, distributing or taking the photographs.

- Teens have faced criminal investigation after sending naked photos of themselves to each other. However, the police are against criminalising children for doing this, and would prefer to educate and offer support to them

- ChildLine received over 1,200 counselling calls that mentioned "sexting" in 2014/15

- An 2013 NSPCC/Childline survey showed that 60 per cent of teens had been asked for naked photos of themselves and 40 per cent had taken nude "selfies".

------------------------
Extract from Telegraph dated 13th April 2017 [Option 1]:
http://www.telegraph.co.uk/women/sex/quiz-do-know-teenage-sexting-code/

The Northern Irish police force has recently shared a guide to 'secret texting codes', which aims to help parents understand their offspring's online behaviour :

https://www.facebook.com/PSNI.Newry.Mourne/photos/a.369740893107712.87514.310456715702797/1268444446570681/?type=3&theater
------------------------

For more information about the risks of sexting and how to discuss the issue with your child visit the NSPCC website: https://www.nspcc.org.uk/preventing-abuse/keeping-children-safe/sexting/

(1st June 2017)


PBX / DIAL-THROUGH FRAUD THREAT
(City of London Police and National Fraud Intelligence Bureau, dated April 2017)

The purpose of this alert is to provide knowledge and prevention advice to help schools, businesses and organisations protect themselves from PBX and dial through fraud.
The NFIB has seen a significant rise in the number of reports made in relation to this type of fraud. Around 6% of the total of these reports relate to a school or college, although this is only based on what is reported and the figure could be much higher.

The losses involved can be high, especially when they are made during times that a school/businessmay be closed, for example the school holidays and/or weekends. During this period it is likely that the fraudulent calls will go un-noticed until the telephone bill arrives.

What is PBX Fraud?

Private Branch Exchange (PBX) is a telephone switching system that connects internal telephones, as well as connecting them to the Public Switched Telephone Network (PSTN), Voice over Internet Protocol (VoIP) providers and Session Initiation Protocol (SIP) Trunks. The PBX will often allow access to voice messaging systems.

PBX/dial-through fraud occurs when hackers target these systems from the outside and use them to make a high volume of calls to premium rate or overseas numbers to generate a financial return.

How does it work?

Depending on the type of system used there are a number of ways a hacker may gain access to a traditional or IP based PBX system, whether internal to the company or through a hosted service. Incorrectly configured firewalls andset ups, poor security settings, lack of maintenance as well as the use of default/easy passwords allow quick and easy access for the hackers.

Once access is gained, the criminals can exploit in-built services such as voicemail, call forwarding and calldiversion to direct calls to a number of their choosing. This will often be to premium rate or international numbers.

In this fraud the criminal tends to make their money in two ways:

i.Dialling premium rate numbers that are associated with international calling companies.

ii. Dialling international numbers through the compromised telephone system, most noticeably to Eastern Europe, Cuba and Africa.

In both instances the suspects will either have a share in the revenue generated by the calls or they will be paid for their hacking services in advance.

This type of fraud is most likely to occur when organisations are most vulnerable i.e. during times when businesses are closed but their telephone systems are NOT; for example in the early hours of the morning or over a weekend or public holiday.

PROTECTION / PREVENTION ADVICE

The good news is that some simple steps will significantly reduce your risk of becoming a victim:

- If you still have your voicemail on a default PIN/password change it immediately.

- Use strong PIN/passwords for your voicemail system, ensuring they are changed regularly.

- Disable access to your voice mail system from outside lines. This is usually used for remote workers to access.  If this is not business critical then disable it or ensure the access is restricted to essential users and they regularly update their PIN/passwords.

- If you do not need to call international numbers/premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.

- Consider asking your network provider to not permit outbound calls at certain times e.g. when your business is closed. Ask your telecoms provider to alert you immediately if there is any unusual call activity taking place on your telephone lines.

- Ensure you regularly review available call logging and call reporting options, regularly monitor for increased or suspect call traffic.

- Secure your exchange and communications system, use a strong PBX firewall and if you don't need the function, close it down.

- If you use a maintenance provider speak to them or ensure that the person responsible for the PBX
understands the threats and ask them to correct any identified security defects.

- Consider consulting an IT telecoms professional to ensure your settings for your PBX systems are secure and
the settings have been properly set up.

FEEDBACK

If you have other feedback or additional information that you would prefer to provide by email please send to :
NFIBfeedback@cityoflondon.pnn.police.uk

(1st June 2017)


GUN AND KNIFE CRIME SOARING IN LONDON, OFFICIAL FIGURES SHOW
(London Evening Standard, dated 12th April 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/gun-and-knife-crime-soaring-in-london-official-figures-show-a3513366.html

The number of gun and knife crime offences in London soared last year amid fears more young people are carrying weapons for self-protection and status.

The figures showed a 42 per cent rise in the number of overall offences of gun crime and an increase of 24 per cent rise in the number of knife crime offences, with 12,074 offences last year, compared to 9,742 in 2015/16.

More worryingly, there was also a rise in the number of guns being fired on London's streets, up from 239 cases in 2015/16 to 306 cases in the last financial year.

There was also a 20 per cent increase in the rate of knife attacks involving injuries to victims, up from 3,663 to 4,415 in 2016/17.

Overall, the number of offences in London rose for the first time in several years.

There was a total of 774,737 crimes recorded in the capital last year - compared to 740,933 in the previous year. a rise of 4.5 per cent.

The figures, which did not include cyber crimes, showed increases in the number of muggings, sex offences, thefts and violent offences.

There was a 26 per cent leap in the rate of motor vehicle thefts and a 13 per cent rise in personal robberies.

However, the number of burglaries in private houses continued to fall.

Scotland Yard said it was concerned about the rises in gun and knife crime, but pointed out the increases came after several years of falling crime.

Asssistant Commissioner Martin Hewitt, head of Territorial Policing, said: "London is one of the safest global cities in the world. There are few others with such low rates of serious crime, such as murder and gun crime.

"Similar to the rest of England and Wales, crime rates in London are rising, but many of these are still at a much lower level than five years ago and are against the backdrop of significant reductions in resources.

"We are concerned about the rise of gun crime and rise of knife crime offences committed by young people and the changing nature of the offenders. "

He said there was evidence that more young people are carrying knives for a variety of reasons including status, criminality and self-protection but said only around a quarter are affiliated with gangs.

He said police were focusing on reducing stabbings by taking weapons and dangerous offenders off the streets and trying to prevent and divert people from crime.

However, he said there were complex social reasons why more young people are carrying knives and this could not be solved by the police alone.

He said: "We must work with communities to help combat knife crime.

"We are also managing an increased demand across areas as a result of societal changes such as child protection, mental health and missing people.

"The crime picture has evolved and so must we in the way we police, recruit and operate."

He said the Met was changing the they investigated crimes by training more frontline officers to carry out inquiries to relieve some of the burden on detectives.

Earlier this year the outgoing Met chief Sir Bernard Hogan-Howe criticised government cuts to policing saying that the warning lights were flashing after official figures confirmed an increase in murder and knife crime.

He also warned last year of a record number of guns being seized in London saying there was an increasing number of firearms being smuggled into the UK from eastern Europe.

The rise in gun crime and knife crime come after significant falls in the crime rates in recent years.

In 2013 Sir Bernard spoke of "dramatic" results which included nearly 40 per cent fewer guns fired than two years earlier and offences involving knife injuries to people under 25 down by nearly a third.

However, so far this year three teenagers have been shot dead in London, compared to the whole of 2016 when there were no teenager firearms murders.

Earlier this month 16-year-old Karim Samms was shot dead as he met a friend on his way home in North Woolwich. Another man in his 20s was also shot and injured in a reported drive-by shooting.

In March sixth form student David Adegbite, 18, was shot in the head on a housing estate in Barking and then two days later 19-year-old Abdifatah Sheikhey was shot at close range as he sat in a Mercedes car in a street in Ilford.

Rory Geoghegan, a former Met officer and the head of criminal justice at the Centre for Social Justice think tank, said : "The crime and security challenge for London is the toughest it has been in years - and at a time when the finances have never been tighter.

"With double-digit growth in gun and knife crime - and a youth homicide almost every fortnight - the crime challenge for London is real and serious and has serious impacts for London's most disadvantaged communities."

He added: "With 600 victims of serious youth violence each month, the Met needs a new plan to tackle the violence on our capital's streets if they are to help impoverished communities.

"It must avoid the temptation to indiscriminately ramp up stop and search or to bring in officers from the outside who do not know well the local communities they are seeking to serve."

"The Met's response needs to build on high quality and well-resourced neighbourhood policing. The Met needs to reinvigorate work around both primary and secondary schools and seize the golden opportunity to help individuals turn their lives around and leave behind the gangs, the guns and the knives."

"The most vulnerable and disadvantaged in London desperately need confident and engaging policing that helps guarantee their safety. "

(1st June 2017)


CYBER RANSOMING - A GROWING PARASITICAL BUSINESS FOR UK HACKERS
(Independent, dated 12th April 2017 author Christina Zhao)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/cyber-ransoming-ransomware-uk-hackers-parasites-businesses-economic-fines-attack-a7680876.html

Cybercriminals are increasingly targeting UK workers files and data, and the Metropolitan Police have warned that "no one is safe".

The FBI, Metropolitan Police, and security experts all agree that cyber ransoming has fast become one of UK's biggest economic crimes.

Unpredictable, unstoppable and potentially fatal to a business, the rapid emergence of ransomware has become a threat to people across the nation.

August Graham, the editor of the Sentinel, arrived at work one morning last summer to find a note pop up on one of the computer screens. It informed him that all the files on the firm's server had been encrypted and were being held ransom.

He was told he had to pay £500 to get them back, or they'd be destroyed.

Last year, 54 per cent of businesses in the UK were hit by ransomware attacks, according to a survey by Osterman Research on behalf of Malwarebytes. In 20 per cent of the cases, it stopped business operations immediately.

he average ransom demanded is £520, but some can be enormous. Three per cent of UK companies that have been hit by ransomware reported a charge of over £50,000 to recover their data.

Gary Miles, the detective chief inspector of FALCON (Metropolitan Fraud and Linked Crime Online) described cyber ransoming as "the crime of choice" right now.

"For a criminal, the cyber ransoming business model is very attractive," he said. "There are minimal overheads and profits can be limitless."

If you measure risk against reward, it's no wonder ransoming has doubled each year since its 2012 emergence. Robbing one computer at a time violently using a knife or gun doesn't scale well.

However, one hacker can rob thousands with the click of a button.

What is ransomware?

In the first stage of a ransomware attack, a target will receive an email appearing to contain a legitimate attachment, such as an invoice or link to a website. Most people will have come across one of these infected messages.

In the past, they've tended to be written in broken English and easy to spot, but hackers have skilfully refined their techniques.

If the victim takes the bait and engages with the content, the second phase begins. The malicious code in the attachment will then be released o